Terrorism

1 2 3 88

Citing Confidential Information Carmen Ortiz Appears to Recommit to Seeking Dzhokhar’s Execution

Bill and Denise Richard, parents of one child killed and one maimed in the Boston Marathon attack, have a BoGlo op-ed calling for Dzhokhar Tsarnaev to receive life without parole. They specifically cite the importance of letting survivors set the narrative of the attack, not Dzhokhar, who will have the opportunity to expose some of his motivations in the sentencing phase due to start next week.

For us, the story of Marathon Monday 2013 should not be defined by the actions or beliefs of the defendant, but by the resiliency of the human spirit and the rallying cries of this great city. We can never replace what was taken from us, but we can continue to get up every morning and fight another day. As long as the defendant is in the spotlight, we have no choice but to live a story told on his terms, not ours. The minute the defendant fades from our newspapers and TV screens is the minute we begin the process of rebuilding our lives and our family.

Carmen Ortiz responded, citing the need to keep secrets in her explanation for why the government would still — seemingly — continue its pursuit of a death sentence for Dzhokhar Tsarnaev.

The attorneys in a criminal case are legally bound to keep many matters relating to the case confidential, even from the people most affected by the crimes.

I therefore cannot comment on the specifics of the statement.

A cynic might think Ortiz was unswayed by the Richards’ plea because she judges an execution will help her own career, even if polls show Massachusetts residents oppose the death penalty for Tsarnaev.

Still, I couldn’t help but wonder why she’s citing confidentiality when the next phase of the trial will presumably expose more of the details on the case the government would prefer to keep secret? What confidential reason does Ortiz — or the government more generally — have to want those details to come out?

Mike Rogers Wanted to Drone Kill an American Citizen for Training with al Qaeda?

There has been some good commentary on NYT’s story on Administration debates over killing Mohanad Mahmoud al-Farekh, the American citizen who was captured and charged in federal court on April 2, after the Administration considered but then decided against drone-killing him. Both David Cole and Brett Max Kaufman ask raise some important points and questions. Of particular note, they ask what the fuck Mike Rogers was doing pushing DOD and CIA to kill a US citizen.

Yet neither of those pieces gets to something I’m puzzling over. Al-Farekh was charged in EDNY (Loretta Lynch’s district), but he was only charged with conspiracy to commit material support for terrorism, a charge that carries a 15 year maximum sentence. Basically, he is accused of conspiring with Ferid Imam who in turn trained Najibullah Zazi and his co-conspirators for their planned 2009 attack on the NY Subway system.

In approximately 2007, Farekh, an individual named Ferid Imam and a third co-conspirator departed Canada for Pakistan with the intention of fighting against American forces.  They did not inform their families of their plan before departing, but called a friend in Canada upon arrival to let him know that he should not expect to hear from them again because they intended to become martyrs.  According to public testimony in previous criminal trials in the Eastern District of New York, in approximately September 2008, Ferid Imam provided weapons and other military-type training at an al-Qaeda training camp in Pakistan to three individuals – Najibullah Zazi, Zarein Ahmedzay and Adis Medunjanin – who intended to return to the United States to conduct a suicide attack on the New York City subway system.  Zazi and Ahmedzay pleaded guilty pursuant to cooperation agreements and have yet to be sentenced; Medunjanin was convicted after trial and sentenced to life imprisonment.  Ferid Imam has also been indicted for his role in the plot.

But the evidence laid out in the complaint is rather thin, basically amounting to the second-hand reports that al-Farekh, like Zazi and his friends, traveled to Pakistan for terrorist training.

Were we really going to kill this dude with a drone because he got terrorist training in Pakistan? That’s it?

Now, it’s quite possible the government is just charging him with the crimes the evidence for which they can introduce in a trial — though note that the government got a FISC warrant to collect on him (though it’s possible this is drone-based collection, and so sensitive enough they wouldn’t want to use it at trial).

Drones spotted him several times in the early months of 2013, and spy agencies used a warrant issued by the Federal Intelligence Surveillance Court to monitor his communications.

It’s equally possible that al-Farekh will be indicted on further charges, a more central role in plotting attacks out of the tribal lands of Pakistan. Similarly, it’s possible that al-Farekh’s High Value Interrogation Group interrogation — reported as well in this WaPo story — provided valuable intelligence on other militants that will have nothing to do with his own trial.

Still, both the earlier WaPo story (written in part by Adam Goldman, who wrote the book on the Zazi case) and the NYT story hint that the claims made about al-Farekh’s activities in 2013 have proven to be overblown. The WaPo doesn’t provide much detail.

Officials said there were questions about how prominent a role Farekh played in al-Qaeda.

The NYT provides more.

But the Justice Department, particularly Attorney General Eric H. Holder Jr., was skeptical of the intelligence dossier on Mr. Farekh, questioning whether he posed an imminent threat to the United States and whether he was as significant a player in Al Qaeda as the Pentagon and the C.I.A. described.

[snip]

Once in Pakistan, Mr. Farekh appears to have worked his way up the ranks of Al Qaeda, his ascent aided by marrying the daughter of a top Qaeda leader.

American officials said he became one of the terrorist network’s planners for operations outside Pakistan, a position that included work on the production and distribution of roadside bombs used against American troops in Afghanistan.

Some published reports have said that Mr. Farekh held the third-highest position in Al Qaeda, but Americans officials said the reports were exaggerated.

His level in the Qaeda hierarchy remains a matter of some dispute. Several American officials said that the criminal complaint against him underplayed his significance inside the terrorist group, but that the complaint — based on the testimony of several cooperating witnesses — was based only on what federal prosecutors believed they could prove during a trial.

This, then — along with the explicit connection with the Awlaki case, based as it was, at least at first, on Umar Farouk Abdulmutallab’s interrogation and all the reasons to doubt it — seems the big takeaway. We almost killed this dude, but now all we can prove is that he trained in Pakistan.

