Posts

Brennan Was Probably Talking about the Telegram PRISM Gap as Much as Encryption

I noted the other day that at a pre-scheduled appearance Monday, Josh Rogin cued John Brennan to explain how the Paris attack happened without warning. In my opinion, the comment has been badly misreported as an indictment solely of Edward Snowden (though it is that) and encryption. I’ve put the entire exchange below but the key exchange was this:

And as I mentioned, there are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it. And I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve. And in the past several years because of a number of unauthorized disclosures and a lot of handwringing over the government’s role in the effort to try to uncover these terrorists, there have been some policy and legal and other actions that are taken that make our ability collectively internationally to find these terrorists much more challenging. And I do hope that this is going to be a wake-up call, particularly in areas of Europe where I think there has been a misrepresentation of what the intelligence security services are doing by some quarters that are designed to undercut those capabilities.

Brennan talks about technology that makes it difficult technically and legally to uncover plots. Encryption is a technical problem — one the NSA has proven its ability to overcome — that might be called a legal one if you ignore that NSA has the ability to overcome the lack of a legal requirement to provide back doors. But I agree this passage speaks to encryption, if not other issues.

In the next sentence, though, he talks about inadvertent or intentional gaps created “particularly in Europe.” He talks about plural unauthorized disclosures — as I noted, Josh Rogin’s own disclosure that the US had broken AQAP’s online conferencing technique may have been more directly damaging than most of Snowden’s leaks —  and “handwringing.” Those have led to “policy and legal and other actions” that have made it harder to find terrorists. In the next sentence, Brennan again emphasizes that “particularly in areas of Europe,” there needs to be a “wake-up call” because “there has been a misrepresentation” of what the spooks are doing, which he suggests was deliberately “designed to undercut those capabilities.”

So the paragraph where he speaks of these problems, he twice emphasizes that Europe in particular needs to adjust its approach.

Last I checked, Europe didn’t pass USA Freedom Act (which would not, in any way, have restricted review of Parisian targeters). Some countries in Europe are more vigorously considering limits on encryption, but those would be just as ineffective as eliminating the code that’s already out there.

What Europe has done, however, is make it harder for our PRISM providers to share data back and forth between Europe (and with providers considering moving servers to Europe, it will raise new questions about the applicability of PRISM for that data). And Europe (not just Europe, but definitely including Europe) has created a market need for US tech companies to distance themselves from the government.

And in the case of Germany, politicians have been investigating how much its BND has done for NSA, and especially which impermissible German people and companies were targeted as part of the relationship. I noted that Brennan raised similar issues just days after the BND investigation turned scandalous in March, and recent revelations have raised new pressure on BND.

With that in mind, in particular, consider what one of the more responsible reports on Brennan’s speech, that of Shane Harris, focused on — terrorists’ use of Berlin headquartered social messaging app Telegram. If terrorists were using WhatsApp (which a lot of the fearmongering focused on), the metadata, at least, would be available via Facebook. But since Telegram is not a US company, it cannot be obliged under Section 702 of FISA, and that surely creates just the kind of gap Brennan was talking about.

Since Brennan’s speech, Telegram has started deleting the special channels set up by ISIS to communicate.

I’m sure Brennan is complaining about encryption and if he can get Congress to force domestic back doors, I’m sure he will (though ISIS reportedly shies away from Apple products, so forcing Apple to give up its encrypted iMessage won’t help track down ISIS). But his speech seemed focused much more intently on ways in which, in the aftermath of the Snowden leaks, Europeans have opportunistically localized data and, in the process, made that data far less accessible to the NSA. Brennan, as I made clear in March, definitely would prefer the Europeans rely on Americans for their SIGINT (and in the process agree to some inappropriate spying in their home country), and the gap created by terrorists’ reliance on Telegram is one way to exert pressure on that point.

Read more

Author of Story Based on Leaks about Surveillance Parrots Brennan Condemning Leaks about Surveillance

Josh Rogin is among many journalists who covered John Brennan’s complaints about how “a number of unauthorized disclosures”and hand-wringing about our surveillance capabilities this morning (which was a response to Rogin asking “what went wrong” in Paris in questions).

But Brennan also said that there had been a significant increase in the operational security of terrorists and terrorist networks, who have used new commercially available encryption technologies and also studied leaked intelligence documents to evade detection.

“They have gone to school on what they need to do in order to keep their activities concealed from the authorities,” he said. “I do think this is a time for particularly Europe as well as the U.S. for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence services to protect the people that they are asked to serve.”

The FBI has said that Internet “dark spaces” hinder monitoring of terrorism suspects. That fuels the debate over whether the government should have access to commercial applications that facilitate secure communications.

Brennan pointed to “a number of unauthorized disclosures” over the past several years that have made tracking suspected terrorists even more difficult. He said there has been “hand wringing” over the government’s role in tracking suspects, leading to policies and legal action that make finding terrorists more challenging, an indirect reference to the domestic surveillance programs that were restricted after leaks by Edward Snowden revealed their existence.

