Is This Why Banksters Don’t Go to Jail for Laundering Terrorist Finances?

/12 Comments/in , /by

I’m in the middle of a deep dive in the Section 215 White Paper — expect plenty of analysis on it in coming attractions!

But I want to make a discrete point about this passage, which describes what happen to query results.

Results of authorized queries are stored and are available only to those analysts trained in the restrictions on the handling and dissemination of the metadata. Query results can be further analyzed only for valid foreign intelligence purposes. Based on this analysis of the data, the NSA then provides leads to the FBI or others in the Intelligence Community. For U.S. persons, these leads are limited to counterterrorism investigations.

The Primary Order released several weeks back calls these stored query results “the corporate store.” As ACLU laid out, the government can do pretty much whatever it wants with this corporate store — and their analysis of it is not audited.

All of this information, the primary order says, is dumped into something called the “corporate store.” Incredibly, the FISC imposes norestrictions on what analysts may subsequently do with the information. The FISC’s primary order contains a crucially revealing footnote stating that “the Court understands that NSA may apply the full range of SIGINT analytic tradecraft to the result of intelligence analysis queries of the collected [telephone] metadata.” In short, once a calling record is added to the corporate store, anything goes.

More troubling, if the government is combining the results of all its queries in this “corporate store,” as seems likely, then it has a massive pool of telephone data that it can analyze in any way it chooses, unmoored from the specific investigations that gave rise to the initial queries. To put it in individual terms: If, for some reason, your phone number happens to be within three hops of an NSA target, all of your calling records may be in the corporate store, and thus available for any NSA analyst to search at will.

But it’s even worse than that. The primary order prominently states that whenever the government accesses the wholesale telephone-metadata database, “an auditable record of the activity shall be generated.” It might feel fairly comforting to know that, if the government abuses its access to all Americans’ call data, it might eventually be called to account—until you read footnote 6 of the primary order, which exempts entirely the government’s use of the “corporate store” from the audit-trail requirement.

The passage from the White Paper seems to suggest there are limits (though it doesn’t explain where they come from, because they clearly don’t come from FISC).

This analysis must have a valid foreign intelligence purpose — which can include political information, economic information, espionage information, military information, drug information, and the like. Anything other countries do, basically.

But if the data in the corporate store pertains to US persons, the FBI can only get a lead “for counterterrorism purposes.”

At one level, this is (small) comfort, because it provides a level of protection on the dragnet use.

But it also may explain why HSBC’s US subsidiary didn’t get caught laundering al Qaeda’s money, or why JP Morgan always gets to self-disclose its support for Iranian “terrorism.” So long as the government chooses not to treat banks laundering money for terrorists as material support for terror, then they can consider these links (which surely they’ve come across in their “corporate store!) evidence of a financial crime, not a terrorist one, and just bury it.

I would be curious, though, whether the government has ever used the “corporate store” to police Iran sanctions. Does that count as a counterterrorism purpose? And if so, is that why Treasury “finds” evidence of international bank violations so much more often than it does American bank violations?

Share this entry

Count Von Count Drones Yemen

/7 Comments/in , /by

[youtube]L5bqMDGWXO8[/youtube]

The flurry of drone strikes in Yemen has gotten so difficult to keep up with that I imagine a twisted version of Count Von Count leading counting lessons after each one.

As of last count, he’d be up to the number 8. “You can hold it this way you can hold it that way.”

Three U.S. drone strikes killed a total of 12 suspected al-Qaida militants Thursday, a Yemeni military official said, raising to eight the number of attacks in less than two weeks as the Arab nation is on high alert against terrorism.

The uptick in drone strikes signals that the Obama administration is stepping up its efforts to target Yemen’s al-Qaida offshoot — al-Qaida in the Arabian Peninsula — amid fears of attacks after the interception of a message between its leader and the global leader of the terror network.

Since July 27, drone attacks have killed 34 suspected militants, according to an Associated Press count provided by Yemeni security officials.

Happy Eid, Yemen, Count Von Count would sing. Ha ha ha.