Ironically, Philip Mudd argues for the NYT that we can’t capture these people because we’d have to rely on our intelligence partners.

But many counterterrorism specialists say capturing terrorism suspects often hinges on unreliable allies. “It’s a gamble to rely on a partner service to pick up the target,” said Philip Mudd, a former senior F.B.I. and C.I.A. official.

Of course, these are often the same people we rely on for targeting intelligence, including against both Awlaki and al-Farekh. What does it say that we’d believe targeting information from allies, but not trust them to help us arrest the guys they apparently implicate?

Whatever that says, the story thus far (it could change) is that al-Farekh was almost killed on inadequate evidence because CIA and DOD were champing at the bit. That ought to be the big takeaway.

 

DEA’s Dragnet and David Headley

In a piece on the DEA dragnet the other day, Julian Sanchez made an important point. The existence of the DEA dragnet — and FBI’s use of it in previous terrorist attacks — destroys what little validity was left of the claim that NSA needed the Section 215 dragnet after 9/11 to close a so-called “gap” they had between a safe house phone in Yemen and plotters in the US (though an international EO 12333 database would have already proven that wrong).

First, the program’s defenders often suggest that had we only had some kind of bulk telephone database, the perpetrators of the 9/11 attacks could have been identified via their calls to a known safehouse in Yemen.  Now, of course, we know that there was such a database—and indeed, a database that had already been employed in other counterterror investigations, including the 1995 Oklahoma City bombing. It does not appear to have helped.

But the DEA dragnet is even more damning for another set of claims, and for another terrorist attack such dragnets failed to prevent: former DEA informant David Headley, one of the key planners of the 2008 Mumbai attack.

Headley provided DEA the phone data they would have needed to track him via their dragnet

As ProPublica extensively reported in 2013, Headley first got involved in Lashkar-e-Taiba while he remained on the DEA’s payroll, at a time when he was targeting Pakistani traffickers. Indeed, after 9/11, his DEA handler called him for information on al Qaeda. All this time, Headley was working phone based sources.

Headley returned to New York and resumed work for the DEA in early 2000. That April, he went undercover in an operation against Pakistani traffickers that resulted in the seizure of a kilo of heroin, according to the senior DEA official.

At the same time, Headley immersed himself in the ideology of Lashkar-i-Taiba. He took trips to Pakistan without permission of the U.S. authorities. And in the winter of 2000, he met Hafiz Saeed, the spiritual leader of Lashkar.

Saeed had built his group into a proxy army of the Pakistani security forces, which cultivated militant groups in the struggle against India. Lashkar was an ally of al Qaeda, but it was not illegal in Pakistan or the United States at the time.

[snip]

Headley later testified that he told his DEA handler about his views about the disputed territory of Kashmir, Lashkar’s main battleground. But the senior DEA official insisted that agents did not know about his travel to Pakistan or notice his radicalization.

On Sept. 6, 2001, Headley signed up to work another year as a DEA informant, according to the senior DEA official.

On Sept. 12, Headley’s DEA handler called him.

Agents were canvassing sources for information on the al Qaeda attacks of the day before. Headley angrily said he was an American and would have told the agent if he knew anything, according to the senior DEA official.

Headley began collecting counterterror intelligence, according to his testimony and the senior DEA official. He worked sources in Pakistan by phone, getting numbers for drug traffickers and Islamic extremists, according to his testimony and U.S. officials.

Even at this early stage, the FBI had a warning about Headley, via his then girlfriend who warned a bartender Headley had cheered the 9/11 attack; the bartender passed on the tip. And Headley was providing the DEA — which already had a dragnet in place — phone data on his contacts, including Islamic extremists, in Pakistan.

ProPublica’s sources provide good reason to believe DEA, possibly with the FBI, sent Headley to Pakistan even after that tip, and remained an informant until at least 2005.

So the DEA (or whatever agency had sent him) not only should have been able to track Headley and those he was talking to using their dragnet, but they were using him to get phone contacts they could track (and my understanding is that agreeing to be an informant amounts to consent to have your calls monitored, though see this post on the possible “defeat” of informant identifiers).

Did Headley’s knowledge of DEA’s phone tracking help the Mumbai plotters avoid detection?

Maybe. And/or maybe Headley taught his co-conspirators how to avoid detection.

Of course, Headley could have just protected some of the most interesting phone contacts of his associates (but again, DEA should have tracked who he was talking to if they were using him to collect telephony intelligence).

More importantly, he may have alerted Laskar-e-Taiba to phone-based surveillance.

In a December joint article with the NYT, ProPublica provided details on how one of Headley’s co-conspirators, Zarrar Shah, set up a New Jersey-based VOIP service so it would appear that their calls were originating in New Jersey.

Not long after the British gained access to his communications, Mr. Shah contacted a New Jersey company, posing online as an Indian reseller of telephone services named Kharak Singh, purporting to be based in Mumbai. His Indian persona started haggling over the price of a voice-over-Internet phone service — also known as VoIP — that had been chosen because it would make calls between Pakistan and the terrorists in Mumbai appear as if they were originating in Austria and New Jersey.

“its not first time in my life i am perchasing in this VOIP business,” Mr. Shah wrote in shaky English, to an official with the New Jersey-based company when he thought the asking price was too high, the GCHQ documents show. “i am using these services from 2 years.”

Mr. Shah had begun researching the VoIP systems, online security, and ways to hide his communications as early as mid-September, according to the documents.

[snip]

Eventually Mr. Shah did set up the VoIP service through the New Jersey company, ensuring that many of his calls to the terrorists would bear the area code 201, concealing their actual origin.

We have reason to believe that VOIP is one of the gaps in all domestic-international dragnets that agencies are just now beginning to close. And by proxying through the US, those calls would have been treated as US person calls (though given the clear foreign intelligence purpose, they would have met any retention guidelines, though may have been partly blocked in CIA’s dragnet). While there’s no reason to believe that Headley knew that, he likely knew what kind of phone records his handlers had been most interested in.

