One Year After Collateral Murder Release, DOD’s Networks Are Still Glaring Security Problem

As I have posted several times, the response to WikiLeaks has ignored one entity that bears some responsibility for the leaks: DOD’s IT.

Back in 2008, someone introduced malware to DOD’s computer systems. In response, DOD announced it would no longer allow the use of removable media in DOD networks. Yet that is precisely how Bradley Manning is reported to have gotten the databases allegedly leaked. In other words, had DOD had very basic security measures in place they had already been warned they needed, it would have been a lot harder for anyone to access and leak these documents.

Often, when I have raised this issue, people are simply incredulous that DOD’s classified network would be accessible to removable media (and would have remained so two years after malware was introduced via such means). But it’s even worse than that.

A little-noticed Senate Homeland Security hearing last month (Steven Aftergood is one of the few people who noticed) provided more details about the status of DOD’s networks when the leaks took place and what DOD and the rest of government have done since. The short version is this: for over two months after DOD arrested Bradley Manning for allegedly leaking a bunch of material by downloading information onto a Lady Gaga CD, DOD and the State Department did nothing. In August, only after WikiLeaks published the Afghan War Logs, they started to assess what had gone wrong. And their description of what went wrong reveals not only how exposed DOD was, but how exposed it remains.

Two months to respond

Bradley Manning was arrested on or before May 29. Yet in spite of claims he is alleged to have made in chat logs about downloading three major databases, neither DOD or State started responding to the leak until after the Afghan War Logs were published on July 25, 2010.

The joint testimony of DOD’s Chief Information Officer Teresa Takai and Principal Deputy Under Secretary for Intelligence Thomas Ferguson explains,

On August 12, 2010, immediately following the first release of documents, the Secretary of Defense commissioned two internal DoD studies. The first study, led by the Under Secretary of Defense for Intelligence (USD(I)), directed a review of DoD information security policy. The second study, led by the Joint Staff, focused on procedures for handling classified information in forward deployed areas.

In other words, “immediately” (as in, more than two weeks) after the publication of material that chat logs (published two months earlier) had clearly explained that Manning had allegedly downloaded via Lady Gaga CD months earlier, DOD commissioned two studies.

As State Department Under Secretary of Management Patrick Kennedy explained, their response was no quicker.

When DoD material was leaked in July 2010, we worked with DoD to identify any alleged State Department material that was in WikiLeaks’ possession.

It wasn’t until November–at around the time when NYT was telling State precisely what they were going to publish–that State started responding in earnest. At that time–over four months after chat logs showed Manning claiming to have downloaded 250,000 State cables–State moved its Net Centric Diplomacy database from SIPRNet (that is, the classified network) to JWICS (the Top Secret network).

DOD’s exposed IT networks

Now, frankly, State deserves almost none of the blame here. Kennedy’s testimony made it clear that, while the WikiLeaks leak has led State to enhance their limits on the use of removable media access, they have systems in place to track precisely who is accessing data where.

DOD won’t have that across their system for another year, at least.

There are three big problems with DOD’s information security. First, as the Takai/Ferguson testimony summarized,

Forward deployed units maintained an over-reliance on removable electronic storage media.

It explains further that to make sure people in the field can share information with coalition partners, they have to keep a certain number of computers accessible to removable media.

The most expedient remedy for the vulnerability that led to the WikiLeaks disclosure was to prevent the ability to remove large amounts of data from the classified network. This recommendation, forwarded in both the USD(I) and Joint Staff assessments, considered the operational impact of severely limiting users’ ability to move data from SIPRNet to other networks (such as coalition networks) or to weapons platforms. The impact was determined to be acceptable if a small number of computers retained the ability to write to removable media for operational reasons and under strict controls.

As they did in 2008 after malware was introduced via thumb drive, DOD has promised to shut off access to removable media (note, Ferguson testified thumb drives, but not CDs, have been shut down for “some time”). But 12% of the computers on SIPRNet will still be accessed by removable media, though they are in the process of implementing real-time Host Based Security System tracking of authorized and unauthorized attempts to save information on removable media for those computers.