I can’t help but wonder whether the US wouldn’t look like it was in such a frenzy if it hadn’t leaked news of the conference call it compromised last week. It’s possible the compromise included location data. But at the very least, intelligence captured from the courier would seem to provide information that will lose value as AQAP figures out the US has it.

And given trickling reports that civilians are among the dead, on Eid? This drone frenzy could backfire if the attacks aren’t very carefully targeted.

Update: Tweaked courier language to reflect possibility he was never captured, just his message was.

Share this entry

Against Legion of Doom Alert, Is Hadi Playing Saleh’s Old Game?

/2 Comments/in , /by

After President Obama met with Yemen’s President Abdo Rabu Mansour Hadi on the eve (or during the progression) of the Legion of Doom alert last week, he said this about Hadi’s cooperation on terrorism.

I thank President Hadi and his government for the strong cooperation that they’ve offered when it comes to counterterrorism. Because of some of the effective military reforms that President Hadi initiated when he came into this office, what we’ve seen is al Qaeda in the Arabian Peninsula, or AQAP, move back out of territories that it was controlling.

And President Hadi recognizes that these threats are not only transnational in nature, but also cause severe hardship and prevent the kind of prosperity for the people of Yemen themselves. [my emphasis]

Hadi responded,

Our work together insofar as countering terrorism is concerned and also against al Qaeda is expressive, first and foremost, of Yemeni interests, because as a result of the activities of al Qaeda, Yemen’s development basically came to a halt whereby there is no tourism, and the oil companies, the oil-exploring companies had to leave the country as a result of the presence of al Qaeda. So our cooperation against those terrorist elements are actually serving the interests of Yemen. [my emphasis]

Note how this carefully scripted puppet show emphasized Yemen’s own interests in defeating al Qaeda.

Here’s what, in the wake of disagreements whether a disrupted plot (that may have had nothing to do with AQAP) had anything to do with the Legion of Doom alert, the WSJ now reports really happened at the meeting between Obama and Hadi.

The U.S. raised concerns in meetings in Washington last week, with officials complaining to President Abd Rabbu Mansour Hadi that Yemeni forces weren’t taking the al Qaeda threat seriously and needed to stop pulling back from military offensives, people familiar with the meetings said. Yemeni officials say they have spared no effort battling al Qaeda and its affiliates but that the threat remains too large for their ill-equipped military.

“We don’t have the capabilities or man power to capture large swaths of territory,” said one Yemeni official familiar with counterterrorism policy. “AQAP has hide-outs in remote villages and towns spread across the country.”

The history of U.S.-Yemeni counterterrorism relations has been checkered with missteps and mistakes, even before this latest terror alert. Mr. Hadi—who came to power in large part due to America’s diplomatic intervention—has tried to strengthen military and economic ties with the U.S.

Some officials in San’a, however, worry that President [my emphasis]

It goes onto lay out details of the cooperation — though the reported influx of JSOC members to Yemen may reflect a dramatic departure from this cooperation.

At the heart of the U.S.-Yemeni cooperation is a joint command center in Yemen, where officials from the two countries evaluate intelligence gathered by America and other allies, such as Saudi Arabia, say U.S. and Yemeni officials. There, they decide when and how to launch missile strikes against the highly secretive list of alleged al Qaeda operatives approved by the White House for targeted killing, these people say.

But local sensitivities about the bilateral counterterrorism cooperation have spiked in recent years due to high-profile civilian deaths by U.S. missiles, prompting tight limitations on any visible American role in the fight against al Qaeda.

For example, U.S. Special Forces aren’t allowed to accompany Yemeni units on patrols through the rugged mountains where al Qaeda cells have found haven, military officials familiar with the situation say. But Yemeni units have neither the skill nor political will to take on these sorts of quick-strike operations, the officials said.

Instead, Yemeni armed forces conduct periodic high-profile land operations against militants whose affiliation with al Qaeda isn’t clear.

And all that’s built on a bunch of military toys which Foreign Policy catalogs here. (Note, why are we paying Gallup $280,000 for a “Yemen Assessment Survey” when they can’t even poll in the US competently anymore? If we insist on using a US firm, why not use Zogby, which would have better ties to Arabic speakers?)