But it shouldn’t have mattered. As the article makes clear, GCHQ not only collected the VOIP communications, but Shah’s communications as he set them up.

Did FBI claim it tracked Headley using the NSA dragnet when it had actually used the DEA one?

I’ve been arguing for years that if dragnet champions want to claim they work, they need to explain why they point to Headley as a success story because they prevented his planned attack on a Danish newspaper, when they failed to prevent the even more complex Mumbai attack. Nevertheless, they did claim it — or at least strongly suggest it — as a success, as in FBI Acting Assistant Director Robert Holley’s sworn declaration in Klayman v. Obama.

In October 2009, David Coleman Headley, a Chicago businessman and dual U.S. and Pakistani citizen, was arrested by the FBI as he tried to depart from Chicago O’Hare airport on a trip to Pakistan. At the time of his arrest, Headley and his colleagues, at the behest of al-Qa’ida, were plotting to attack the Danish newspaper that published cartoons depicting the Prophet Mohammed. Headley was later charged with support for terrorism based on his involvement in the planning and reconnaissance for the 2008 hotel attack in Mumbai. Collection against foreign terrorists and telephony metadata analysis were utilized in tandem with FBI law enforcement authorities to establish Headley’s foreign ties and put them in context with his U.S. based planning efforts.

That said, note how Holley doesn’t specifically invoke Section 215 (or, for that matter, Section 702, which the FBI had earlier claimed they used against Headley)?

Now compare that to what the Privacy and Civil Liberties Oversight Board said about the use of Section 215 against Headley.

In October 2009, Chicago resident David Coleman Headley was arrested and charged for his role in plotting to attack the Danish newspaper that published inflammatory cartoons of the Prophet Mohammed. He was later charged with helping orchestrate the 2008 Mumbai hotel attack, in collaboration with the Pakistan-based militant group Lashkar-e-Taiba. He pled guilty and began cooperating with authorities.

Headley, who had previously served as an informant for the Drug Enforcement Agency, was identified by law enforcement as involved in terrorism through means that did not involve Section 215. Further investigation, also not involving Section 215, provided insight into the activities of his overseas associates. In addition, Section 215 records were queried by the NSA, which passed on telephone numbers to the FBI as leads. Those numbers, however, only corroborated data about telephone calls that the FBI obtained independently through other authorities.

Thus, we are aware of no indication that bulk collection of telephone records through Section 215 made any significant contribution to the David Coleman Headley investigation.

First, by invoking Headley’s role as an informant, PCLOB found reason to focus on DEA right before they repeatedly point to other authorities: Headley was IDed by “law enforcement” via means that did not involve 215, his collaborators were identified via means that did not involve 215, and when they finally did query 215, they only “corroborated data about telephone calls that the FBI had obtained independently through other authorities.”

While PCLOB doesn’t say any of these other authorities are DEA’s dragnet, all of them could be (though some of them could also be NSA’s EO 12333 dragnet, or whatever dragnet CIA runs, or GCHQ collection, or Section 702, or — some of them — FBI NSL-based collection, or tips). What does seem even more clear now than when PCLOB released this is that NSA was trying to claim credit for someone else’s dragnet, so much so that even the FBI itself was hedging claims when making sworn declarations.

Of course, whatever dragnet it was that identified Headley’s role in Laskar-e-Taiba, even the DEA’s own dragnet failed to identify him in the planning stage for the larger of the attacks.

If the DEA’s own dragnet can’t find its own informant plotting with people he’s identified in intelligence reports, how successful is any dragnet going to be?

 

The Other Possible Whys behind the Boston Marathon Attack

As the Dzhokhar Tsarnaev trial pauses for the Marathon and the attack anniversary (and, ostensibly, to give the defense time to line up their witnesses), some competing sides have aired their views about the story not being told at the trial.

An odd piece from BoGlo’s Kevin Cullen quotes a cop asking why the FBI Agents who interviewed Tamerlan Tsarnaev in 2011 did not recognize him from surveillance videos.

“Who were the FBI agents who interviewed Tamerlan Tsarnaev after the Russians raised questions about him two years before the bombings, and why didn’t they recognize Tamerlan from the photos the FBI released?” he asked.

That’s actually a great question. But then Cullen goes onto make some assertions that — if true — should themselves elicit questions, questions he doesn’t ask. He marvels at the video analysis after the event, but doesn’t mention that the FBI claims the facial recognition software it has spent decades developing didn’t work to identify the brothers. He lauds the FBI for finding Dzhokhar’s backpack in a dumpster, but far overstates the value of the evidence found inside (remember, among other things found on a thumb drive in it was a rental application for Tamerlan’s wife). Cullen also overstates the FBI’s evidence that the bombs were made in Tamerlan’s Cambridge apartment, and so sees that as a question about why Tamerlan’s wife, Katherine, wasn’t charged (forgetting, I guess, that she was routinely gone from the apartment 70 hours a week), rather than a question about all the holes in FBI’s pressure cooker story: Why did Tamerlan pay cash for pressure cookers — as FBI suggests he did — all while carrying a mobile GPS device that he brought with him when trying to make his escape? Where did the other two pressure cookers (the third pressure cooker used as a bomb, and the one found at the apartment) come from?

Masha Gessen — who just wrote a book about the case that I have not yet read — asks some of the same questions in a NYT op-ed in a piece that also highlights the government’s flawed claims about radicalization at the core of this case.

Even worse, two critical questions have not been answered. Where were the bombs built? Investigators have testified that they were not built at the older brother’s apartment or in the younger brother’s dorm room. Were they built in someone else’s apartment, house or garage? If so, who, and was he a knowing accomplice? Did he help in any other way?

