On Sunday, former CIA Riyadh Station Chief John Brennan had a remarkable appearance on Meet the Press. A big part of it — the second to last thing he and Chuck Todd discussed — was Brennan’s argument against the release of the 28 pages (“so-called,” Brennan calls them) showing that 9/11 was facilitated by at least one Saudi operative.
Brennan opposes their release in three ways. First, he falsely suggested that the 9/11 Commission investigated all the leads implicating the Saudis (and also pretends the “so-called 28 pages” got withheld for sources and methods and not to protect our buddies).
Those so-called 28 pages, one chapter in this joint inquiry that was put out in December of 2002, was addressing some of the preliminary findings and information that was gathered by this joint commission within the Congress. And this chapter was kept out because of concerns about sensitive source of methods, investigative actions. The investigation of 9/11 was still underway in late 2002.
I’m quite puzzled by Senator Graham and others because what that joint inquiry did was to tee up issues that were followed up on by the 9/11 Commission, as well as the 9/11 Review Commission. So these were thoroughly investigated and reviewed. It was a preliminary review that put information in there that was not corroborated, not vetted and not deemed to be accurate.
The 9/11 Commission didn’t even look at NSA for intercepts Thomas Drake has said were there. Nor did it adequately investigate what now appears to be a Sarasota cell. How can Brennan claim the Commission investigated all these leads?
Brennan then slightly misstates how absolute was the 9/11 Commission judgement on Saudi involvement, such as it was.
The information in those 28 pages, you think, are inaccurate information? Everything that’s in there is false?
No, I think there’s a combination of things that is accurate and inaccurate. And I think the 9/11 Commission took that joint inquiry, and those 28 pages or so, and followed through on the investigation. And they came out with a very clear judgment that there was no evidence that indicated that the Saudi government as an institution, or Saudi officials individually, had provided financial support to Al Qaeda.
The 9/11 Commission report judged,
It does not appear that any government other than the Taliban financially supported al Qaeda before 9/11, although some government’s may have contained al Qaeda sympathizers who turned a blind eye to al Qaeda’s fundraising activities. Saudi Arabia has long been considered the primary source of al Qaeda funding, but we have found no evidence that the Saudi government as an institution or senior Saudi officials individually funded the organization. (This conclusion does not exclude the likelihood that charities with significant Saudi government sponsorship diverted funds to al Qaeda.)
That is, Brennan’s comment overstates whether any Saudi officials funded the attack, which the 9/11 Commission did not comment on (and the key paragraphs in underlying documents also remain classified).
Ultimately, though, the (former) Riyadh Station Chief argues it would be “very, very inaccurate” if anyone were to suggest the Saudis were involved in 9/11.
Are you concerned that the release of those pages will unfairly put the relationship in a damaged position?
I think some people may seize upon that uncorroborated, un-vetted information that was in there, that was basically just a collation of this information that came out of F.B.I. files, and to point to Saudi involvement, which I think would be very, very inaccurate.
Remember, for at least 8 years after 9/11 (including in the 9/11 report), it was the judgement of the intelligence community that Saudis were still the biggest funders for Al Qaeda. But the (former) Riyadh Station Chief argues it would be very, very inaccurate to suggest any Saudi involvement in the attack.
The whole thing was pathetic enough — Meet the Press propaganda worthy of Dick Cheney’s best exploitation of the form.
But it is all the more remarkable, coming as it did, after Brennan transitioned seamlessly from a victory lap about killing Osama bin Laden to “this new phenomenon of ISIL.”
You know, five years ago, I remember going to the White House and hearing cheers, hearing people gather in the streets of Washington, and it was happening in other cities. And there was a sense of relief. It was like this moment of, “Wow. Is this the end? Have we won whatever this was we were fighting, this war with Al Qaeda? Have we won?” Boy, it doesn’t feel that way five years later.
I remember that same evening. When I left that White House about midnight, it was as bright as day outside, and the chants of “U.S.A., U.S.A,” and, “C.I.A., C.I.A.” It was the culmination of a lot of very hard work by some very good people at C.I.A. and other agencies. And we have destroyed a large part of Al Qaeda. It is not completely eliminated, so we have to stay focused on what it can do. But now, with this new phenomenon of ISIL, this is going to continue to challenge us in the counterterrorism community for years to come.
I noted on Twitter during CIA’s propagandistic Twitter reenactment of their version of the bin Laden killing that, five years later, we’re still fighting the war against bin Laden. But Brennan wants you to forget that war, and pretend it’s all just ISIL.
A lot of people are pointing to John Brennan’s assurances that CIA won’t ever torture again as if it means anything (usually ignoring Brennan’s motivation from institutional preservation, not efficacy or morality or legality).
