Intelligence Archives - Page 47 of 101

The Army Teaches American Culture to Americans

November 2, 2011/20 Comments/in Culture, Intelligence /by emptywheel

Sorry for my absence over the last week. Mr. EW and I drove to South Carolina to visit his family. I had thought I’d get posting time. It didn’t work out that way.

Profuse thanks to Jim White and bmaz for watching the shop while I was gone.

While I was in SC, I read this Secrecy News piece about the cultural literacy flash cards the Army had developed for soldiers serving in Afghanistan.

These cards can be used in many different ways, but they are designed as ―fillers‖ to be taken out of your ACU pocket and used between tasks or waiting for the next training to begin. Soldiers must understand how vital culture is in accom-plishing today’s missions. Military personnel who have a superficial or even dis-torted picture of a host culture make enemies for the United States. Each Soldier must be a culturally literate ambassador, aware and observant of local cultural be-liefs, values, behaviors and norms.

I was interested in the cards because I’ve had several conversations with fans of CounterInsurgency doctrine. Repeatedly, I’ve argued the US is never going to be good at COIN, because Americans generally–and a good proportion of grunt recruits more specifically–are too parochial to be able to execute COIN, which requires a fairly acute sensitivity to culture. Hell, we don’t even learn other languages–not even Spanish, which is virtually a second language in this country. So I was curious about how the Army tried to overcome this parochialism.

The cards struggle to explain what culture is, generally.

Humans are biologically equipped to create and use culture. Culture is all knowl-edge passed from one generation to another. Culture can be divided into symbolic culture and material culture. Symbolic culture is all of a group’s ideas, symbols and languages. Material culture is tools, clothing, houses and other things that people make or use. It is all human inventions: from stone tools to spacecraft.
[Critical Thinking: What kinds of culture do we take for granted in everyday life?] [brackets and emphasis original]

Having tried to get honors college freshman to understand culture, I get that this is a tough concept for relatively sheltered young adults to understand. The cards, curiously, didn’t ask readers to do what has worked for me in the past–a straight inventory of differences between one’s own culture and that of others. Rather, it spent pages laying out Afghan culture (without, IMO, distinguishing sufficiently between Pashtun and other Afghan cultures). And then included one page (see page 31) describing what the card authors believe American culture to be. Here’s how the cards describe “the characteristics of American Culture”:

Fast-paced.
Punctuality.
Women’s rights.
Egalitarian, belief in equal opportunity; not outcomes.
Goal-oriented.
Individualism.
Pragmatism.
Tolerance.
Separation of church and state.
Value work and personal success.
Love of technology.

Now, to be fair, the military generally is one of the most egalitarian institutions left in our increasingly unequal country. So I don’t blame whatever contractor the Army inadvisedly picked to write these cards for claiming the US still is egalitarian.

But “women’s rights”? “Separation of church and state”? “Tolerance”?

Maybe I found these assertions to be all the more laughable because I read them in SC–not known for either its commitment to women’s rights or tolerance.

But if you want to point to one reason why we’ll never succeed at COIN, you can look to the military’s institutional misunderstanding of who we Americans are.

The Coordinated Leaky Drips In The White House

October 28, 2011/14 Comments/in 2008 Presidential Election, CIA Leak Case, Department of Justice, Informants, Intelligence, Law, Obama Administration, state secrets, Terrorism, Unitary Executive /by bmaz

As I’ve noted previously, there has been a hue and cry against the critical and untenable use, and abuse, of secrecy by the United States government. There has always been some abuse of the government’s classified evidence for political gain by various administrations operating the Executive Branch, but the antics of the Obama administration have taken the disingenuous ploy to a new art form.

Today, via Politico’s old fawning Washington DC gluehorse, Roger Simon, comes an unadulterated (sometimes x-rated) and stunningly tin eared and arrogant admission of what the Obama White House is all about, straight from the lips of Obama consigliere Bill Daley:

Rahm was famous for calling reporters, do you call reporters? I ask.

“I call; I’m not as aggressive leaking and stroking,” Daley says. “I’m not reflecting on Rahm, but I’m not angling for something else, you know? Rahm is a lot younger [Emmanuel is 51], and he knew he was going to be doing something else in two years or four years or eight years, and I’m in a different stage. I’m not going to become the leaker in chief.”

You’ve got others for that, I say.

“Yeah, and hopefully in some organized leaking fashion,” Daley says, laughing. “I’m all for leaking when it’s organized.”

Oh, ha ha ha, isn’t that just hilarious? Bill Daley, and the White House he runs, are all for leaking, history bears out even the most highly classified government secrets, and doing so in an organized pre-planned fashion, when it serves their little self-centric petty political interests. But god help an honest citizen like Thomas Drake who, after exhausting all other avenues of pursuit within the government, leaks only the bare minimum information necessary to expose giant government waste, fraud and illegality because he feels it his duty as a citizen.