But underlying all this parroted language about cooperation is the reality that a focus on Al Qaeda tends to distract Hadi, who already relies on the US and Brits and Saudis to retain power, from issues that matter to Yemenis. This superb Guardian piece notes how counterterrorism delegitimizes him.

Among ordinary Yemenis, meanwhile, the latest al-Qaida drama has been greeted with scepticism and even some derision. Read more

Share this entry

I Told You So, It’s about Cybersecurity Edition

/14 Comments/in , , , /by

When James “Least Untruthful” Clapper released the first version of PRISM success stories and the most impressive one involved thwarting specific cyberattacks, I noted that the NSA spying was about hackers as much as terrorists.

When  “Lying Keith” Alexander answered a question about hacking China from George Stephanopoulos by talking about terror, I warned that these programs were as much about cybersecurity as terror. “Packets in flight!”

When the Guardian noted that minimization procedures allowed the circulation of US person communications collected incidentally off foreign targets if they were “necessary to understand or assess a communications security vulnerability,” I suggested those procedures fit cybersecurity targets better than terror ones.

When Ron Wyden and Mark Udall caught Lying Keith (again) in a lie about minimization, I speculated that the big thing he was hiding was that encrypted communications are kept until they are decrypted.

When I compared minimization procedures with the letter of the law and discovered the NSA had secretly created for itself the ability to keep US person communications that pose a serious threat to property (rather than life or body), I suggested this better targeted cyber criminals than terrorists.

When Joel Brenner suggested Ron Wyden was being dishonorable for asking James Clapper a yes or no question in March 2013, I noted that Wyden’s question actually referred to lies Lying Alexander had told the previous year at DefCon that hid, in part, how hackers’ communications are treated.

When the Guardian happened to publish evidence the NSA considers encryption evidence of terrorism the same day that Keith Alexander spokes to a bunch of encrypters exclusively about terrorism, I suggested he might not want to talk to those people about how these programs are really used.

And when I showed how Lying Keith neglected his boss’ earlier emphasis on cyber in his speech to BlackHat in favor of terror times 27, I observed Lying Keith’s June exhortation that “we’ve got to have this debate with our country,” somehow didn’t extend to debating with hackers.

I told you it would come to this:

U.S. officials say NSA leaks may hamper cyber policy debate

Over two months after Edward Snowden’s first disclosures, the cyberwarriors are now admitting disclosures about how vast is NSA’s existing power — however hidden behind the impetus of terror terror terror — might lead Congress to question further empowering NSA to fight cyberwar.

I told you so. Read more

Share this entry

Maybe the Gimmick Is in the Timing of Legion of Doom?

/12 Comments/in , /by

In my first post on this Yemen scare — which I will henceforth call “Legion of Doom” in honor of the Daily Beast source’s use of the term — I suggested the big part of the plot might have already transpired.

There’s the increased drone activity in Yemen. Who knows! Maybe, like last year, the plot has already been rolled up and we’re just waiting to confirm one of the several recent drone strikes have taken out our target?

I made that suggestion because of evidence that the US rolled up UndieBomb 2.0 on April 20-24 of last year, and only then deployed a bunch of Air Marshals and fear-mongering about Ibrahim al-Asiri for the days leading up to the May 1 anniversary of Osama bin Laden’s killing. They eliminated the threat (which was minimal in any case, since the bomber was a British-Saudi-US mole), then rolled out fear-mongering about it, as if the threat still existed. Fairly clearly, the White House planned a big press conference on their operation once they killed Fahd al-Quso, and thus got furious when the AP managed to scoop their theater.

I increasingly think that may be the case. Whether or not there was ever a real threat, I suspect it may have partly passed before the big rollout of it last Friday (though the targeting of a top AQAP member, the presence of additional JSOC forces, or all the drone strikes may have increased the risk for Americans in Yemen).

Consider: back when Pentagon stenographer Barbara Starr was among the first to discuss the intercepts behind Legion of Doom, she suggested very fresh SIGINT chatter and a warning from President Abdo Rabi Mansour Hadi delivered on July 31 or August 1 had led the US to close a bunch of embassies (though even there, they waited a few days to start closing embassies).