CIA Director John Brennan told NBC News in an exclusive interview that his agency will not engage in harsh “enhanced interrogation” practices, including waterboarding, which critics call torture — even if ordered to by a future president.
“I will not agree to carry out some of these tactics and techniques I’ve heard bandied about because this institution needs to endure,” Brennan said.
When asked specifically about waterboarding Brennan could not have been clearer.
“Absolutely, I would not agree to having any CIA officer carrying out waterboarding again,” he said.
There are a lot of reasons this doesn’t mean anything, starting with the fact that President Trump could easily fire Brennan and replace him with someone pro torture.
But it’s funny, too, because Brennan’s assurances about waterboarding would hold true even for the period when CIA was waterboarding detainees. Because CIA officers didn’t do the waterboarding.
As a reminder, at least four detainees were known to be waterboarded under the Gloves Come Off Memorandum of Notification. The first, Ibn Sheikh al-Libi, was waterboarded by Egyptian intelligence, though with Americans present.
The others were waterboarded as part of torture led by Mitchell and Jessen, who were not CIA officers, but instead contractors. CIA officers were definitely involved in that torture (as they were present for our outsourced Egyptian torture). But the torture was technically done by contractors.
Don’t get me wrong: CIA officers did engage in a whole lot of torture directly.
But Brennan’s squirmy language should only emphasize the fact that even when CIA was in the business of waterboarding, CIA officers didn’t do the waterboarding. So Brennan’s guarantees that CIA officers won’t do so in the future are pretty meaningless guarantees.
It has been clear for several years now that 60 Minutes has become a propaganda vehicle for the intelligence community (post, post, post). So it was unsurprising that John Brennan was given an opportunity to fearmonger last night without pesky people like Ron Wyden around pointing out that CIA itself poses a threat, even according to the terms laid out by the Intelligence Community.
I find the timing and content of John Brennan’s appearance of note.
The first segment (indeed the first words!) of the appearance did two things: first conflate ISIS-inspired attacks with ISIS-directed ones to suggest the terrorist organization might strike in the US.
Scott Pelley: Is ISIS coming here?
John Brennan: I think ISIL does want to eventually find it’s, it’s mark here.
Scott Pelley: You’re expecting an attack in the United States?
John Brennan: I’m expecting them to try to put in place the operatives, the material or whatever else that they need to do or to incite people to carry out these attacks, clearly. So I believe that their attempts are inevitable. I don’t think their successes necessarily are.
Here’s how the global threat testimony from last week, which really serves as temporal justification for Brennan’s appearance, carried out a similar though more nuanced conflation of ISIS’ aspirations with the aspirational plots here in the US.
The United States will almost certainly remain at least a rhetorically important enemy for most violent extremists in part due to past and ongoing US military, political, and economic engagement overseas. Sunni violent extremists will probably continually plot against US interests overseas. A smaller number will attempt to overcome the logistical challenges associated with conducting attacks on the US homeland. The July 2015 attack against military facilities in Chattanooga and December 2015 attack in San Bernardino demonstrate the threat that homegrown violent extremists (HVEs) also pose to the homeland. In2014, the FBI arrested approximately one dozen US-based ISIL supporters, in 2015, that number increased to approximately five dozen arrests. These individuals were arrested for a variety of reasons, predominantly for attempting to provide material support to ISIL.
Both Brennan and the threat testimony slide carefully from ISIS overcoming the logistical problems to attack themselves with attacking here to the ISIS-inspired far smaller attacks.
After having suggested ISIS wants to attack the US, Pelley then led Brennan to overstate the degree to which the Paris attackers hid behind encryption.
Scott Pelley: What did you learn from Paris?
John Brennan: That there is a lot that ISIL probably has underway that we don’t have obviously full insight into. We knew the system was blinking red. We knew just in the days before that ISIL was trying to carry out something. But the individuals involved have been able to take advantage of the newly available means of communication that are–that are walled off, from law enforcement officials.
Scott Pelley: You’re talking about encrypted Internet communications.
John Brennan: Yeah, I’m talking about the very sophisticated use of these technologies and communication systems.
From all the reports thus far, ISIS achieved what little obscurity they had primarily through burner devices, not through encryption (not to mention the fact that French authorities got an encryption key from someone who had decided against carrying out an ISIS attack the summer before this attack). And while Jim Comey revealed that FBI had not yet cracked one of several phones used by the San Bernardino attackers (who were not directed by ISIS and may have only invoked it for their own obscurantist purposes), the threat testimony pointed to social media as as big a concern as encryption (most of what ISIS uses is fairly weak).