I find it interesting that Rogin, of all people, is so certain that this is an “indirect reference to the domestic surveillance programs that were restricted after leaks by Edward Snowden revealed their existence.” It’s a non-sensical claim on its face, because no surveillance program has yet been restricted in the US, though FBI has been prevented from using NSLs and Pen Registers to bulk collection communications. The phone dragnet, however, is still going strong for another 2 weeks.

That reference — as I hope to show by end of day — probably refers to tech companies efforts to stop the NSA and GCHQ from hacking them anymore, as well as European governments and the EU trying to distance themselves from the US dragnet. That’s probably true, especially, given that Brennan emphasized international cooperation in his response.

I’m also confused by Rogin’s claim Jim Comey said Tor was thwarting FBI, given that the FBI Director said it wasn’t in September.

Even more curious is that Rogin is certain this is about Snowden and only Snowden. After all, while Snowden’s leaks would give terrorists a general sense of what might not be safe (though not one they tracked very closely, given the Belgian Minister of Home Affair’s claim that they’re using Playstation 4 to communicate, given that one of Snowden’s leaks said NSA and CIA were going after targets use of gaming consoles to communicate at least as early as 2008).

But a different leak would have alerted terrorists that their specific communications techniques had been compromised. The leak behind this story (which was a follow-up on leaks to the NYT, McClatchy, and WaPo).

It wasn’t just any terrorist message that triggered U.S. terror alerts and embassy closures—but a conference call of more than 20 far-flung al Qaeda operatives, Eli Lake and Josh Rogin report.
The crucial intercept that prompted the U.S. government to close embassies in 22 countries was a conference call between al Qaeda’s senior leaders and representatives of several of the group’s affiliates throughout the region.

The intercept provided the U.S. intelligence community with a rare glimpse into how al Qaeda’s leader, Ayman al-Zawahiri, manages a global organization that includes affiliates in Africa, the Middle East, and southwest and southeast Asia.

Several news outlets reported Monday on an intercepted communication last week between Zawahiri and Nasser al-Wuhayshi, the leader of al Qaeda’s affiliate based in Yemen. But The Daily Beast has learned that the discussion between the two al Qaeda leaders happened in a conference call that included the leaders or representatives of the top leadership of al Qaeda and its affiliates calling in from different locations, according to three U.S. officials familiar with the intelligence. All told, said one U.S. intelligence official, more than 20 al Qaeda operatives were on the call.

[snip]

Al Qaeda leaders had assumed the conference calls, which give Zawahiri the ability to manage his organization from a remote location, were secure. But leaks about the original intercepts have likely exposed the operation that allowed the U.S. intelligence community to listen in on the al Qaeda board meetings.

That story — by Josh Rogin himself! (though again, this was a follow-up on earlier leaks) — gave Al Qaeda, though maybe not ISIS, specific notice that one of their most sensitive communication techniques was compromised.

It’s really easy for journalists who want to parrot John Brennan and don’t know what the current status of surveillance is to blame Snowden. But those who were involved in the leak exposing the Legion of Doom conference call (which, to be sure, originated in Yemen, as many leaks that blow US counterterrorism efforts there do) might want to think twice before they blame other journalism.

Government (and Its Expensive Contractors) Really Need to Secure Their Data Collections

Given two recent high profile hacks, the government needs to either do a better job of securing its data collection and sharing process, or presume people will get hurt because of it.

After the hackers Crackas With Attitude hacked John Brennan, they went onto hack FBI’s Deputy Director Mark Giuliano as well as a law enforcement portal run by the FBI. The hack of the latter hasn’t gotten as much attention — thus far, WikiLeaks has not claimed to have the data, but upon closer examination of the data obtained, it appears it might provide clues and contact information about people working undercover for the FBI.

Then, the hackers showed Wired’s Kim Zetter what the portal they had accessed included. Here’s a partial list:

Enterprise File Transfer Service—a web interface to securely share and transmit files.

Cyber Shield Alliance—an FBI Cybersecurity partnership initiative “developed by Law Enforcement for Law Enforcement to proactively defend and counter cyber threats against LE networks and critical technologies,” the portal reads. “The FBI stewards an array of cybersecurity resources and intelligence, much of which is now accessible to LEA’s through the Cyber Shield Alliance.”

IC3—“a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime.”

Intelink—a “secure portal for integrated intelligence dissemination and collaboration efforts”

National Gang Intelligence Center—a “multi-agency effort that integrates gang information from local, state, and federal law enforcement entities to serve as a centralized intelligence resource for gang information and analytical support.”

RISSNET—which provides “timely access to a variety of law enforcement sensitive, officer safety, and public safety resources”

Malware Investigator—an automated tool that “analyzes suspected malware samples and quickly returns technical information about the samples to its users so they can understand the samples’ functionality.”

eGuardian—a “system that allows Law Enforcement, Law Enforcement support and force protection personnel the ability to report, track and share threats, events and suspicious activities with a potential nexus to terrorism, cyber or other criminal activity.”