Fresh intelligence led the United States to conclude that operatives of al Qaeda in the Arabian Peninsula were in the final stages of planning an attack against U.S. and Western targets, several U.S. officials told CNN.

The warning led the U.S. State Department to issue a global travel alert Friday, warning al Qaeda may launch attacks in the Middle East, North Africa and beyond in coming weeks. The U.S. government also was preparing to close 22 embassies and consulates in the region Sunday as a precaution.

The chatter among al Qaeda in the Arabian Peninsula operatives had gone on for weeks but increased in the last few days, the officials said.

Taken together with a warning from Yemeni officials, the United States took the extraordinary step of shutting down embassies and issuing travel warnings, said the officials, who spoke on condition of anonymity.

While the specific target is uncertain, U.S. officials are deeply worried about a possible attack against the U.S. Embassy in Yemen occurring through Tuesday, the officials said.

[snip]

Yemeni intelligence agencies alerted authorities of the threat two days ago, when the Yemeni president was in Washington, said the official, who spoke on condition of anonymity. [my emphasis]

And the original and an update to the NYT’s original story on Legion of Doom says the intercept between Zawahiri and Wuhayshi came sometime last week.

The intercepted conversations last week between Ayman al-Zawahri, who succeeded Osama bin Laden as the head of the global terrorist group, and Nasser al-Wuhayshi, the head of the Yemen-based Al Qaeda in the Arabian Peninsula, revealed what American intelligence officials and lawmakers have described as one of the most serious plots against American and Western interests since the attacks on Sept. 11, 2001.

But the latest AP version of the intercept call says it was picked up “several weeks ago.”

A U.S. intelligence official and a Mideast diplomat said al-Zawahri’s message was picked up several weeks ago and appeared to initially target Yemeni interests. The threat was expanded to include American or other Western sites abroad, officials said, indicating the target could be a single embassy, a number of posts or some other site. Lawmakers have said it was a massive plot in the final stages, but they have offered no specifics.

Perhaps the discrepancy comes from confusion about two different Zawahiri-Wuhayshi intercepts. In its conference call report, the Daily Beast reports that authorities picked up a communication, via courier, between Zawahiri and Wuhayshi “last month.”

An earlier communication between Zawahiri and Wuhayshi delivered through a courier was picked up last month, according to three U.S. intelligence officials.

That earlier conversation may simply have been Zawahiri naming Wuhayshi his deputy, but the role of a courier in the interception suggests they may have gotten far more intelligence — perhaps not just intelligence tipping the US off to whatever conference call protocol AQ was using, but also to the location of Wuhayshi and other figures.

Read more

Share this entry

The Ooga Booga* Continues to Wear Off

/8 Comments/in , , /by

Two and a half years ago, I noted how TSA head John Pistole pointed to a plot the FBI created while he was still its Deputy Director to justify the use of VIPR teams to stop people on non-aviation public transportation.

A couple of weeks back, I pointed to John Pistole’s testimony that directly justified the expansion of VIPR checkpoints to mass transport locations by pointing to a recent FBI-entrapment facilitated arrest.

Another recent case highlights the importance of mass transit security. On October 27, the Federal Bureau of Investigation (FBI) arrested a Pakistan-born naturalized U.S. citizen for attempting to assist others whom he believed to be members of al Qaida in planning multiple bombings at Metrorail stations in the Washington, D.C., area. During a sting operation, Farooque Ahmed allegedly conducted surveillance of the Arlington National Cemetery, Courthouse, and Pentagon City Metro stations, indicated that he would travel overseas for jihad, and agreed to donate $10,000 to terrorist causes. A federal grand jury in Alexandria, Virginia, returned a three-count indictment against Ahmed, charging him with attempting to provide material support to a designated terrorist organization, collecting information to assist in planning a terrorist attack on a transit facility, and attempting to provide material support to help carry out multiple bombings to cause mass casualties at D.C.-area Metrorail stations.

