What Kind of Intelligence Does the HIG Expect to Get from Anas al-Libi?

There has been all manner of commentary about the rendition and detention on a poorly functioning ship of Abu Anas al Libi. There are credulous claims about the humanity of the High Value Interrogation Group’s tactics that nevertheless remain officially classified. There’s the growing awareness that al-Libi’s case differs from Ahmed Warsame’s in several key ways. And then there’s John Bellinger, trolling the Obama Administration for violating rules the Bush Administration did not in superb fashion.

These are important questions. But they distract from another important question.

What kind of intelligence do they really expect to get from al-Libi?

The explanation for his capture has focused on his alleged role in the 1998 Embassy Bombings. While there are no statutes of limitation for murder, that’s nevertheless an event that took place over 15 years ago. Even some of the analysts we often rely on — not to mention his family — suggest he hasn’t had an active role in al Qaeda for over a decade, or at least since he returned home to Libya 2 years ago. Lisa Monaco offered weak claims about the importance of al-Libi.

During an appearance on PBS Newshour, Deputy National Security Adviser Lisa Monaco repeatedly referred to Abu Anas Al-Libi as a “member” of Al Qaeda. However, she stopped short of calling the Libyan-born Al-Libi a “senior operational leader”—a phrase which seemed to have special significance when the Justice Department evaluated the legality of lethal force against U.S. citizens and is also believed to apply to targeting of foreign nationals outside combat zones.

Newshour reporter Jeffrey Brown asked Monaco about whether Al-Libi posed an “imminent” threat to Americans, but Monaco wouldn’t say that and also seemed to avoid declaring that he was an Al-Qaeda operative or even a leader of the group.

“Al-Libi did pose a threat to the United States as a senior al-Qaida member and somebody who is also charged in an indictment for his role as part of the Al Qaeda worldwide conspiracy,” Monaco declared.

This is, at the least, a significant difference from Ahmed Ghailani (who was seized with an active cell in Pakistan and interrogated for years about that active cell before being tried for his role in the Embassy Bombings) and Ahmed Warsame (who was seized for his active role in working with AQAP and al-Shabaab), though it perhaps resembles Suleiman Abu Ghaith.

I’m not saying al-Libi had no active role in terrorism. The timing — the raid took place at the same time as the strike on Abdulkadir Mohamed Abdulkadir, who allegedly helped plan attacks in Kenya — might suggest al-Libi played some role in the Westgate Mall attack and other operations in Africa.

Perhaps the most complete explanation for why al-Libi is a current threat is this description.

An unclassified report published in August 2012 highlighted al Qaeda’s strategy for building a fully operational network in Libya. The report (“Al Qaeda in Libya: A Profile”) was prepared by the federal research division of the Library of Congress (LOC) under an agreement with the Defense Department’s Combating Terrorism Technical Support Office (CTTSO). [See LWJ report, Al Qaeda’s plan for Libya highlighted in congressional report.]

Abu Anas al Libi has played a key role in al Qaeda’s plan for Libya, according to the report’s authors. He was described as the “builder of al Qaeda’s network in Libya.”

Al Qaeda’s senior leadership (AQSL) has “issued strategic guidance to followers in Libya and elsewhere to take advantage of the Libyan rebellion,” the report reads. AQSL ordered its followers to “gather weapons,” “establish training camps,” “build a network in secret,” “establish an Islamic state,” and “institute sharia” law in Libya.

Abu Anas al Libi was identified as the key liaison between AQSL and others inside Libya who were working for al Qaeda. “Reporting indicates that intense communications from AQSL are conducted through Abu Anas al Libi, who is believed to be an intermediary between [Ayman al] Zawahiri and jihadists in Libya,” the report notes.

Al Libi is “most likely involved in al Qaeda strategic planning and coordination between AQSL and Libyan Islamist militias who adhere to al Qaeda’s ideology,” the report continues.

Al Libi and his fellow al Qaeda operatives “have been conducting consultations with AQSL in Afghanistan and Pakistan about announcing the presence of a branch of the organization that will be led by returnees from Iraq, Yemen, and Afghanistan, and by leading figures from the former LIFG.” The LIFG refers to the Libyan Islamic Fighting Group, an al Qaeda-linked jihadist group formed in Libya in the 1990s.

