August 19, 2022 / by 


That Pirate May Be the Missing Link We Should Drone Kill

As I mocked last night, 60 Minutes decided to use pirate data collected under EO 12333 to demonstrate how it conducts call chaining on US citizen data collected under Section 215. But the exchange is rather interesting for the way the NSA analyst, Stephen Benitez, describes finding a potentially key player in a network of pirates.

Metadata has become one of the most important tools in the NSA’s arsenal. Metadata is the digital information on the number dialed, the time and date, and the frequency of the calls.  We wanted to see how metadata was used at the NSA.  Analyst Stephen Benitez showed us a technique known as “call chaining” used to develop targets for electronic surveillance in a pirate network based in Somalia.

Stephen Benitez: As you see here, I’m only allowed to chain on anything that I’ve been trained on and that I have access to. Add our known pirate. And we chain him out.

John Miller: Chain him out, for the audience, means what?

Stephen Benitez: People he’s been in contact to for those 18 days.

Stephen Benitez: One that stands out to me first would be this one here. He’s communicated with our target 12 times.

Stephen Benitez: Now we’re looking at Target B’s contacts.

John Miller: So he’s talking to three or four known pirates?

Stephen Benitez: Correct. These three here. We have direct connection to both Target A and Target B. So we’ll look at him, too, we’ll chain him out. And you see, he’s in communication with lots of known pirates. He might be the missing link that tells us everything. [my emphasis]

Compare the language Benitez uses here with that which Gregory McNeal used to describe drone targeting back in February.

Networked based analysis looks at terrorist groups as nodes connected by links, and assesses how components of that terrorist network operate together and independently of one another.  Those nodes and links, once identified will be targeted with the goal of disrupting and degrading their functionality.  To effectively pursue a network based approach, bureaucrats rely in part on what is known as “pattern of life analysis” which involves connecting the relationships between places and people by tracking their patterns of life. This analysis draws on the interrelationships among groups “to determine the degree and points of their interdependence.” It assesses how activities are linked and looks to “determine the most effective way to influence or affect the enemy system.”


Viewing targeting in this way demonstrates how seemingly low level individuals such as couriers and other “middle-men” in decentralized networks such as al Qaeda are oftentimes critical to the successful functioning of the enemy organization. Targeting these individuals can “destabilize clandestine networks by compromising large sections of the organization, distancing operatives from direct guidance, and impeding organizational communication and function.” Moreover, because clandestine networks rely on social relationships to manage the trade-off between maintaining secrecy and security, attacking key nodes can have a detrimental impact on the enemy’s ability to conduct their operations. [my emphasis]

That is, the language describing the process behind signature strikes closely matches the language describing NSA’s targeting for wiretapping. Both these analyses are doing the same thing: trying to find the key nodes in networks of people (though the drone targeting appears to draw in additional intelligence about someone’s observed actions and locations).

Now, as I said, when Benitez used the word “target,” he was presumably discussing only targeting for surveillance, not for drone killing (besides, thus far we haven’t drone killed any pirates I know of).

But it is very easy to see what kind of role metadata analysis would play in the early stages of targeting a signature strike, because that’s precisely how the intelligence community identify the nodes that, McNeal tells us, they’re often targeting when they conduct signature strikes. Wiretap the person at that node and you may learn a lot (that’s also probably the same kind of targeting they do to select potential informants, as we know they do with metadata), kill that person and you may damage the operational capabilities of a terrorist (or pirate) organization.

When the WaPo reported on NSA’s role in drone killing, it focused on how NSA collected content associated with a known target — Hassan Ghul — to pinpoint his location for drone targeting.

But NSA probably plays a role in the far more controversial targeting of people we don’t know for death, with precisely the kind of contact chaining it uses on US persons.

Note, in related news, Richard Leon has just ruled for Larry Klayman in one of the first suits challenging the phone dragnet (with the injunction stayed pending appeal). I’ll have analysis on that later.

DOJ’s IG Hints at Concerns about Back Door Search Issues

In addition to focusing on whether the classification of past IG Reports will limit what he can release about the Section 215 dragnet and Section 702 content collection, DOJ Inspector General Michael Horowitz laid out one more significant civil liberties concern related to national security investigations.

Additional concerns about civil rights and liberties are likely to arise in the future. For example, significant public attention has been paid to programs authorizing the acquisition of national security information, but relatively less has been paid to the storing, handling, and use of that information. Yet after information has been lawfully collected for one investigation, crucial questions arise about whether and how that information may be stored, shared, and used in support of subsequent investigations. Similar questions arise about the impact on civil rights and liberties of conducting electronic searches of national security information and about whether and how information obtained in a national security context can be used for criminal law enforcement. As the Department continues to acquire, store, and use national security information, these issues will arise more and more frequently, and the Department must ensure that civil rights and liberties are not transgressed.

I don’t guarantee this is a reference to back door searches.

But we know that FBI has been permitted to conduct searches on content collected under traditional FISA or FISA Amendments Act since at least 2008. We know that the Intelligence Community does not believe it needs even Reasonable Articulable Suspicion — of a national security concern or of a crime — to search this data. And in the past, DOJ has argued it can use FISA-collected information to find things like evidence of rape to use to coerce people to turn informant.

So I’m going to wildarseguess that at least part of what Horowitz alludes to here pertains to whether DOJ can search this incidentally collected information in support of criminal investigations. That would of course violate the spirit of every wiretap law in the country, but given the government’s past interpretations of what the elimination of the wall between NSA and FBI means and their claims they don’t need RAS to search these databases, it is a real possibility that’s what they doing (though they may be claiming that the crimes in question are “related” to the national security claims — things like money laundering and drug sales and so forth).

I’m also interested in Horowitz’ allusion to “national security information.” Does this go beyond content? Is he worried about the use of bulk-collected data in criminal investigations?

OK, now he’s got me worried.

But note what he doesn’t say: that he’s investigating this.