While the public was never in danger, Ahmed’s intentions provide a reminder of the terrorist attacks on other mass transit systems: Madrid in March 2004, London in July 2005, and Moscow earlier this year. Our ability to protect mass transit and other surface transportation venues from evolving threats of terrorism requires us to explore ways to improve the partnerships between TSA and state, local, tribal, and territorial law enforcement, and other mass transit stakeholders. These partnerships include measures such as Visible Intermodal Prevention and Response (VIPR) teams we have put in place with the support of the Congress. [my emphasis]

Now to be clear, as with Mohamed Mohamud’s alleged plot, Ahmed’s plot never existed except as it was performed by FBI undercover employees. In fact, at the time the FBI invented this plot, now TSA-head Pistole was the Deputy Director of FBI, so in some ways, Ahmed’s plot is Pistole’s plot. Nevertheless, Pistole had no problem pointing to a plot invented by his then-subordinates at the FBI to justify increased VIPR surveillance on “mass transit and other surface transportation venues.” As if the fake FBI plot represented a real threat.

Today, a NYT piece raises questions about VIPR’s efficacy (without, however, noting how TSA has pointed to FBI-generated plots to justify it).

T.S.A. and local law enforcement officials say the teams are a critical component of the nation’s counterterrorism efforts, but some members of Congress, auditors at the Department of Homeland Security and civil liberties groups are sounding alarms. The teams are also raising hackles among passengers who call them unnecessary and intrusive.

“Our mandate is to provide security and counterterrorism operations for all high-risk transportation targets, not just airports and aviation,” said John S. Pistole, the administrator of the agency. “The VIPR teams are a big part of that.”

Some in Congress, however, say the T.S.A. has not demonstrated that the teams are effective. Auditors at the Department of Homeland Security are asking questions about whether the teams are properly trained and deployed based on actual security threats.

It’d really be nice if NYT had named the “some” in Congress who had raised concerns. Read more

Share this entry

Did Yemen Evacuation Cover Staging of JSOC Troops, Equipment for Attack?

/8 Comments/in /by
A C-17 configured to carry troops being redeployed out of Bagram. (DVIDS)

A C-17 configured to carry troops being redeployed out of Bagram. (DVIDS)

Earlier this morning, a tweet from Joshua Foust alerted me to this BBC article, where it appears that some observers suspect that the US may be preparing a JSOC strike within Yemen:

Amid the escalating tensions, sources also told BBC Newsnight that the US was preparing special operations forces for possible strike operations against al-Qaeda in Yemen.

Although the US has previously sent special forces to train counter-terrorist units, there are now suggestions that the Joint Special Operations Command (JSOC), may be preparing units for strike operations, the sources said.

This information prompted me to remember that I had noticed someone mention that yesterday’s evacuation of personnel from Yemen was described as having employed an Air Force C-17. The C-17 is a highly versatile aircraft and can be rapidly reconfigured between transporting passengers and heavy equipment:

The design of the cargo compartment allows the C-17 to carry a wide range of vehicles, palleted cargo, paratroops, air-drop loads and aeromedical evacuees.

The cargo compartment has a sufficiently large cross-section to transport large wheeled and tracked vehicles, tanks, helicopters (such as the AH-64 Apache), artillery and weapons such as the Patriot missile system. Three Bradley armoured vehicles comprise one deployment load on the C-17. The US Army M1A1 main battle tank can be carried with other vehicles.

The maximum payload is 170,900lb (77,519kg) with 18 pallet positions, including four on the ramp. Airdrop capabilities include: a single load of up to 60,000lb (27,216kg), sequential loads of up to 110,000lb (49,895kg), Container Delivery System (CDS) airdrop up to 40 containers, 2,350lb (1,066kg) each, up to 102 paratroops.

Here is how the use of a C-17 in the evacuation was described:

Almost 100 U.S. government personnel were evacuated from Yemen at dawn Tuesday as the State Department urged all Americans in the country to leave “immediately” because of an “extremely high” threat of a terrorist attack — even as a U.S. drone attack killed four suspected terrorists.

U.S. officials said the “non-emergency evacuation” of “just under a hundred” personnel was carried out by an US Air Force C-17 which took off from the Yemeni capital, Sana’a, bound for Ramstein air base in Germany. Some essential embassy staff stayed behind.