While the hackers haven’t said whether they’ve gotten into these information sharing sites, they clearly got as far as the portal to the tools that let investigators share information on large networked investigations, targeting things like gangs, other organized crime, terrorists, and hackers. If hackers were to access those information sharing networks, they might be able to both monitor investigations into such networked crime groups, but also (using credentials they already hacked) to make false entries. And all that’s before CISA will vastly expand this info sharing.

Meanwhile, the Intercept reported receiving 2.5 years of recorded phone calls — amounting to 70 million recorded calls — from one of the nation’s largest jail phone providers, Securus. Its report focuses on proving that Securus is not defeat-listing calls to attorneys, meaning it has breached attorney-client privilege. As Scott Greenfield notes, that’s horrible but not at all surprising.

But on top of that, the Intercept’s source reportedly obtained these recorded calls by hacking Securus. While we don’t have details of how that happened, that does mean all those calls were accessible to be stolen. If Intercept’s civil liberties-motivated hacker can obtain the calls, so can a hacker employed by organized crime.

The Intercept notes that even calls to prosecutors were online (which might include discussions from informants). But it would seem just calls to friends and associates would prove of interest to certain criminal organizations, especially if they could pinpoint the calls (which is, after all, the point). As Greenfield notes, defendants don’t usually listen to their lawyers’ warnings — or those of the signs by the phones saying all calls will be recorded — and so they say stupid stuff to everyone.

So we tell our clients that they cannot talk about anything on the phone. We tell our clients, “all calls are recorded, including this one.”  So don’t say anything on the phone that you don’t want your prosecutor to hear.

Some listen to our advice. Most don’t. They just can’t stop themselves from talking.  And if it’s not about talking to us, it’s about talking to their spouses, their friends, their co-conspirators. And they say the most remarkable things, in the sense of “remarkable” meaning “really damaging.”  Lawyers only know the stupid stuff they say to us. We learn the stupid stuff they say to others at trial. Fun times.

Again, such calls might be of acute interest to rival gangs (for example) or co-conspirators who have figured out someone has flipped.

It’s bad enough the government left OPM’s databases insecure, and with it sensitive data on 21 million clearance holders.

But it looks like key law enforcement data collections are not much more secure.

On the Leak Crackdown: Donald Sachtleben Was a Convenient Scapegoat

I’m reading Charlie Savage’s Power Wars. While I disagree with some parts of it and have additional information that isn’t included in others (the book is already 700 pages, so it’s possible they were left out because of length), it is absolutely worth reading and provides a ton of insight about what Obama’s legal insiders were willing to share with Savage. Here’s a long interview with Glenn Greenwald about it.

As it happens, last year I wrote but never finalized a post on an area that is misleading in Savage’s chapter on the Obama Administration’s serial prosecution of leakers, about the prosecution of Donald Sachtleben, the retired FBI guy who, after being busted for kiddie porn, ultimately got prosecuted for being the leaker behind the AP’s UndieBomb 2.0 story. I’m tweaking it and posting it now. This post explains his bust.

Savage claims that Sachtleben never got IDed because he didn’t access any classified documents about the bomb and hadn’t signed the sign-in sheet of the room where it was being investigated — which is all stuff claimed in a Statement of Offense that is obviously designed to be misleading (though Sachtleben’s FBI badge did show him entering the examination space where the bomb was being examined; the Statement doesn’t say whether the specific room tracked badge entries). Savage states, Sachtleben “had visited the Quantico lab where the new underwear bomb was being examined on May 1, 2012, a few hours before Goldman and a colleague, Matt Apuzzo, first called government officials to say they knew the FBI had intercepted a new underwear bomb from Yemen” [that date of the call in the Statement is May 2]. That suggests (again, as the statement does) that Sachtleben was therefore the source for the things the AP told the government it knew on May 2.

As I’ve noted, Sacthleben contested this claim at his sentencing, which is actually consistent with what the text messages with him show: Goldman and Apuzzo were looking for confirmation of something they already knew.

“I was neither the sole nor the original source of information to ‘Reporter A’ about the suicide bomb,” Sachtleben said in a statement sent by his law firm. “The information I shared with Reporter A merely confirmed what he already believed to be true. Any implication that I was the direct source of a serious leak is an exaggeration.”

But in CIA Public Affairs emails obtained by FOIA by The Intercept last year, there’s further support for this. The emails reveal that by April 25, 2012 — 5 days before talking to Sachtleben — Goldman was already asking roughly the same questions about Ibrahim al-Asiri asked of Sachtleben. (PDF 548-9)

Screen Shot 2015-11-09 at 6.49.23 PM

“We’re hearing about aqap activity that has USG spun up and Ibrahim al-asiri is back on agency’s radar.” None of that’s surprising, of course, since AP sourced the initial story to numerous officials, and it’s unlikely two Pulitzer Prize winners would single source a story.