The suggestion that al-Libi might be the liaison between Ayman al-Zawahiri and extremists in Libya (extremists we helped to overthrow Qaddafi) is more interesting, particularly given Libya’s public objections to al-Libi’s rendition. Perhaps the ultimate plan is to hold al-Libi responsible for Benghazi (though interrogating him in a floating prison might endanger any charges if he was involved, which would be a big problem given the need for some finality on Benghazi). But it might raise interesting questions about whether the extremists we helped in Libya really constitute al Qaeda, or instead constitute a legitimate force within that country.

As of now, however, the US public story is that we captured this guy who has been living in the open for two years for a crime he committed 15 years ago. And that instead of whisking him immediately to NY to stand trial for that crime, we are instead pissing off the Libyan government and nudging up against a slew of domestic and international laws by conducting a floating interrogation from which we might learn only decades old facts. If that’s the story (and again, I suspect the government at least claims there is more), it makes all the legal and ethical issues surrounding his detention all the more problematic.

Share this entry

The FBI’s Official “CAIR Has Cooties Guidance Directive [Redacted]”

I had just about come to the conclusion that Michael Horowitz, DOJ’s Inspector General who took over after Glenn Fine retired in 2010, was a worthy successor. In recent weeks, Horowitz has released reports critical of DOJ’s handling of classified information, its refusal to account for drones’ unique risks to privacy, and the Bureau of Alcohol, Tobacco, and Firearms’ use of “churning” (money-making) operations.

But then I read this report — on the FBI’s Interactions with the Council on American-Islamic Relations — and I got literally sick to my stomach.

The report purports to determine whether the FBI complies with Agency guidance — the title and issuing authority for which are redacted in the report, which is why I am referring to it as the “Cooties Guidance Directive [Redacted]” throughout, even where it is redacted in direct quotes — that FBI personnel are not to engage in any community outreach with people from CAIR. For results, it shows that in three of five cases where FBI personnel did engage (or almost engage!) with people from CAIR, the personnel either didn’t consult with the FBI entity the IG deems to be in charge of this policy (which is probably the Counterterrorism Division, but the IG Report redacts that too), or consulted instead with the Office of Public Affairs, which is in charge of community outreach.

In response to these shocking (!!) results, Congressman Frank Wolf has already called for heads to roll.

But what the report actually shows is, first of all, how in response to two non-criminal pieces of evidence — a meeting between men who would go on to found CAIR and Hamas, which was not yet a designated a terrorist organization, and CAIR’s designation as an unindicted co-conspirator in the Holy Land Foundation case (the publication of which was subsequently deemed a violation of the group’s Fifth Amendment rights) — the FBI formulated a formal policy to treat that organization as if it has cooties.

And yet, even the language the IG repeats about this policy makes it clear that the FBI was operating on a policy of “guilty until proven innocent.”

The guidance specifically stated that, until the FBI could determine whether there continued to be a connection between CAIR or its executives and Hamas, “the FBI does not view CAIR as an appropriate liaison partner” for non-investigative activities.

That is, for the entire 5 year period versions of this policy have been in place, FBI has maintained that so long as it doesn’t develop evidence that CAIR has no ties to Hamas, then FBI will treat the organization and its officials as if they do have such ties by refusing to let them on FBI property or attend any CAIR-affiliated events. And we’re supposed to believe, I guess, that the FBI has used not a single one of their intrusive investigative methods to try to prove or disprove this allegation in the interim 5 years, and so it just will never know whether the allegation is correct or not, and so must operate on the playground Cooties standard.

Heck, in one of the “incidents” the report investigates, the local FBI office actually vetted an event participant to make sure his service on CAIR’s local board didn’t taint all his other community ties so badly that he should not participate in the event.

Yet whether or not a particular CAIR representative [redacted] is irrelevant to the Cooties Guidance Directive  [Redacted] to deny the organization access to the FBI in such non-investigative community-outreach activities.