Terrorists will almost certainly continue to benefit in 2016 from a new generation of recruits proficient in information technology, social media, and online research. Some terrorists will look to use these technologies to increase the speed of their communications, the availability of their propaganda, and ability to collaborate with new partners. They will easily take advantage of widely available, free encryption technology, mobile-messaging applications, the dark web, and virtual environments to pursue their objectives.
Finally — still in the first segment!!! — Pelley invites Brennan to suggest that limited reports that ISIS has used chemical weapons in Syria mean they might use them here.
Scott Pelley: Does ISIS have chemical weapons?
John Brennan: We have a number of instances where ISIL has used chemical munitions on the battlefield.
Scott Pelley: Artillery shells.
John Brennan: Sure. Yeah.
Scott Pelley: ISIS has access to chemical artillery shells?
John Brennan: Uh-huh (affirm). There are reports that ISIS has access to chemical precursors and munitions that they can use.
The CIA believes that ISIS has the ability to manufacture small quantities of chlorine and mustard gas.
Scott Pelley: And the capability of exporting those chemicals to the West?
John Brennan: I think there’s always the potential for that. This is why it’s so important to cut off the various transportation routes and smuggling routes that they have used.
Compare Brennan’s suggestion that ISIS may be manufacturing CW with the threat testimony note that two people have been exposed to mustard gas, though with far more widespread allegations of such use.
We assess that non state actors in the region are also using chemicals as a means of warfare. The OPCW investigation into an alleged ISIL attack in Syria in August led it to conclude that at least two people were exposed to sulfur mustard. We continue to track numerous allegations ofISIL’s use of chemicals in attacks in Iraq and Syria, suggesting that attacks might be widespread.
Now, I’ll grant you that Brennan much more carefully dodges here than Dick Cheney ever used to. But it’s pure fear-mongering — especially in the wake of the Oregon standoff that makes it clear domestic extremists are not only every bit as motivated as ISIS wannabes, but better trained and equipped. And fear-mongering using Dick Cheney’s favorite techniques (albeit with the added kicker of crypto fear-mongering).
And it all happened as Brennan’s buddies the Saudis are pretending to (finally) join the fight against ISIS in what is a fairly transparent attempt to prevent Russian-backed Syrian forces from gaining a crucial advantage in Syria. That is, this fairly crass fear-monger is likely directed at Assad as much as it is ISIS.
Today was Global Threat day, when James Clapper testifies before various committees in Congress and Ron Wyden asks uncomfortable questions (today, directed exclusively at John Brennan). I’ll have a few posts about the hearings (in Senate Armed Services and Senate Intelligence Committees) and Clapper’s testimony, the SASC version of which is here.
One interesting detail in Clapper’s testimony comes in the several paragraph section on Infrastructure within a larger section on “Protecting Information Resources.” Here’s how the testimony describes the Juniper hack.
A major US network equipment manufacturer acknowledged last December that someone repeatedly gained access to its network to change source code in order to make its products’ default encryption breakable. The intruders also introduced a default password to enable undetected access to some target networks worldwide.
There’s no discussion of how many Federal agencies use Juniper’s VPN, nor of how this must have exposed US businesses (unless the NSA clued them into the problem). And definitely no discussion of the assumption that NSA initially asked for the back door that someone else subsequently exploited.
More importantly, there’s no discussion of the cost of this hack, which I find interesting given that it may be an own goal.
As a number of outlets have reported, the Second Circuit last month upheld the government’s effort to keep a March 29, 2002 OLC memo pertaining to targeted killing secret; the opinion was unsealed yesterday. The government is probably doing so to keep changes in their rationale for why assassinations don’t violate the prohibition on assassination in EO 12333 secret.
The judges on the panel — especially Judge Jon Normand, who wrote the opinion — had pushed during an ex parte hearing in June to release language in that earlier memo because the dog & pony show around drone strikes in 2012 to 2013 had used closely related language. But after some more secret briefing, the court decided the application of EO 12333 was different enough such that it remained properly protected.
It seems highly likely the specific part of EO 12333 under discussion pertains to the assassination ban. Between the earlier hearing and the opinion, the court pointed to language in the March 25, 2010 Harold Koh speech, the March 5, 2012 Eric Holder speech, and the April 30, 2012 John Brennan speech on targeted killing (they also pointed to two Panetta comments). Each of the cited speeches discusses the assassination ban — and little else that might directly pertain to EO 12333, besides just generally covert operations authorized under Article II. There’s this language in Koh’s speech.