For citizens like Tom Drake, the “most transparent administration in history” will come down on his head like a ton of nuclear bricks even when they embarrass themselves in so doing. But they are more than willing to exploit and leak to self serve their own interests. What is good for the king is not appropriate for the commoner.

In this regard, I wish to amplify point that Glenn Greenwald has previously made about the pernicious affect of this duplicitous use of classified information. Glenn said:

But the problem is much worse than mere execssive secrecy. Anyone who purports concern over the harmful leaking of classified information should look first to the Obama administration, which uses secrecy powers as a manipulative tool to propagandize the citizenry: trumpeting information that makes the leader and his government look good while suppressing anything with the force of criminal law that does the opposite. Using secrecy powers to propagandize the citizenry this way is infinitely more harmful than any of the leaks the Obama administration has so aggressively prosecuted.

That is exactly right. It is not just that the government keeps unnecessary secrets from the public on information that is critical to their duties and responsibilities as citizens, it is that the self-serving selective leaking creates an intentionally fraudulent paradigm for the citizenry. It is not only manipulative, is fundamentally dishonest and duplicitous.

When the leaking is so selective and self-serving it is not just the people who are deceived, is the press they rely on as a neutral information conduit from which to make their opinions and determinations. The press then becomes little more than a hollow funnel for opportunistic and dishonest spin. We saw the effects of this in the case of Anwar Awlaki’s extrajudicial assassination, and have seen it again in the Scary Iranian Terrorist Murder ruse.

The last bastions against this pernicious practice are the press and courts. Until both start admitting how they are relentlessly gamed and played by the White House, there is little hope for change. And make no mistake, the press ratifies this pernicious conduct by lazily accepting such leaks and reporting without properly noting just how malignant the process is. It is all a joke to Bill Daley and Barack Obama, and the joke is on us.

PS: For a little more on the joy that is White House Chief of Staff Bill Daley, see Digby today. And a fine dissertation of why Daley should be fired on the spot by Joan Walsh in Salon. I would only note that it is not just Rahm and Daley, it is the man who consistently brings this Chicago style heavy handed belligerence to the White House. Mr. Obama’s two Chiefs of Staff do not operate apart from him, they ARE him and his Presidency. The buck for this stops at the top.

Confirmed: the Government Hid–and Is Still Hiding–Manssor Arbabsiar’s First Docket

October 26, 2011/10 Comments/in Informants, Intelligence, Scary Iran Plot, Terrorism /by emptywheel

I first raised questions of why the government had charged Manssor Arbabsiar–the Scary Iran Plotter–with an amended complaint almost two weeks ago. As I noted then, the obvious existence of an earlier sealed complaint might suggest the possibility that Arbabsiar was charged with something entirely different than the murder-for-hire charges he got charged with on October 11.

First (and this is what got me looking at the docket in the first place), the complaint is an amended complaint. That says there’s a previous complaint. But that complaint is not in the docket. Not only is it not in the docket, but the docket starts with the arrest on September 29 (notice the docket lists his arrest twice, on both September 29 and October 11), but the numbering starts with the amended complaint (normally, even if there were a sealed original complaint, it would be incorporated within the numbering, such that the docket might start with the amended complaint but start with number 8 or something).

Two things might explain this. First, that there was an earlier unrelated complaint–say on drug charges, but the charges are tied closely enough to this op such that this counts as an amended complaint. Alternately, that Arbabsiar was charged with a bunch of things when he was arrested on September 29, but then, after at least 12 days of cooperation (during which he waived Miranda rights each day), he was charged with something else and the new complaint incorporated Ali Gholam Shakuri’s involvement, based entirely on Arbabsiar’s confession and Shakuri’s coded conversations with Arbabsiar while the latter was in US custody. [emphasis original]

If Arbabsiar were originally charged with something different than he was charged with on October 11–for example, if he were charged with drug charges that might put him away for hard time–it might explain why he waived Miranda rights for 12 days in a row, when he had, on 5 different occasions in his past, hired lawyers to represent him when he got in legal trouble.

Well, this filing not only confirms that an earlier complaint exists–the earlier complaint is dated September 28–but it confirms my suspicion the complaint is in an different docket that is entirely sealed.

On September 28, 2011, Magistrate Judge James C. Francis IV authorized a complaint bearing docket number 11 Mag. 2534 (“Sealed Complaint”), charging the above-listed defendant. The Sealed Complaint is attached hereto as Exhibit A.

On October 11, 2011, Magistrate Judge Michael H. Dolinger authorized an Amended Complaint (11 Mag. 2617) charging the defendant and Gholam Shakuri (“Amended Complaint”). By order of the Honorable Loretta A. Preska, dated October 11, 2011, the Sealed Complaint was ordered to remain sealed. On October 11, 2011, the defendant was presented on only the Amended Complaint.