Further Implications of UndieBomb II Leaker Guilty Plea

As you have likely heard by now, a former FBI agent has agreed to plead guilty to leaking material about the second underwear bomb attempt to reporters in May of 2012. Charlie Savage of the New York Times has the primary rundown:

A former Federal Bureau of Investigation agent has agreed to plead guilty to leaking classified information to The Associated Press about a foiled bomb plot in Yemen last year, the Justice Department announced on Monday. Federal investigators said they identified him after obtaining phone logs of Associated Press reporters.

The retired agent, a former bomb technician named Donald Sachtleben, has agreed to serve 43 months in prison, the Justice Department said. The case brings to eight the number of leak-related prosecutions brought under President Obama’s administration; under all previous presidents, there were three such cases.

“This prosecution demonstrates our deep resolve to hold accountable anyone who would violate their solemn duty to protect our nation’s secrets and to prevent future, potentially devastating leaks by those who would wantonly ignore their obligations to safeguard classified information,” said Ronald C. Machen Jr., the United States attorney for the District of Columbia, who was assigned to lead the investigation by Attorney General Eric H. Holder Jr.

In a twist, Mr. Sachtleben, 55, of Carmel, Ind., was already the subject of a separate F.B.I. investigation for distributing child pornography, and has separately agreed to plead guilty in that matter and serve 97 months. His total sentence for both sets of offenses, should the plea deal be accepted by a judge, is 140 months.

Here is the DOJ Press Release on the case.

Here is the information filed in SDIN (Southern District of Indiana). And here is the factual basis for the guilty plea on the child porn charges Sachtleben is also pleading guilty to.

So Sachtleben is the leaker, he’s going to plead guilty and this all has a nice beautiful bow on it! Yay! Except that there are several troubling issues presented by all this tidy wonderful case wrap up.

First off, the information on the leak charges refers only to “Reporter A”, “Reporter A’s news organization” and “another reporter from Reporter A’s news organization”. Now while the DOJ may be coy about the identities, it has long been clear that the “news organization” is the AP and “Reporter A” and “another reporter” are AP national security reporters Matt Apuzzo and Adam Goldman (I’d hazard a guess probably in that order) and the subject article for the leak is this AP report from May 7, 2012.

What is notable about who the reporters are, and which story is involved, is that this is the exact matter that was the subject of the infamous AP phone records subpoenas that were incredibly broad – over 20 business and personal phone lines. These subpoenas, along with those in the US v. Steven Kim case collected against James Rosen and Fox News, caused a major uproar about the sanctity of First Amendment press and government intrusion thereon.

The issue here is that Attorney General Eric Holder and the DOJ, as a result of the uproar over the AP and Fox News discovery abuse, grudgingly announced new guidelines in a glossy six page document released on July 12, 2013 to much fanfare. The DOJ promised to, in the future:

…utilize such tools only as a last resort, after all reasonable alternative investigative steps have been taken, and when the information sought is essential to a successful investigation or prosecution.

However the sentiment so proudly expressed by DOJ in July seems more than a little faint with the emphasis they placed yesterday on only being able to solve the UndieBomber II leak case because:

Sachtleben was identified as a suspect in the case of this unauthorized disclosure only after toll records for phone numbers related to the reporter were obtained through a subpoena and compared to other evidence collected during the leak investigation.

Hard to see how such pointed braggadocio is not a not so subtle notice that DOJ considers anything they deem a “national security” related leak, which is about everything to the Obama Administration, to be fair game for investigation and discovery of reporters and news organizations, both on a business and personal level, as was done here with respect to Apuzzo, Goldman and the AP. Once again, the Obama Administration PR show belies what it is doing, and will do in practice.

The second thing of note about yesterday’s announcement is that it has all the markings of finality, and I am informed that indeed such is the case and no further charges are forthcoming. Now, as to Sachtleben, that is fair; the government has him cold through phone and email records, travel records and his admission of guilt in a signed information where he flat out said he was no whistleblower by admitting that he:

did not believe that he was exposing government waste, fraud, abuse, or any other kind of government malfeasance or misfeasance.

So Sachtleben is cooked, and that is all well and good. But if this is all over, what about the “other” leak that was part of the mid May 2012 leakfest, i.e. the one that really was a dangerous affront to operational security concerns. You know, the one where the Saudi agent (double agent?) who acquired UndieBomb II was burned.

The Saudi agent story was not part of Apuzzo and Goldman’s original reporting and was by all appearances first broken by ABC and Richard Clarke after participating in a background phone call by, who else, John Brennan, and then LA Times, CNN, NYT and a host of others in succession picked up the ball and ran with it. It is unclear whether AP had the story too and, if so, whether any part of it came from Sachtleben. There is no mention of the Saudi agent, the story of his work, possible involvement in the al-Quso drone strike, or any indication that Sachtleben could have garnered that information, contained in the DOJ press release and criminal information.

In fact, the reports on the Saudi agent consistently referred to what appears to be a Saudi official as a leaker, but with confirmations, which themselves are clear leaks, from multiple Obama Administration officials. One of said officials clearly leaking what was still classified information was none other than John Brennan. The leaker who was subsequently installed as head of the CIA. One leaker gets prison, and the other gets a promotion to CIA director. But that is how the Obama Administration hypocritically rolls.

So, what of the Obama Administration officials chattering to the press, both in the first instance, and as confirmation sources regarding UndieBomb II plot and the Saudi operation? What about the Saudi leaker? For that matter, what about the government sources that confirmed the AP information from Sachtleben? What about the sources, some clearly Administration based, for the CNN, LA Times and ABC reports? While many of them are undoubtedly the same individuals, all of those seem to be swept under the rug by Sachtleben’s plea, even though he is obviously but one part of the equation. And by all appearances, Sachtleben is far from the most damaging part.

In fairness, Josh Gerstein relates this:

The court papers in Sachtleben’s case don’t describe precisely what damage his leak caused, nor do they make any reference to an informant or double agent being endangered. However, a U.S. official said prosecutors haven’t put all the details in the public documents in order to avoid compounding the damage.