The Statement misleadingly suggests that the when Goldman and Apuzzo called the government on May 2, two and a half hours after speaking with Sachtleben (and a full week after Goldman’s email to the CIA Public Affairs office), they stated for the first time that “they believed, but had not confirmed, that the bomb was linked to AQAP’s premier bomb-maker, Ibrahim al-Asiri.” Except the government knew, but did not reveal in the Statement, that the AP reporters had already reached out via official government channels a week earlier with some of that information. Contrary to what Savage suggests, the call on May 2 was not the “first” that government officials learned the AP was working on the story, though it may have been the first time they claimed to have confirmed details about the bomb.

The emails also show the extent of AP’s efforts to provide CIA an opportunity to weigh in on the story.

After several exchanges the week before (including a “chat” between Deputy CIA Director Mike Morell and an AP editor in which the AP agreed to hold the story), CIA’s press office set up a meeting between Goldman, Apuzzo, and Morell at 9:30 on the morning they released their story, May 7. An Apuzzo email describes the purpose. “[T]his meeting is just the one the DDCIA [Morell] suggested, to offer some details to the story we agreed to hold for a few days.” (PDF 308)

This confirms a point the AP long insisted on — that they heeded an administration request for a few days before they published the story. And in response, Apuzzo’s email makes clear, Morell had offered to provide further details on the plot. That of course means that Mike Morell was himself a source for the story, probably including for the detail that CIA had just drone-killed Fahd al-Quso. Last I checked, Morell is not in prison for leaking to the AP (though of course his influence on the story would be considered official declassification and therefore cool).

Apuzzo followed up on the meeting and the story later that day. “I know that there were some strained conversations between our bosses this evening, but as far as Adam and I are concerned, I hope you found the story fair, accurate and responsible.” (PDF 308)

Of course, CIA had no reason to be pissed, given that the AP story celebrated their successful interception of a plot. Indeed, there is a very high likelihood that the CIA talked the AP reporters out of including more sensitive details — such as that the plot was really a sting run by a Saudi asset — that detail came out in other outlets, thanks in part to John Brennan and Peter King (the latter of whom was in turn blabbing about something the CIA had just briefed him), within a day. Or, something implied by the story but not stated directly, that the Administration had deployed a bunch of Air Marshals to Europe to protect against a threat that had never really been a threat and that they had already neutralized anyway. Those are the damning details of the story, but they weren’t in the AP’s version of it.

But the government came after them anyway. And, after members of Congress — including Peter King, who had served as a source for journalists!! — demanded a head, Donald Sachtleben served as a convenient one to offer up.

The story the government has told about Sachtleben — that they found he had a Secret CIA cable among his kiddie porn but didn’t pursue it any further until they exposed the sources of the entire AP newsroom — has never made sense. But as a guy who had already confessed to kiddie porn charges and had actually only served as the confirming source for some of the least sensitive information in the leak, he was convenient.

And while Savage appropriately lays into the Administration for the damage they did to journalism with their pursuit of leakers, the back story behind the scapegoating of Sachtleben suggests DOJ has been far more cynical about leaks and who gets prosecuted for them than suggested in Savage’s chapter.

Read more

Hacking John Brennan, Hacking OPM

In Salon, I’ve got my take on the hack of John Brennan’s AOL account by a 13-year old stoner.

While I think it sucks that WikiLeaks posted unredacted data on Brennan’s family, I’m not at all sympathetic to Brennan himself. After all he’s the guy who decided hacking his SSCI overseers would be appropriate. He’s one of the people who’ve been telling us we have no expectation of privacy in the kinds of data hackers obtained from Verizon — alternate phone number, account ID, password, and credit card information — for years.

But most of all, I think we should remember that Brennan left this data on an AOL server through his entire Obama Administration career, which includes 4 years of service as Homeland Security Czar, a position which bears key responsibility for cybersecurity.

Finally, this hack exposes the Director of the CIA exercising almost laughable operational security. The files appear to date from the period leading up to Brennan’s appointment as White House Homeland Security Czar, where a big part of Brennan’s job was to prevent hacks in this country. To think he was storing sensitive documents on an AOL server — AOL! — while in that role, really demonstrates how laughable are the practices of those who purport to be fighting hackers as the biggest threat to the country. For at least 6 years, the Homeland Security Czar, then the CIA Director — one of the key intelligence officials throughout the Obama Administration — left that stuff out there for some teenagers to steal.

Hacking is a serious problem in this country. Like Brennan, private individuals and corporations suffer serious damage when they get hacked (and the OPM hack of Brennan’s materials may be far more serious). Rather than really fixing the problem, the intelligence community is pushing to give corporations regulatory immunity in exchange for sharing information that won’t be all that useful.

A far more useful initial step in securing the country from really basic types of hacking would be for people like Brennan to stop acting in stupid ways, to stop leaving both their own and the public’s sensitive data in places where even stoned kids can obtain it, to provide a good object lesson in how to limit the data that might be available for malicious hackers to steal.

I would add, however, that there’s one more level of responsibility here.