The other big question is: Why did the F.B.I. fail to identify Tamerlan Tsarnaev, the older brother, who had been fingered as a potential terrorist risk two years before the bombing and interviewed by field agents? Within 24 hours of the bombing, on April 15, 2013, investigators focused on images of the brothers in surveillance tapes recovered from the scene. Yet they had no names — and more than two days later they released the photos to the public, asking for help with identifying the suspects. How is it possible that someone who had been interviewed by a member of the local Joint Terrorism Task Force could not be identified from the pictures?

Note, I think Gessen overstates how strongly the government has said the bombs weren’t made at the Cambridge apartment, but it is consistent with the evidence presented that they weren’t.

Compare these decent questions with Janet Napolitano’s take — not so much on the trial, but on Gessen’s book.

Before I get into the key graph of her review, consider Napolitano’s role here. Her agency — especially Customs and Border Patrol — came in for some criticism in the Joint IG Report on the attack, because they may not have alerted the FBI to Tamerlan Tsarnaev’s travel to and from Russia in 2012, because they treated Tamerlan as a low priority and therefore didn’t question him on his border crossings (the trial record may indicate Tamerlan had Inspire on his computer when he traveled to Russia), and because the CBP record on Tamerlan went into a less visible status while he was out of the country, meaning he evaded secondary inspection on the way back into the country as well. Yet she mentions none of those crucial details about DHS’s role in missing Tamerlan’s travel and increasing extremism in her review.

Rather, she describes her agency as a valiant part of the combined effort to hunt down the attackers.

As secretary of homeland security, I immediately mobilized the department to assist Boston emergency responders and to work with the F.B.I. to identify the perpetrators. Because the Boston Marathon is an iconic American event, we suspected terrorism, but no group stepped forward to claim credit. Massive law enforcement resources — local, state and federal — had to be organized and deployed so that, within just a few days, we had narrowed the inquiry from the thousands of spectators who had come to cheer on the runners to two, who had come to plant bombs.

Only much later in her review does Napolitano makes a defense of the government failure to prevent this attack, though once again she makes no mention of her own agency’s role in failing to stop the attack. As Napolitano tells it, this is about the FBI and it’s just “armchair quaterbacking.”

In the course of armchair quarterbacking that followed the bombing, it was revealed that the Russian Federal Security Service, known as the F.S.B., had notified the F.B.I. in 2011 about Tamerlan’s presence in the United States. Although criticized for inadequate follow-up, the F.B.I. actually interviewed Tamerlan and other household members at least three times in 2011. Further requests to the F.S.B. for details went unanswered. Other than putting Tamerlan under 24-hour surveillance, it is difficult to ascertain what more the F.B.I. could have done — according to Gessen, Russia routinely presumes all young urban Muslim men to be radical.

Much of the rest of Napolitano’s review focuses on the government’s theory of radicalization and the Tsarnaev family’s collective failure to achieve the American Dream (which, I guess, is what Gessen was debunking in her op-ed the next day), returning the story insistently to one about radicalization. Except then, having emphasized how many times the FBI had contact with Tamerlan in 2011, she scoffs at the questions that might raise and Gessen’s reliance on evidence the government itself has introduced into the public record.

In the final chapters, however, the book becomes curiouser and curiouser; Gessen seems to become a conspiracy theorist. She postulates that the F.B.I. recruited Tamerlan as an informant during their visits to the Tsarnaev home in 2011. She then surmises that Tamerlan went rogue and participated in the killing of three friends with whom he dealt marijuana. She goes further, and suggests that after the bombings, the F.B.I. delayed telling Boston law enforcement about Tamerlan’s identity because they wanted to reach him first, kill him and hide his presence as an informant. Gessen likens this alleged behavior to the F.B.I.’s use of sting operations, and she implies that the bureau has been entrapping defendants as opposed to finding real terrorists. And, finally, relying on the words of “several” unnamed explosives experts, she asserts that the Tsarnaevs must have had help constructing the bombs, despite the presence of explicit instructions on the Internet and in Inspire, a jihadist magazine.

How is Gessen a conspiracy theorist because she “surmises that Tamerlan … participated” in the 2011 Waltham killings? That claim came from the FBI itself! The FBI says Ibragim Todashev was confessing to that fact when they killed him. And how is suggesting the bombs used at the Marathon (as distinct from those thrown in Watertown) could not have come directly from Inspire be a conspiracy theory when that is the testimony the defense elicited from FBI’s own bomb expert on cross examination?

Effectively, Janet Napolitano, whose agency rightly or wrongly received some of the criticism for failing to prevent this attack, completely ignores the questions about prevention and then dismisses questions that arise out of the government’s failure to prevent the attack as a conspiracy theory.

Napolitano’s choice to write (and NYT’s choice to publish) a critical review of a book pointing out problems with the narrative of the attack she herself has been pitching actually got me thinking: Imagine Robert Mueller writing such a review? Had he done so, the inappropriateness of it, the absurdity of deeming claims made by the FBI a conspiracy theory, and his own agency’s role in failing to prevent the attack would have been heightened. Not to mention, he likely would have had a hard time dismissing the real questions about the provenance of the bombs, given that his former agency claims not to know the answers to them. And that made me realize that having Napolitano write this review worked similarly to the way the prosecution’s parade of witnesses who hadn’t done the primary analysis on the evidence in the case did. It gave official voice to the chosen narrative, without ever exposing those who might be able to answer the still outstanding questions to question.

For what it’s worth, I have a few more questions about the attack that — like Cullen and Gessen — I regret will likely go unanswered. Or rather, perhaps another theory about the government’s implausible claim not to have IDed the brothers until they got DNA from Tamerlan on April 19th.

As I mentioned, no one wants to talk about why facial recognition didn’t work which — if true — ought to have led to congressional hearings and the defunding of the technology. The FBI wants you to believe that they couldn’t ID a guy they had had in a terrorist watchlist and extended immigration records on and Congress wants you to believe that would be acceptable performance for an expensive surveillance system.

