Posts

The Latest 60 Minutes Propaganda: We Need a Crypto Back Door because ISIS Is “Coming Here” with WMD

/17 Comments/in , , /by

It has been clear for several years now that 60 Minutes has become a propaganda vehicle for the intelligence community (postpost, post). So it was unsurprising that John Brennan was given an opportunity to fearmonger last night without pesky people like Ron Wyden around pointing out that CIA itself poses a threat, even according to the terms laid out by the Intelligence Community.

I find the timing and content of John Brennan’s appearance of note.

The first segment (indeed the first words!) of the appearance did two things: first conflate ISIS-inspired attacks with ISIS-directed ones to suggest the terrorist organization might strike in the US.

Scott Pelley: Is ISIS coming here?

John Brennan: I think ISIL does want to eventually find it’s, it’s mark here.

Scott Pelley: You’re expecting an attack in the United States?

John Brennan: I’m expecting them to try to put in place the operatives, the material or whatever else that they need to do or to incite people to carry out these attacks, clearly. So I believe that their attempts are inevitable. I don’t think their successes necessarily are.

Here’s how the global threat testimony from last week, which really serves as temporal justification for Brennan’s appearance, carried out a similar though more nuanced conflation of ISIS’ aspirations with the aspirational plots here in the US.

The United States will almost certainly remain at least a rhetorically important enemy for most violent extremists in part due to past and ongoing US military, political, and economic engagement overseas. Sunni violent extremists will probably continually plot against US interests overseas. A smaller number will attempt to overcome the logistical challenges associated with conducting attacks on the US homeland. The July 2015 attack against military facilities in Chattanooga and December 2015 attack in San Bernardino demonstrate the threat that homegrown violent extremists (HVEs) also pose to the homeland. In2014, the FBI arrested approximately one dozen US-based ISIL supporters, in 2015, that number increased to approximately five dozen arrests. These individuals were arrested for a variety of reasons, predominantly for attempting to provide material support to ISIL.

Both Brennan and the threat testimony slide carefully from ISIS overcoming the logistical problems to attack themselves with attacking here to the ISIS-inspired far smaller attacks.

After having suggested ISIS wants to attack the US, Pelley then led Brennan to overstate the degree to which the Paris attackers hid behind encryption.

Scott Pelley: What did you learn from Paris?

John Brennan: That there is a lot that ISIL probably has underway that we don’t have obviously full insight into. We knew the system was blinking red. We knew just in the days before that ISIL was trying to carry out something. But the individuals involved have been able to take advantage of the newly available means of communication that are–that are walled off, from law enforcement officials.

Scott Pelley: You’re talking about encrypted Internet communications.

John Brennan: Yeah, I’m talking about the very sophisticated use of these technologies and communication systems.

From all the reports thus far, ISIS achieved what little obscurity they had primarily through burner devices, not through encryption (not to mention the fact that French authorities got an encryption key from someone who had decided against carrying out an ISIS attack the summer before this attack). And while Jim Comey revealed that FBI had not yet cracked one of several phones used by the San Bernardino attackers (who were not directed by ISIS and may have only invoked it for their own obscurantist purposes), the threat testimony pointed to social media as as big a concern as encryption (most of what ISIS uses is fairly weak).

Terrorists will almost certainly continue to benefit in 2016 from a new generation of recruits proficient in information technology, social media, and online research. Some terrorists will look to use these technologies to increase the speed of their communications, the availability of their propaganda, and ability to collaborate with new partners. They will easily take advantage of widely available, free encryption technology, mobile-messaging applications, the dark web, and virtual environments to pursue their objectives.

Finally — still in the first segment!!! — Pelley invites Brennan to suggest that limited reports that ISIS has used chemical weapons in Syria mean they might use them here.

Scott Pelley: Does ISIS have chemical weapons?

John Brennan: We have a number of instances where ISIL has used chemical munitions on the battlefield.

Scott Pelley: Artillery shells.

John Brennan: Sure. Yeah.