In response to a very frustrated question from Senator Collins, Ferguson explained that DOD started implementing a Host Based Security System in 2008 (the year DOD got infected with malware). But at the time of the leak, just 40% of the systems in the continental US had that system in place; it was not implemented outside of the US, though. They weren’t implemented overseas, he explained, because a lot of the systems in the field “are cobbled together.”

In any case, HBSS software will be in place by June. (Tech folks: Does this means those computers are still vulnerable to malware introduced by removable media? What about unauthorized software uploads?)

Then there’s data access control. DOD says it can’t (won’t) password protect access to information because managing passwords to control the access of 500,000 people is too onerous for an agency with a budget larger than Australia’s gross national product. Frankly, that may well be a fair approach given the importance of sharing information.

But what is astounding is that DOD is only now implementing public key infrastructure that will, first of all, make it possible to track what people access and–some time after DOD collects that data–to start fine tuning what they can access.

DoD has begun to issue a Public Key Infrastructure (PKI)-based identity credential on a hardened smart card. This is very similar to the Common Access Card (CAC) we use on our unclassified network. We will complete issuing 500,000 cards to our SIPRNet users, along with card readers and software, by the end of 2012. This will provide very strong identification of the person accessing the network and requesting data. It will both deter bad behavior and require absolute identification of who is accessing data and managing that access.

In conjunction with this, all DoD organizations will configure their SIPRNet-based systems to use the PKI credentials to strongly authenticate end-users who are accessing information in the system. This provides the link between end users and the specific data they can access – not just network access. This should, based on our experience on the unclassified networks, be straightforward.

DoD’s goal is that by 2013, following completion of credential issuance, all SIPRNet users will log into their local computers with their SIPRNet PKI/smart card credential. This will mirror what we already do on the unclassified networks with CACs.

[Takai defines what they’re doing somewhat just before 88:00]

Note what this says: DOD is only now beginning to issue the kind of user-based access keys to protect its classified network that medium-sized private companies use. And unless I’m misunderstanding this, it means DOD is only now upgrading the security on its classified system to match what already exists on its unclassified system.

Let’s hope nothing happens between now and that day in 2013 when all this is done.

And this particular problem appears to exist beyond DOD. While the two DIA witnesses mostly blew smoke rather than provide a real sense of where security is at (both blamed WikiLeaks on a “bad apple” rather than shockingly bad information security), the testimony of DNI’s Intelligence Community Intelligence Sharing Executive Corin Stone seems to suggest other parts of the IC area also still implementing the kind of authentication most medium sized corporations employ.

To enable strong network authentication and ensure that networks and systems can authoritatively identify who is accessing classified information, the IC CIO is implementing user authentication technologies and is working with the IC elements to achieve certificate issuance to eligible IC personnel in the first quarter of fiscal year 2012.

So that’s the issue of removable media and individualized access tracking.

Which leaves one more big security hole. According to Takai/Ferguson, DOD didn’t–still didn’t, as of mid-March–have the resources in place to detect anomalous behavior on its networks.

Limited capability currently exists to detect and monitor anomalous behavior on classified computer networks.

This confirms something Manning said in chat logs: no one is following the activity occurring on our networks in Iraq (or anywhere else on SIPRNet, from the sounds of things), and flagging activities that might be an intrusion.

The part of the Takai/Ferguson testimony that details very hazy plans to think about maybe implementing such a system (pages 6-7) is worth a gander just for the number of acronyms of titles of people who are considering maybe what to implement some time in the future. It’s all a bunch of bureaucratic camouflage, IMO, to avoid saying clearly, “we haven’t got it and we haven’t yet figured out how we’re going to get it.” But here are the two most concrete descriptions of what the Department of Defense plans to do to make sure no one is fiddling in their classified networks. First, once they get HBSS completely installed, then they will install an NSA audit program on top of that.

One very promising capability is the Audit Extraction Module (AEM) developed by the National Security Agency (NSA). This software leverages already existing audit capabilities and reports to the network operators on selected audit events that indicate questionable behavior. A great advantage is that it can be integrated into the HBSS we have already installed on the network, and so deployment should be relatively inexpensive and timely. AEM is being integrated into HBSS now and will be operationally piloted this summer.

But in the very next paragraph, Takai/Ferguson admit there are better solutions out there. But DOD (again, with its budget larger than the GNP of most medium sized countries) can’t implement those options.