I’ve also tracked the government’s odd use of GPS data in the trial. They used cell tower information based off the brothers’ known handsets (which they only got in smashed condition days later) to track their movement at the race. They used a series of GPS devices to track the purchases of the materials used in the attack and to track the brothers in the stolen Mercedes (though their claims about how they tracked the Mercedes still don’t add up). There’s something missing from this story, and I increasingly wonder whether it’s the use of a Stingray or similar device, which we know even local authorities use in the case of public events like protests or sporting events, which might have been able to pinpoint calls made between phones using the same “cell” at the race, and with it, pinpoint the phones we know were registered under the brothers’ real names.

So here’s my conspiracy theory, Janet Napolitano: Not only do I think claims Tamerlan was an informant ought to be at least assessed seriously (though I also think the Russians clearly are not telling us what they believed him to be, either), which might be one explanation for FBI’s dubious claims not to have IDed the brothers for over 3 days. But I also think the government pursued this case with an eye towards what intelligence they were willing to admit at trial — and we know they refuse to admit how sophisticated their use of Stingrays is, and we should assume they refuse to admit how well facial recognition technology works, either.

That is, in addition to the other real questions and possible explanations for the delay, I think it possible that the FBI had to create a manhunt so as to hide the tools that IDed the brothers far earlier than they let on.

Update: I meant to add that I think the timing of the recent Stingray releases to be curious. Basically, the dam holding back disclosures of the FBI’s secrecy on Stingrays burst on Wednesday, April 8, as the ACLU, Baltimore, and two other jurisdictions got Non-Disclosure Agreements on the same day, after the Tsarnaev case had gone to the jury. That’s as conveniently timed, it seems, as the April 3 release of the After Action report, which Massachusetts had held since December. Also remember that the government doesn’t have to disclose PRTT data to defendants unless it uses that evidence at trial (and has suggested it has PRTT data on other terrorist defendants that it doesn’t have to turn over). So if they did use a Stingray to ID the brothers at all, they would claim they didn’t have to disclose it, but wouldn’t want to make the capability too obvious until after the defense lost any opportunity to make a constitutional claim.

Dzhokhar’s Phones

According to an exhibit introduced in the Dzhokhar Tsarnaev trial, the government subpoenaed T-Mobile on April 19, 2013  for the subscriber information from the two pre-paid phones used by the brothers during the attack. T-Mobile (unsurprisingly) replied that same day. The government appears to have redacted the fax time stamp to hide what time that occurred. But at that point, they were only getting subscriber information based off the phone numbers from phones they may or may not have had in custody.

Tamerlan had gotten his phone immediately after returning from Russia, but Dzhokhar got his just the day before the attack. Presumably, Tamerlan’s phone would have been used regularly (though we don’t know that — unless I’m mistaken, the government never submitted a summary of his calls). In addition to three calls with his brother during the actual attack and one between the time Sean Collier was killed and the time Tamerlan hijacked the Mercedes (Dzhokhar also communicated with Tamerlan via Skype during this period), Dzhokhar contacted several other people using his phone.

The government claims (dubiously) that it did not identify the brothers until after Tamerlan was fingerprinted at the hospital, which would have happened sometime around 1:06AM on April 19.

In a hearing against Dzhokhar’s buddies from summer 2014, a prosecutor questioning FBI Agent John Walker tried to place this time closer to 6:50AM, though I think this is based on the public release of Dzhokar’s ID, not the identification of Tamerlan’s.

Q. And by 6:50 a.m. Friday morning, April 19th, had the suspected bombers in those photographs been identified?

Walker. By 6:50 a.m. the FBI was certainly aware of the identity of one of those persons, then deceased, and the FBI publicized the name of the second person in the photograph, colloquially referred to as “White Hat” or “Bomber Number Two.” But, yes, we had.

Q. And how was it that the FBI was able to identify the individuals in those photographs?

Walker. We identified the first individual based on a positive comparison of his known fingerprints. A fingerprint from the decedent was transmitted to our facility in West Virginia, the repository for fingerprints, and within moments we had a positive identification on that person.

From Walker’s description, though, it should have taken place “just moments” after they got his fingerprints, so closer to 1:06 AM than 6:50 AM.

I’m interested in this because of Walker’s description of how they obtained and responded to information on Dzhokhar’s previous phone, one of four phones tied to an AT&T Friends and Family account under his name but billed to the buddies’ address.

Walker seems to suggest that they found these phones by Dzhokhar’s name, not by phone number, and only then discovered that Azamat Tazhayakov had been in contact with Dzhokhar (though I don’t see that in the phone records submitted at trial). This means that by 10, they were doing significant call record analysis on the AT&T phones, regardless of what they were doing on the T-Mobile phones.

Q: On the morning of April 19th, had the FBI received any information about telephones subscribed to Tsarnaev?

Walker: We had. We knew that Tsarnaev, Dzhokhar Tsarnaev, subscribed to four telephones with AT&T, and that the address that he provided and the address to which his telephone bills were sent was 69 Carriage Drive, New Bedford, Massachusetts.

One of those phones was significant to us immediately, because the telephone showed enormous and continuing and temporally significant connectivity with the late Tamrelan Tsarnaev, including around the time of the bombings.

Almost as importantly for my work there that day, a second of the telephones again subscribed by Tsarnaev happened to show connectivity with Dzhokhar Tsarnaev a few hours before the bombings that Monday, April 15th. The other two phones showed little, if any, recent connectivity to either of the Tsarnaev brothers.

Q: Was there a belief at the FBI at the time that telephones, mobile phones, were used during the execution of the bombing attack?

Walker: Yes.

Q: So, based on that information, this telephone information that you had received, subscriber information, what did the FBI do next?

Walker: Well, we were naturally all week long very concerned with regard to phones, because, as I have mentioned, we suspected that phones were used in the general commission of the act of terrorism on the Monday. We were also interested in potentially exploiting intelligence from the phones to locate the fugitive Tsarnaev.