And so that story would have us believe that as the C-17 left Sana’a for Ramstein, the inside looked somewhat like the photo above, but with the embassy personnel in civilian clothing instead of uniforms. But I wonder what the inside of the C-17 looked like as it landed in Sana’a. Something like this, maybe, with a number of Special Forces soldiers? (Not that tank would be the heavy equipment of choice, but you get the idea.)

A C-17 configured to carry heavy equipment. (Wikimedia Commons)

A C-17 configured to carry heavy equipment. (Wikimedia Commons)

Note also that the NBC story states the evacuation flight left at dawn. That means the C-17 would have arrived and possibly been unloaded under cover of darkness. Also note that Foust’s first assumption was that the usual course of action would have been for the US to utilize a commercial charter for the evacuation. Use of the C-17 instead of a commercial charter opens up more possibilities on what the US may have been up to with these flights.

Share this entry

What If the Tor Takedown Relates to the Yemeni Alert?

/32 Comments/in , /by

Eli Lake and Josh Rogin reveal that the intercept between Ayman al-Zawahiri and Nasir al-Wuhayshi was actually a conference call between those two and affiliates all over the region.

The Daily Beast has learned that the discussion between the two al Qaeda leaders happened in a conference call that included the leaders or representatives of the top leadership of al Qaeda and its affiliates calling in from different locations, according to three U.S. officials familiar with the intelligence. All told, said one U.S. intelligence official, more than 20 al Qaeda operatives were on the call.

To be sure, the CIA had been tracking the threat posed by Wuhayshi for months. An earlier communication between Zawahiri and Wuhayshi delivered through a courier was picked up last month, according to three U.S. intelligence officials. But the conference call provided a new sense of urgency for the U.S. government, the sources said.

The fact that al Qaeda would be able to have such conference calls in this day and age is stunning. The fact that US and Yemeni sources would expose that they knew about it is equally mind-boggling.

But one thing would make it make more sense.

On Sunday, Tor users first discovered the FBI had compromised a bunch of onion sites and introduced malware into FireFox browsers accessing the system. Since then, we’ve learned the malware was in place by Friday, the day the US first announced this alert (though the exploit in FireFox has been known since June).

The owner of an Irish company, Freedom Hosting, has allegedly been providing turnkey hosting services for the Darknet, or Deep Web, which is “hidden” and only accessible through Tor .onion and the Firefox browser. The FBI reportedly called Eric Eoin Marques “the largest facilitator of child porn on the planet” and wants to extradite the 28-year-old man. About that time, Freedom Hosting went down; Tor users discovered that someone had used a Firefox zero-day to deliver drive-by-downloads to anyone who accessed a site hosted by Freedom Hosting. Ofir David, of Israeli cybersecurity firm Cyberhat, told Krebs on Security, “Whoever is running this exploit can match any Tor user to his true Internet address, and therefore track down the Tor user.”

If you’ve never visited the Hidden Wiki, then you should be fully aware that if you do, you will see things that can never be unseen. Freedom Hosting maintained servers for “TorMail, long considered the most secure anonymous email operation online,” wrote Daily Dot. “Major hacking and fraud forums such as HackBB; large money laundering operations; and the Hidden Wiki, which, until recently, was the de facto encyclopedia of the Dark Net; and virtually all of the most popular child pornography websites on the planet.”

But if you use Tor Browser Bundle with Firefox 17, you accessed a Freedom Hosting hidden service site since August 2, and you have JavaScript enabled, then experts suggest it’s likely your machine has been compromised. In fact, E Hacking News claimed that almost half of all Tor sites have been compromised by the FBI. [my emphasis]

So what if this takedown was only secondarily about child porn, and primarily about disabling a system al Qaeda has used to carry out fairly brazen centralized communications? Once the malware was in place, the communications between al Qaeda would be useless in any case (and I could see the government doing that to undermine the current planning efforts).