And the IG Report — Michael Horowitz’ report — judges that vetting that found this gentleman to be innocent was not sufficient reason to ignore the Cooties Guidance Directive [Redacted]. The Report seems to endorse the view that vetting notwithstanding, this guy had a formal role in CAIR that made all his other roles in the Muslim community suspect and that’s the way things work in America.

Then there’s the underlying logic. The entire policy is premised on a bizarre belief that it is exploitative for a Muslim organization to advertise its willingness to work with the FBI.

The June 2011 EC also reiterated that CAIR was not prohibited from “maintaining a relationship with the FBI regarding civil rights or criminal violations; however, civil rights and criminal squads should be cognizant CAIR has exploited these relationships in the past.”

[snip]

The end result of this incident- CAIR posting on its website of a photograph showing the SAC speaking at the event and a description of CAIR’s Civil Rights Director moderating his speech is the sort of exploitation of contact with the FBI that the Cooties Guidance
Directive [Redacted] was intended to avoid.

I don’t get it. If CAIR really were a terrorist sleeper cell, wouldn’t advertising their willingness to associate with the FBI completely ruin all their terrorist Cred, and therefore neutralize whatever threat they presented?

In any case, on the one hand, the report chronicles how the federal agency in charge of investigating civil rights abuses basically treated an entire constitutionally protected civil rights organization as guilty without charging it with any crime.

But then there’s the fact that, after responding to a request to fear-mongers in Congress, this report saw the light of day in the fashion it appears.

As noted above, the IG Report seems to accept this premise of guilty until proven innocent without noting the problem underlying it. Like, you know, the Constitution. In places, the language of the report even echos that of a presumption of guilt, as in this passage where it berates OPA for actually treating an individual with multiple formal ties to the Muslim community as such, rather than as someone branded solely by his affiliation with CAIR.

It appears that OPA provided guidance that effectively reversed the presumption against CAIR participation in non-investigatory FBI activities in this instance. OPA indicated that it wanted to ensure that there was sufficient justification for excluding the CAIR participant apart from his role in CAIR.

Then there’s the way in which this was released. While the actual Cooties Guidance  Directive [Redacted] is classified, nothing else in the report seems like it should be (though the FBI has removed the classification marks from the paragraphs to hide the basis for their claims that this is classified). In particular, FBI or DOJ or OIG has chosen to redact anything that would make it clear whether this is an actual policy, or just guidance on which CTD and OPA disagree (in their complaint about the report, the ACLU notes that it doesn’t appear to have gone through the formal policy-making process). And yet, having hidden that information, the IG presents it as if the failure to implement the Cooties Guidance Directive [Redacted] is a graver problem than the upending of presumption of innocence.

Finally, there are a few tonal issues. For example, the report presents this view — from a Chicago SAC who twice blew off the Cootie Guidance Directive [Redacted] — as if his basic civility presents a problem.

He stated that if DHS considered CAIR officials to be part of the community and invited them to the Roundtable, the FBI was not going to deny them entry at the door.

In another instance, it quotes another violating SAC as using the term “Islamophobia” (PDF 22), but presents the term in scare quotes. This is borderline McCarthyist shit, treating the language of people fighting terrorists by treating Muslims as human beings as some kind of brand against them.

Finally, there’s the timing of this. The fear-mongers requested this report in March 2012 — over 20 months after after the Section 215 IG Report that we’ve been waiting for for 1,224 days got started. Three of four of what are probably interviews with those deemed in violation of this guidance took place over the course of 8 days in August and September of 2012 (the last took place in July, which makes me wonder whether that was added to beef up an otherwise thin report.)

But then the report didn’t get released until a second state CAIR affiliate starts challenging the FBI’s killing of a Muslim person. And the IG Report got released on the very same day that CAIR released a major report on Islamophobia (or, as the IG appears to treat it, “Islamophobia.”)

The whole thing seems designed not to make the FBI a more orderly place (if that were the purpose, then it might be better to focus on how the Cooties Guidance Directive
[Redacted] became formal policy — if it did — without going through formal policy channels). Rather, it seems designed to foment a kind of McCarthyism within FBI targeted at those counterterrorism investigators who believe the best way to fight Islamic extremists is to treat Muslims as partners in rooting out violence.

