Posts

Author of Story Based on Leaks about Surveillance Parrots Brennan Condemning Leaks about Surveillance

Josh Rogin is among many journalists who covered John Brennan’s complaints about how “a number of unauthorized disclosures”and hand-wringing about our surveillance capabilities this morning (which was a response to Rogin asking “what went wrong” in Paris in questions).

But Brennan also said that there had been a significant increase in the operational security of terrorists and terrorist networks, who have used new commercially available encryption technologies and also studied leaked intelligence documents to evade detection.

“They have gone to school on what they need to do in order to keep their activities concealed from the authorities,” he said. “I do think this is a time for particularly Europe as well as the U.S. for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence services to protect the people that they are asked to serve.”

The FBI has said that Internet “dark spaces” hinder monitoring of terrorism suspects. That fuels the debate over whether the government should have access to commercial applications that facilitate secure communications.

Brennan pointed to “a number of unauthorized disclosures” over the past several years that have made tracking suspected terrorists even more difficult. He said there has been “hand wringing” over the government’s role in tracking suspects, leading to policies and legal action that make finding terrorists more challenging, an indirect reference to the domestic surveillance programs that were restricted after leaks by Edward Snowden revealed their existence.

I find it interesting that Rogin, of all people, is so certain that this is an “indirect reference to the domestic surveillance programs that were restricted after leaks by Edward Snowden revealed their existence.” It’s a non-sensical claim on its face, because no surveillance program has yet been restricted in the US, though FBI has been prevented from using NSLs and Pen Registers to bulk collection communications. The phone dragnet, however, is still going strong for another 2 weeks.

That reference — as I hope to show by end of day — probably refers to tech companies efforts to stop the NSA and GCHQ from hacking them anymore, as well as European governments and the EU trying to distance themselves from the US dragnet. That’s probably true, especially, given that Brennan emphasized international cooperation in his response.

I’m also confused by Rogin’s claim Jim Comey said Tor was thwarting FBI, given that the FBI Director said it wasn’t in September.

Even more curious is that Rogin is certain this is about Snowden and only Snowden. After all, while Snowden’s leaks would give terrorists a general sense of what might not be safe (though not one they tracked very closely, given the Belgian Minister of Home Affair’s claim that they’re using Playstation 4 to communicate, given that one of Snowden’s leaks said NSA and CIA were going after targets use of gaming consoles to communicate at least as early as 2008).

But a different leak would have alerted terrorists that their specific communications techniques had been compromised. The leak behind this story (which was a follow-up on leaks to the NYT, McClatchy, and WaPo).

It wasn’t just any terrorist message that triggered U.S. terror alerts and embassy closures—but a conference call of more than 20 far-flung al Qaeda operatives, Eli Lake and Josh Rogin report.
The crucial intercept that prompted the U.S. government to close embassies in 22 countries was a conference call between al Qaeda’s senior leaders and representatives of several of the group’s affiliates throughout the region.

The intercept provided the U.S. intelligence community with a rare glimpse into how al Qaeda’s leader, Ayman al-Zawahiri, manages a global organization that includes affiliates in Africa, the Middle East, and southwest and southeast Asia.

Several news outlets reported Monday on an intercepted communication last week between Zawahiri and Nasser al-Wuhayshi, the leader of al Qaeda’s affiliate based in Yemen. But The Daily Beast has learned that the discussion between the two al Qaeda leaders happened in a conference call that included the leaders or representatives of the top leadership of al Qaeda and its affiliates calling in from different locations, according to three U.S. officials familiar with the intelligence. All told, said one U.S. intelligence official, more than 20 al Qaeda operatives were on the call.

[snip]

Al Qaeda leaders had assumed the conference calls, which give Zawahiri the ability to manage his organization from a remote location, were secure. But leaks about the original intercepts have likely exposed the operation that allowed the U.S. intelligence community to listen in on the al Qaeda board meetings.

That story — by Josh Rogin himself! (though again, this was a follow-up on earlier leaks) — gave Al Qaeda, though maybe not ISIS, specific notice that one of their most sensitive communication techniques was compromised.

It’s really easy for journalists who want to parrot John Brennan and don’t know what the current status of surveillance is to blame Snowden. But those who were involved in the leak exposing the Legion of Doom conference call (which, to be sure, originated in Yemen, as many leaks that blow US counterterrorism efforts there do) might want to think twice before they blame other journalism.