Fourth and finally, some have argued that our targeting practices violate domestic law, in particular, the long-standing domestic ban on assassinations. But under domestic law, the use of lawful weapons systems—consistent with the applicable laws of war—for precision targeting of specific high-level belligerent leaders when acting in self-defense or during an armed conflict is not unlawful, and hence does not constitute “assassination.”
This language in Holder’s speech,
Some have called such operations “assassinations.” They are not, and the use of that loaded term is misplaced. Assassinations are unlawful killings. Here, for the reasons I have given, the U.S. government’s use of lethal force in self defense against a leader of al Qaeda or an associated force who presents an imminent threat of violent attack would not be unlawful — and therefore would not violate the Executive Order banning assassination or criminal statutes.
And this language in Brennan’s speech.
In this armed conflict, individuals who are part of al-Qa’ida or its associated forces are legitimate military targets. We have the authority to target them with lethal force just as we targeted enemy leaders in past conflicts, such as German and Japanese commanders during World War II.
But even though all these public speeches commented on this interpretation of the assassination ban, the 2nd Circuit still permitted the government to shield the earlier memo.
The transcript of the June ex parte hearing reveals one explanation for that: the earlier memo was a “far broader interpretation” of the issue.
Although the district court noted that the OLC-DOD Memorandum released by this Court contained a “brief mention” of Executive Order 12,333, the district court concluded that the analysis in the March 2002 Memorandum is significantly different from any legal analysis that this Court held has been officially disclosed and for which privilege has been waived.
In other words, while the earlier memo discusses the same aspect of EO 12333 as these public speeches (again, the assassination ban is by far the most likely thing), the earlier memo uses significantly different analysis, and so it may be hidden.
The June transcript also reveals that OLC lawyers reviewed and wrote on the 2002 memo at a later time — the implication being that someone in OLC reviewed the earlier memo in 2010 when writing the Awlaki one (and curiously, that hard copy with handwritten notes is the only one DOJ claims it can find).
There are two things I find increasingly interesting about this earlier memo about EO 12333 — including at least one part presumably about the assassination ban. First, the implication that one of the lawyers reviewing it in 2010 saw the need to write a new memo (perhaps seeing the need to clean up yet more crazy John Yoo language? who knows). As I repeat endlessly, we know there’s a memo of uncertain date in which Yoo said the President could pixie dust the plain language of EO 12333 without changing the public language of it, and it’s possible this is what that memo did (though the President was clearly pixie dusting surveillance rules).
But I’m also interested in the date: March 29, 2002. The day after we captured Abu Zubaydah (who, at the time, top officials at least claimed to believe was a top leader of al Qaeda). The SSCI Torture Report made it clear the CIA originally intended to disappear detainees. Were they planning to execute them? If so, what stopped things?
In any case, CIA won its battle to hide this earlier discussion so we may never know. But it appears that DOJ may have felt the need to think thing through more seriously before drone assassinating a US citizen. So there is that.
I noted the other day that at a pre-scheduled appearance Monday, Josh Rogin cued John Brennan to explain how the Paris attack happened without warning. In my opinion, the comment has been badly misreported as an indictment solely of Edward Snowden (though it is that) and encryption. I’ve put the entire exchange below but the key exchange was this:
And as I mentioned, there are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it. And I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve. And in the past several years because of a number of unauthorized disclosures and a lot of handwringing over the government’s role in the effort to try to uncover these terrorists, there have been some policy and legal and other actions that are taken that make our ability collectively internationally to find these terrorists much more challenging. And I do hope that this is going to be a wake-up call, particularly in areas of Europe where I think there has been a misrepresentation of what the intelligence security services are doing by some quarters that are designed to undercut those capabilities.
Brennan talks about technology that makes it difficult technically and legally to uncover plots. Encryption is a technical problem — one the NSA has proven its ability to overcome — that might be called a legal one if you ignore that NSA has the ability to overcome the lack of a legal requirement to provide back doors. But I agree this passage speaks to encryption, if not other issues.
In the next sentence, though, he talks about inadvertent or intentional gaps created “particularly in Europe.” He talks about plural unauthorized disclosures — as I noted, Josh Rogin’s own disclosure that the US had broken AQAP’s online conferencing technique may have been more directly damaging than most of Snowden’s leaks — and “handwringing.” Those have led to “policy and legal and other actions” that have made it harder to find terrorists. In the next sentence, Brennan again emphasizes that “particularly in areas of Europe,” there needs to be a “wake-up call” because “there has been a misrepresentation” of what the spooks are doing, which he suggests was deliberately “designed to undercut those capabilities.”
So the paragraph where he speaks of these problems, he twice emphasizes that Europe in particular needs to adjust its approach.