Share this entry

Further Implications of UndieBomb II Leaker Guilty Plea

As you have likely heard by now, a former FBI agent has agreed to plead guilty to leaking material about the second underwear bomb attempt to reporters in May of 2012. Charlie Savage of the New York Times has the primary rundown:

A former Federal Bureau of Investigation agent has agreed to plead guilty to leaking classified information to The Associated Press about a foiled bomb plot in Yemen last year, the Justice Department announced on Monday. Federal investigators said they identified him after obtaining phone logs of Associated Press reporters.

The retired agent, a former bomb technician named Donald Sachtleben, has agreed to serve 43 months in prison, the Justice Department said. The case brings to eight the number of leak-related prosecutions brought under President Obama’s administration; under all previous presidents, there were three such cases.

“This prosecution demonstrates our deep resolve to hold accountable anyone who would violate their solemn duty to protect our nation’s secrets and to prevent future, potentially devastating leaks by those who would wantonly ignore their obligations to safeguard classified information,” said Ronald C. Machen Jr., the United States attorney for the District of Columbia, who was assigned to lead the investigation by Attorney General Eric H. Holder Jr.

In a twist, Mr. Sachtleben, 55, of Carmel, Ind., was already the subject of a separate F.B.I. investigation for distributing child pornography, and has separately agreed to plead guilty in that matter and serve 97 months. His total sentence for both sets of offenses, should the plea deal be accepted by a judge, is 140 months.

Here is the DOJ Press Release on the case.

Here is the information filed in SDIN (Southern District of Indiana). And here is the factual basis for the guilty plea on the child porn charges Sachtleben is also pleading guilty to.

So Sachtleben is the leaker, he’s going to plead guilty and this all has a nice beautiful bow on it! Yay! Except that there are several troubling issues presented by all this tidy wonderful case wrap up.

First off, the information on the leak charges refers only to “Reporter A”, “Reporter A’s news organization” and “another reporter from Reporter A’s news organization”. Now while the DOJ may be coy about the identities, it has long been clear that the “news organization” is the AP and “Reporter A” and “another reporter” are AP national security reporters Matt Apuzzo and Adam Goldman (I’d hazard a guess probably in that order) and the subject article for the leak is this AP report from May 7, 2012.

What is notable about who the reporters are, and which story is involved, is that this is the exact matter that was the subject of the infamous AP phone records subpoenas that were incredibly broad – over 20 business and personal phone lines. These subpoenas, along with those in the US v. Steven Kim case collected against James Rosen and Fox News, caused a major uproar about the sanctity of First Amendment press and government intrusion thereon.

The issue here is that Attorney General Eric Holder and the DOJ, as a result of the uproar over the Read more

Share this entry

ACLU to Jim Comey: Welcome. Now Fix This.

Jim Comey has officially been in charge of the FBI for less than two weeks.

Today, in honor of Constitution Day, the ACLU just released a report showing how the FBI’s expanded mandate since 9/11 has led to Constitutional abuses.

Most of the details of the report have been reported here in depth. But the Big Data section includes some details I haven’t covered. It explains:

FBI collects Suspicious Activities Reports that duplicate — but lower the standard for — an existing database

Another major problem is that eGuardian effectively competes with another federal government SAR. The Intelligence Reform and Terrorism Prevention Act of 2004 established the Information Sharing Environment (ISE) to serve as the conduit for terrorism-related information sharing between state and local law enforcement and the federal government.114 A March 2013 Government Accountability Office report found that though the two programs share information between them, eGuardian uses a lower evidentiary threshold for inclusion of SARs, which creates risks and privacy problems.