Commercial counterintelligence and law enforcement tools – mostly used by the intelligence community – are also being examined and will be a part of the overall DoD insider threat program. These tools provide much more capability than the AEM. However, while currently in use in some agencies, they are expensive to deploy and sustain even when used in small, homogeneous networks. Widespread deployment in DoD will be a challenge.

In other words, DOD wants to be the biggest part of the intelligence community. But it and its budget bigger than Brazil’s GNP won’t implement the kind of solutions the rest of the intelligence community use.

Department. Of. Defense.

Now, let me be clear: DOD’s embarrassingly bad information security does not, in any way, excuse Bradley Manning or the other “bad apples” we don’t know about from their oath to protect this information. (Note, there was also testimony that showed DOD’s policies on information sharing were not uniformly accessible, but that’s minor compared to these big vulnerabilities.)

But in a world with even minimal accountability, we’d be talking about fixing this yesterday, not in 2013 (five years, after all, after the malware intrusion). We’d have fired the people who let this vulnerability remain after the malware intrusion. We’d aspire to the best kind of security, rather than declaring helplessness because our very expensive DOD systems were kluged together. And we’d be grateful, to a degree, that this was exposed with as little reported damage as it has caused.

If this information is really classified for good reason, as all the hand-wringers claim, then we ought to be using at least the kind of information security implemented by the private sector a decade ago. But we’re not. And we don’t plan on doing so anytime in the near future.

Share this entry

Darrell Issa Complains that Janet Napolitano Took a Whole Year to Change Michael Chertoff’s Inefficient FOIA Process

Darrell Issa has no credibility when it comes to matters of transparency. We’ve seen Issa’s rank hypocrisy in the past. He dismissed concerns about Karl Rove doing business on RNC emails as a political stunt. And he suggested that apparently deliberate attempts to dismantle email archives at the White House was all about technology.

So I’m not surprised his loud complaints that Department of Homeland Security politicized the FOIA process turned out to be oversold.

As it happens, both Issa’s and Elijah Cummings’ reports on this seem to miss the forest for the trees.

At issue is the process by which top DHS officials review–and are alerted to–sensitive FOIA releases. The policy in place up until July 2010 was put in place in 2006. That is, under Michael Chertoff. As I understand it, when certain high level issues were due to be released, the Secretary’s office (whether it be Chertoff or Janet Napolitano) would be emailed the materials for review. In some cases, that review identified additional information that, for legal FOIA reasons, needed to be redacted. In other case, this review process simply alerted the Secretary to something he or she would be asked about in the press.

In other words, Darrell Issa is complaining about a process–and a burdensome email review process–inherited from Michael Chertoff. Since then, DHS has introduced an intranet system that has gotten the Secretarial review time to one day.

In addition, Issa appears to ignore how DHS has gotten rid of the largest FOIA backlog in history. In 2006, according to Mary Ellen Callahan’s testimony, DHS had a backlog of 98,000 requests. When Napolitano took over, that backlog was 74,000 requests. The backlog is now 11,000.

This is the kind of thing Darrell Issa is bitching about.

Now I do have certain questions about what sparked all of this. Issa first latched onto the issue after this AP report–the most serious allegations of which the AP subsequently admitted they could not confirm. Call me crazy, but given the centrality of bad blood between a few career staffers here, I’d suggest the original article came right out of that bad blood. (And perhaps not coincidentally, the article came out in the same month as DHS switched to the more efficient Intranet process.)

But it also sounds like the Napolitano was particularly concerned about being alerted to sensitive requests in the early years of the Administration.

Unless I missed it, no one mentioned this debacle, Napolitano’s embarrassment with the release of a Bush-initiated report on right wing domestic extremism. Mind you, witnesses admitted that part of the concern arose from the release of information that had been generated under the Bush Administration, so it’s possible that this report was the reason for the sensitivity.

But I wonder whether part of the problem here all stems from the fact that the Bush DHS initiated a study on right wing extremists that was subsequently spun as a Napolitano project.