As I noted in my piece, Brennan’s not the only one who got his security clearance application stolen recently. He is joined in that by 21 million other people, most of whom don’t have a key role in cybersecurity and counterintelligence. Most of those 21 million people haven’t even got official notice their very sensitive data got hacked by one of this country’s adversaries — not even those people who might be particularly targeted by China. Like Brennan, the families of those people have all been put at risk. Unlike Brennan, they didn’t get to choose to leave that data sitting on a server.

In fact, John Brennan and his colleagues have not yet put in place a counterintelligence plan to protect those 21 million people.

If it sucks that John Brennan’s kids got exposed by a hacker (and it does), then it sucks even more than people with far fewer protections and authority to fix things got exposed, as well.

John Brennan should focus on that, not on the 13 year old stoner who hacked his AOL account.

CISA Moves: A Summary

This afternoon, Aaron Richard Burr moved the Cyber Intelligence Sharing Act forward by introducing a manager’s amendment that has limited privacy tweaks (permitting a scrub at DHS and limiting the use of CISA information to cyber crimes that nevertheless include to prevent threat to property), with a bunch of bigger privacy fix amendments, plus a Tom Cotton one and a horrible Sheldon Whitehouse one called as non-germane amendments requiring 60 votes.

Other than that, Burr, Dianne Feinstein, and Ron Wyden spoke on the bill.

Burr did some significant goalpost moving. Whereas in the past, he had suggested that CISA might have prevented the Office of Public Management hack, today he suggested CISA would limit how much data got stolen in a series of hacks. His claim is still false (in almost all the hacks he discussed, the attack vector was already known, but knowing it did nothing to prevent the continued hack).

Burr also likened this bill to a neighborhood watch, where everyone in the neighborhood looks out for the entire neighborhood. He neglected to mention that that neighborhood watch would also include that nosy granny type who reports every brown person in the neighborhood, and features self-defense just like George Zimmerman’s neighborhood watch concept does. Worse, Burr suggested that those not participating in his neighborhood watch were had no protection, effectively suggesting that some of the best companies on securing themselves — like Google — were not protecting customers. Burr even suggested he didn’t know anything about the companies that oppose the bill, which is funny, because Twitter opposes the bill, and Burr has a Twitter account.

Feinstein was worse. She mentioned the OPM hack and then really suggested that a series of other hacks — including both the Sony hack and the DDOS attacks on online banking sites that stole no data! — were worse than the OPM hack.

Yes, the Vice Chair of SSCI really did say that the OPM hack was less serious than a bunch of other other hacks that didn’t affect the national security of this country. Which, if I were one of the 21 million people whose security clearance data had been compromised, would make me very very furious.

DiFi also used language that made it clear she doesn’t really understand how the information sharing portal works. She said something like, “Once cyber information enters the portal it will move at machine speed to other federal agencies,” as if a conveyor belt will carry information from DHS to FBI.

Wyden mostly pointed out that this bill doesn’t protect privacy. But he did call out Burr on his goalpost moving on whether the bill would prevent (his old claim) or just limit the damage 0f (his new one) attacks that it wouldn’t affect at all.

Wyden did, however, object to unanimous consent because Whitehouse’s crappy amendment was being given a vote, which led Burr to complain that Wyden wasn’t going to hold this up.

Finally, Burr came back on the floor, not only to bad mouth companies that oppose this bill again (and insist it was voluntary so they shouldn’t care) but also to do what I thought even he wouldn’t do: suggest we need to pass CISA because a 13 year old stoner hacked the CIA Director.

If Ending DOD’s Train and Assist Program Is about Returning to Covert Status, Will Congress Get Details?

When Mike Lee, Joe Manchin, Chris Murphy, and Tom Udall wrote the Administration calling for an end to the Syria Train and Equip Program last week, they addressed it to CIA Director John Brennan, along with Defense Secretary Ash Carter (its primary addressee, given the clear reference to details about DOD’s T&E mission) and Secretary of State John Kerry.

It appears the Senators got the result they desired. As a number of outlets are reporting, Carter has decided to end DOD’s T&E program, which has done little except arm al Qaeda affiliates in Syria. But it’s not that we’re going to end our involvement in Syria. The stories provide different descriptions of what we intend to continue doing. The NYT, which pretended not to know about the CIA covert program, described a shift of training to Turkey, while discussing armed Sunnis in eastern Syria.

A senior Defense Department official, who was not authorized to speak publicly and who spoke on the condition of anonymity, said that there would no longer be any more recruiting of so-called moderate Syrian rebels to go through training programs in Jordan, Qatar, Saudi Arabia or the United Arab Emirates. Instead, a much smaller training center would be set up in Turkey, where a small group of “enablers” — mostly leaders of opposition groups — would be taught operational maneuvers like how to call in airstrikes.

[snip]

The official said the training was “to be suspended, with the option to restart if conditions dictate, opportunities arise.” The official also said that support to Sunni Arab fighters in eastern Syria was an example of focusing on groups already fighting the Islamic State, also known as ISIS or ISIL, “rather than using training to try to manufacture new brigades.”