The Government Accountability Office found that “many fusion centers have decided not to automatically share all of their ISE-SARs with eGuardian” because eGuardian doesn’t meet ISE standards.115 One fusion center said it would never provide SARs to eGuardian because of the fusion center’s privacy policy.116 The Government Accountability Office also found that the two systems “have overlapping goals and offer duplicative services.”117

FBI will soon have the equivalent of 20 pieces of intelligence on every American — and they share this broadly

An FBI budget request for fiscal year 2008 said the FBI had amassed databases containing 1.5 billion records, and two members of Congress described documents predicting the FBI would have 6 billion records by 2012, which they said would represent “20 separate ‘records’ for each man, woman and child in the United States.”119

[snip]

According to a 2012 Systems of Records Notice covering all FBI data warehouses, the information in these systems can be shared broadly, even with foreign entities and private companies, and for a multitude of law enforcement and non-law enforcement purposes.133

There’s far more in the report, chronicling the slow creep of abusive FBI techniques since 9/11.

Sadly, given that this has all been treated as legal, I doubt that Comey will do anything about it, even with ACLU’s demonstration that the dragnet has led FBI to miss real crimes.

Share this entry

CIA Joins Obama’s Dissembling on Date Death Squads Sent Into Syria

Please support the Emptywheel fundraiser.

I still don’t quite know what the angle is for this particular obfuscation, but given the efforts first from Obama himself and now from the CIA, both with planted leaks, the Obama administration is continuing its efforts to hide the date on which CIA-trained death squads first began entering Syria. From my first post on this topic, beginning with a quote from the New York Times:

Officials said that in the same conversation, which included Senator Lindsey Graham, the South Carolina Republican, Mr. Obama indicated that a covert effort by the United States to arm and train Syrian rebels was beginning to yield results: the first 50-man cell of fighters, who have been trained by the C.I.A., was beginning to sneak into Syria.

Taken at face value, this version of the story would have us believe that the first group of 50 trained by the CIA was presumably still in the process of “sneaking” into Syria on Monday.

The “Monday” in that context would be September 2. The post goes on to note that rather than September 2, after the disputed August 21 chemical weapon attack, French sources had actually documented that the first group of CIA-trained and armed fighters was as large as 300 (not 50) and entered Syria on August 17, well ahead of the release of chemical agents.

And yes, go back and parse that bit from the New York Times carefully, especially this: “covert effort by the United States to arm and train Syrian rebels”. We aren’t just training these death squads, we are arming them, too. That is what makes last night’s “revelation” in the Washington Post even more important to look at:

The CIA has begun delivering weapons to rebels in Syria, ending months of delay in lethal aid that had been promised by the Obama administration, according to U.S. officials and Syrian figures. The shipments began streaming into the country over the past two weeks, along with separate deliveries by the State Department of vehicles and other gear — a flow of material that marks a major escalation of the U.S. role in Syria’s civil war.

Any doubts that this was a planned and sanctioned leak were wiped away within an hour of the Post putting up this story when Barbara Starr “confirmed” the report on Twitter. But we know from my first post on the topic that the death squads really started rolling into Syria on August 17. If we back up “two weeks” from last night’s report on September 11, we get only to August 28. This is a full week after the disputed chemical weapon attack and much closer to the September 2 date on which Obama leaked that the death squads were then in the process of beginning their entry into Syria.

The timing for the flow of arms to these groups is another way we can pinpoint when they became enmeshed in activities inside Syria. With yesterday’s leak on when the flow of arms began, we have once again seen the US try to shift the date for involvement of the death squads inside Syria from before the chemical weapons attack to after it.

Two completely unnecessary but very public leaks, one from Obama himself and the other from “U.S. officials and Syrian figures” have done their utmost to change the public record on when the CIA-trained groups first entered Syria. Why is it so important to the Obama administration to obscure the entry date?

Share this entry

Imagine the Informants You Can Coerce When You Can Spy on Every Single American

Please consider supporting my fundraiser so I can continue to do this kind of work. 

Two years ago, I noted a chilling exchange from a 2002 FISA suit argued by Ted Olson. Laurence Silberman was trying to come up with a scenario in which some criminal information might not have any relevance to terrorism. When he suggested rape, Olson suggested we might use evidence of a rape to get someone to inform for us.

JUDGE SILBERMAN: Try rape. That’s unlikely to have a foreign intelligence component.