The Government respectfully requests that the Court enter a limited unsealing order permitting the Government to produce the Sealed Complaint in redacted form to defense counsel as part of the discovery process. The Sealed Complaint would otherwise remain sealed.

First, compare the docket numbers:

First Complaint: 11-mg-2534

Amended Complaint: 11-mg-2617

Criminal Indictment: 11-cr-897

These are three entirely different dockets.

A search for criminal magistrate docket 11-2534 returns nothing. Which means the docket–the entire docket–is and remains sealed.

This increases the likelihood that the first complaint charges entirely different charges–such as opium charges–than the amended complaint does.

Indeed, the language of this letter appears to suggest that only Arbabsiar was charged in the first complaint. Even if this earlier complaint pertained to murder-for-hire charges, this might make sense–as I have pointed out, most of the current charges are conspiracy charges that would involve at least two defendants. But the letter suggests–by stating only that “the defendant was presented on only the Amended Complaint”–that there may be charges unique to Arbabsiar, completely unrelated charges that hang over him still–that weren’t charged because of his 12-day cooperation to implicate Shakuri.

And here’s the kicker. The government isn’t even telling Arbabsiar’s defense counsel all of what was in that first complaint. They are asking that she receive the complaint in redacted form.

So not only are they hiding the original basis of his arrest from us–US citizens and the world community, to whom the government claimed this is an international incident. But they’re hiding parts of this earlier complaint even from the public defender tasked to actually represent this guy.

Why Does Duqu Matter?

October 24, 2011/19 Comments/in Cybersecurity, Intelligence /by WilliamOckham

The short answer is that if your PC got infected by Stuxnet last year, you were just collateral damage, unless you were operating a very specific set of uranium enrichment centrifuges. If you get Duqu this year, your network is under attack from a CIA/Mossad operation. They might seem a little outrageous, but bear with me while we get into the weeds of what Duqu is all about. I will lay out a set of assertions that lead to the conclusion that Duqu really is the “precursor to the next Stuxnet” as Symantec say in their whitepaper.

1. Stuxnet was created by the CIA and the Mossad

Although no one has officially claimed responsiblity for Stuxnet, both the U.S. and Israeli governments have done everything but take offical responsibility. Neither government has ever denied responsibilty, even when directly asked. In fact, officials in both governments have been reported as breaking out in big smiles when the subject comes up.

2. Duqu is from the same team that created Stuxnet.

The first clue that Duqu is from the Stuxnet team is the similarities between the rootkit components in both pieces of malware. The folks who have studied the two most closely are sure that Duqu is based on the Stuxnet component’s source code. Despite what you may have read on the internet, the actual source code to Stuxnet is not publicly available. Some folks have reverse-engineered some of the Stuxnet source code from the binaries that are available, for various technical reasons, I’m sure that these don’t serve as the basis for Duqu.

Duqu even has a fix for a bug in Stuxnet. Also, the only two pieces of malware in history to install themselves with as Windows device drivers with legitimate, but stolen, digital certificates are Stuxnet and Duqu. Both Stuxnet and Duqu were active in the wild and managed to evade detection for many months. While that’s not unheard of for malware, it is another point of similarity.

Stuxnet targeted a specific industrial control system (ICS) installation (the Siemens PLCs that were used to control the centrifuges at Natanz). Here’s the lastest on what Duqu targets:

Some of the companies affected or targeted by Duqu include the actual equipment that an ICS would control such as motors, pipes, valves and switches. To date, the vendors that make the PLC, controllers and systems/applications found in control centers are not yet affected, although this information could change as more variants are identified and these vendors look more closely at their systems.

There are no other instances of computer malware that target these sorts of installations.

3. Stuxnet was a worm, Duqu is not.

Stuxnet was a very aggressive computer worm. It had to be to jump the “air gap” that protects a secure ICS such as the system that ran the Natanz installation. When Stuxnet was discovered, the A-V vendors quickly discovered millions of computers had been (benignly) infected with Stuxnet. Duqu, on the other hand, has been found on only a handful of computers. Interestingly, no one has yet discovered the dropper, that is, the program used to place the Duqu rootkit on the infected machines. This is almost certainly because Duqu is being placed on these machines via a spear phishing attack. In spear phishing, specific targets are chosen and the attack is customized to the target.

4. Duqu is being used to download a RAT (Remote Access Trojan)

The rootkit component was used to download a standalone program designed to steal information from the computer that it has infected (including screenshots, keystrokes, lists of files on all drives, and names of open windows). Duqu is doing computer network reconnaissance. The information gathered by Duqu is very useful for planning future attacks. Before the command and control server was taken off-line, Symantec observed Duqu downloading three additional files to an infected machine. The first was a module that could be injected into other processes running on the machine to gather some process-specific information as well as the computer’s local and system times (including time zone and daylight savings time bias). Another downloaded module was used to extend the normal 36-day limitation on Duqu installations. The last downloaded module was a stripped down version of the standalone RAT, lacking the key logging and file exploration functionality.