Scott Pelley: ISIS has access to chemical artillery shells?

John Brennan: Uh-huh (affirm). There are reports that ISIS has access to chemical precursors and munitions that they can use.

The CIA believes that ISIS has the ability to manufacture small quantities of chlorine and mustard gas.

Scott Pelley: And the capability of exporting those chemicals to the West?

John Brennan: I think there’s always the potential for that. This is why it’s so important to cut off the various transportation routes and smuggling routes that they have used.

Compare Brennan’s suggestion that ISIS may be manufacturing CW with the threat testimony note that two people have been exposed to mustard gas, though with far more widespread allegations of such use.

We assess that non state actors in the region are also using chemicals as a means of warfare. The OPCW investigation into an alleged ISIL attack in Syria in August led it to conclude that at least two people were exposed to sulfur mustard. We continue to track numerous allegations ofISIL’s use of chemicals in attacks in Iraq and Syria, suggesting that attacks might be widespread.

Now, I’ll grant you that Brennan much more carefully dodges here than Dick Cheney ever used to. But it’s pure fear-mongering — especially in the wake of the Oregon standoff that makes it clear domestic extremists are not only every bit as motivated as ISIS wannabes, but better trained and equipped. And fear-mongering using Dick Cheney’s favorite techniques (albeit with the added kicker of crypto fear-mongering).

And it all happened as Brennan’s buddies the Saudis are pretending to (finally) join the fight against ISIS in what is a fairly transparent attempt to prevent Russian-backed Syrian forces from gaining a crucial advantage in Syria. That is, this fairly crass fear-monger is likely directed at Assad as much as it is ISIS.

The Unnamed Network Provider Exposing our Infrastructure

/13 Comments/in /by

Today was Global Threat day, when James Clapper testifies before various committees in Congress and Ron Wyden asks uncomfortable questions (today, directed exclusively at John Brennan). I’ll have a few posts about the hearings (in Senate Armed Services and Senate Intelligence Committees) and Clapper’s testimony, the SASC version of which is here.

One interesting detail in Clapper’s testimony comes in the several paragraph section on Infrastructure within a larger section on “Protecting Information Resources.” Here’s how the testimony describes the Juniper hack.

A major US network equipment manufacturer acknowledged last December that someone repeatedly gained access to its network to change source code in order to make its products’ default encryption breakable. The intruders also introduced a default password to enable undetected access to some target networks worldwide.

There’s no discussion of how many Federal agencies use Juniper’s VPN, nor of how this must have exposed US businesses (unless the NSA clued them into the problem). And definitely no discussion of the assumption that NSA initially asked for the back door that someone else subsequently exploited.

More importantly, there’s no discussion of the cost of this hack, which I find interesting given that it may be an own goal.

Obama Administration Changed the Rationale for Why Assassinations Don’t Violate the Assassination Prohibition

/4 Comments/in /by

As a number of outlets have reported, the Second Circuit last month upheld the government’s effort to keep a March 29, 2002 OLC memo pertaining to targeted killing secret; the opinion was unsealed yesterday. The government is probably doing so to keep changes in their rationale for why assassinations don’t violate the prohibition on assassination in EO 12333 secret.

The judges on the panel — especially Judge Jon Normand, who wrote the opinion — had pushed during an ex parte hearing in June to release language in that earlier memo because the dog & pony show around drone strikes in 2012 to 2013 had used closely related language. But after some more secret briefing, the court decided the application of EO 12333 was different enough such that it remained properly protected.

It seems highly likely the specific part of EO 12333 under discussion pertains to the assassination ban. Between the earlier hearing and the opinion, the court pointed to language in the March 25, 2010 Harold Koh speech, the March 5, 2012 Eric Holder speech, and the April 30, 2012 John Brennan speech on targeted killing (they also pointed to two Panetta comments). Each of the cited speeches discusses the assassination ban — and little else that might directly pertain to EO 12333, besides just generally covert operations authorized under Article II. There’s this language in Koh’s speech.