The timing would all line up — and it would explain (though not excuse) why the government is boasting about compromising the communications. And it would explain why Keith Alexander gave this speech at BlackHat.

terrorists … terrorism … terrorist attacks … counterterrorism … counterterrorism … terrorists … counterterrorism … terrorist organizations … terrorist activities … terrorist … terrorist activities … counterterrorism nexus … terrorist actor … terrorist? … terrorism … terrorist … terrorists … imminent terrorist attack … terrorist … terrorist-related actor … another terrorist … terrorist-related activities … terrorist activities … stopping terrorism … future terrorist attacks … terrorist plots … terrorist associations

[snip]

Sitting among you are people who mean us harm

Just one thing doesn’t make sense.

Once NSA/FBI compromised Tor, they’d have a way to identify the location of users. That might explain the uptick in drone strikes in Yemen in the last 12 days. But why would you both alert Tor users and — with this leak — Al Qaeda that you had broken the system and could ID their location? Why not roll up the network first, and then take down the Irish child porn guy who is the likely target?

I’m not sure I understand the Tor exploit well enough to say, but the timing does line up remarkably well.

Update: Some re-evaluation of what really happened with the exploit.

Researchers who claimed they found a link between the Internet addresses used as part of malware that attacked Freedom Hosting’s “hidden service” websites last week and the National Security Agency (NSA) have backed off substantially from their original assertions. After the findings were criticized by others who analyzed Domain Name System (DNS) and American Registry for Internet Numbers (ARIN) data associated with the addresses in question, Baneki Privacy Labs and Cryptocloud admitted that analysis of the ownership of the IP addresses was flawed. However, they believe the data that they used to make the connection between the address and the NSA may have changed between their first observation.

Update: On Twitter, Lake clarifies that this conference call was not telephone-based communications.

Share this entry

Who Will the Government Scapegoat Now on the Wuhayshi Leak?

/2 Comments/in /by

Yesterday, I noted that McClatchy, the first outlet to publish (though probably not the first outlet to get the leak) the news that the big terror alert stems from an intercepted communication between Ayman al-Zawahiri and Nasir al-Wuhayshi, clearly labeled its source as a Yemeni official.

HuffPo not only confirmed this, but got McClatchy’s editor James Asher to provide a little lesson in journalism.

Our story was based on reporting in Yemen and we did not contact the administration to ask permission to use the information. In fact, our reporter tells me that the intercept was pretty much common knowledge in Yemen.
On your larger question about the administration’s request, I’m not surprised. It is not unusual for CNN or the NYT to agree not to publish something because the White House asked them. And frankly, our Democracy isn’t well served when journalists agree to censor their work.

As I’ve told our readers in the past: McClatchy journalists will report fairly and independently. We will not make deals with those in power, regardless of party or philosophy.

Now, predictably, some of the same people who generated the outrage over UndieBomb 2.0 have squawked about the danger of this leak (which, if it is what has been described, must be damaging).

“I’m very worried about leaks to the media of classified information because it warns the enemy,” Sen. John McCain, R-Ariz., told Ward. “That’ll be the last intercept of that kind, of means of communication that we intercept.”

Added Sen. Lindsey Graham, R-S.C., “If we compromise our ability to find out what these guys are up to and stop them before they act, we’ll pay a heavy price. They’re not deterred by dying. They embrace dying. They just want to take me and you with ’em.”

Frankly, McCain and Lindsey are right this time around. This feels like a politicized leak, and if the underlying intelligence was what the reports say, it may well badly damage our legitimate SIGINT efforts.

All that said, I confess I popped a little popcorn when I read this last night. Because it’s clear the Yemenis weren’t the only ones leaking like a sieve. Someone in the Administration (NYT’s sources)  It’ll be hard for the Administration to target McClatchy given that they’ve already made clear where their source is (though I can’t help to suspect McClatchy’s sharp response to relates to the reported treatment of McClatchy freelancer Jon Stephenson). So who are they going to scapegoat this time?

Share this entry

Was It NSA or a Yemeni “Ally” Leaking the “Clear Orders” from Zawahiri to Wuhayshi?

/26 Comments/in , /by

Apparently, it wasn’t enough for someone to leak this information to the NYT (which said that it withheld some information at the request from the government).