5. Put it all together and it adds up to a well-executed, highly targeted covert operation

For the last ten months, Duqu has been quietly stalking a small number of industrial manufacturers. No one even noticed before early September and it wasn’t until last week that the nature of the threat was clear to anyone. Duqu is spying on a handful of companies, gathering data that will be used for the design and development of the true Stuxnet 2.0. One thing we don’t know is who the target of Stuxnet 2.0 will be. But I have a suspicion. Nothing indicates that the ultimate target (i.e., Iran) of the Stuxnet team has changed. In August of this year, Iran announced that it had activated its first pre-production set of his newer IR-2m and IR-4 centrifuges. These are the successors to the centrifuges that Stuxnet attacked. If you wanted to do these centrifuges what Stuxnet did to the earlier IR-1 centrifuges, you would need a lot of specific data about the safe operating specs of the various components that go into making advanced centrifuges. If you knew or suspected who was supplying Iran with these components, you might want to gather some data from the internal networks of those suppliers. That’s what I think the point of Duqu really is.

The OTHER Saudi Assassination Plotter Got a Reduced Sentence in July

October 22, 2011/2 Comments/in Informants, Intelligence, Terrorism, Torture /by emptywheel

This post from Cannonfire reminded me how convenient for our country it is that Moammar Qaddafi was executed rather than captured alive and tried: he will not be able to tell anyone, now that he’s dead, how Ibn Sheikh al-Libi, who under torture provided one of the casus belli for the Iraq war, came to be suicided in a Libyan prison just as Americans started focusing on torture in 2009.

That, plus the death of the Saudi Crown Prince Sultan bin Abdul-Aziz al Saud, made me think of another plot Qaddafi brings to his grave: that he had purportedly arranged to assassinate then Crown Prince now King Abdullah. The evidence to support that plot mostly came from Abdulrahman Alamoudi, a prominent American Muslim who was arrested in 2003 on charges he violated trade sanctions against Libya.

Tell me if this sounds familiar. A naturalized American citizen is arrested upon re-entry to the country and charged with a bunch of crimes. After a period of no bail, he confesses to participation in the assassination plot of a top Saudi.

Court documents said the assassination plot arose from a March 2003 conference at which Libyan leader Moammar Gaddafi and Prince Abdullah had a heated exchange. Angered at how Gaddafi was treated, Libyan officials recruited Alamoudi.

Even after he learned that the target was Abdullah, Alamoudi shuttled money and messages between Libyan officials and the two Saudi dissidents in London, the documents said. Although Gaddafi is not named as a planner, sources familiar with the case have said he appears in the documents as “Libyan government official #5,” who met personally with Alamoudi.

Mind you, though the judge considered the assassination plot in Alamoudi’s sentence, he plead guilty not to murder-for-hire, but to prohibited financial transactions with Libya (the kind of thing JPMC just got its wrist slapped for), unlawful procurement of naturalization, and tax evasion.

Anyway, thinking about the similarities between that case and the Scary Iran Plot led me to consult Alamoudi’s docket (most of which is not available online). What happens to a guy convicted in connection with plotting with a nasty African dictator as we launch the war to finally kill that dictator?

Well, it turns out that at about the time it was clear we’d stick around to ensure Qaddafi died in this kinetic action, a sealed document got filed in Alamoudi’s case. And, on July 20, 2011, Alamoudi got about 30% knocked off his sentence, from 276 months to 197.

Mind you, no one was hiding the fact that Alamoudi would continue to cooperate with authorities while in prison–so it’s no surprise his sentence got lowered. Nor does Alamoudi’s sentence reduction necessarily have anything to do with Alamoudi’s testimony in the assassination plot.

But I do expect, a decade from now, that’s what’s going to happen to Manssor Arbabsiar’s docket.

Scary Iran Plot: FBI Had No Need to Investigate Arbabsiar’s Corpus Christi Past

October 20, 2011/17 Comments/in Informants, Intelligence, Scary Iran Plot, Terrorism /by emptywheel

So imagine this scenario.

A DEA informant calls up his handler out of the blue and says,

Omigod! Some crazy Iranian just approached me to arrange some kind of hit on behalf of this Iranian terror organization. He asked about explosives (I bragged about my C4 expertise.) He found me through my aunt in Corpus Christi. She says she knows him from when he used to be a used car salesman.

The DEA calls the FBI. What’s one of the first things the FBI would do?