Last I checked, Europe didn’t pass USA Freedom Act (which would not, in any way, have restricted review of Parisian targeters). Some countries in Europe are more vigorously considering limits on encryption, but those would be just as ineffective as eliminating the code that’s already out there.
What Europe has done, however, is make it harder for our PRISM providers to share data back and forth between Europe (and with providers considering moving servers to Europe, it will raise new questions about the applicability of PRISM for that data). And Europe (not just Europe, but definitely including Europe) has created a market need for US tech companies to distance themselves from the government.
And in the case of Germany, politicians have been investigating how much its BND has done for NSA, and especially which impermissible German people and companies were targeted as part of the relationship. I noted that Brennan raised similar issues just days after the BND investigation turned scandalous in March, and recent revelations have raised new pressure on BND.
With that in mind, in particular, consider what one of the more responsible reports on Brennan’s speech, that of Shane Harris, focused on — terrorists’ use of Berlin headquartered social messaging app Telegram. If terrorists were using WhatsApp (which a lot of the fearmongering focused on), the metadata, at least, would be available via Facebook. But since Telegram is not a US company, it cannot be obliged under Section 702 of FISA, and that surely creates just the kind of gap Brennan was talking about.
Since Brennan’s speech, Telegram has started deleting the special channels set up by ISIS to communicate.
I’m sure Brennan is complaining about encryption and if he can get Congress to force domestic back doors, I’m sure he will (though ISIS reportedly shies away from Apple products, so forcing Apple to give up its encrypted iMessage won’t help track down ISIS). But his speech seemed focused much more intently on ways in which, in the aftermath of the Snowden leaks, Europeans have opportunistically localized data and, in the process, made that data far less accessible to the NSA. Brennan, as I made clear in March, definitely would prefer the Europeans rely on Americans for their SIGINT (and in the process agree to some inappropriate spying in their home country), and the gap created by terrorists’ reliance on Telegram is one way to exert pressure on that point.
Josh Rogin is among many journalists who covered John Brennan’s complaints about how “a number of unauthorized disclosures”and hand-wringing about our surveillance capabilities this morning (which was a response to Rogin asking “what went wrong” in Paris in questions).
But Brennan also said that there had been a significant increase in the operational security of terrorists and terrorist networks, who have used new commercially available encryption technologies and also studied leaked intelligence documents to evade detection.
“They have gone to school on what they need to do in order to keep their activities concealed from the authorities,” he said. “I do think this is a time for particularly Europe as well as the U.S. for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence services to protect the people that they are asked to serve.”
The FBI has said that Internet “dark spaces” hinder monitoring of terrorism suspects. That fuels the debate over whether the government should have access to commercial applications that facilitate secure communications.
Brennan pointed to “a number of unauthorized disclosures” over the past several years that have made tracking suspected terrorists even more difficult. He said there has been “hand wringing” over the government’s role in tracking suspects, leading to policies and legal action that make finding terrorists more challenging, an indirect reference to the domestic surveillance programs that were restricted after leaks by Edward Snowden revealed their existence.
I find it interesting that Rogin, of all people, is so certain that this is an “indirect reference to the domestic surveillance programs that were restricted after leaks by Edward Snowden revealed their existence.” It’s a non-sensical claim on its face, because no surveillance program has yet been restricted in the US, though FBI has been prevented from using NSLs and Pen Registers to bulk collection communications. The phone dragnet, however, is still going strong for another 2 weeks.
That reference — as I hope to show by end of day — probably refers to tech companies efforts to stop the NSA and GCHQ from hacking them anymore, as well as European governments and the EU trying to distance themselves from the US dragnet. That’s probably true, especially, given that Brennan emphasized international cooperation in his response.
I’m also confused by Rogin’s claim Jim Comey said Tor was thwarting FBI, given that the FBI Director said it wasn’t in September.
Even more curious is that Rogin is certain this is about Snowden and only Snowden. After all, while Snowden’s leaks would give terrorists a general sense of what might not be safe (though not one they tracked very closely, given the Belgian Minister of Home Affair’s claim that they’re using Playstation 4 to communicate, given that one of Snowden’s leaks said NSA and CIA were going after targets use of gaming consoles to communicate at least as early as 2008).
But a different leak would have alerted terrorists that their specific communications techniques had been compromised. The leak behind this story (which was a follow-up on leaks to the NYT, McClatchy, and WaPo).
It wasn’t just any terrorist message that triggered U.S. terror alerts and embassy closures—but a conference call of more than 20 far-flung al Qaeda operatives, Eli Lake and Josh Rogin report.