[snip]

I received a call from the FBI Command Post in Boston that about 20 minutes earlier — and the time I received it I thought about 10:40 a.m. — but about 20 minutes earlier that the second phone in question that I just mentioned had transmitted a message to Russia, and that message had bounced off a tower located about a mile from the campus at UMass Dartmouth.

So, I believed at the time that there was a stronger possibility that Tsarnaev may have actually eluded capture in Watertown and might be transmitting communications from down in the New Bedford/North Dartmouth area.

Q: Now, talking about this phone, were the last four digits 9049?

Walker: Yes.

Q: And did you subsequently learn that the phone was used by one of the defendants?

Walker: I did.

Q: And which defendant was that?

Walker: Mr. Tazhayahkov. [sic]

Q: And a moment ago you said approximately shortly after 10:00 a.m. that one of the phones had sent a text message or had some activity with Russia?

Walker: Yes.

Q: How far was that tower that it bounced off from the defendants’ apartment?

Walker. From the defendants’ apartment it was — and I know this because I mapped it out after the fact — but it’s approximately 900 meters.

Q: Now, what, if any, belief — sorry. Strike that. During the afternoon of April 19th, 2013, was the FBI able to determine the location of any of Tsarnaev’s phones, Dzhokhar Tsarnaev’s phones?

Walker: Yes.

Q: And can you tell us what was learned that afternoon about where that phone was located?

Walker: We learned that the phone ending or having the suffix 9049 was physically present within, because we could not see it on the outside, but within 69 Carriage Drive in New Bedford. It’s a two-story, four-apartment building amidst a larger complex of similarly constructed buildings.

Q: So, based on that information, the FBI believed that one of Tsarnaev’s phones was located in 69 Carriage Drive; is that what you said?

Walker: Yes.

I’m still trying to make sense of this — I have no conclusions about it. I’m mostly trying to understand whether discovery of these phones followed one from another or not, and what database they used to do the analysis. I think it most likely they used AT&T’s onsite response, which should have had both AT&T and T-Mobile records, probably without a formal subpoena. You would think they would have formally served a subpoena before using the AT&T account to raid the New Bedford apartment, but they certainly didn’t get a warrant.

Update: There’s one more detail I can’t make sense of. Walker said that Dzhokhar logged into UMass Dartmouth’s system at 6:19 AM.

I learned later, but not too much later, we received a report on campus from the campus technology infrastructure that at 6:19 a.m. on the morning of Friday, April 19, that Tsarnaev had logged onto the system on campus. While I was determining whether that logon was remote or was — would suggest that he was physically present on campus, I received a second report from campus authorities that he logged on and was thought to be physically present on campus at 6:21 a.m. that Friday.

He would have been hiding in the Slip Away by this point.

Tamerlan Tsarnaev Moved Inspire onto Dzhokhar’s Computer the Day He Left for Russia

Yesterday, the defense in the Dzhokhar Tsarnaev trial rested; closing arguments will be Monday. Dzhokhar’s defense consisted of just four witnesses, undermining the suggestions by the prosecution that he was just as steeped in jihadist propaganda as Tamerlan (see this post for part of a description).

As part of their efforts to do that, the defense showed, in far more detail, what the brothers had been doing online, and how the complete copies of Inspire magazine had gotten onto all their computers and when. (The defense exhibits are here, though this site is apparently being flagged as itself suspicious, at least by Twitter.) This document, for example, shows that Dzhokhar spent more time on Pornhub than he did on anything explicitly jihadist (though who knows what we was doing on Facebook and VKontakte, his most commonly accessed sites, by a very large margin). Several of the others show that the searches for explosives related materials took place on Tamerlan’s computer (though oddly, he already had some of those materials by that point).

And while I don’t think the defense laid this case out yesterday, it appears that Tamerlan loaded Inspire onto a thumb drive and then onto Dzhokhar’s computer the morning of January 21, 2012, just before he left for Russia.

This document shows that the Sony Vaio, which ultimately became Dzhokhar’s computer, was loaded with Windows in early 2011. Then came the HP that was in a room in Cambridge that fall. And finally came the Samsung loaded with Windows December 21, 2011, not long before Tamerlan would go to Russia. This document shows CompleteInspire being created on the Samsung that day, December 21, 2011. This document appears to show someone inserting a thumb drive into the Samsung at 6:22 AM on January 21, 2012, moving a copy of Inspire onto it, and then moving copies of those onto the Sony.

This CBP record shows his departure that day on Aeroflot flight 316, which at least currently departs at 8:05PM.

It’s not clear what to make of this — though it does make clear that Dzhokhar, at least, would have avoided any upstream searches on Inspire because it got placed on his computer view thumb drive, not download. It also doesn’t prove that Dzhokhar wasn’t reading Inspire by that point — as far as I understand it, the Sony was his computer by that point. But I find the timing — that the first thing Tamerlan did the morning he left for Russia was to make sure all the laptops had a copy of Inspire on them — rather curious.

One more note: something else introduced in the last days also showed a Russian version of Inspire.

Also, from the exhibits, it’s not really clear whether these files were found on the computer or deleted in unallocated space. There was a second copy of CompleteInspire loaded onto the Samsung in August 2012, after Tamerlan returned from Russia. So it’s possible that what we’re seeing is Tamerlan moving Inspire onto his brother’s computer, deleting it on his own for border crossings, and then reloading it on his own after his return.

That said, if he didn’t delete that copy of Inspire the morning he left for Russia, if CBP done a perfectly legal device search on Tamerlan’s computer at JFK that evening, they might have seen that he was flying with a full copy of Inspire on his device (though remember, this computer, unlike the Sony, was encrypted). Which, if it were the case, would make CBP’s failure to do so all the more damning.