That is a pretty vague and unsatisfactory answer to the pertinent questions. The damage is already done, Brennan and others did part of it and answers better than just the Sachtleben wrap are due.

Next, there is the issue of the “investigative” work the DOJ is so proud of in its press release and criminal complaint on Sachtleben. Remember, DOJ collected on 20 different phone lines alone including multiple AP bureau offices, and business, home and cell numbers of AP reporters. That is pretty much the main backbone for AP governmental and national security reportage. Add in the additional collection on their email and text records.

The full scope of the collection is delineated in paragraphs 5, 8, 9, 11, 13 and 14 of the criminal information. And the phone and email collection was not just metadata, but as the above described paragraphs make clear, full content too. Since these subpoenas were after the fact, that means the vaunted NSA storage database was likely used. How many “hops” were made off of the AP lines? (Remember, 3 hops off of one person making 40 calls can be 2.5 million people).

Frankly one hop off the lot of the AP phones could yield a massive number of targets, and the most precious ones to First Amendment journalism. This post is long enough without going into specifics of the surveillance implications from the collection on the AP and its top reporters, but suffice it to say the implications to, and chilling effect on, governmental and national security reportage is immense.

Lastly, there is the presumptive regularity that must be given to the stated timing of the national security prong of the case against Sachtleben vis a vis the child porn prong. But take a look at the end of Charlie Savage’s report in the NYT:

As it turns out, the contractor was about to take a trip to Quantico. On May 2, he visited the lab where the underwear device was being examined, it said, and soon called the reporter.

Two and a half hours later, the court filing said, two A.P. reporters began calling government officials saying they knew that the United States government had intercepted a bomb from Yemen and that the F.B.I. was analyzing it.

The next day, May 3, 2012, law enforcement agents in Indiana, working on an unrelated case involving the distribution of child pornography on the Internet, obtained a search warrant for Mr. Sachtleben’s house, court filings show. They seized his computers on May 11.

Once again, very convenient how it all came together. I am sure it all happened legitimately like the government claims, but it certainly would be a lot easier to bite off on fully if the government’s propensity for “parallel construction” of cases were not known (and, no, it is not only the DEA who uses the technique).

The above are but some of the key questions and implications arising from yesterday’s announcement by the DOJ of the wrapping up of the UndieBomb II investigation by the charging of Donald Sachtleben. It is a convenient end for the government, but a rather unsatisfying one for the intelligence of the public.

The Bipartisan Effort to Keep Robert Mueller on at FBI Starts

I’m watching the Senate Intelligence Committee’s hearing on Global Threats.

And I’m a bit alarmed that both Dianne Feinstein and Saxby Chambliss used their statements to suggest Robert Mueller should stay beyond the end of his already-extended term this year.

DiFi said,  “unless Congress intervenes again, this threats hearing will be the last one for Robert Mueller” and then looked at him and said, “it could happen.”

Then Saxby repeated that line, saying he would shortly approach Mueller to ask him to stay on again.

Before his statement, James Clapper also nodded to Mueller, noting he has served as Director for 12 years.

We have terms for FBI Director for good reason. Not just to prevent the rise of another J Edgar Hoover, one person with an empire over the secret information collection in the US. But also to bring a fresh approach to such things as our manufacturing of “terrorists.”


Imagine How Future Parents Will Respond to Concerns about Their Son’s Radicalization

While it’s hard to tell from the reporting, it appears that the government tried to claim last week that it wasn’t Mohamed Osman Mohamud’s First Amendment protected but hateful speech that triggered their investigation and entrapment of the teenager, but was instead the subsequent warning Mohamud’s father gave the FBI about his radicalization.

Agents in Charlotte, N.C., picked up on Mohamud’s name in early 2009 while intercepting email traffic of then-U.S. based al-Qaida propagandist Samir Khan.

That August, FBI Special Agent Isaac DeLong was assigned to interview Mohamud’s father, Osman Barre, who feared Muslim extremists were radicalizing his son. Barre had read about Somali youths from Minnesota who were heading overseas to fight, and he worried his own son was trying to fly to Yemen to fight against the West, DeLong testified.

Barre agreed to speak to Mohamud and try to make sure he wouldn’t fly overseas. He took his son’s passport and reported back to the FBI that they had a chat.

Taking that as true (I don’t necessarily believe it, particularly given Hesham Abu Zubaydah’s claim the FBI had him tracking Mohamud even earlier than that), consider the message his father’s testimony now sends to Muslim families worried about their sons getting radicalized. (h/t Teddy, who is far more reliable at this point that Google’s increasingly useless alert system)

[Mohamud’s father] Osman Barre, meanwhile, had phoned the FBI. He told agents that brainwashed Somali kids were flying overseas, and he wanted the bureau’s help. He wanted agents to prevent his boy from getting on a plane.

The agents instead asked him questions about terrorism, which struck a nerve. Osman Barre told the agents he had nothing to hide and that he was grateful to have been given refuge in the U.S. after fleeing the civil war in Somalia.

“Even I say God bless America,” Barre told jurors.


Mohamud told his parents he wanted to study at a mosque in Yemen, Osman Barre recalled, and he showed his dad an email about a school there that would teach him Arabic.

The Barres kept talking to their son until he agreed to stay in school. There would be time to study Arabic overseas when he was a grown man, Osman Barre said. He recalled telling his son, “I brought you here to give you a life of prosperity.”

The email Mohamud showed his dad that day was from a Saudi Arabian that he had met at a Portland mosque. Neither Osman nor Mariam Barre knew that the FBI suspected the writer of that email — now identified as Amro Alali — was an al-Qaida recruiter.

FBI agents didn’t share with the Barres that they suspected Mohamud was involved with dangerous extremists, Osman Barre said. Had he been told, he would have reached out to their tight-knit community for help and gotten counseling for their impressionable son.