The crucial intercept that prompted the U.S. government to close embassies in 22 countries was a conference call between al Qaeda’s senior leaders and representatives of several of the group’s affiliates throughout the region.
The intercept provided the U.S. intelligence community with a rare glimpse into how al Qaeda’s leader, Ayman al-Zawahiri, manages a global organization that includes affiliates in Africa, the Middle East, and southwest and southeast Asia.
Several news outlets reported Monday on an intercepted communication last week between Zawahiri and Nasser al-Wuhayshi, the leader of al Qaeda’s affiliate based in Yemen. But The Daily Beast has learned that the discussion between the two al Qaeda leaders happened in a conference call that included the leaders or representatives of the top leadership of al Qaeda and its affiliates calling in from different locations, according to three U.S. officials familiar with the intelligence. All told, said one U.S. intelligence official, more than 20 al Qaeda operatives were on the call.
Al Qaeda leaders had assumed the conference calls, which give Zawahiri the ability to manage his organization from a remote location, were secure. But leaks about the original intercepts have likely exposed the operation that allowed the U.S. intelligence community to listen in on the al Qaeda board meetings.
That story — by Josh Rogin himself! (though again, this was a follow-up on earlier leaks) — gave Al Qaeda, though maybe not ISIS, specific notice that one of their most sensitive communication techniques was compromised.
It’s really easy for journalists who want to parrot John Brennan and don’t know what the current status of surveillance is to blame Snowden. But those who were involved in the leak exposing the Legion of Doom conference call (which, to be sure, originated in Yemen, as many leaks that blow US counterterrorism efforts there do) might want to think twice before they blame other journalism.
Given two recent high profile hacks, the government needs to either do a better job of securing its data collection and sharing process, or presume people will get hurt because of it.
After the hackers Crackas With Attitude hacked John Brennan, they went onto hack FBI’s Deputy Director Mark Giuliano as well as a law enforcement portal run by the FBI. The hack of the latter hasn’t gotten as much attention — thus far, WikiLeaks has not claimed to have the data, but upon closer examination of the data obtained, it appears it might provide clues and contact information about people working undercover for the FBI.
Then, the hackers showed Wired’s Kim Vetter what the portal they had accessed included. Here’s a partial list:
Enterprise File Transfer Service—a web interface to securely share and transmit files.
Cyber Shield Alliance—an FBI Cybersecurity partnership initiative “developed by Law Enforcement for Law Enforcement to proactively defend and counter cyber threats against LE networks and critical technologies,” the portal reads. “The FBI stewards an array of cybersecurity resources and intelligence, much of which is now accessible to LEA’s through the Cyber Shield Alliance.”
IC3—“a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime.”
Intelink—a “secure portal for integrated intelligence dissemination and collaboration efforts”
National Gang Intelligence Center—a “multi-agency effort that integrates gang information from local, state, and federal law enforcement entities to serve as a centralized intelligence resource for gang information and analytical support.”
RISSNET—which provides “timely access to a variety of law enforcement sensitive, officer safety, and public safety resources”
Malware Investigator—an automated tool that “analyzes suspected malware samples and quickly returns technical information about the samples to its users so they can understand the samples’ functionality.”
eGuardian—a “system that allows Law Enforcement, Law Enforcement support and force protection personnel the ability to report, track and share threats, events and suspicious activities with a potential nexus to terrorism, cyber or other criminal activity.”
While the hackers haven’t said whether they’ve gotten into these information sharing sites, they clearly got as far as the portal to the tools that let investigators share information on large networked investigations, targeting things like gangs, other organized crime, terrorists, and hackers. If hackers were to access those information sharing networks, they might be able to both monitor investigations into such networked crime groups, but also (using credentials they already hacked) to make false entries. And all that’s before CISA will vastly expand this info sharing.
Meanwhile, the Intercept reported receiving 2.5 years of recorded phone calls — amounting to 70 million recorded calls — from one of the nation’s largest jail phone providers, Securus. Its report focuses on proving that Securus is not defeat-listing calls to attorneys, meaning it has breached attorney-client privilege. As Scott Greenfield notes, that’s horrible but not at all surprising.
But on top of that, the Intercept’s source reportedly obtained these recorded calls by hacking Securus. While we don’t have details of how that happened, that does mean all those calls were accessible to be stolen. If Intercept’s civil liberties-motivated hacker can obtain the calls, so can a hacker employed by organized crime.
The Intercept notes that even calls to prosecutors were online (which might include discussions from informants). But it would seem just calls to friends and associates would prove of interest to certain criminal organizations, especially if they could pinpoint the calls (which is, after all, the point). As Greenfield notes, defendants don’t usually listen to their lawyers’ warnings — or those of the signs by the phones saying all calls will be recorded — and so they say stupid stuff to everyone.