Dianne Feinstein’s Pre-UndieBomb Thinking

A whole bunch of people have pilloried Dianne Feinstein’s defense of the phone dragnet and related programs.

But one bizarre argument I haven’t seen challenged is the underlying logic of this passage.

The U.S. must remain vigilant against terrorist attacks against the homeland. Al Qaeda in the Arabian Peninsula (AQAP), considered the world’s most capable and dangerous terrorist organization, is determined to attack the United States. As we have seen since the “underwear bomber” attempted to blow up an airliner over Detroit on Christmas Day 2009, AQAP has developed nonmetallic bombs that can elude airport screeners, and the organization’s expert bomb maker, Ibrahim al-Asiri, remains at large.

Asiri is believed to be behind the October 2010 plot to place bombs disguised as printer cartridges onto cargo planes headed for the U.S. He is also a suspect in the May 2012 suicide-bomber plot against an airliner headed for the U.S. that was foiled when U.S. authorities obtained the planned explosive device through good intelligence work.

Earlier this month, Director of National Intelligence James Clapper testified that in the case of the AQAP threat this summer, there were a number of phone numbers or emails “that emerged from our collection overseas that pointed to the United States.” Fortunately, the NSA call-records program was used to check those leads and determined that there was no domestic aspect to the plotting. [my emphasis]

So here’s the logic.

UndieBomb 1.0 proves AQAP wants to attack the US.

UndieBomb 2.0 is further proof of that, although DiFi doesn’t mention that it was a US-Saudi-Brit sting, meaning the intent came from us.

As part of the Legion of Doom investigation, NSA found phone numbers tied to the US that have, on investigation, proved to be unrelated to the actual alleged plot.

It’s that same theory that 36,000 innocent people must be investigated every time a terrorist plots something to keep us “safe.”

But let’s take a step back. UndieBomb 1.0 … UndieBomb 1.0 …

Yes.

I remember now.

UndieBomb 1.0 was the guy who was allegedly plotting out Jihad with Anwar al-Awlaki — whose communications the FBI had two guys reading — over things like chats and calls. That is, Umar Farouk Abdulmutallab was a guy whose plot the NSA and FBI should have thwarted before he got on a plane. (To say nothing of the CIA and NCTC’s fuck-ups.)

And yet, he got on that plane. His own incompetence and the quick work of passengers prevented that explosion, while a number of needles went unnoticed in the NSA’s most closely watched haystacks.

Nevertheless, the lesson DiFi takes is that we need more haystacks.

Shouldn’t the lessons of UndieBomb 1.0 be just as important to this debate as the partial, distorted, lessons of 9/11?

Count Von Count Drones Yemen

[youtube]L5bqMDGWXO8[/youtube]

The flurry of drone strikes in Yemen has gotten so difficult to keep up with that I imagine a twisted version of Count Von Count leading counting lessons after each one.

As of last count, he’d be up to the number 8. “You can hold it this way you can hold it that way.”

Three U.S. drone strikes killed a total of 12 suspected al-Qaida militants Thursday, a Yemeni military official said, raising to eight the number of attacks in less than two weeks as the Arab nation is on high alert against terrorism.

The uptick in drone strikes signals that the Obama administration is stepping up its efforts to target Yemen’s al-Qaida offshoot — al-Qaida in the Arabian Peninsula — amid fears of attacks after the interception of a message between its leader and the global leader of the terror network.

Since July 27, drone attacks have killed 34 suspected militants, according to an Associated Press count provided by Yemeni security officials.

Happy Eid, Yemen, Count Von Count would sing. Ha ha ha.

I can’t help but wonder whether the US wouldn’t look like it was in such a frenzy if it hadn’t leaked news of the conference call it compromised last week. It’s possible the compromise included location data. But at the very least, intelligence captured from the courier would seem to provide information that will lose value as AQAP figures out the US has it.

And given trickling reports that civilians are among the dead, on Eid? This drone frenzy could backfire if the attacks aren’t very carefully targeted.

Update: Tweaked courier language to reflect possibility he was never captured, just his message was.

Against Legion of Doom Alert, Is Hadi Playing Saleh’s Old Game?