Share this entry

US Intelligence Operatives in Libya, Before a Finding, Sounds Like JSOC

Mark Hosenball, who yesterday broke the news that Obama had issued a Finding authorizing the CIA to operate covertly in Libya in the last 2-3 weeks, today says “intelligence operatives” were on the ground before Obama signed that Finding.

U.S. intelligence operatives were on the ground in Libya before President Barack Obama signed a secret order authorizing covert support for anti-Gaddafi rebels, U.S. government sources told Reuters.The CIA personnel were sent in to contact opponents of Libyan leader Muammar Gaddafi and assess their capabilities, two U.S. officials said.

[snip]

The president — who said in a speech on Monday “that we would not put ground troops into Libya” — has legal authority to send U.S. intelligence personnel without having to sign a covert action order, current and former U.S. officials said.

Within the last two or three weeks, Obama did sign a secret “finding” authorizing the CIA to pursue a broad range of covert activities in support of the rebels.

Congressional intelligence committees would have been informed of the order, which the officials said came after some CIA personnel were already inside Libya.

Now, one explanation for this is simply that Obama sent JSOC–under the guise of preparing the battlefield–rather than CIA. It sounds like the practice–first exploited by Cheney–that the government has used frequently in the last decade of ever-expanding Presidential authority.

Indeed, House Intelligence Chair Mike Rogers’ claims he must authorize covert action, but hasn’t, sounds like the kind of complaint we’ve frequently gotten when the President bypassed the intelligence committees by claiming DOD was simply preparing the battlefield.

And Hosenball’s nuanced language about “boots,” that is, military, on the ground, may support that view.

Furthermore, we know there are a slew of British Special Forces on the ground in Libya. So why not Americans, too?

Hosenball is not saying this explicitly, yet. And he does refer to “CIA operatives” (who could be in Libya to simply collect information). But all the subtext of this article suggests that our special forces have been on the ground since before any Finding, which in turn suggests they may have been there longer than 2-3 weeks (the timeframe given for the Finding).

This is all a wildarsed overreading of Hosenball at this point. But if I’m right, then it would mean Obama would be using the shell game he adopted from Cheney to engage in war without Congressional oversight.

Share this entry

Finally! Our Declining Manufacturing Base Becomes a National Security Issue

I have long argued that the way to address the big problems our government is currently all-but-ignoring, not least jobs and climate change, is to talk about how our current policies put us at significant national security risk. If nothing else, by demonstrating how these are national security issues, it’ll provide a way to reverse fear-monger against the Republicans trying to gut our country for profit.

Which is why I’m happy to learn that the intelligence community is assessing whether the decline in manufacturing in the US represents a national security threat.

The U.S. intelligence community will prepare a National Intelligence Estimate on the implications of the continuing decline in U.S. manufacturing capacity, said Rep. Jan Schakowsky (D-IL) citing recent news reports.

Our growing reliance on imports and lack of industrial infrastructure has become a national security concern,” said Rep. Schakowsky.  She spoke at a March 16 news conference (at 28:10) in opposition to the pending U.S.-Korea Free Trade Agreement.The Forbes report referenced by Rep. Schakowsky was “Intelligence Community Fears U.S. Manufacturing Decline,” by Loren Thompson, February 14. The decision to prepare an intelligence estimate was first reported by Richard McCormack in “Intelligence Director Will Look at National Security Implications of U.S. Manufacturing Decline,” Manufacturing & Technology News, February 3.

Note that Schakowsky is a member of (and until January, was a Subcommittee Chair on) the House Intelligence Committee. It’s possible her own requests generated this concern.

But the concern is real. As our manufacturing moves to places like China and (significantly for this context), Korea, we’ve lost certain capabilities. Indeed, when Bush slapped tariffs on steel in 2002, a number of tool and die factories moved to Korea where they could still access cheap steel while still supplying the US market. And in recent years, the loss of highly-skilled manufacturing process capabilities has meant we face challenges in sourcing some of our key military toys.

While it shouldn’t be the primary reason to invest in manufacturing in this country, ultimately if we keep losing it we’re going to have problems sustaining our military machine.

Most of the folks running DC may not much care that our middle class has disappeared along with our manufacturing base. But convince them that our declining manufacturing base might imperil their cherished military might, and they might finally wake up.