SOLICITOR GENERAL OLSON: It’s unlikely, but you could go to that individual and say we’ve got this information and we’re prosecuting and you might be able to help us.

It’s chilling not just because it suggests rapists have gone free in exchange for trumping up terrorist cases for the government, but because it makes clear the kinds of dirt the government sought using — in this case — traditional FISA wiretaps.

Now consider this passage from the government’s 2009 case that it should be able to sustain the Section 215 dragnet.

Specifically, using contact chaining [redacted] NSA may be able to discover previously unknown terrorist operatives, to identify hubs or common contacts between targets of interest who were previously thought to be unconnected, and potentially to discover individuals willing to become U.S. Government assets.

Remember, while the government downplayed this fact, until Barack Obama won the 2008 election, the government permitted analysts to contact chain off of 27,090 identifiers, going deeper than 3 hops in. That very easily encompasses every single American.

The ability to track the relationships of every single American, and they were using it to find informants.

In the 7 years since this program (now allegedly scaled back significantly, but still very very broad) has existed, the dragnet has only helped, however indirectly, to capture 12 terrorists in the US (and by terrorist, they also include people sending money to protect their country against US-backed invasion).

Which means the real utility of this program has been about something else.

The ability to track the relationships of every single American. And they were using it to find informants.

Even while the number of terrorists this program discovered has been minimal, the number of FBI informants has ballooned, to 15,000. And those informants are trumping up increasingly ridiculous plots in the name of fighting terrorism.

The ability to track the relationships of every single American (or now, a huge subset of Americans, focusing largely on Muslims and those with international ties). And they were (and presumably still are) using it to find informants.

Update: Note how in Keith Alexander’s description of the alert list, the standard to be on it is “the identifier is likely to produce information of foreign intelligence value” that are “associated with” one of the BR targets (Alexander 33). This is very similar to the language Olson used to justify getting data that didn’t directly relate to terrorism.

Also note this language (Alexander 34):

In particular, Section 1.7(c) of Executive Order 12333 specifically authorizes NSA to “Collect (including through clandestine means), process, analyze, produce, and disseminate signals intelligence information for foreign intelligence and counterintelligence purposes to support national and departmental missions.” However, when executing its SIGINT mission, NSA is only authorized to collect, retain or disseminate information concerning United States persons in accordance with procedures approved by the Attorney General.

Again, this emphasizes a foreign intelligence and CI purpose for collection that by law is limited to terrorism. Which could mean they think they can collect info to coerce people to turn informant.

The AG guidelines on informants are, not surprisingly, redacted.

Share this entry

Stupid Smartphones and Their Lying Lies

[Apple iPhone 5s via TheVerge.com]

[Apple iPhone 5c via TheVerge.com]

If you value emptywheel’s insights, donate the equivalent of a couple beers—and thanks for your readership and support.

My Twitter timelines across multiple accounts are buzzing with Apple iPhone 5s announcement news. Pardon me if I can’t get excited about the marvel that is iPhone’s new fingerprint-based biometric security.

Let’s reset all the hype:

There is no smartphone security available on the market we can trust absolutely to keep out the National Security Agency. No password or biometric security can assure the encryption contained in today’s smartphones as long as they are built on current National Institute of Standards and Technology (NIST) standards and/or the Trusted Computing Platform. The NSA has compromised these standards and TCP in several ways, weakening their effectiveness and ultimately allowing a backdoor through them for NSA use, bypassing any superficial security system.

There is nothing keeping the NSA from sharing whatever information they are gleaning from smartphones with other government agencies. Citizens may believe that information gleaned by the NSA ostensibly for counterterrorism may not be legally shared with other government agencies, but legality/illegality of such sharing does not mean it hasn’t and isn’t done. (Remember fusion centers, where government agencies were supposed to be able to share antiterrorism information? Perhaps these are merely window dressing on much broader sharing.)