After President Obama met with Yemen’s President Abdo Rabu Mansour Hadi on the eve (or during the progression) of the Legion of Doom alert last week, he said this about Hadi’s cooperation on terrorism.

I thank President Hadi and his government for the strong cooperation that they’ve offered when it comes to counterterrorism. Because of some of the effective military reforms that President Hadi initiated when he came into this office, what we’ve seen is al Qaeda in the Arabian Peninsula, or AQAP, move back out of territories that it was controlling.

And President Hadi recognizes that these threats are not only transnational in nature, but also cause severe hardship and prevent the kind of prosperity for the people of Yemen themselves. [my emphasis]

Hadi responded,

Our work together insofar as countering terrorism is concerned and also against al Qaeda is expressive, first and foremost, of Yemeni interests, because as a result of the activities of al Qaeda, Yemen’s development basically came to a halt whereby there is no tourism, and the oil companies, the oil-exploring companies had to leave the country as a result of the presence of al Qaeda. So our cooperation against those terrorist elements are actually serving the interests of Yemen. [my emphasis]

Note how this carefully scripted puppet show emphasized Yemen’s own interests in defeating al Qaeda.

Here’s what, in the wake of disagreements whether a disrupted plot (that may have had nothing to do with AQAP) had anything to do with the Legion of Doom alert, the WSJ now reports really happened at the meeting between Obama and Hadi.

The U.S. raised concerns in meetings in Washington last week, with officials complaining to President Abd Rabbu Mansour Hadi that Yemeni forces weren’t taking the al Qaeda threat seriously and needed to stop pulling back from military offensives, people familiar with the meetings said. Yemeni officials say they have spared no effort battling al Qaeda and its affiliates but that the threat remains too large for their ill-equipped military.

“We don’t have the capabilities or man power to capture large swaths of territory,” said one Yemeni official familiar with counterterrorism policy. “AQAP has hide-outs in remote villages and towns spread across the country.”

The history of U.S.-Yemeni counterterrorism relations has been checkered with missteps and mistakes, even before this latest terror alert. Mr. Hadi—who came to power in large part due to America’s diplomatic intervention—has tried to strengthen military and economic ties with the U.S.

Some officials in San’a, however, worry that President [my emphasis]

It goes onto lay out details of the cooperation — though the reported influx of JSOC members to Yemen may reflect a dramatic departure from this cooperation.

At the heart of the U.S.-Yemeni cooperation is a joint command center in Yemen, where officials from the two countries evaluate intelligence gathered by America and other allies, such as Saudi Arabia, say U.S. and Yemeni officials. There, they decide when and how to launch missile strikes against the highly secretive list of alleged al Qaeda operatives approved by the White House for targeted killing, these people say.

But local sensitivities about the bilateral counterterrorism cooperation have spiked in recent years due to high-profile civilian deaths by U.S. missiles, prompting tight limitations on any visible American role in the fight against al Qaeda.

For example, U.S. Special Forces aren’t allowed to accompany Yemeni units on patrols through the rugged mountains where al Qaeda cells have found haven, military officials familiar with the situation say. But Yemeni units have neither the skill nor political will to take on these sorts of quick-strike operations, the officials said.

Instead, Yemeni armed forces conduct periodic high-profile land operations against militants whose affiliation with al Qaeda isn’t clear.

And all that’s built on a bunch of military toys which Foreign Policy catalogs here. (Note, why are we paying Gallup $280,000 for a “Yemen Assessment Survey” when they can’t even poll in the US competently anymore? If we insist on using a US firm, why not use Zogby, which would have better ties to Arabic speakers?)

But underlying all this parroted language about cooperation is the reality that a focus on Al Qaeda tends to distract Hadi, who already relies on the US and Brits and Saudis to retain power, from issues that matter to Yemenis. This superb Guardian piece notes how counterterrorism delegitimizes him.

Among ordinary Yemenis, meanwhile, the latest al-Qaida drama has been greeted with scepticism and even some derision. Read more

Behind Legion of Doom: Breaking “Encrypted Electronic Communications between High Level Al Qaeda Leaders”

[youtube]xY-wsEh6CZk[/youtube]

David Garteinstein-Ross, who did his own research into the Daily Beast Legion of Doom story, noted a couple of things via Twitter that I have been pointing to: the conference call behind the Legion of Doom scare wasn’t the first intercept, and Al Qaeda leaders on the conference call (which Eli Lake clarified wasn’t via telephone) assumed the call was secure.