Maybe look him up in the FBI’s own files (they find he doesn’t have a federal record). And just after that, you’d think they’d start investigating him in Corpus Christi, where Narc knew him to have connections. Maybe call the cops there and see if they knew this crazy Iranian. Which, since Arbabsiar has a pretty consistent record of petty arrests and lawsuits, they do.

Which is why it’s sort of odd that the FBI never contacted the Corpus Christi cops–they first talked to them the day after Arbabsiar was charged.

Arbabsiar had previous arrests in Nueces County during nearly 20 years living in the area.

That meant arrest records and personal details were on file in the county’s warehouse. But no one from any federal agency ever asked for the folder, Kaelin said.

“From an intelligence-gathering standpoint, even the tiniest bits of information could have a connection to something bigger,” he said. “They never asked to see it.”

In fact, FBI agents never contacted the sheriff’s office or the police department about their investigation into Arbabsiar.

That’s all the more weird given that some of the criminal files on Arbabsiar were on dead tree files in a warehouse from back in the day when the FBI itself didn’t really use computers (you know, like last year).

Now, my scenario sounds weird, almost impossible, particularly in the age of information sharing between local cops and national counterterrorism investigators. Even if they were worried about keeping Narc’s identity secret–which I’m sure is particularly critical so close to the border in South Texas–you’d think they’d at least go and make discreet investigations about Arbabsiar (particularly given the claims that, by the end of the investigation, FBI officers seemed to be going out of their way to make their presence known.

Neighbors, however, said it had been years since Arbabsiar lived in the stucco house he once shared with his wife on a suburban cul-de-sac. They said it appeared that as many as 10 people were living in the house, and lately there had been some signs of suspicious activity: When residents looked for available Wi-Fi networks, networks with names like “FBI Van 1” would pop up.l

Unless …

Unless they didn’t need to do that background research on Arbabsiar when Narc purportedly came to them out of the blue to tell them about this crazy Iranian seeking an assassin purportedly out of the blue.

The FBI’s seeming disinterest in learning about Arbabsiar from the law enforcement officials who ostensibly knew him best suggests they already knew about him when he approached Narc.

(As a number of media outlets have reported, the Grand Jury has indicted the plotters, a mere nine days after the Administration started making an international incident about this. I’ll update or do a post once the indictment is in the docket.)

Did Duqu fix the bug that revealed Stuxnet?

October 20, 2011/36 Comments/in emptywheel, Intelligence /by WilliamOckham

Count Dooku Duqu isn’t Christopher Lee in Attack of the Clones, but it is the newest computer malware to hit mainstream consciousness. It’s attracting attention mainly because it is based on the same software source code base as the Windows portion of Stuxnet. If you haven’t heard about Duqu, check out the Wired article that first alerted me to its existence. If you are interested in the technical details, you need to read the excellent write-up by Symantec (pdf link).
Unfortunately, the twitterverse, blogosphere, and the computer security profession all seem to be caught up in a hype/debunking/speculation cycle that is spreading more heat than light. The primary significance of Duqu is what it tells us about the operation behind Stuxnet and Duqu, i.e. that it is an on-going enterprise conducting computer espionage and sabotage around the world. The fact that it is rather obviously (though not publicly) run by the U.S. intelligence community should concern everyone.
I’ll put up a more extensive post later (including a timeline!) detailing what the Duqu phase of the Stuxnet operation tells us about the cyberwarfare strategy of the U.S. and how it is endangering the safety and security of the U.S. and the whole industrialized world. But first, I want to remind everyone how Stuxnet was originally discovered:

… the VirusBlokAda security firm in Minsk, received what seemed to be a relatively mundane email on June 17, 2010. An Iranian firm was complaining that its computers were behaving strangely, shutting themselves down and then rebooting. Ulasen and a colleague spent a week examining the machines. Then they found Stuxnet. VirusBlokAda notified other companies in the industry, including Symantec.

This incident became curiouser and curiouser as Symantec, Langner, and others took apart Stuxnet. There wasn’t any obvious reason that Stuxnet would have caused that sort of behavior on an infected computer. I even wondered at the time whether or not Stuxnet’s cover was blown intentionally since the perpetrators moved quickly to call further attention to themselves. But, thanks to the good work of the Symantec team, we can surmise something quite revealing about the initial discovery of Stuxnet.

The rootkit component of Duqu is quite similar to, but not exactly the same as, the one in Stuxnet. In both cases, if the infected computer gets rebooted while it is infected, the rootkit wants to make sure that it is running before the operating system is fully loaded. That’s why this rootkit (both flavors, Stuxnet and Duqu) is packaged as a hardware device driver. Here’s a feature of Duqu’s driver that wasn’t present in Stuxnet (as described by Symantec on page 4 of the pdf linked above):

The driver then registers a DriverReinitializationRoutine and calls itself (up to 200 times) until it is able to detect the presence of the HAL.DLL file. This ensures the system has been initialized to a point where it can begin injecting the main DLL.