Barre did exactly what the FBI would hope a father would do: alert the FBI. But rather than helping the father prevent his son from being sucked in, instead the FBI (it claims) used the father’s call as the predicate to suck Mohamud further in, even while they admitted repeatedly he was floundering.

Set aside Mohamud’s guilt or innocence. The message the FBI has sent with its treatment of Mohamud is if family members alert law enforcement to concerns about radicalization, the FBI will then use it as an excuse to entrap their family member.

Just about the least productive thing to do if you want to capture actual threats.

The Disposition of Informants and Citizens

A lot of the commentary about Craig Whitlock’s Tuesday article on three alleged al Shabaab members rendered to the US focused on whether he accurately described this rendition–to a law enforcement proceeding and not, as happened under Bush, to a black site–or not.

But I was more interested in whether the treatment of these three–Swedish citizens Ali Yasin Ahmed and Mohamed Yusuf and Madhi Hashi, a Somali who was raised in the UK, got citizenship there when he was 14, only to have it stripped shortly before he was detained–was indicative of the so-called disposition matrix first reported back in October then reportedly put on hold after Obama beat Mitt.

Consider the timing of both series of events. Hashi was stripped of his British citizenship in June. Shortly thereafter he disappeared from his home in Mogadishu. All three men were in detention in Djibouti by August. On October 18–five days before the first reporting on the disposition matrix–a grand jury returned a sealed indictment against the three. On November 14–conveniently after the election–the US government officially took custody of the men, thereby violating the intent of last year’s NDAA by bringing foreigners onto US soil. And on December 21, while most people were distracted by holidays and fiscal cliffs, the men were arraigned in the Eastern District (curiously, not the Southern District) of New York.

All of which took place as hints of this disposition matrix–an effort to map out contingencies for alleged extremists in a range of different positions–were reported.

“We had a disposition problem,” said a former U.S. counterterrorism official involved in developing the matrix.

The database is meant to map out contingencies, creating an operational menu that spells out each agency’s role in case a suspect surfaces in an unexpected spot. “If he’s in Saudi Arabia, pick up with the Saudis,” the former official said. “If traveling overseas to al-Shabaab [in Somalia] we can pick him up by ship. If in Yemen, kill or have the Yemenis pick him up.”

In other words, the rendition of these three men–in addition to whatever else it was, and I think the case that it was a legitimate use of US law enforcement is thus far weak, though still preferable to a drone strike against the three–seems like a test drive of this disposition process.

Which is why I find it so interesting that two wired up commentators like Daniel Byman and Benjamin Wittes have rolled out what they represent to be the flow chart–they even call it the disposition matrix–the Obama Administration uses if it believes you’re a terrorist.

Because that flow chart is not just incomplete, but factually wrong on several points.

Take step 11, which asks whether a person overseas is an operational leader or not.

Propagandists, to some degree, are also protected under U.S. law. Glorifying jihad and saying that Americans fighting in Iraq and Afghanistan, or even living ordinary lives stateside, deserve death, is not in itself a crime. So even Anwar al-Awlaki, who inspired Americans and Western Muslims in general to take up jihad, was not aggressively targeted until he was linked to attacks on U.S. airlines and aviation targets in the United Kingdom — thus going from “propagandist” to “operator.” Non-operational figures abroad — however dangerous — will tend to be tolerated to the extent they cannot be captured.

The claim that Awlaki was “not aggressively targeted until he was linked to attacks on U.S. airlines” is false. JSOC targeted him the day before the Intelligence Community first started tying him to operations.

But the case of these three men also illustrates the grey areas of this matrix. Presumably, their path would go:

1. Where is the suspect located? Abroad.

3. Is he coming [back to] the US? No. [As far as we know, none were ever in the US]

5. Can a reliable government arrest him? Yes.

6. Will the ally transfer him to the US? Yes.

2. Arrest, indict, prosecute.

As a threshold matter, what happened before this matrix–at least for Hashi–is that the suspect was returning to the UK when his “disposition” process started. As far back as April 2009, MI5 was blackmailing Hashi and his friends to turn informants.

Five Muslim community workers have accused MI5 of waging a campaign of blackmail and harassment in an attempt to recruit them as informants.

The men claim they were given a choice of working for the Security Service or face detention and harassment in the UK and overseas.


Madhi Hashi, a 19-year-old care worker from Camden, claims he was held for 16 hours in a cell in Djibouti airport on the orders of MI5. He alleges that when he was returned to the UK on 9 April this year he was met by an MI5 agent who told him his terror suspect status would remain until he agreed to work for the Security Service. He alleges that he was to be given the job of informing on his friends by encouraging them to talk about jihad.

After that he returned to Somalia and married. In June, he was stripped of his citizenship, and then disappeared even before he could have appealed the decision.

In June 2012, a letter delivered to Hashi’s family home in London informed him that the home secretary Theresa May had decided to strip him of his British citizenship, claiming he had been ‘involved in Islamist extremism’.

The letter added that he had four weeks to appeal, but he disappeared before he was able to act.

A man later contacted his family in Somalia claiming he had been held alongside Hashi in a Djibouti jail.

Mahdi’s father Mohamed Hashi told the Bureau: ‘He said [Hashi] was fingerprinted and his DNA was taken, and they found out that he was a British citizen and contacted the British consulate – but the British said sorry, we took his citizenship away from him and we can’t help him.’

And somewhere along the line, Hashi got transferred from Somalia (does that count as a reliable government?) to Djibouti, which has largely become an appendix to the US base there.

Then Hashi sat in Djibouti for up to four months, undergoing who knows what kind of interrogations and under whose authorities. That grey zone interrogation curiously doesn’t show up on Byman and Wittes’ matrix, though such extended interrogations leading to US prosecutions are becoming more and more frequent.

Finally, note the US focus of the matrix: US presence, “return to” US, US prosecution.

In this case, all for crimes connected with a group with which we’re not at war (though we have declared it a terrorist organization). (In his piece on renditions, Whitlock correctly points to Ahmed Warsame as a direct precedent, but in that case Warsame was conspiring with AQAP, against which we are at war.)