The LAT to its credit did acknowledge the parallel CIA program in a piece vaguely describing our “new” approach of working with a wide range of groups on the Turkish border.

Under the new approach, the administration will continue to work with a range of groups to capitalize on the successes that Kurdish, Arab and Turkmen groups have had over the last several months driving the Islamic State forces out of much of the Turkey-Syria border region.‎

[snip]

The decision to end the Pentagon training program does not appear to immediately affect a separate program run by the CIA.

While Ash Carter’s public remarks associated with this discussion make it clear Russia’s actions in the same region remain a concern, the reporting I’ve seen thus far hasn’t tied the decision to end the DOD program to the need to respond to Russia in any way.

Which raises the question: is this just an attempt to shift our existing T&E efforts entirely under a covert structure again? There are many reasons why you’d want to do that, not least because it would make it a lot easier to hide that not only aren’t your “rebels” “moderate,” but they’re al Qaeda affiliates (as David Petraeus and others were floating we should do). Given Qatari and Saudi efforts to flood more weapons into Syria in response to Russia’s involvement, you’d think the US would want to play along too.

But especially since Tom Udall is the guy who — a year ago — raised the crazy notion that Congress should know some details about the (at that point) two year long effort by CIA to support “moderate” forces …

Everybody’s well aware there’s been a covert operation, operating in the region to train forces, moderate forces, to go into Syria and to be out there, that we’ve been doing this the last two years. And probably the most true measure of the effectiveness of moderate forces would be, what has been the effectiveness over that last two years of this covert operation, of training 2,000 to 3,000 of these moderates? Are they a growing force? Have they gained ground? How effective are they? What can you tell us about this effort that’s gone on, and has it been a part of the success that you see that you’re presenting this new plan on?

… I wonder whether Congress has ever gotten fully briefed on that program — and whether they would going forward.

After all, none of the men who signed this letter would be privy to how a covert effort to train rebels was going under normal guidelines unless Udall or Murphy were getting details on the Appropriations Committee.

So while it may be — and I think it likely this is — just an effort to make it easier to partner with al Qaeda to defeat Bashar al-Assad and Putin (teaming with al Qaeda to fight Russia! just like old times!) — I also wonder whether this is an effort to avoid telling most of Congress just how problematic (even if effective from an anti-Assad perspective) both the DOD and CIA effort are.

 

Is Russia Eliminating America’s Material Support for Terrorism Problem

In this post, Moon of Alabama linked to this Jerusalem Post article, which says more plainly what a number of people admit obliquely: Qatar and Saudi Arabia are funding the Nusra Front.

The Nusra Front, the Syrian branch of al- Qaida, which controls 10-15 percent of non-contiguous parcels of Syrian real estate, is of special interest to the IDF. Together with some local militias Nusra is in charge of most of the 100-kilometer border with Israel on the Syria side of the Golan Heights. In recent years, Nusra slightly toned down its militant ideology due to the influence of Qatar and Saudi Arabia, which provide it with financial support.

OK then.

Not only are our Gulf allies funding al Qaeda, but they are sufficiently close to them so as to get them to pretend to moderate their extremism. Which is another way of saying they’re sufficiently close to get them to cooperate to help the Gulf nations snooker their allies.

Of course, the Israelis have an incentive to point to Qatar and Saudi Arabia, so as to avoid admitting they, too, are backing Nusra.

Still, this plain admission raises the same questions I raised back in August when the people inserting DOD-trained rebels into Syria were genuinely surprised that their expectation that Nusra would welcome those rebels, rather than kidnap them, was wrong.

I think it’s quite likely that the US got affirmative HUMINT from one of our partners in the region that Nusra Front would not attack. Both the Saudis and Israelis are real possibilities to have provided this intelligence, given that we rely on the Saudis for a lot of our intelligence on Sunni terrorist groups and the Israelis have been cozying up to the group. And I’m frankly agnostic whether that intelligence would have been offered cynically — again, as a ploy to suck the US further into Syria — or in good faith.

Likewise, I wonder whether we got disinformation from our allies — the material supporter of terrorists — about whether or not Nusra had confiscated a chunk of the weapons and pick-ups from the next batch of rebels we sent into Syria.

All that’s stuff that was readily available. But here’s a detail I did not know. CIA reportedly ended its support for its Syrian rebels earlier this year.

Be that as it may, and regardless of the Russian strategy, it also needs to be emphasized that even though the targeted rebels were not ISIS, they were not secularist “moderates” either. According to most news outlets however, the rebel positions hit by the Russians were part of the “Free Syrian Army”, the armed branch of the allegedly secular opposition. Interestingly, this statement is based on one single testimony made to Reuters by the leader of a group which has been provided with US weapons as part of a covert CIA programme that was ended earlier this year.

If the CIA had stopped outfitting rebels partnering with Qatari and Saudi backed al Qaeda groups, I can see how they’d want to hijack DOD backed rebels to get US arms (and, effectively, bodies).