The bolded portion is the new functionality that wasn’t present in Stuxnet. As a software developer, this detail tells me a lot. The driver is checking to make sure that the hardware abstraction layer (HAL.DLL) of Windows is loaded before it proceeds with the re-infection routine. The HAL is a portion of the Windows OS that really needs to be loaded before device drivers can function properly. Between the time that Stuxnet was deployed and this later version was compiled, the Stuxnet team identified a problem (a race condition) with their software being loaded before the HAL, probably only under the rarest of circumstances. So they modified their program to take this possible condition into account.
As I thought about this, I realized that the likely impact of the Stuxnet device driver being loaded before the HAL was properly initialized would almost certainly be that the machine would continuously crash and reboot. Look again at how Stuxnet was first discovered (remember it was in the wild for at least a full year before it was noticed by any anti-virus vendor):

… the VirusBlokAda security firm in Minsk, received what seemed to be a relatively mundane email on June 17, 2010. An Iranian firm was complaining that its computers were behaving strangely, shutting themselves down and then rebooting. Ulasen and a colleague spent a week examining the machines. Then they found Stuxnet. VirusBlokAda notified other companies in the industry, including Symantec.

By November 3, 2010 (the compile date of the Duqu component), the Stuxnet team had fixed the bug that led to the discovery of Stuxnet last year. And then went almost another full year without being discovered by the anti-virus vendors. It is likely to be a lot harder to reconstruct what the Stuxnet team has been up to this time around, but it is clear that the operation is on-going and we can assume (unless specific information turns up pointing in a different direction) that the primary target is still the Iranian nuclear program.

Spy v. Spy, Terrorist v. Terrorist: All the Usual Suspects Now Implicated in Scary Iran Plot

October 19, 2011/16 Comments/in Intelligence, Scary Iran Plot, Terrorism /by emptywheel

Here in the Midwest, we’ve got lions and tigers and bears running around today, and even other animals, like monkeys, that aren’t members of the NFC North.

In the Middle East, it seems everyone’s rolling out the usual suspects to impugn in the Scary Iran Plot. The most humorous is Bahrain’s use of David Ignatius to send Obama a message. Not only did Bahrain’s Foreign Minister Sheikh Khalid Al-Khalifa warn that, “This is really serious. It’s coming to your shores now” and repeat Saudi allegations that Gholam Shakuri had a role in opposition to the Bahraini King (though, in calling Shakuri only an “important ‘Iranian interlocutor’,” the Foreign Minister actually sounded more measured than the Saudis).

But then the Foreign Minister throws in a jab at Ahmad Chalabi.

Khalifa mentioned one more name of interest to American observers of the Middle East — the Iraqi Shiite politician Ahmed Chalabi. Lobbying by Chalabi played an important role in mobilizing the Bush administration to invade Iraq in 2003; since then he’s been jockeying for power in Baghdad and, increasingly, tilting toward Iran on regional issues.

The peripatetic Chalabi has now taken up the cause of Bahrain’s Shiite community, pressuring the government in Manama and even, at one point last spring when the political confrontation was intense there, proposing to organize a rescue “flotilla” to deliver aid, on the model of the Turkish flotilla that tried to enter Gaza last year.

“We would regard him as an Iranian agent, no doubt,” said Khalifa.

To be fair, this sounded like a throwaway, not a direct response to Scary Iran Plot. Except to the extent that Scary Iran Plot is about the Sunni-Shiite fight for hegemony in the Middle East, the one we first disturbed by going to war on Chalabi’s say-so.

Still, I was waiting for someone like Chalabi or Manucher Ghorbanifar or Michael Ledeen to show up in this tale, so I’m please to find Chalabi here, like an old friend.

The far more interesting development–as MadDog and lysias pointed out here–is the Iranian propaganda announcement that Gholam Shakuri is actually an MEK member.

Interpol has found new evidence showing that the number two suspect in connection with the alleged Iranian government’s involvement in a plot to assassinate the Saudi ambassador to Washington is a key member of the terrorist Mojahedin Khalq Organization (MKO), the Mehr News Agency has learnt.

Gholam Shakuri was last seen in Washington and Camp Ashraf in Iraq where MKO members are based.

The person in question has been travelling to different countries under the names of Ali Shakuri/Gholam Shakuri/Gholam-Hossein Shakuri by using fake passports including forged Iranian passports. One passport used by the person was issued on 30/11/2006 in Washington. The passport number was K10295631.

The accusation got picked up by the NYT, which in turn got a denial from the MEK.

The opposition group itself dismissed the Mehr report as nonsense. Shahin Gobadi, a spokesman, said in an e-mailed response that “this is a well-known tactic that has been used by the mullahs in the past 30 years where they blame their crimes on their opposition for double gains.”