There is no exception across the best known mobile operating systems to the vulnerability of smartphones to NSA’s domestic spying. Although Der Spiegel’s recent article specifically calls out iOS, Android, and Blackberry smartphones, Windows mobile OS is just as exposed. Think about it: if your desktop, laptop, and your netbook are all running the same Windows OS versions needing patches every month to fix vulnerabilities, the smartphone is equally wide open as these devices all use the same underlying code, and hardware built to the same NIST standards. Additionally, all Windows OS will contain the same Microsoft CryptoAPI believed to be weakened by the NSA.

If any of the smartphone manufacturers selling into the U.S. market say they are secure against NSA domestic spying, ask them to prove it. Go ahead and demand it — though it’s sure to be an exercise in futility. These firms will likely offer some non-denial denials and sputtering in place of a firm, “Yes, here’s proof” with a validated demonstration.

Oh, and the Touch ID fingerprint biometrics Apple announced today? You might think it protects not against the NSA but the crook on the street. But until Apple demonstrates they pass a gummy bear hackability test, don’t believe them.

And watch for smartphone thieves carrying tin snips.

Share this entry

NSA and Compromised Encryption: The Sword Cuts Both Ways

[Snapshot, Ralph Langner presentation re: Stuxnet, outlining payload extraction (c. 2012 via YouTube)]

[Snapshot, Ralph Langner presentation re: Stuxnet, outlining payload extraction (c. 2012 via YouTube)]

If you want fresh and weedy perspectives you won’t find in corporate-owned media, please donate!

A friendly handshake is offered;
Names are swapped after entry;
The entrant delivers a present;
The present is unboxed with a secret key…

And * BOOM *

Payload delivered.

This is cyber weapon Stuxnet‘s operations sequence. At two points in the sequence its identity is masked — at the initial step, when identity is faked by a certificate, and at the third step, when the contents are revealed as something other than expected.

The toxic payload is encrypted and cannot be read until after the handshake, the name swap, and then decrypted when already deep inside the computer.

In the wake of the co-reported story on the National Security Agency’s efforts to crack computer and network encryption systems, the NSA claims they are only doing what they must to protect the country from terrorists, criminals, and cyber attacks generated by individuals, groups, and nation-state actors.

Defense, though, is but one side of the NSA’s sword; it has two lethal edges.

While use of encryption tools may prevent unauthorized access to communications, or allow malicious code to be blocked, the same tools can be used to obstruct legitimate users or shut down entire communications systems.

Encryption APIs (ex: Microsoft CryptoAPI embedded in Windows operating systems) are often used by higher level applications — for example, a random number generator within the API used to create unique keys for access can also be used to create random names or select random event outcomes like a roll of the dice.

In Stuxnet alone we have evidence of encryption-decryption used as cyber warfare, the application planned/written/supported in some way by our own government. This use was Pandora’s Box opened without real forethought to the long-term repercussions, including unintended consequences.

We know with certainty that the repercussions weren’t fully considered, given the idiocy with which members of Congress have bewailed leaks about Stuxnet, in spite of the fact the weapon uncloaked itself and pointed fingers in doing so.

One of the unconsidered/ignored/unintended consequences of using weaponry requiring encryption-decryption is that the blade can cut in the other direction.

Imagine someone within the intelligence community “detonating” a cyber weapon built in the very same fashion as Stuxnet.

A knock at the door with a handshake;
Door open, package shoved in, treated as expected goods;
Encrypted content decrypted.

And then every single desktop computer, laptop, netbook, tablet, and smartphone relying on the same standardized, industry-wide encryption tools “detonates,” obstructing all useful information activities from personal and business work to telecommunications. Read more

Share this entry

Joby Warrick Is the New Judy Miller

Poor Joby Warrick. With Judy Miller so disgraced that Fox News had to issue a “she has nothing to apologize for” press release when they hired her back in 2008, Joby drew the short straw yesterday and was assigned to transcribe the hyped bullshit concerns arising from Israel Syria’s neighbors that Syria might be contemplating use of biological weapons. The entire Warrick article needs to be read to get a full feel for its credulous recitations of completely unfounded speculation being passed off as actual intelligence, but I will stick with just a few paragraphs. Warrick opens by making a completely baseless claim:

Last month’s alleged chemical attack near Damascus has re­focused attention on Syria’s 30-year-old biological weapons research and raised concerns about whether the government there could activate an effort to make a weapon.