So we tell our clients that they cannot talk about anything on the phone. We tell our clients, “all calls are recorded, including this one.” So don’t say anything on the phone that you don’t want your prosecutor to hear.
Some listen to our advice. Most don’t. They just can’t stop themselves from talking. And if it’s not about talking to us, it’s about talking to their spouses, their friends, their co-conspirators. And they say the most remarkable things, in the sense of “remarkable” meaning “really damaging.” Lawyers only know the stupid stuff they say to us. We learn the stupid stuff they say to others at trial. Fun times.
Again, such calls might be of acute interest to rival gangs (for example) or co-conspirators who have figured out someone has flipped.
It’s bad enough the government left OPM’s databases insecure, and with it sensitive data on 21 million clearance holders.
But it looks like key law enforcement data collections are not much more secure.
I’m reading Charlie Savage’s Power Wars. While I disagree with some parts of it and have additional information that isn’t included in others (the book is already 700 pages, so it’s possible they were left out because of length), it is absolutely worth reading and provides a ton of insight about what Obama’s legal insiders were willing to share with Savage. Here’s a long interview with Glenn Greenwald about it.
As it happens, last year I wrote but never finalized a post on an area that is misleading in Savage’s chapter on the Obama Administration’s serial prosecution of leakers, about the prosecution of Donald Sachtleben, the retired FBI guy who, after being busted for kiddie porn, ultimately got prosecuted for being the leaker behind the AP’s UndieBomb 2.0 story. I’m tweaking it and posting it now. This post explains his bust.
Savage claims that Sachtleben never got IDed because he didn’t access any classified documents about the bomb and hadn’t signed the sign-in sheet of the room where it was being investigated — which is all stuff claimed in a Statement of Offense that is obviously designed to be misleading (though Sachtleben’s FBI badge did show him entering the examination space where the bomb was being examined; the Statement doesn’t say whether the specific room tracked badge entries). Savage states, Sachtleben “had visited the Quantico lab where the new underwear bomb was being examined on May 1, 2012, a few hours before Goldman and a colleague, Matt Apuzzo, first called government officials to say they knew the FBI had intercepted a new underwear bomb from Yemen” [that date of the call in the Statement is May 2]. That suggests (again, as the statement does) that Sachtleben was therefore the source for the things the AP told the government it knew on May 2.
As I’ve noted, Sacthleben contested this claim at his sentencing, which is actually consistent with what the text messages with him show: Goldman and Apuzzo were looking for confirmation of something they already knew.
“I was neither the sole nor the original source of information to ‘Reporter A’ about the suicide bomb,” Sachtleben said in a statement sent by his law firm. “The information I shared with Reporter A merely confirmed what he already believed to be true. Any implication that I was the direct source of a serious leak is an exaggeration.”
But in CIA Public Affairs emails obtained by FOIA by The Intercept last year, there’s further support for this. The emails reveal that by April 25, 2012 — 5 days before talking to Sachtleben — Goldman was already asking roughly the same questions about Ibrahim al-Asiri asked of Sachtleben. (PDF 548-9)
“We’re hearing about aqap activity that has USG spun up and Ibrahim al-asiri is back on agency’s radar.” None of that’s surprising, of course, since AP sourced the initial story to numerous officials, and it’s unlikely two Pulitzer Prize winners would single source a story.
The Statement misleadingly suggests that the when Goldman and Apuzzo called the government on May 2, two and a half hours after speaking with Sachtleben (and a full week after Goldman’s email to the CIA Public Affairs office), they stated for the first time that “they believed, but had not confirmed, that the bomb was linked to AQAP’s premier bomb-maker, Ibrahim al-Asiri.” Except the government knew, but did not reveal in the Statement, that the AP reporters had already reached out via official government channels a week earlier with some of that information. Contrary to what Savage suggests, the call on May 2 was not the “first” that government officials learned the AP was working on the story, though it may have been the first time they claimed to have confirmed details about the bomb.
The emails also show the extent of AP’s efforts to provide CIA an opportunity to weigh in on the story.
After several exchanges the week before (including a “chat” between Deputy CIA Director Mike Morell and an AP editor in which the AP agreed to hold the story), CIA’s press office set up a meeting between Goldman, Apuzzo, and Morell at 9:30 on the morning they released their story, May 7. An Apuzzo email describes the purpose. “[T]his meeting is just the one the DDCIA [Morell] suggested, to offer some details to the story we agreed to hold for a few days.” (PDF 308)
This confirms a point the AP long insisted on — that they heeded an administration request for a few days before they published the story. And in response, Apuzzo’s email makes clear, Morell had offered to provide further details on the plot. That of course means that Mike Morell was himself a source for the story, probably including for the detail that CIA had just drone-killed Fahd al-Quso. Last I checked, Morell is not in prison for leaking to the AP (though of course his influence on the story would be considered official declassification and therefore cool).