Share this entry

Will the US Share Intelligence with Israel’s New Left Wing Intelligence Initiative?

Ha’aretz reports that Israel’s Military Intelligence set up a group several months ago dedicated to collecting intelligence on non-Israeli leftist organizations that criticize Israel.

Military Intelligence is collecting information about left-wing organizations abroad that the army sees as aiming to delegitimize Israel, according to senior Israeli officials and Israel Defense Forces officers.

The sources said MI’s research division created a department several months ago that is dedicated to monitoring left-wing groups and will work closely with government ministries.

[snip]

Military Intelligence officials said the initiative reflects an upsurge in worldwide efforts to delegitimize Israel and question its right to exist.

“The enemy changes, as does the nature of the struggle, and we have to boost activity in this sphere,” an MI official said. “Work on this topic proceeds on the basis of a clear distinction between legitimate criticism of the State of Israel on the one hand, and efforts to harm it and undermine its right to exist on the other.”

The new MI unit will monitor Western groups involved in boycotting Israel, divesting from it or imposing sanctions on it. The unit will also collect information about groups that attempt to bring war crime or other charges against high-ranking Israeli officials, and examine possible links between such organizations and terror groups.

Now aside from thinking generally that this is a bad idea, I’m particularly concerned about whether or not the US will share intelligence with Israel on such issues.

For example, the initiative says it will look for ties between groups critical of Israel and terrorist groups. How is that different from the investigation of a bunch of peace activists’ ties with humanitarian organizations which has suggested the peace activists have ties to Hezbollah? And since we know OLC gave the President and certain Federal Officials the green light to ignore privacy protections on the sharing of grand jury information in the PATRIOT Act, does that mean our government will readily share the information they’re collecting in that grand jury with the Israelis?

And to some degree, the Israelis wouldn’t even have to rely on intelligence sharing, per se. In his book The Shadow Factory, James Bamford spent some time detailing the Israeli ties to key companies in our electronic surveillance, companies like Verint, which intercepts and stores communication, PerSay, which does voice mining, NICE, which does voice content analysis, and Narus, which enables real-time surveillance on telecom lines. Between Verint and Narus, Bamford writes,

Thus, virtually the entire American telecommunications system is bugged by two Israeli-formed companies with possible ties to Israel’s eavesdropping agency–with no oversight by Congress.

And we can find such ties closer to home, too. The company that had been paid by Pennsylvania to track potential threats to critical infrastructure which ended up tracking First Amendment protected speech, the Institute of Terrorism Research and Response, is an Israeli company. Among other groups it tracked (one key focus was anti-fracking groups) were peace organizations–precisely the kind of group that might oppose Israel’s actions in Gaza.

The concern that federal and state entities have been paying companies with Israeli ties to collect information on groups that might include the same peace groups targeted by this new initiative in Israel is one thing.

But think of the other logical possibility. Our federal and state governments usually show some embarrassment when they get caught collecting intelligence on peace groups (though that doesn’t seem to stop it from happening over and over again). What will stop those same government entities from asking Israel to collect such information?

Share this entry

Apparently, “Blood Money” Now Includes “Green Cards”

Last we heard about the families of Raymond Davis’ victims, they were held in custody until they agreed to accept the blood money Pakistan offered on our behalf.

Things are looking up for the family members, though. Eighteen of them have been flown to UAE to be resettled.

A chartered plane carrying 18 family members of Faizan Haider and Faheem Shamshad, the two men killed by Davis, left the Chaklala air base on Friday at 4:30 pm for the United Arab Emirates (UAE), sources said.

The plane landed at the Dubai airport from where the 18 people proceeded to Abu Dhabi where two houses have been rented for them.

In addition, four family members will be granted green cards for the US, with the possibility that the rest of the family will later be sponsored in.

Four American Green Cards and two residences in the US have also been arranged for the two families.

[snip]

According to the deal, four persons from the two families would first go to the US after completing visa formalities. Later, other family members would be considered for permanent residence in the US, the sources said.

Click through for the names of the (?) consular employees who negotiated the blood money.

It appears the court in question may be a bit suspicious about the inclusion of resettlement and green cards in sharia, because it is now demanding an explanation.