Report: FBI Needs to Hunt “Space-System Intruders” Better

I’m reading through the report released yesterday that basically says FBI needs to do more spying and analysis.

On top of some observations on the substance of the report (to come), I think it was poorly edited, with some fairly humorous results.

Which is what I attribute the mention of “space-system intruders” in the following passage to:

The Review Commission recognizes that national security threats to the United States have multiplied, and become increasingly complex and more globally dispersed in the past decade. Hostile states and transnational networks—including cyber hackers and organized syndicates, space-system intruders, WMD proliferators, narcotics and human traffickers, and other organized criminals—are operating against American interests across national borders, and within the United States. [my emphasis]

I have no clue what FBI actually meant by this transnational threat, the “space-system intruder.” Maybe we really are, still, fighting UFOs, only this time launched by al Qaeda? Maybe we’re having a fight over the satellite-sphere, and not just with other nation-states? Maybe this is just an awkward phrase for territorial insurgents?

Whatever it is, I hope this incautious mention elicits some good conspiracy sci-fi.

Update: Charlie Savage tweets that it is “threat of hacking satellites with systemic consequences (GPS, communications).”

The $450 an Hour Terror Industry Echo Chamber

Screen Shot 2015-03-24 at 10.00.22 AMMatthew Levitt, a prominent figure in the Terror Industry, has been testifying in the Dzhokhar Tsarnaev trial. He’s one of a number of noted figures who gets presented as experts at trials who doesn’t speak Arabic, who hasn’t bothered to learn Arabic over the course of years of this work.

Yesterday, Levitt spent several hours explaining how the explanation Dzhokhar wrote on a boat in Watertown had to have come from Anwar al-Awlaki’s propaganda.

Just before Levitt testified yesterday, he RTed an article describing him as the expert that would testify at Dzhokhar’s trial. As soon as he got done, he RTed several more articles about his own testimony, describing himself as an “expert” “decoding” the boat. And then, for good measure, he RTed a livetweet from his own testimony.

Today, on cross, it became clear the Awlaki propaganda on Dzhokhar’s computer was all Levitt got from prosectors. He didn’t know how long it had been on Dzhokhar’s computer. Nor did he know what else Dzhokhar has read. He also doesn’t know much about Chechnya, except in the context of Jihad. And though Levitt testified yesterday that there always must be a “radicalizer,” he did not know, nor was he asked, to identify the “radicalizer” in Dzhokhar’s life.

Levitt also did not, apparently, recognize some of what Dzhokhar had written as the boat as having come from the Quran.

He did, however, reveal that he gets paid $450 an hour to do this work.

When called on his RTing of his own testimony by the defense, Levitt admitted he “should have been wiser” about having done so.

I wonder, though, if Levitt was worried that the mystique of his expertise might not hold up if he didn’t constantly reinforce it with his own echo chamber?

CISA’s Terrorists Are Not Just Foreign Terrorists

In addition to hunting hackers, the Cybersecurity Information Security Act — the bill that just passed the Senate Intelligence Committee — collects information domestically to target terrorists if those so-called terrorists can be said to be hacking or otherwise doing damage to property.

Significantly, as written, the bill doesn’t limit itself to targeting terrorists with an international tie. That’s important, because it essentially authorizes intelligence collection domestically with no court review. Thus, the bill seems to be — at least in part — a way around Keith, the 1971 ruling that prohibited domestic security spying without a warrant.

It takes reading the bill closely to understand that, though.

The surveillance or counterhacking of a “terrorist” is permitted in three places in the bill. In the first of those, one might interpret the bill to associate the word “foreign” used earlier in the clause with the word terrorist. That clause authorizes the disclosure of cyber threat indicators for “(iii) the purpose of identifying a cybersecurity threat involving the use of an information system by a foreign adversary or terrorist.”

But the very next clause authorizes information sharing to mitigate “a terrorist act,” with no modifier “foreign” in sight. It authorizes information sharing for “(iv) the purpose of responding to, or otherwise preventing or mitigating, an imminent threat of death, serious bodily harm, or serious economic harm, including a terrorist act or a use of a weapon of mass destruction;”

And the last mention of terrorists — reserving the authority of the Secretary of Defense to conduct cyberattacks in response to malicious cyber activity — includes the article “a” that makes it clear the earlier use of “foreign” doesn’t apply to “terrorist organization” in this usage.

(m) AUTHORITY OF SECRETARY OF DEFENSE TO RESPOND TO CYBER ATTACKS.—Nothing in this Act shall be construed to limit the authority of the Secretary of Defense to develop, prepare, coordinate, or, when authorized by the President to do so, conduct a military cyber operation in response to a malicious cyber activity carried out against the United States or a United States person by a foreign government or an organization sponsored by a foreign government or a terrorist organization.

Frankly, I’m of the belief that the distinction that has by and large applied for the last 14 years of spying betrays the problem with our dragnet targeted on Muslims. America in general seems perfectly willing to treat some deaths — even 168 deaths — perpetrated by terrorists as criminal attacks so long as they are white Christian terrorists. If white Christian terrorists can be managed as the significant law enforcement problem they are without a dragnet, then so, probably, can FBI handle the losers it entraps in dragnets and then stings.

But here, that distinction has either apparently been scrapped or Richard Burr’s staffers are just bad at drafting surveillance bills. It appears that whatever anyone wants to call a terrorist — whether it be Animal Rights activists, Occupy Wall Street members, Sovereign Citizen members, or losers who started following ISIL on Twitter — appears to be fair game. Which is particularly troubling given that CISA makes explicit what NSA used to accomplish only in secret — the expansion of “imminent threat of death or serious bodily harm” to incorporate harm to property. How much harm to a movie studio or some other IP owner does it take before someone is branded a “terrorist” engaged in the “act” of doing “serious economic harm,” I wonder?

Note, too, that according to OTI’s redlined version of this bill, most of the application of this surveillance to foreign and domestic terrorists is new, added even as SSCI dawdles in the face of imminent Section 215 sunset.