The United States intercepted electronic communications this week among senior operatives of Al Qaeda, in which the terrorists discussed attacks against American interests in the Middle East and North Africa, American officials said Friday.

The intercepts and a subsequent analysis of them by American intelligence agencies prompted the United States to issue an unusual global travel alert to American citizens on Friday, warning of the potential for terrorist attacks by operatives of Al Qaeda and their associates beginning Sunday through the end of August.

Then someone apparently in Sanaa leaked this to McClatchy.

An official who’d been briefed on the matter in Sanaa, the Yemeni capital, told McClatchy that the embassy closings and travel advisory were the result of an intercepted communication between Nasir al-Wuhayshi, the head of the Yemen-based Al Qaida in the Arabian Peninsula, and al Qaida leader Ayman al Zawahiri in which Zawahiri gave “clear orders” to al-Wuhaysi, who was recently named al Qaida’s general manager, to carry out an attack.

The official, however, said he could not divulge details of the plot. AQAP’s last major attack in Sanaa took place in May 2012 when a suicide bomber killed more than 100 military cadets at a rehearsal for a military parade. [my emphasis]

Which the WaPo has now reported too.

Al-Qaeda leader Ayman al-Zawahiri ordered the head of the terrorist group’s Yemen affiliate to carry out an attack, according to intercepted communications that have led to the closure of U.S. embassies and a global travel alert, said a person briefed on the case.

In one communication, Zawahiri, who succeeded Osama bin Laden, gave “clear orders” to Nasir al-Wuhayshi, the founder of al-Qaeda in the Arabian Peninsula, to undertake an attack, the source said. McClatchy newspapers first reported the exchange on Sunday. [my emphasis]

In a follow-up story, McClatchy attributes their information to a Yemeni official.

U.S. officials have been secretive about what precise information led to the worldwide travel advisory and embassy closings, but a Yemeni official told McClatchy on Sunday that authorities had intercepted “clear orders” from al Qaida leader Ayman Zawahiri to Nasir al Wuhayshi, the head of the affiliate in Yemen, to carry out an attack.

Remember, Saudis and Yemeni sources have a well-established history of leaking sensitive intelligence about our thwarted plots. But in this case, the original source (to the NYT) seems to be American, with a Yemeni first providing the really remarkable level of detail.

And thus far, no one from the government has called for the NYT, McClatchy, and WaPo sources to be jailed. How … telling.

Perhaps just as interesting, the US has used a C-17 to evacuate what State is calling emergency personnel from Yemen.

Pentagon officials said a U.S. Air Force C-17 transport plane carrying some American government personnel had taken off from Yemen. They said the State Department had ordered non-essential personnel to leave the country.

An unknown number of U.S. Embassy personnel remain in Sanaa.

Pentagon Press Secretary George Little said the Defense Department “continues to have personnel on the ground in Yemen to support the U.S. State Department and monitor the security situation.”

But someone wants Andrea Mitchell not to report this as an evacuation; whatever it is, almost 100 people have been, um, evacuated.

Are these “emergency personnel” people whose identity has been leaked?

Now, as a threshold level, the news that the US has collections of whatever presumably well-protected communication channel exist(ed) between Zawahiri and Wuhayshi sure seems to undermine government claims that Edward Snowden has ruined their collections, given that two of our very sharpest targets are still using communications accessible to US targeting.

Consider one more thing. If our collections are that good that we have a bead on either Zawahiri or Wuhayshi, why don’t we have their location?

We’ve launched 4 drone strikes in 10 days in Yemen. If we did have means of intercepting Wuhayshi’s communications and are clearly on a drone strike binge, then what does it mean that sources — including at least one Yemeni official — are leaking news that we have those intercepts?

Update: And here’s Michael Hayden, who for weeks has been arguing that Edward Snowden should be made an example of, suggesting this alert is good because it lets the bad guys know we’re onto them.

“The announcement itself may also be designed to interrupt Al Qaeda planning, to put them off stride,” Michael V. Hayden, a former C.I.A. director, said on “Fox News Sunday.” “To put them on the back foot, to let them know that we’re alert and that we’re on at least to a portion of this plotline.”

Share this entry