Really, Joby? Aside from those “intelligence officials in two Middle East countries” who fed you this material, has anybody else voiced a concern that Syria is contemplating use of bioweapons, or even could produce bioweapons if they wanted to?

Even Warrick has to admit that any work on bioweapons in Syria is now over 30 years old. But that doesn’t deter Warrick and the spooks whispering in his ear:

Syria’s bioweapons program, which U.S. officials believe has been largely dormant since the 1980s, is likely to possess the key ingredients for a weapon, including a collection of lethal bacteria and viruses as well as the modern equipment needed to covert them into deadly powders and aerosols, according to U.S. and Middle Eastern officials and weapons experts.

Wow. the “US and Middle Eastern officials and weapons experts” guiding Warrick’s hands on the keyboard as he types are saying that despite not working on bioweapons for thirty years or so, they have the deadly organisms and equipment that would be needed to make “deadly powders and aerosols”.

Warrick and the spies who feed him have absolutely nothing on which to base this accusation. Let’s check a neutral source on what the real status of biotechnology capability in Syria is and whether it can be rapidly adapted to bioweapons. The Nuclear Threat Initiative provides a report on Syria’s potential bioweapons capability that was last updated in February of this year. They come to very different conclusions than Warrick (emphasis added):

In the past, unclassified statements by U.S. officials occasionally claimed reason to suspect Syria of maintaining an offensive BW program. [2] However, in contrast to discussions of Syrian chemical warfare (CW) capabilities, such claims have not included any details on the size and scale of Syria’s potential BW program, and are not presented alongside supporting evidence. Instead, discussions on this topic have focused on speculative extrapolations of Syrian dual-capable industry and on Syrian political motivations. Such analysis can be neither detailed nor comprehensive. Although the existence of a biotechnology industrial base would suggest that Syria has some indigenous expertise useful for developing a biological weapons capability, it does not imply and cannot confirm the existence of an offensive biological weapons program. Furthermore, given that Israel, a state that is understood to possess a nuclear arsenal and continues to occupy the Golan Heights, remains Syria’s primary security concern, and given the risk of “blowback” when deploying biological weapons, such weapons would be of questionable tactical desirability from a Syrian perspective. While public sources on the nature of Syria’s chemical and nuclear programs are limited, even less exists about Syria’s biological program, and “there is no hint of its existence from open sources.” [3]

The report goes on to detail what Syria’s biological industries do (again, emphasis added): Read more

Share this entry

The Black Budget

Screen shot 2013-08-29 at 2.50.28 PMThe Washington Post just published an excellent package on the FY2013 Black Budget for intelligence. I’m reading through the summary now.

I’ll put working comments below. But one of my first impressions is that all of this is useful information, and in some ways really encouraging information (in others, horrifying).

For that reason, this is one of my favorite parts of the story itself:

Lee Hamilton, an Indiana Democrat who was a former chairman of the House Intelligence Committee and co-chairman of the commission that investigated the Sept. 11 attacks, said that access to budget figures has the potential to enable an informed public debate on intelligence spending for the first time, much as Snowden’s disclosures of NSA surveillance programs brought attention to operations that had assembled data on nearly every U.S. citizen.

“Much of the work that the intelligence community does has a profound impact on the life of ordinary Americans, and they ought not to be excluded from the process,” he said.

“Nobody is arguing that we should be so transparent as to create dangers for the country,” he said. But, he said, “there is a mindset in the national security community — leave it to us, we can handle it, the American people have to trust us. They carry it to quite an extraordinary length so that they have resisted over a period of decades transparency. . . . The burden of persuasion as to keeping something secret should be on the intelligence community, the burden should not be on the American public.”

Hamilton is absolutely right. There’s no reason why information at this level of detail shouldn’t be shared with American taxpayers ponying up the $52.6 billion to pay for it all.


Working comments on Budget Justifications

4: The IC is apparently going to start researching trade disputes. I assume that’ll be primarily targeted at China. But it’s an interesting development.

 

Share this entry