The Lahore High Court (LHC) on Monday directed CCPO Lahore Aslam Tareen to appear in court on March 22 and present a report on the disappearance of the families of Faizan Haider and Faheem, the two young men who were shot dead by CIA contractor Raymond Davis on January 27, DawnNews reported.

Now, I’m all in favor of the families getting some kind of due compensation for the killing of their family member; and they may indeed be at some physical risk themselves at this point.

But I am a little bit worried about what all the American haters are going to say when they learn blood money payments under sharia law now also come with US green cards.

Share this entry

US Cheating on European SWIFT Agreement Reveals Safeguards Were Oversold

As I noted last night, the US has been violating the spirit of its agreement with the EU on access to the SWIFT database–the database tracking international financial transfers. Rather than giving Europol specific, written requests for data, it has been giving it generic requests backed by oral requests the Europol staffers are not supposed to record. That arrangement makes it impossible to audit the requests the US is making, as required by the agreement between the US and EU.

But not only does our cheating make us an arrogant data octopus, it may suggest we’re violating our own internal safeguards on the program.

Back when Lichtblau and Risen first exposed the SWIFT program, they described how it initially operated under emergency powers. On such terms, SWIFT turned over its entire database.

Indeed, the cooperative’s executives voiced early concerns about legal and corporate liability, officials said, and the Treasury Department’s Office of Foreign Asset Control began issuing broad subpoenas for the cooperative’s records related to terrorism. One official said the subpoenas were intended to give Swift some legal protection.

Underlying the government’s legal analysis was the International Emergency Economic Powers Act, which Mr. Bush invoked after the 9/11 attacks. The law gives the president what legal experts say is broad authority to “investigate, regulate or prohibit” foreign transactions in responding to “an unusual and extraordinary threat.”

[snip]

Within weeks of 9/11, Swift began turning over records that allowed American analysts to look for evidence of terrorist financing. Initially, there appear to have been few formal limits on the searches.

“At first, they got everything — the entire Swift database,” one person close to the operation said.

But then they put in more safeguards. One of those safeguards was to have an outside auditing firm review the requests to make sure they were based on actual leads about actual suspected terrorists.

Officials realized the potential for abuse, and narrowed the program’s targets and put in more safeguards. Among them were the auditing firm, an electronic record of every search and a requirement that analysts involved in the operation document the intelligence that justified each data search. Mr. Levey said the program was used only to examine records of individuals or entities, not for broader data searches.

[snip]

Swift executives have been uneasy at times about their secret role, the government and industry officials said. By 2003, the executives told American officials they were considering pulling out of the arrangement, which began as an emergency response to the Sept. 11 attacks, the officials said. Worried about potential legal liability, the Swift executives agreed to continue providing the data only after top officials, including Alan Greenspan, then chairman of the Federal Reserve, intervened. At that time, new controls were introduced.

Among the safeguards, government officials said, is an outside auditing firm that verifies that the data searches are based on intelligence leads about suspected terrorists. “We are not on a fishing expedition,” Mr. Levey said. “We’re not just turning on a vacuum cleaner and sucking in all the information that we can.”

Read more

Share this entry

Pakistan Pays Blood Money So We Don’t Have To

As Jim White reported this morning, Raymond Davis has been released after the families of his victims were paid blood money per Sharia law.

We’ve really gotten to bizarro-land when a possible Blackwater contractor has been saved by Sharia law.

But wait! Hillary says we didn’t pay the blood money ourselves.

QUESTION: Okay, we’ll jump right into it. Again, I’ll try not to take up too much of your time. Before I ask about Egypt, I’m obliged to ask you about one other thing – Raymond Davis. Can you explain why, in your view, it was a wise idea in the long term to pay blood money for Davis’s release?

SECRETARY CLINTON: Well, first of all, the United States did not pay any compensation. The families of the victims of the incident on January 27th decided to pardon Mr. Davis. And we are very grateful for their decision. And we are very grateful to the people and Government of Pakistan, who have a very strong relationship with us that we are committed to strengthening.

QUESTION: According to wire reports out of Pakistan, the law minister of the Punjab Province, which is where this took place, says the blood money was paid. Is he mistaken?

SECRETARY CLINTON: Well, you’ll have to ask him what he means by that.