So after we had the United States lecturing other countries about illegal assassinations and rule of law, we’ve got one terrorist organization (albeit one whose material supporters in the US rather remarkably aren’t treated like the material supporters of other terrorist organizations) accusing another terrorist organization of crimes.

There are times I’m really comforted that my neighborhood has nothing but Lions and Tigers and Bears running around.

Why Did the Scary Iran Plotter Speak Directly from a Contested Treasury Department Script?

October 18, 2011/29 Comments/in Informants, Intelligence, Scary Iran Plot, Terrorism /by emptywheel

As I noted on Friday, Manssor Arbabsiar’s cousin, Abdul Reza Shahlai, who purportedly directed him to arrange a plot with Los Zetas, was sanctioned by the Treasury Department in 2008, in part for involvement in an attack in Karbala.

Iran-based Abdul Reza Shahlai–a deputy commander in the IRGC–Qods Force–threatens the peace and stability of Iraq by planning Jaysh al-Mahdi (JAM) Special Groups attacks against Coalition Forces in Iraq. Shahlai has also provided material and logistical support to Shia extremist groups–to include JAM Special Groups–that conduct attacks against U.S. and Coalition Forces. In one instance, Shahlai planned the January 20, 2007 attack by JAM Special Groups against U.S. soldiers stationed at the Provincial Joint Coordination Center in Karbala, Iraq. Five U.S. soldiers were killed and three were wounded during the attack.

But as Gareth Porter pointed out yesterday, there are reasons to doubt the US has proof of Shahlai’s role in that attack. Porter’s original report on this from 2007 describes Michael Gordon trying, unsuccessfully, to get Brigidier General Kevin Bergner to provide real evidence of Iranian involvement in the plot. And he describes David Petraeus specifically denying the claim.

Another indication that the command had no evidence of Iranian involvement in the attack was the statements of the top commander in Iraq, Gen. David Petraeus, on the issue in an April 26 press briefing. Petraeus had referred to a 22-page memorandum captured with the Shiite prisoners that he said “detailed the planning, preparation, approval process and conduct of the operation that resulted in five of our soldiers being killed in Karbala.” But he did not claim that either the document or the interrogation of Khazali had suggested any Iranian or Hezbollah participation in, much less direction of the planning of the Karbala assault.

Later in that briefing, a reporter asked whether Petraeus was “saying that there was evidence of Iranian involvement in that [Karbala] operation?” Petraeus responded, “No. No. No. That—first of all, that was the operation that you mentioned, and we do not have a direct link to Iranian involvement in that particular case.”

At the time Petraeus made this statement, Khazali, the chief of the militia group that had carried out the attack, had been in U.S. custody for more than a month. Despite nearly five weeks of intensive interrogation of Khazali, Petraeus’s comments would indicate that U.S. officials had not learned anything that implicated Iran or Hezbollah in the planning or execution of the Karbala attack

Porter’s post yesterday describes officers subsequently reiterating that the Iraqis, not the Iranians, launched this plot.

In a news briefing in Baghdad Jul. 2, 2007, Gen. Kevin Bergner confirmed that the attack in Karbala had been authorised by the Iraqi chief of the militia in question, Kais Khazali, not by any Iranian official.

Col. Michael X. Garrett, who had been commander of the U.S. Fourth Brigade combat team in Karbala, confirmed to this writer in December 2008 that the Karbala attack “was definitely an inside job”.

Now, perhaps Treasury had additional evidence by the time it sanctioned Shahlai, perhaps not. But suffice it to say the claim that Shahlai had a role in that plot is at least contested, and there is reason to believe it is outright false.

Which is why I find it so interesting that, among the other things Manssor Arbabsiar repeats to Narc about Shahlai, is that he had ties to a bombing in Iraq.

ARBABSIAR further explained that his cousin was “wanted in America,” had been “on the CNN,” and was a “big general in [the] army.” ARBABSIAR further explained that there were a number of parts to the army of Iran and that his cousin “work[s] in outside, in other countries for the Iranian government[.]” ARBABSIAR further explained that his cousin did not wear a uniform or carry a gun, and had taken certain unspecified actions related to a bombing in Iraq. Compare supra ¶ 17. [my emphasis]

That reference back to paragraph 17? It’s a reference to the complaint’s background on the Quds Force. Note the content carefully:

[T]he IGRC is composed of a number of branches, one of which is the Qods Force. The Qods Force conducts sensitive covert operations abroad, including terrorist attacks, assassinations, and kidnappings, and provides weapons and training to Iran’s terrorist and militant allies. Among many other things, the Qods Force is believed to sponsor attacks against Coalition Forces in Iraq, and in October 2007, the United States Treasury Department designated the Qods Force, pursuant to Executive Order 13224, for providing material support to the Taliban and other terrorist organizations.