3) There has been more than one intercept related to the plot. The report refers to a captured courier in addition to the conference call.

5) Many reactions to the report assume AQ completely broke OPSEC. The report states that AQ leaders assumed the call was secure.

And in the appearance above on MSNBC, he describes the conference call as,

Encrypted electronic communications between high level Al Qaeda leaders in which they were discussing this plot.

[snip]

This is encrypted communication. It’s hard to penetrate their communications. And if you make clear that we have, and which communications we’ve penetrated, then they’re simply going to adapt.

In general, that suggests that something the government got from the courier allowed them to break the encrypted conference call. And, if Gartenstein-Ross is accurately informed, that we did, in fact, break their encrypted communications.

While that doesn’t prove or disprove my outtamyarse guess that the Tor compromise had a connection to Legion of Doom, it does make it more likely.

It also means the leaks are that much more damaging, in that they would have ended the period when we had location data on operatives they didn’t realize had been exposed.

Maybe the Gimmick Is in the Timing of Legion of Doom?

In my first post on this Yemen scare — which I will henceforth call “Legion of Doom” in honor of the Daily Beast source’s use of the term — I suggested the big part of the plot might have already transpired.

There’s the increased drone activity in Yemen. Who knows! Maybe, like last year, the plot has already been rolled up and we’re just waiting to confirm one of the several recent drone strikes have taken out our target?

I made that suggestion because of evidence that the US rolled up UndieBomb 2.0 on April 20-24 of last year, and only then deployed a bunch of Air Marshals and fear-mongering about Ibrahim al-Asiri for the days leading up to the May 1 anniversary of Osama bin Laden’s killing. They eliminated the threat (which was minimal in any case, since the bomber was a British-Saudi-US mole), then rolled out fear-mongering about it, as if the threat still existed. Fairly clearly, the White House planned a big press conference on their operation once they killed Fahd al-Quso, and thus got furious when the AP managed to scoop their theater.

I increasingly think that may be the case. Whether or not there was ever a real threat, I suspect it may have partly passed before the big rollout of it last Friday (though the targeting of a top AQAP member, the presence of additional JSOC forces, or all the drone strikes may have increased the risk for Americans in Yemen).

Consider: back when Pentagon stenographer Barbara Starr was among the first to discuss the intercepts behind Legion of Doom, she suggested very fresh SIGINT chatter and a warning from President Abdo Rabi Mansour Hadi delivered on July 31 or August 1 had led the US to close a bunch of embassies (though even there, they waited a few days to start closing embassies).

Fresh intelligence led the United States to conclude that operatives of al Qaeda in the Arabian Peninsula were in the final stages of planning an attack against U.S. and Western targets, several U.S. officials told CNN.

The warning led the U.S. State Department to issue a global travel alert Friday, warning al Qaeda may launch attacks in the Middle East, North Africa and beyond in coming weeks. The U.S. government also was preparing to close 22 embassies and consulates in the region Sunday as a precaution.

The chatter among al Qaeda in the Arabian Peninsula operatives had gone on for weeks but increased in the last few days, the officials said.

Taken together with a warning from Yemeni officials, the United States took the extraordinary step of shutting down embassies and issuing travel warnings, said the officials, who spoke on condition of anonymity.

While the specific target is uncertain, U.S. officials are deeply worried about a possible attack against the U.S. Embassy in Yemen occurring through Tuesday, the officials said.

[snip]

Yemeni intelligence agencies alerted authorities of the threat two days ago, when the Yemeni president was in Washington, said the official, who spoke on condition of anonymity. [my emphasis]

And the original and an update to the NYT’s original story on Legion of Doom says the intercept between Zawahiri and Wuhayshi came sometime last week.

The intercepted conversations last week between Ayman al-Zawahri, who succeeded Osama bin Laden as the head of the global terrorist group, and Nasser al-Wuhayshi, the head of the Yemen-based Al Qaeda in the Arabian Peninsula, revealed what American intelligence officials and lawmakers have described as one of the most serious plots against American and Western interests since the attacks on Sept. 11, 2001.