QUESTION: And a lawyer involved in the case said it was 2.34 million. There is no money that came from anywhere?

SECRETARY CLINTON: The United States did not pay any compensation.

QUESTION: Did someone else, to your knowledge?

SECRETARY CLINTON: You will have to ask whoever you are interested in asking about that.

Josh Rogin explains what really happened: Pakistan paid our blood money. And we’ll make it up to them … somehow.

The truth is that the Pakistani government paid the victims’ families the $2.3 million and the U.S. promised to reimburse them in the future, according to a senior Pakistani official.

[snip]

“The understanding is the Pakistani government settled with the family and the U.S. will compensate the Pakistanis one way or the other,” the senior Pakistani official told The Cable.

The U.S. government didn’t want to set a precedent of paying blood money to victims’ families in exchange for the release of U.S. government personnel, the source said, adding that the deal also successfully avoided a ruling on Davis’s claim of diplomatic immunity — an issue that had become a political firestorm in Pakistan.

Now, this is weird on several fronts. The people in the US who would be really opposed to a blood money payment under Sharia law are the same nutcases who have managed to roll back funding of reproductive health using the argument that all money is fungible. If they’re going to argue that money reimbursed by the government (via a health insurance subsidy) is equivalent to a direct payment by the government, then won’t they argue that money reimbursed to Pakistan by the US is equivalent to a Sharia payment directly?

But I’m also fascinated about this given the government’s success at getting the NYT and others to spike reporting on Davis’ CIA ties. The argument then was that “authoritative” reporting on Davis’ CIA ties would put him at risk. But as I pointed out repeatedly, the people who might put him at risk–Pakistani people–already knew this detail.

Well, if our government is so worried about these threats, then isn’t the revelation that the Pakistanis paid the blood money going to endanger the already fragile Asif Zardari government? Or is this just confirmation that the government was worried about Americans finding out about Davis, not Pakistanis?

In news that is probably unrelated (but who knows!?!?!), Hillary has told Wolf Blitzer she’s not coming back for a possible second Obama term (as also reported by Rogin).

Share this entry

The Logical Consequence of Looting in Libya

Things for anti-Qaddafi forces in Libya have gone from difficult to worse. Yet even after Director of National Intelligence James Clapper made the mistake of telling the truth about Qaddafi’s strength, there has been little discussion about this report from James Risen and Eric Lichtblau (one exception is Dan Drezner).

Here’s part of what Clapper said (the White House has backed away from his comments and Lindsey Graham has called for his resignation for telling the truth).

“Over time I think the regime will prevail,” acknowledged Clapper. “With respect to the rebels in Libya, and whether or not they will succeed or not, I think frankly they’re in for a tough row.”

Clapper added he did not believe Kadhafi, who has earned a reputation as a maverick, planned to step down after more than four decades in power.

“I don’t think he has any intention of leaving,” Clapper said. “From all evidence that we have, which I’d be prepared to discuss in closed session, he appears to be hunkering down for the duration.”

[snip]

Libyan air defenses, including radar and surface-to-air missiles, are “quite substantial,” Clapper explained.

“A very important consideration here for the regime is, by design, Kadhafi intentionally designed the military so that those select units willed to him are the most luxuriously equipped and the best trained.”

With that assessment–which was echoed in testimony by the head of DIA–in mind, consider Risen and Lichtblau’s description of the way Qaddafi has prepared himself financially to weather a rebellion. They describe that he has hoarded away “tens of billions” in Libya which will make the financial sanctions we’re using against him pretty useless.

The money — in Libyan dinars, United States dollars and possibly other foreign currencies — allows Colonel Qaddafi to pay his troops, African mercenaries and political supporters in the face of a determined uprising, said the intelligence officials, speaking on the condition of anonymity.

The huge cash reserves have, at least temporarily, diminished the impact of economic sanctions on Colonel Qaddafi and his government. The possibility that he could resist the rebellion in his country for a sustained period could place greater pressure for action on the Obama administration and European leaders, who had hoped that the Libyan leader would be forced from power quickly.

In other words, in addition to the tens of billions in assets Europe and the US have frozen, Qaddafi has still more loot available within his country, inaccessible to international sanctions. And that is one thing (the superior Russian arms he has that Clapper mentioned are another) that will allow Qaddafi to wait out the rebels.