Apuzzo followed up on the meeting and the story later that day. “I know that there were some strained conversations between our bosses this evening, but as far as Adam and I are concerned, I hope you found the story fair, accurate and responsible.” (PDF 308)
Of course, CIA had no reason to be pissed, given that the AP story celebrated their successful interception of a plot. Indeed, there is a very high likelihood that the CIA talked the AP reporters out of including more sensitive details — such as that the plot was really a sting run by a Saudi asset — that detail came out in other outlets, thanks in part to John Brennan and Peter King (the latter of whom was in turn blabbing about something the CIA had just briefed him), within a day. Or, something implied by the story but not stated directly, that the Administration had deployed a bunch of Air Marshals to Europe to protect against a threat that had never really been a threat and that they had already neutralized anyway. Those are the damning details of the story, but they weren’t in the AP’s version of it.
But the government came after them anyway. And, after members of Congress — including Peter King, who had served as a source for journalists!! — demanded a head, Donald Sachtleben served as a convenient one to offer up.
The story the government has told about Sachtleben — that they found he had a Secret CIA cable among his kiddie porn but didn’t pursue it any further until they exposed the sources of the entire AP newsroom — has never made sense. But as a guy who had already confessed to kiddie porn charges and had actually only served as the confirming source for some of the least sensitive information in the leak, he was convenient.
And while Savage appropriately lays into the Administration for the damage they did to journalism with their pursuit of leakers, the back story behind the scapegoating of Sachtleben suggests DOJ has been far more cynical about leaks and who gets prosecuted for them than suggested in Savage’s chapter.
In Salon, I’ve got my take on the hack of John Brennan’s AOL account by a 13-year old stoner.
While I think it sucks that WikiLeaks posted unredacted data on Brennan’s family, I’m not at all sympathetic to Brennan himself. After all he’s the guy who decided hacking his SSCI overseers would be appropriate. He’s one of the people who’ve been telling us we have no expectation of privacy in the kinds of data hackers obtained from Verizon — alternate phone number, account ID, password, and credit card information — for years.
But most of all, I think we should remember that Brennan left this data on an AOL server through his entire Obama Administration career, which includes 4 years of service as Homeland Security Czar, a position which bears key responsibility for cybersecurity.
Finally, this hack exposes the Director of the CIA exercising almost laughable operational security. The files appear to date from the period leading up to Brennan’s appointment as White House Homeland Security Czar, where a big part of Brennan’s job was to prevent hacks in this country. To think he was storing sensitive documents on an AOL server — AOL! — while in that role, really demonstrates how laughable are the practices of those who purport to be fighting hackers as the biggest threat to the country. For at least 6 years, the Homeland Security Czar, then the CIA Director — one of the key intelligence officials throughout the Obama Administration — left that stuff out there for some teenagers to steal.
Hacking is a serious problem in this country. Like Brennan, private individuals and corporations suffer serious damage when they get hacked (and the OPM hack of Brennan’s materials may be far more serious). Rather than really fixing the problem, the intelligence community is pushing to give corporations regulatory immunity in exchange for sharing information that won’t be all that useful.
A far more useful initial step in securing the country from really basic types of hacking would be for people like Brennan to stop acting in stupid ways, to stop leaving both their own and the public’s sensitive data in places where even stoned kids can obtain it, to provide a good object lesson in how to limit the data that might be available for malicious hackers to steal.
I would add, however, that there’s one more level of responsibility here.
As I noted in my piece, Brennan’s not the only one who got his security clearance application stolen recently. He is joined in that by 21 million other people, most of whom don’t have a key role in cybersecurity and counterintelligence. Most of those 21 million people haven’t even got official notice their very sensitive data got hacked by one of this country’s adversaries — not even those people who might be particularly targeted by China. Like Brennan, the families of those people have all been put at risk. Unlike Brennan, they didn’t get to choose to leave that data sitting on a server.
In fact, John Brennan and his colleagues have not yet put in place a counterintelligence plan to protect those 21 million people.
If it sucks that John Brennan’s kids got exposed by a hacker (and it does), then it sucks even more than people with far fewer protections and authority to fix things got exposed, as well.
John Brennan should focus on that, not on the 13 year old stoner who hacked his AOL account.