As I’ll show in a later post, one function of this bill may be to move production that currently undergoes or might undergo FISC  or other court scrutiny out from under a second branch of government, making a mockery out of what used to be called minimization procedures. If that’s right, it would also have the effect of avoiding court scrutiny on just whether this surveillance — renamed “information sharing” — complies with Supreme Court prohibition on warrantless spying on those considered domestic security threats.

The Unopened Torture Report and Trusting CIA on Other Covert Operations

Yesterday, Pat Leahy issued a Sunshine Week statement criticizing Richard Burr for attempting to reclaim all copies of the Torture Report, but also complaining that State and DOJ haven’t opened their copy of the Torture Report.

I also was appalled to learn that several of the agencies that received the full report in December have not yet opened it.  In a Freedom of Information Act (FOIA) lawsuit seeking release of the full report, Justice Department and State Department officials submitted declarations stating that their copies remain locked away in unopened, sealed envelopes.  I do not know if this was done to attempt to bolster the government’s position in the FOIA lawsuit, or to otherwise avoid Federal records laws.  I certainly hope not.  Regardless of the motivation, it was a mistake and needs to be rectified.

The executive summary of the torture report makes clear that both the State Department and the Justice Department have much to learn from the history of the CIA’s torture program.  Both agencies were misled by the CIA about the program.  Both should consider systemic changes in how they deal with covert actions.  Yet neither agency has bothered to open the final, full version of the report, or apparently even those sections most relevant to them.

Today, Ron Wyden issued a Sunshine Week release linking back to a February 3 letter Eric Holder is still ignoring.  The letter — which I wrote about here — addresses 4 things: 1) the unclear limits on the President’s ability to kill Americans outside of war zones 2) the common commercial service agreement OLC opinion that should be withdrawn 3) some action the Executive took that Wyden and Russ Feingold wrote Holder and Hillary about in late 2010 and 4) DOJ’s failure to even open the Torture Report. Wyden’s statement, lumps all these under “secret law.”

U.S. Senator Ron Wyden, D-Ore., renewed his call for Attorney General Eric Holder to answer crucial questions on everything from when the government believes it has the right to kill an American to secret interpretations of law. The Justice Department has ignored these questions or declined to answer them, in some cases for years.

[snip]

“It is never acceptable to keep the basic interpretations of U.S. law secret from the American people. It doesn’t make our country safer, and erodes the public’s confidence in the government and intelligence agencies in particular,” Wyden said. “While it is appropriate to keep sources, methods and operations secret, the law should never be a mystery. Sunshine Week is the perfect time for the Justice Department to pull back the curtains and let the light in on how our government interprets the law.”

This may be secret law.

But I find it interesting that both Wyden’s letter and Leahy’s statement tie covert operations to the lessons from the Torture Report.

There are many reasons DOJ (and FBI) are probably refusing to open the Torture Report. The most obvious — the one everyone is pointing to — is that by not opening it, these Agencies keep it safe from the snooping FOIAs of the ACLU and Jason Leopold.

But the other reason DOJ and FBI might want to keep this report sealed is what it says about the reliability of the CIA.

The CIA lied repeatedly to DOJ, FBI, and FBI Director Jim Comey (when he was Deputy Attorney General) specifically. Specifically, they lied to protect the conduct of what was structured as a covert operation, CIA breaking the law at the behest of the President.

Of course, both DOJ generally and FBI specifically continue to partner with CIA as if nothing has gone on, as if the spooks retain the credibility they had back in 2001, as if they should retain that credibility. (I’m particularly interested in the way FBI participated in the killing of Anwar al-Awlaki, perhaps relying on CIA’s claims there, too, but it goes well beyond that.)

That’s understandable, to a point. If DOJ and the FBI are going to continue pursuing (especially) terrorists with CIA, they need to be able to trust them, to trust they’re not being lied to about, potentially, everything.

Except that ignores the lesson of the Torture Report, which is that CIA will lie about anything to get DOJ to rubber stamp criminal behavior.

No wonder DOJ and FBI aren’t opening that report.

1 2 3 88
Emptywheel Twitterverse
bmaz @PogoWasRight @marciahofmann @BillMcGev Good luck with that.
4mreplyretweetfavorite
emptywheel RT @RickDeVos: HBO or Netflix: Please make a high quality period serialization of The Count of Monte Cristo.
1hreplyretweetfavorite
JimWhiteGNV RT @GatorZoneBB: #Gators (29-10/10-6) take series opener over Bulldogs - 6-3 - Logan Shore (6-2) complete game, Josh Tobias 4 RBI, Dalton G…
1hreplyretweetfavorite
bmaz @bob_riehle @azcentral Apparently there is another installment coming next wednesday. Abbey was a really interesting guy.
1hreplyretweetfavorite
bmaz Burying Edward Abbey: The last act of defiance http://t.co/Jo3XDPQw80 via @azcentral This is outstanding.
2hreplyretweetfavorite
bmaz @adambonin We have excellent nominating commission system here http://t.co/20vJgGCbQy So, of course, crazy GOP legislature trying to kill it
2hreplyretweetfavorite
bmaz @adambonin Awfully tacky.
2hreplyretweetfavorite
emptywheel @B_D_Silver I live in a fairly young neighborhood. So probably a lot of that too.
2hreplyretweetfavorite
bmaz @adambonin DON'T STOP BELIEVING ADAM!
2hreplyretweetfavorite
emptywheel Almost feel like it's a national holiday, so many people are sitting on their shtoops or strolling the 'hood tonight. "National Spring Day"
3hreplyretweetfavorite
emptywheel @HuntingBigfoot Not minimizing the injuries or explaining the cause. Point it is WASN'T cyber.
3hreplyretweetfavorite
April 2015
S M T W T F S
« Mar    
 1234
567891011
12131415161718
19202122232425
2627282930