Which brings me back to this comment John Brennan made at the end of May, asked explicitly in the context of ISIS.

Dealing with some of these problems in the Middle East, whether you’re talking about Iraq, Iran, Syria, Yemen, Libya, others, these are some of the most complex and complicated issues that I’ve seen in my 35 years, working on national security issues. So there are no easy solutions.

I think the president has tried to make sure that we’re able to push the envelope when we can to protect this country. But we have to recognize that sometimes our engagement and direct involvement will stimulate and spur additional threats to our national security interests.

“Sometimes our engagement and direct involvement will stimulate and spur additional threats,” said the CIA director overseeing a covert operation of supporting fighters that ended up having ties to al Qaeda that either had been or would shortly be discontinued.

We’re making a lot of noise about Russia taking out those men the CIA had formerly trained. Is it just noise?

Apparently some Syrians on the ground are already questioning whether the US has sold them out.

The official added that the airstrikes were bolstering the popularity of Jabhat al-Nusra, with its combined message of American duplicity against Muslims and the prospect of fighting an old foe – many of al-Qaida’s veterans once fought the Soviet Union in Afghanistan.

While there are reasons to question the source (really! how many al Qaeda members who fought Russia 20 years ago are left, much less on the ground in Syria?), it’s a good question…

Update: The Daily Beast believes the CIA program is still active.

The rebels attacked by Russian forces on Wednesday and Thursday were in western Syria, alongside al Qaeda affiliates and far from any ISIS positions. That suggests the rebels were not there to fight the self-proclaimed Islamic State, as the Obama administration called the top priority. Instead, they were battling the Assad regime as part of a still-active CIA program for rebels which has run in tandem with the disastrous and now-defunct train and equip Pentagon program.

With One Bombing Run Russia Gets the US to Acknowledge CIA’s “Covert” Regime Change Forces

For some time, a number of us have been tracking the collective forgetfulness about CIA’s acknowledged covert forces on the ground in Syria. I often point back to the day two years ago when Chuck Hagel confirmed our covert efforts in Syria in a congressional hearing, as well as Senate Foreign Relations Committee member frustration with their inability to get details on the acknowledged covert ops (that already numbered in the thousands, according to Tom Udall) there. Jim and I have written a slew of other posts about CIA’s covert forces there (one two three four five six seven are just a small sampling).

More recently, Adam Johnson caught NYT and Vox pretending CIA’s efforts don’t exist at all.

This past week, two pieces—one in the New York Timesdetailing the “finger pointing” over Obama’s “failed” Syria policy, and a Vox“explainer” of the Syrian civil war—did one better: They didn’t just omit the fact that the CIA has been arming, training and funding rebels since 2012, they heavily implied they had never done so.

To be fair, some intelligence reporters have done consistently good reporting on CIA’s covert war in Syria. But the policy people — especially the ones reporting how if Obama had supported “moderate” rebels sooner — usually pretend no one knows that Obama did support Qatar and Saudi-vetted liver-eating rebels sooner and they often turned out to be Islamists.

The selective ignorance about CIA’s covert operations in Syria seems to have been eliminated, however, with one Russian bombing run that targeted them.

Russia launched airstrikes in Syria on Wednesday, catching U.S. and Western officials off guard and drawing new condemnation as evidence suggested Moscow wasn’t targeting extremist group Islamic State, but rather other opponents of Bashar al-Assad’s regime.

One of the airstrikes hit an area primarily held by rebels backed by the Central Intelligence Agency and allied spy services, U.S. officials said, catapulting the Syrian crisis to a new level of danger and uncertainty. Moscow’s entry means the world’s most powerful militaries—including the U.S., Britain and France—now are flying uncoordinated combat missions, heightening the risk of conflict in the skies over Syria.

Thus far, of course, US officials are insisting that the anti-Assad troops Russia targeted are wholly distinct from ISIS (even while they remain silent about whether they’re Islamic extremists).

Secretary of State John Kerry met with Russian Foreign Minister Sergei Lavrov and said he raised U.S. concerns about attacks that target regime opponents other than Islamic State, also known as ISIS or ISIL. In Syria’s multi-sided war, Mr. Assad’s military—aided by Iran and the Lebanese Shiite group Hezbollah—is fighting both Islamic State and opposition rebel groups, some of which are supported by the U.S. and its allies.

[snip]

The U.S. and its allies were angry at the Russians on many scores: that they are supporting Mr. Assad; that they aren’t coordinating their actions with the existing, U.S.-led anti-Islamic State coalition; that they provided terse notice only an hour before their operations; that they demanded the U.S. coalition stay out of Syrian airspace; and that they struck in areas where anti-Assad rebels—not Islamic State—operate.

“It does appear that they were in areas where there probably were not ISIL forces, and that is precisely one of the problems with this whole approach,” said Mr. Carter, the U.S. defense chief.