The indictments, too, are interesting. Not only do both the October indictment and the November superseding indictment obscure the timeline involved by stating only the alleged crimes occurred from 2008 (before the Brits started harassing Hashi) until 2012 (when he was detained). But the superseding indictment adds the weaker charge of conspiracy to commit material support, suggesting some concern about the strength of the material support charge itself. In press releases but not the indictments, the government claims the men were training at a suicide bomber camp, but even after having Djibouti detain Hashi for 5 months and then detaining him secretly here for a month, they apparently don’t tie any charge to that alleged suicide bomb training.

Given the timing of all this, I wonder whether the celebrated British-recruited Saudi-run UndieBomb infiltrator was once buddies with Hashi, and they rolled Hashi up in the aftermath of that plot?

In any case, the most likely thing that will come out of this “disposition” is that, having refused to become an informant, Hashi will spend the rest of his life living in US taxpayer funded prisions, without the government actually accusing him of plotting against the US.

Maybe he did, in which case the disposition matrix worked. But that’s why we used to demand transparency (and no five month period without due process) for this kind of thing

In short, this rendition might be an improvement over the drone strikes. But if it is, the government has not made the case it is.

Lanny Breuer Covers Up Material Support for Terrorism

I noted last week how prosecutors were claiming they were being extra tough on HSBC for all its money laundering because of the seriousness of the charge they were going to defer: money laundering. Yesterday, with great fanfare, DOJ rolled out their deferred prosecution for money laundering, as if it were a good thing to ratchet up the charges you excuse.

But I was struck even more by how DOJ treated HSBC’s crimes they chose not to indict. Here’s how Assistant Attorney General Lanny Breuer described HSBC’s crimes:

HSBC is being held accountable for stunning failures of oversight – and worse – that led the bank to permit narcotics traffickers and others to launder hundreds of millions of dollars through HSBC subsidiaries, and to facilitate hundreds of millions more in transactions with sanctioned countries.

From 2006 to 2010, the Sinaloa Cartel in Mexico, the Norte del Valle Cartel in Colombia, and other drug traffickers laundered at least $881 million in illegal narcotics trafficking proceeds through HSBC Bank USA.  These traffickers didn’t have to try very hard.  They would sometimes deposit hundreds of thousands of dollars in cash, in a single day, into a single account, using boxes designed to fit the precise dimensions of the teller windows in HSBC Mexico’s branches.

In total, HSBC Bank USA failed to monitor over $670 billion in wire transfers from HSBC Mexico between 2006 and 2009, and failed to monitor over $9.4 billion in purchases of physical U.S. dollars from HSBC Mexico over that same period.

In addition to this egregious lack of oversight, from the mid-1990s through at least September 2006, HSBC knowingly allowed hundreds of millions of dollars to move through the U.S. financial system on behalf of banks located in countries subject to U.S. sanctions, including Cuba, Iran and Sudan.  On at least one occasion, HSBC instructed a bank in Iran on how to format payment messages so that the transactions would not be blocked or rejected by the United States.

That is, Breuer says HSBC 1) helped Mexican drug cartels launder money and 2) helped Cuban, Iranian, and Sudanese banks avoid US sanctions.

But that’s not all, according to the Permanent Subcommittee on Investigations, that HSBC did. The four main sections of the PSI report on HSBC’s Bank Secrecy Act and money laundering violations pertain to:

  1. Money laundering for Mexican cartels
  2. Helping banks evade sanctions
  3. Processing masses of travelers checks from Hokoriku bank in Japan which had suspicious ties to Russian “businessmen”
  4. Maintaining correspondent accounts with banks that had ties to terrorism, most notably the Al Rajhi bank

One of the things, according to Carl Levin, that HSBC did was help banks involved in terrorist financing get US dollars (that section takes up 53 pages of a 340 page report). And yet, Breuer’s speech did not once mention the word terrorism. The US Attorney’s release used the word “terror” once, though not in conjunction with HSBC. And the Statement of Facts mentions terrorism in conjunction with a description of the laws HSBC violated and in this one paragraph.

In addition to the cooperative steps listed above, HSBC Bank USA has assisted the Government in investigations of certain individuals suspected of money laundering and terrorist financing.

In short, Lanny Breuer and his prosecutors did not mention that this bank they were letting off without prosecution provided a terrorist-connected bank with US dollars for years.

Rather than prosecute HSBC for helping a bank with ties to al Qaeda get US dollars that might be more easily used in terrorist attacks, Lanny Breuer is slapping them on the wrist and pretending the terrorist financing aspect of HSBC’s violations doesn’t even exist.

HSBC, the US-dollar cow for a terrorist-linked Saudi bank

Here’s part of the PSI executive summary of HSBC’s ties to banks suspected of terrorist finance.

After the 9-11 terrorist attack in 2001, evidence began to emerge that Al Rajhi Bank and some of its owners had links to financing organizations associated with terrorism, including evidence that the bank’s key founder was an early financial benefactor of al Qaeda. In 2005, HSBC announced internally that its affiliates should sever ties with Al Rajhi Bank, but then reversed itself four months later, leaving the decision up to each affiliate. HSBC Middle East, among other HSBC affiliates, continued to do business with the bank.