Note, the Treasury designation the FBI Agent refers to is not the 2008 designation naming Shahlai directly in connection to the Karbala plot, but instead an earlier one first designating Quds Force for material support to the Taliban. Read more →

Telling Stories about What Iran Is Capable Of

October 18, 2011/9 Comments/in Informants, Intelligence, Scary Iran Plot, Terrorism /by emptywheel

As I’ve mused on twitter and in comment threads, I’ve started wondering who paid more for Scary Iran Plot, the US Government or (allegedly) Quds Force?

After all, it’s clear that Narc offered up the idea to attack Adel al-Jubeir at a restaurant with explosives rather than, say, shooting him or poisoning him. Narc invented the fictional 150 civilians who would be at the restaurant. Narc invented the fictional Senators who might be killed in the blast. Narc said he could, “blow him up or shoot him,” and Arbabsiar said, “how is possible for you.” When Narc warned about those fictional casualties, Arbabsiar said, “if you can do it outside, do it” (though he clearly okayed collateral damage if necessary). Thus, even assuming there is nothing else funny about the plot, it’s clear that Narc authored the most spectacular details of it, the ones that resulted in a terrorism and WMD charges rather than just murder-for-hire, and quite possibly the ones that made this an alleged act of war against the US, rather than just an attack on Saudi Arabia.

Even assuming the Iranians dreamt up this plot, the US wrote the screenplay for it.

So how much did each side pay to create this plot?

I’d put the Quds force tab at $175,000. They allegedly advanced $100,000 for some kind of plot–but refused to send any more money. And on July 17, Arbabsiar describes asking Shahlai for “another $15.” Given that that happened in month 6 of a 9 month plot, I think it fair to estimate he was paid three installments of $15,000, or $45,000. Add in $30,000 for Shukari’s time, and you’ve got $175,000. (It’s not clear whether Arbabsiar paid for his international flights out of his advance, but I’ll also leave out the much greater travel costs on the American side. Further, all this assumes we haven’t paid in the past or agreed to pay Arbabsiar in the future for his part in the plot.)

The government, for its part, paid Narc to work Arbabsiar for at least four months. They paid Craig Monteilh $11,800 a month to run around safe mosques to try to entrap aspirational terrorists in LA; I presume they’d pay more for an actual cartel member to risk his life as an informant in Mexico. But let’s assume they paid the same rate they paid Monteilh, which would work out to $47,200, remarkably, about what Quds Force allegedly seems to have paid Arbabsiar. In addition, we’ve got at least the time of Robert Woloszyn, the FBI Agent who wrote the complaint. He doesn’t seem to have been Narc’s handler, so you’ve got Narc’s handler working long hours. In the press conference rolling out this case, Preet Bharara said two prosecutors, their two supervisors, the Deputy US Attorney, and the Acting Criminal head in NY “have [not] gotten much sleep lately.” In addition to SDNY, there was involvement from the Houston US Attorney and FBI offices, Houston DEA (which may be where Narc’s handler worked), NY’s JTTF. And all those intelligence personnel who played a critical role that we can’t discuss (except in anonymous leaks to journalists). Now clearly, many of these people were probably not personally involved in the crafting of a story that took alleged Quds Force intent to attack Saudi Arabia and turned it into the spectacular attack on a fictional restaurant in DC. But it’s probably safe to say that the US Government paid as much to craft this plot as the Quds Force allegedly did, even before you account for the money spent surveilling Arbabsiar, Shahlai, and Shakuri before the plot as well as the money spent stopping it.

With that in mind, check out the language State Department Spokesperson Victoria Nuland uses to describe how other countries are receiving the State Department’s efforts to persuade them to treat this plot as real.

Other countries are buying the basic idea of the plot, Nuland said, despite fairly widespread skepticism among Iran watchers about the likelihood the Quds Force would put such a clumsy plan into place.

“Countries may find it quite a story, but they’re not surprised that Iran would be capable of something like this,” she said.

It seems that our allies may be just as skeptical as many American observers that the Quds Force planned the precise plot that–it is clear–Narc’s handlers wrote the screenplay for. But, Nuland says, they buy the basic idea of it–“they’re not surprised that Iran would be capable of something like this.”

We had to invent this entire screenplay–perhaps investing as much money or more as Quds Force allegedly did–to get our allies to agree that the Quds Force might engage in terrorism? Didn’t they already know that?

(I sort of wonder whether our representatives are also asking our allies whether they think we’re capable of assassinating nuclear scientists?)

Therein lies the problem with the American practice of using stings to craft the scariest terror story possible. If the sheer improbability of it makes the story less credible, if all it does is reinforce a widely held belief, then doesn’t the theatricality of it work against the government?