This attempt to distinguish ISIS from the CIA-backed rebels will quickly lead to an awkward place for the Administration and its allies, not least because making any distinction will require providing details on the vetting process used to select these forces, as well as addressing the evidence of cooperation with ISIS or traditional al Qaeda in the past. Plus, the more the US argues these groups that aren’t entirely distinct from al Qaeda are entirely distinct from ISIS, it will make the Administration’s claim that the 2001 AUMF against Al Qaeda authorizes it to fight ISIS (in related news, DOJ just denied USAT’s FOIA request for 3 OLC documents making that case) really wobbly. Any claim Russia makes that these anti-Assad forces are also Islamic extremists (and therefore entirely legitimate targets in the fight against ISIS) will be based on intelligence that is no more shitty than US intelligence that they’re not, especially given that CentCom admits on the record it can’t even trust (much less vet) the communications it is getting from rebels on the ground about their coordination with al Qaeda. It will devolve into a he-said-she-said about whose claims are more suspect, Assad’s or the Saudis’ who’ve been pushing for regime change long before the Arab Spring gave then an opportunity to push it along.

And all the while, any pretense that CIA’s involvement is covert will grow more and more laughable. Reporting like this — which claims Putin has “hijacked” Obama’s war on ISIS when the content only makes sense if Putin has more urgently hijacked Obama’s regime change efforts against Assad — will become more and more laughable.

Whatever Russia’s entry does for the tactical confrontation (I have no hopes it will do anything but make this conflict even bloodier, and possibly expand it into other countries), it has clarified a discussion the US has always tried to obscure. There are plenty of US backed forces on the ground — which may or may not be Islamic extremists (see Pat Lang on this point) — whose priority is toppling Bashar al-Assad, not defeating ISIS. While there will be some interesting fights about who they really are in coming days (and whether CIA has already acknowledged that it inflamed Islamists with its regime change efforts), American priorities will become increasingly clear.

Make no mistake: I am not defending Russia, Syria, our vetted “moderate” rebels, Saudi Arabia, or anyone else. It’s a volatile situation and none of the outside intervention seems to be helping. But one big reason we’ve been failing is because we’ve been lying publicly about the forces on the ground. Those lies just got a lot harder to sustain.

(As always on the Syrian quagmire, see Moon of Alabama’s latest.)

Was the White House Involved in the Decision to Unapologize to Dianne Feinstein?

A must-read Jason Leopold piece on the fight between the Senate Intelligence Committee and CIA over the torture report reveals that John Brennan apologized about hacking the SSCI website — before he unapologized .

John Brennan was about to say he was sorry.

On July 28, 2014, the CIA director wrote a letter to senators Dianne Feinstein and Saxby Chambliss — the chairwoman of the Senate Intelligence Committee (SSCI) and the panel’s ranking Republican, respectively. In it, he admitted that the CIA’s penetration of the computer network used by committee staffers reviewing the agency’s torture program — a breach for which Feinstein and Chambliss had long demanded accountability — was improper and violated agreements the Intelligence Committee had made with the CIA.

[snip]

“I recently received a briefing on the [OIG’s] findings, and want to inform you that the investigation found support for your concern that CIA staff had improperly accessed the [Intelligence Committee] shared drive on the RDINet [an acronym for rendition, detention, and interrogation] when conducting a limited search for CIA privileged documents,” Brennan wrote. “In particular, the [OIG] judged that Agency officers’ access to the… shared drive was inconsistent with the common understanding reached in 2009 between the Committee and the Agency regarding access to RDINet. Consequently, I apologize for the actions of CIA officers…. I am committed to correcting the shortcomings that this report has revealed.”

But Brennan didn’t sign or send the apology letter.

Instead, four days later, he sent Feinstein and Chambliss a different letter — one without an apology or admission that the search of their computer network was improper.

Leopold includes the letter as an image in his story (and also at page 299 in the SCRIBD embed). The letter he did send appears at page 11 of the embed.

In addition to the dramatically different content, the later letter does not include — as the earlier one did — notice that carbon copies of the letter were sent to DNI James Clapper, White House Counsel Neil Eggleston, and CIA’s Inspector General David Buckley.

Screen Shot 2015-08-12 at 1.55.19 PM

You can see the earlier letter (see page 298) was sent by some emoticon-wielding (presumed) Assistant who explained — at 4:32 that same day — “Sending anyway, Just in case you need it soft copy for any reason. :)”

Screen Shot 2015-08-12 at 2.29.35 PM

 

It’s as if by that point the CIA had already decided to pursue a different option (which, if we can believe the CIA’s currently operative story to Leopold, was to apologize to Senator Feinstein in person rather than memorialize such an apology in writing).

But I wonder … given that they were going to include Eggleston on the original but saw no need to include him (and Clapper and Buckley) on the finalized letter … was the White House in the loop in the decision to unapologize?

As Leopold reminds in his story, Brennan looped Chief of Staff Denis McDonough in before the January searches of SSCI’s network, implicating (though insulated by two degrees of separation, if we believe the CIA’s story) the White House in the decision to spy on SSCI. Was the White House included in the decision on whether to apologize to Dianne Feinstein?