Due to terrorist financing concerns, HBUS closed the correspondent banking and banknotes accounts it had provided to Al Rajhi Bank. For nearly two years, HBUS Compliance personnel resisted pressure from HSBC personnel in the Middle East and United States to resume business ties with Al Rajhi Bank. In December 2006, however, after Al Rajhi Bank threatened to pull all of its business from HSBC unless it regained access to HBUS’ U.S. banknotes program, HBUS agreed to resume supplying Al Rajhi Bank with shipments of U.S. dollars. Despite ongoing troubling information, HBUS provided nearly $1 billion in U.S. dollars to Al Rajhi Bank until 2010, when HSBC decided, on a global basis, to exit the U.S. banknotes business. HBUS also supplied U.S. dollars to two other banks, Islami Bank Bangladesh Ltd. and Social Islami Bank, despite evidence of links to terrorist financing. Each of these specific cases shows how a global bank can pressure its U.S. affiliate to provide banks in countries at high risk of terrorist financing with access to U.S. dollars and the U.S. financial system. [my emphasis]

What this summary doesn’t say, but which gets mentioned in the detailed section, is that HSBC briefly stopped doing business with Al Rajhi because its US regulator, OCC, was about to do an AML review of its banknotes business; HSBC stopped because it anticipated its notoriously lax US regulator might not approve. But then Al Rajhi threatened to withdraw all its business unless HSBC continued to feed it dollars, and so HSBC resumed the practice, though it waited until OCC’s review was complete, suggesting the halt to this business was entirely a ploy to hide it from its regulator.

The effort to hide this business in particular from its US regulator–among all the other problems HSBC had with AML compliance–should by itself be an indication of its understanding of what it was engaging in: providing a bank that laundered money for terrorists with the cash dollars it used to accomplish that act.

In the four years during which it resumed this business, HSBC sent out net $990 million in US dollars that disappeared in a bank suspected of financing al Qaeda (that doesn’t account for the dollars it provided Al Rajhi before 2005, including the period when it had ties to financing 9/11).

The Muslim being prosecuted for the HSBC/Al Rajhi laundering process, but not the banks

Only, not all the dollars HSBC sent Al Rajhi over the years disappeared. The government claims to know specifically what happened to $130,000 of dollars sent during the earlier 25+ years when HBSC was feeding this terrorist-linked bank US dollars (in addition, it generally says that Al Rajhi was involved in the network that funded the 9/11 attack). The US government claims–in a case still being litigated–that Muslim charity al-Haramain (yup! the one the government was illegally wiretapping during this period) laundered travelers checks into dollars via Al Rajhi so it could fund violent Chechens.

In 2005, the United States indicted the Foundation and two of its senior officials, Pirouz Sedaghaty and Soliman Al-Buthe who was later designated by the United States as a terrorist financier.1164 Since both men were out of the country when the indictment was filed, the case was dormant for two years.1165 In 2007, Mr. Sedaghaty returned to the United States and was arrested at an airport.1166 In 2010, he stood trial, was convicted of two felonies, and sentenced to nearly three years in prison.1167 In the incident that led to his conviction, he and Mr. Al-Buthe used funds from an Egyptian donor to purchase $130,000 in U.S. travelers cheques from a bank in Oregon; Mr. Al-Buthe then traveled to Saudi Arabia and, in 2000, cashed the travelers cheques at Al Rajhi Bank; the money was then smuggled to violent extremists in Chechnya.

Now, PSI doesn’t mention it, but Sedaghaty (who goes by Pete Seda) appealed his conviction and had a hearing before the 9th Circuit on December 3, just as this settlement was being finalized.

There are a ton of reasons Seda is appealing his conviction, most importantly that a key FBI witness and her husband–the only affirmative tie presented at trial between the payment and Chechen terrorists, as opposed to Chechen humanitarian causes–were paid $14,500 and promised $7,500 after trial.

But a small part of his appeal argues that the government didn’t examine what happened to the money allegedly laundered through Al Rajhi Bank, and in particular didn’t examine an account dedicated to Chechen relief, which is what Seda claimed the money funded.

At least since 2004, the case agents were in possession of a list of AHIF-S bank accounts at the Al Rajhi Bank in Saudi Arabia which included an account for Chechen relief – the #9889 account. [email protected] At least since 2005, the government was also in possession of copies of Mr. al-Buthe’s receipts of the deposit showing the same Al Rajhi Bank account number. [email protected] 68,2395-98. The government did not, however, seek to obtain records from the same Al Rajhi Bank for any AHIF-S accounts. [email protected] In addition, the government resisted all but one of Mr. Seda’s efforts to obtain evidence from overseas.

And here’s the nutty part. Just before HSBC dropped this business, Al Rajhi refused to cooperate with the government in that case.

In January 2010, after the United States served an administrative subpoena on Al Rajhi Bank to obtain authenticated bank documents for use in the al-Haramain Foundation criminal trial, the bank refused to produce them and filed a motion in court to quash the subpoena,1172 leading to media reports that it was refusing to cooperate with a terrorist financing prosecution.1173

So the reason, presumably, why DOJ didn’t do the investigation they should have to see whether Seda was really sending funds for Chechen relief, as he claims, or for terrorism is because this bank HSBC was still sending cash dollars to wouldn’t cooperate with a terrorist investigation.

Now, I don’t know whether Seda is guilty or not (I think the evidence is stronger against Al-Buthe, but then he has not presented a defense). I think DOJ’s case against Seda has been far too tainted to determine whether they just framed him in an effort to justify the illegal wiretapping they did against al-Haramain and to get a conviction.

But one thing is clear. Pete Seda is currently in prison in Colorado (he was denied bail, even in spite of DOJ’s tampering with its witnesses), serving time for allegedly laundering $130,000 through the Al Rajhi bank to get cash to send to Chechen terrorists.

Cash that HSBC was providing to Al Rajhi.

And whereas Seda was only ever accused of sending $130,000 total, HSBC provided this terrorist linked bank almost $1 billion after the time they deliberately hid this business from OCC.

And yet, while Seda sits in prison for his alleged crime, Lanny Breuer (and DOJ’s Statement of Facts) didn’t even mention HSBC’s alleged role in terrorist finance.

And so while NYT and Glenn Greenwald and Matt Stoller and Howie Klein are all right that this HSBC non-indictment is an example of gross miscarriage justice (Glenn does mention HSBC engaged in money laundering for terrorism), they’ve just touched on a fraction of the problem.

HSBC had ties to a crime that DOJ currently has someone sitting in prison for, and is still pursuing at the appellate level. Yet not only didn’t DOJ indict HSBC for that crime, but they don’t even think HSBC’s role in it is worth a mention.