Fourth and finally, some have argued that our targeting practices violate domestic law, in particular, the long-standing domestic ban on assassinations. But under domestic law, the use of lawful weapons systems—consistent with the applicable laws of war—for precision targeting of specific high-level belligerent leaders when acting in self-defense or during an armed conflict is not unlawful, and hence does not constitute “assassination.”

This language in Holder’s speech,

Some have called such operations “assassinations.” They are not, and the use of that loaded term is misplaced. Assassinations are unlawful killings. Here, for the reasons I have given, the U.S. government’s use of lethal force in self defense against a leader of al Qaeda or an associated force who presents an imminent threat of violent attack would not be unlawful — and therefore would not violate the Executive Order banning assassination or criminal statutes.

And this language in Brennan’s speech.

In this armed conflict, individuals who are part of al-Qa’ida or its associated forces are legitimate military targets.  We have the authority to target them with lethal force just as we targeted enemy leaders in past conflicts, such as German and Japanese commanders during World War II.

But even though all these public speeches commented on this interpretation of the assassination ban, the 2nd Circuit still permitted the government to shield the earlier memo.

The transcript of the June ex parte hearing reveals one explanation for that: the earlier memo was a “far broader interpretation” of the issue.

Screen Shot 2015-11-24 at 1.51.21 PM

That’s consistent with the government’s earlier claim (which I wrote about here).

Although the district court noted that the OLC-DOD Memorandum released by this Court contained a “brief mention” of Executive Order 12,333, the district court concluded that the analysis in the March 2002 Memorandum is significantly different from any legal analysis that this Court held has been officially disclosed and for which privilege has been waived.

In other words, while the earlier memo discusses the same aspect of EO 12333 as these public speeches (again, the assassination ban is by far the most likely thing), the earlier memo uses significantly different analysis, and so it may be hidden.

The June transcript also reveals that OLC lawyers reviewed and wrote on the 2002 memo at a later time — the implication being that someone in OLC reviewed the earlier memo in 2010 when writing the Awlaki one (and curiously, that hard copy with handwritten notes is the only one DOJ claims it can find).

Screen Shot 2015-11-24 at 4.32.17 PM

There are two things I find increasingly interesting about this earlier memo about EO 12333 — including at least one part presumably about the assassination ban. First, the implication that one of the lawyers reviewing it in 2010 saw the need to write a new memo (perhaps seeing the need to clean up yet more crazy John Yoo language? who knows). As I repeat endlessly, we know there’s a memo of uncertain date in which Yoo said the President could pixie dust the plain language of EO 12333 without changing the public language of it, and it’s possible this is what that memo did (though the President was clearly pixie dusting surveillance rules).

But I’m also interested in the date: March 29, 2002. The day after we captured Abu Zubaydah (who, at the time, top officials at least claimed to believe was a top leader of al Qaeda). The SSCI Torture Report made it clear the CIA originally intended to disappear detainees. Were they planning to execute them? If so, what stopped things?

In any case, CIA won its battle to hide this earlier discussion so we may never know. But it appears that DOJ may have felt the need to think thing through more seriously before drone assassinating a US citizen. So there is that.

 

Brennan Was Probably Talking about the Telegram PRISM Gap as Much as Encryption

/8 Comments/in /by

I noted the other day that at a pre-scheduled appearance Monday, Josh Rogin cued John Brennan to explain how the Paris attack happened without warning. In my opinion, the comment has been badly misreported as an indictment solely of Edward Snowden (though it is that) and encryption. I’ve put the entire exchange below but the key exchange was this:

And as I mentioned, there are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it. And I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve. And in the past several years because of a number of unauthorized disclosures and a lot of handwringing over the government’s role in the effort to try to uncover these terrorists, there have been some policy and legal and other actions that are taken that make our ability collectively internationally to find these terrorists much more challenging. And I do hope that this is going to be a wake-up call, particularly in areas of Europe where I think there has been a misrepresentation of what the intelligence security services are doing by some quarters that are designed to undercut those capabilities.