Take a step back and think about the implications of this.

According to the story, Qaddafi probably started hoarding money in the 1990s. After the West lifted sanctions on Qaddafi in 2004, the process accelerated.

He has built up Libya’s cash reserves in the years since the West began lifting economic sanctions on his government in 2004, following his decision to renounce unconventional weapons and cooperate with the United States in the fight against Al Qaeda. That led to a flood of Western investment in the Libyan oil and natural gas industries, and access to international oil and financial markets.Colonel Qaddafi, however, apparently feared that sanctions would someday be reimposed and secretly began setting aside cash in Tripoli that could not be seized by Western banks, according to the officials. He used the Libyan Central Bank, which he controls, and private banks in the city. He also directed that many government transactions, including some sales on the international oil spot market, be conducted in cash. “He learned to keep cash around,” said the person with ties to Libyan government officials, who asked to remain anonymous for fear of putting them in jeopardy.

Then, in the weeks before the uprising broke out in Libya, Qaddafi continued to move money around to keep it accessible.

And with it, he is able to outfit and pay his elite troops, mercenaries from other countries, and loyal supporters. He can let oil just sit in the ground (as it did during the previous sanction period), because he doesn’t need to sell oil immediately to get money.

Because Qaddafi managed to loot shrewdly, he is largely immune from our non-military efforts to prevent him from committing genocide against his own people. His looted riches make him the match of most of his country, even backed by the international community.

And the thing is, we knew Qaddafi was doing this looting. Read more

Share this entry

Online Personas and Congress

I’ve been meaning to return to our government’s contracting for persona software for a while. Last week RawStory had a good story providing details of the persona management contract the Air Force put out for bid. RS reveals that the contract was awarded to Ntrepid, a firm in LA with the kind of website that screams “cover.” And it has this from CENTCOM’s digital media engagement team.

According to Commander Bill Speaks, the chief media officer of CENTCOM’s digital engagement team, the public cannot know what the military wants with such technology because its applications are secret.

“This contract,” he wrote in reference to the Air Force’s June 22, 2010 filing, “supports classified social media activities outside the U.S., intended to counter violent extremist ideology and enemy propaganda.”

Speaks insisted that he was speaking only on behalf of CENTCOM, not the Air Force “or other branches of the military.”

While he did reveal who was awarded the contract in question, he added that the Air Force, which helps CENTCOM’s contracting process out of MacDill, has even other uses for social media that he could not address.

It’s secret, Sparks says, even the stuff that gets contracted openly.

In a post that looks like pushback against the concerns raised in the RS story, Jeff Stein has the same spokesperson reassuring us that these Cyberwar tactics won’t be directed against us.

Centcom spokesman Cmdr. Bill Speaks acknowledged in an interview last week that the Air Force had a contract for the Persona Management Software, but denied it would be deployed against domestic online protesters.

“The contract, and the Persona management technology itself, supports classified blogging activities on foreign-language Web sites to enable CENTCOM to counter violent extremist and enemy propaganda outside the U.S.,” Speaks told SpyTalk. “The contract would more accurately be described as supporting U.S. Central Command, rather than the Air Force — the Wing here at MacDill provides contracting support for us — efforts.”

Speaks said the software would “absolutely” not be used against law-abiding Americans.

Only, it looks like Stein asked the obvious follow-up question and got something less reassuring.

Update: Speaks adds, “The phrase [law-abiding] suggests that we might use it against Americans who are not law-abiding. The truth is that these activities are not directed towards Americans, without qualification.”

And how do they know that? Do they refuse to interact online with anyone whose IP address shows them to be in the US? Our Cyberwar folks do know that the InterToobz are global, don’t they? I feel like this gets us back to the old reverse targeting problems with the government’s replacement to FISA, with a very easy loophole to not “direct” fake personas at US persons, but to influence them with fake personas nevertheless.

Which brings me back to the point I always return to in these discussions: to the evidence that DOD generally is hiding its Cyberwar programs from Congress, and the Air Force in particular has issued strict guidelines prohibiting its people from telling Congress about AF Special Access Programs.

Read more

Share this entry