What If It Were the Real Muslim Housewives of Tampa Bay Scandal?

In all my coverage of the Petraeus scandal, I haven’t really touched on the aspect that regular readers of this blog were presumably least surprised about: the virtually unchecked authority the FBI has to snoop. As always, Chris Soghoian and Julian Sanchez offer worthwhile discussions of that surveillance. Yesterday, Greg Miller and Ellen Nakashima described how folks in DC are freaking out upon discovery of how intrusive all this surveillance can be.

The FBI started its case in June with a collection of five e-mails, a few hundred kilobytes of data at most.

By the time the probe exploded into public view earlier this month, the FBI was sitting on a mountain of data containing the private communications — and intimate secrets — of a CIA director and a U.S. war commander. What the bureau didn’t have — and apparently still doesn’t — is evidence of a crime.

How that happened and what it means for privacy and national security are questions that have induced shudders in Washington and a queasy new understanding of the FBI’s comprehensive access to the digital trails left by even top officials.

I’ve been saying from the start this whole shit-show would be useful if it made some Members of Congress rethink their permissive attitude towards surveillance and lazy oversight.

All that said, it’s important to note that the Petraeus example–at least what we know of it–isn’t even close to as bad as Big Brother gets in this country, even with questions about the predicate of the investigation.

Which is why I wanted to consider how this might be different if, instead of a bunch of mostly-Anglo connected Republicans, this investigation had focused on Muslims (we’ve discussed Jill Kelley and her sister’s interesting story as indebted Arab-Americans; it will be interesting to see how their access is treated going forward).

After all, while it is unlikely the FBI would have responded to a cyber-stalking complaint from an unconnected Muslim, it’s possible the internet traffic involved, particularly if it spanned international boundaries, might have attracted attention in its own right. Alternately, had the anonymous emails reflecting knowledge of the movement of top Generals involved a Muslim rather than a white Reserve Colonel, we would not now be debating whether the FBI had the predicate to investigate her emails further (though I maintain the FBI may have used a Counter-Intelligence predicate to continue the investigation in the first place).

Probably, from there the FBI would have used additional intrusive investigative methods. The National Security establishment is only now focusing on Kelley and her sister’s debt problems. Which leads me to suspect no one bothered to look at their financial records until the press started doing so. What would the FBI have found had they looked at financial records, showing more details about who paid what for whom when? How would the Kelleys’ bogus cancer charity look, for example, if you had more access to their financial records?

And then there’s one big difference. We know–because we’ve heard numerous individual stories and because Ted Olson admitted it in court–that the FBI uses discoveries like the ones they made here to coerce people to turn informant. Legal trouble, financial trouble, marital trouble? All have made people targets for “recruitment.”  And those informants are sent out, with little training or legal protection, to spy on their fellow citizens, often the leaders of their community. The FBI will send out series of informants, for years on end, to target Imams who never do anything illegal but nevertheless either have connections–possibly familial–or First Amendment protected views that lead the FBI to suspect them. In the Muslim community, some people live for years under this kind of surveillance, sometimes ultimately getting caught in an FBI sting, at other times, just living a law-abiding life under the most intrusive scrutiny.

I do hope the Petraeus example scares the shit out of the often more morally and legally compromised people empowered to approve and oversee such surveillance. But I still think the scandal offers the merest glimpse into what our current state of surveillance really looks like.

Why Would the US Government Have Deconfliction Issues with Manssor Arbabsiar in 2010?

Before I look at the other ways Gregory Saathoff’s report opining that Manssor Arbabsiar is not manic hurts the government’s case, I want to discuss a rather curious citation Saathoff includes.

Troutman, D. (2010, January 13). Email to Virginia Villareal re: Deconfliction (in reference to a national security concern regarding Manssor Arbabsiar), p. 1.

As you’ll recall, the government claims that Arbabsiar first came on their radar in May 2011 when a DEA Informant claimed that Arbabsiar contacted him to arrange a kidnapping.

And yet, according to this, someone was emailing Virginia Villareal (there’s a Customs and Border Patrol Officer currently in San Antonio by that name) in January 2010 about a national security issue involving Arbabsiar?

Deconfliction is the term used for when agencies with overlapping interests sort out their turf–particularly if the agencies are using weapons or informants. The timing indicates that it came during–and probably was part of–Arbabsiar’s naturalization process in 2009-2010.

DHS: U.S. Citizenship and Immigration Services (USCIS).(2009, June 24). Memorandum subject:IBIS hit resolution for applicant: Manssor Arbabsiar, p. 1.

DHS: USCIS. (2010, April 23). N 652, naturalization interview results, pp. 1-8.

DHS: USCIS. (2010, August 6). N-400, application for naturalization, pp. 1-10.

DHS: USCIS. (2010, August 30). Form N-445, notice of naturalization oath ceremony, pp. 1-2.

And at one level, it’s not all that surprising that there would be a national security concern as Arbabsiar applied for citizenship: his cousin is a high ranking Quds Force member. Indeed that–plus Arbabsiar’s criminal background–is one of the reasons it’s hard to believe he even got citizenship, given that equivalent issues can get a Green Card holder deported. And he appears to have done that without paying for an immigration attorney (he complained to Saathoff he had to pay for an attorney for his son during this period, but not an immigration attorney, though they can be inexpensive).

So at the very least, this suggests at least one other agency was aware of Arbabsiar as he went through the immigration process.

But I do find the timing rather interesting given the way Saathoff describes Arbabsiar’s actions that year. He was taking many trips to Iran–purportedly to bring cash back from real estate investments there and he was living in Corpus Christi, away from his wife. (Note, IBIS is the database the government uses to check people as they cross borders to make sure they’re not terrorists or drug runners, which is presumably why the entry above and a 2012 one were listed as sources.)