But the latest AP version of the intercept call says it was picked up “several weeks ago.”

A U.S. intelligence official and a Mideast diplomat said al-Zawahri’s message was picked up several weeks ago and appeared to initially target Yemeni interests. The threat was expanded to include American or other Western sites abroad, officials said, indicating the target could be a single embassy, a number of posts or some other site. Lawmakers have said it was a massive plot in the final stages, but they have offered no specifics.

Perhaps the discrepancy comes from confusion about two different Zawahiri-Wuhayshi intercepts. In its conference call report, the Daily Beast reports that authorities picked up a communication, via courier, between Zawahiri and Wuhayshi “last month.”

An earlier communication between Zawahiri and Wuhayshi delivered through a courier was picked up last month, according to three U.S. intelligence officials.

That earlier conversation may simply have been Zawahiri naming Wuhayshi his deputy, but the role of a courier in the interception suggests they may have gotten far more intelligence — perhaps not just intelligence tipping the US off to whatever conference call protocol AQ was using, but also to the location of Wuhayshi and other figures.

Read more

The Ooga Booga* Continues to Wear Off

Two and a half years ago, I noted how TSA head John Pistole pointed to a plot the FBI created while he was still its Deputy Director to justify the use of VIPR teams to stop people on non-aviation public transportation.

A couple of weeks back, I pointed to John Pistole’s testimony that directly justified the expansion of VIPR checkpoints to mass transport locations by pointing to a recent FBI-entrapment facilitated arrest.

Another recent case highlights the importance of mass transit security. On October 27, the Federal Bureau of Investigation (FBI) arrested a Pakistan-born naturalized U.S. citizen for attempting to assist others whom he believed to be members of al Qaida in planning multiple bombings at Metrorail stations in the Washington, D.C., area. During a sting operation, Farooque Ahmed allegedly conducted surveillance of the Arlington National Cemetery, Courthouse, and Pentagon City Metro stations, indicated that he would travel overseas for jihad, and agreed to donate $10,000 to terrorist causes. A federal grand jury in Alexandria, Virginia, returned a three-count indictment against Ahmed, charging him with attempting to provide material support to a designated terrorist organization, collecting information to assist in planning a terrorist attack on a transit facility, and attempting to provide material support to help carry out multiple bombings to cause mass casualties at D.C.-area Metrorail stations.

While the public was never in danger, Ahmed’s intentions provide a reminder of the terrorist attacks on other mass transit systems: Madrid in March 2004, London in July 2005, and Moscow earlier this year. Our ability to protect mass transit and other surface transportation venues from evolving threats of terrorism requires us to explore ways to improve the partnerships between TSA and state, local, tribal, and territorial law enforcement, and other mass transit stakeholders. These partnerships include measures such as Visible Intermodal Prevention and Response (VIPR) teams we have put in place with the support of the Congress. [my emphasis]

Now to be clear, as with Mohamed Mohamud’s alleged plot, Ahmed’s plot never existed except as it was performed by FBI undercover employees. In fact, at the time the FBI invented this plot, now TSA-head Pistole was the Deputy Director of FBI, so in some ways, Ahmed’s plot is Pistole’s plot. Nevertheless, Pistole had no problem pointing to a plot invented by his then-subordinates at the FBI to justify increased VIPR surveillance on “mass transit and other surface transportation venues.” As if the fake FBI plot represented a real threat.

Today, a NYT piece raises questions about VIPR’s efficacy (without, however, noting how TSA has pointed to FBI-generated plots to justify it).

T.S.A. and local law enforcement officials say the teams are a critical component of the nation’s counterterrorism efforts, but some members of Congress, auditors at the Department of Homeland Security and civil liberties groups are sounding alarms. The teams are also raising hackles among passengers who call them unnecessary and intrusive.

“Our mandate is to provide security and counterterrorism operations for all high-risk transportation targets, not just airports and aviation,” said John S. Pistole, the administrator of the agency. “The VIPR teams are a big part of that.”

Some in Congress, however, say the T.S.A. has not demonstrated that the teams are effective. Auditors at the Department of Homeland Security are asking questions about whether the teams are properly trained and deployed based on actual security threats.

It’d really be nice if NYT had named the “some” in Congress who had raised concerns. Read more