In my interviews with Mr. Arbabsiar and in reviewing documents that were not cited by Dr. First at the time of his declaration, Mr. Arbabsiar acknowledged that this was in fact a period of significant international activity. In addition to attaining his United States citizenship, during early 2010 he spent most of his time apart from his wife living mostly in Corpus Christi or travelling overseas. In 2010, he flew to Iran on four separate occasions in order to secure and bring back rental money from his Iranian property holdings. He estimated that during these trips he brought back up to $8,000-$9,000 on each trip.


In his August 4, 2012 interview, he recalled a 2009 trip to Iran where he obtained hair transplant surgery in Iran because it was less expensive than in the U.S. With decreasing revenues in the U.S., he made four separate trips to Iran in 2010 in order to bring back funds from his Iranian investment properties.


In fact, 2010 was a year of significant international activity for Mr. Arbabsiar with more international air travel for him than was recorded for any other year in the previous decade. He took four separate flights to Iran during 2010 and also attained his U.S. citizenship and passport. In his interviews with me, he reported that he would bring back money from Iranian investments as well as Iranian goods for his wife and son.

Then his business partner died and yet, in spite of the fact he was financially strapped, he dropped (or rather, lost) the car business.

By late 2010, following the death of his business partner in July, he had moved from Corpus Christi to Austin in order to live at home with his wife. In our September 26 interview, he recalled: “After Steve died, my life changed a lot. Up until that point I was spending some time in Austin and some time in Corpus. But after he died, I didn’t want to do the car business [in Corpus Christi] any more.


Living in both Austin and Corpus Christi during that year, it was only late in the year and following his friend’s death in July that he finally moved to Austin to live with his wife where he engaged in activities including landscaping around the home and planting fruit trees.

His wife described him during as depressed, sitting at home, in this later period.

For this example, he relies on Ms. Arbabsiar’s wife’s report that “for roughly one year around approximately 2010, Mr. Arbabsiar was severely depressed, isolating himself in his bedroom and rarely getting out of bed except to pace around his bedroom and chain smoke.”

It was after that depression and a period when he was in medical treatment in late 2010 that Arbabsiar reached out to his cousin to build an “export business.”

My life was going bad – I had lost my friend and my dad – my cousin, he took advantage of me. I hate to say that, and I trusted him – my whole family, they should help me. I wanted to do a good business, an export business.

Remember, in addition to talking to Narc about killing the Saudi Ambassador, Arbabsiar was also talking about dealing drugs.

Again, all of this might suggest nothing more than an appropriate awareness of Arbabsiar’s cousin’s identity (but even so, that suggests the myth that Arbabsiar approached Narc out of the blue is just that–a myth).

But Arbabsiar was a very unlikely person to have gotten his citizenship when and how he did, particularly without the apparent assistance of an immigration lawyer. And between the time the government presumably identified Arbabsiar as an Iranian with ties to Quds Force and the time he ultimately got his citizenship, he made a lot of trips to Iran to get cash. Then, once he got citizenship, he lost his business and went into a funk and then–went to, or went back to, his cousin to launch “a good business, an export business,” and once again he returned to the States with thousands of dollars in cash, just like in 2010. During the entire time the FBI was purportedly watching him set up an assassination attempt, according to the Corpus Christi cops, they never once contacted those cops, not even to check the criminal record that their dead tree files showed.

It sure sounds like the government was following Arbabsiar a lot longer than the 18 months they claim.

But then the report also reveals how Arbabsiar first found Narc.

Mr. Arbabsiar stated that the Mexican woman that he contacted to help identify someone to carry out the assassination attempt on the Saudi Ambassador had a younger sister with whom he had a sexual relationship in 1992, while he was married to his third wife.

So maybe his relationship with the DEA goes back to 1992, when he fucked his way into the family?

How Many of the Protests Have Gotten Diplomatic Documents?

Here’s a few data points to suggest that the protests in Muslim countries may have been, in part, an effort to grab sensitive diplomatic correspondence.

I noted–but did not quote–this report on the documents taken from the US Consulate in Benghazi.

Sensitive documents have gone missing from the consulate in Benghazi and the supposedly secret location of the “safe house” in the city, where the staff had retreated, came under sustained mortar attack. Other such refuges across the country are no longer deemed “safe”.

Some of the missing papers from the consulate are said to list names of Libyans who are working with Americans, putting them potentially at risk from extremist groups, while some of the other documents are said to relate to oil contracts.

Then on Saturday, Yemeni lawyer Haykal Bafana suggested we might soon see secret files taken from the Yemeni Embassy last week.

Forecasted in the local press : #Wikileaks #Yemen soon from secret info in computers & documents looted from the US Embassy, Sanaa.

Here’s a picture of “protestors” in Sanaa carrying out computer equipment.

Today, Tim Shorrock described a military person on Fox admitting that Marines at Embassies prioritize protecting classified information over lives.

Military guy on Fox: Marines’ priorities at the embassies are 1) protect classified communications & 2) protect human lives. In that order.

Now, possibly it’s only the Libyan attack that got or even deliberately sought documents. Libyans have proven to be master information operatives in the past. After all, somebody conveniently left documents implicating the US and UK in rendition to Libya and torture. Human Rights Watch used those files to compile its recent report on torture.

But the US Embassy in Tunis was also breached (though not, I think, sufficiently to get files). And the German Embassy in Khartoum was overrun, so the “protestors” there probably got close enough to get files as well (I’m less sure about the breaches at the British and US Embassies in Khartoum).

In all of these successful breaches, there seems to have been some cooperation from local guards who allowed the protestors to get close or into the diplomatic properties, so they may also have had information on where to look for the most sensitive files.

It’s possible that none of these breaches was designed specifically to get diplomatic correspondence (and remember, these would presumably be far more sensitive than what we’ve seen from WikiLeaks, none of which were Top Secret) and only in Libya is it clear attackers did get documents.

But it’s worth considering that all the places we’ve sent Marine response teams, there may be very compromising documents floating around.

Update: The AP reports the Lebanese Embassy is preemptively destroying classified documents. (h/t TPM via fatser)

Copyright © 2022 emptywheel. All rights reserved.
Originally Posted @