Brennan talks about technology that makes it difficult technically and legally to uncover plots. Encryption is a technical problem — one the NSA has proven its ability to overcome — that might be called a legal one if you ignore that NSA has the ability to overcome the lack of a legal requirement to provide back doors. But I agree this passage speaks to encryption, if not other issues.

In the next sentence, though, he talks about inadvertent or intentional gaps created “particularly in Europe.” He talks about plural unauthorized disclosures — as I noted, Josh Rogin’s own disclosure that the US had broken AQAP’s online conferencing technique may have been more directly damaging than most of Snowden’s leaks —  and “handwringing.” Those have led to “policy and legal and other actions” that have made it harder to find terrorists. In the next sentence, Brennan again emphasizes that “particularly in areas of Europe,” there needs to be a “wake-up call” because “there has been a misrepresentation” of what the spooks are doing, which he suggests was deliberately “designed to undercut those capabilities.”

So the paragraph where he speaks of these problems, he twice emphasizes that Europe in particular needs to adjust its approach.

Last I checked, Europe didn’t pass USA Freedom Act (which would not, in any way, have restricted review of Parisian targeters). Some countries in Europe are more vigorously considering limits on encryption, but those would be just as ineffective as eliminating the code that’s already out there.

What Europe has done, however, is make it harder for our PRISM providers to share data back and forth between Europe (and with providers considering moving servers to Europe, it will raise new questions about the applicability of PRISM for that data). And Europe (not just Europe, but definitely including Europe) has created a market need for US tech companies to distance themselves from the government.

And in the case of Germany, politicians have been investigating how much its BND has done for NSA, and especially which impermissible German people and companies were targeted as part of the relationship. I noted that Brennan raised similar issues just days after the BND investigation turned scandalous in March, and recent revelations have raised new pressure on BND.

With that in mind, in particular, consider what one of the more responsible reports on Brennan’s speech, that of Shane Harris, focused on — terrorists’ use of Berlin headquartered social messaging app Telegram. If terrorists were using WhatsApp (which a lot of the fearmongering focused on), the metadata, at least, would be available via Facebook. But since Telegram is not a US company, it cannot be obliged under Section 702 of FISA, and that surely creates just the kind of gap Brennan was talking about.

Since Brennan’s speech, Telegram has started deleting the special channels set up by ISIS to communicate.

I’m sure Brennan is complaining about encryption and if he can get Congress to force domestic back doors, I’m sure he will (though ISIS reportedly shies away from Apple products, so forcing Apple to give up its encrypted iMessage won’t help track down ISIS). But his speech seemed focused much more intently on ways in which, in the aftermath of the Snowden leaks, Europeans have opportunistically localized data and, in the process, made that data far less accessible to the NSA. Brennan, as I made clear in March, definitely would prefer the Europeans rely on Americans for their SIGINT (and in the process agree to some inappropriate spying in their home country), and the gap created by terrorists’ reliance on Telegram is one way to exert pressure on that point.

Read more

Author of Story Based on Leaks about Surveillance Parrots Brennan Condemning Leaks about Surveillance

/7 Comments/in , /by

Josh Rogin is among many journalists who covered John Brennan’s complaints about how “a number of unauthorized disclosures”and hand-wringing about our surveillance capabilities this morning (which was a response to Rogin asking “what went wrong” in Paris in questions).

But Brennan also said that there had been a significant increase in the operational security of terrorists and terrorist networks, who have used new commercially available encryption technologies and also studied leaked intelligence documents to evade detection.

“They have gone to school on what they need to do in order to keep their activities concealed from the authorities,” he said. “I do think this is a time for particularly Europe as well as the U.S. for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence services to protect the people that they are asked to serve.”

The FBI has said that Internet “dark spaces” hinder monitoring of terrorism suspects. That fuels the debate over whether the government should have access to commercial applications that facilitate secure communications.

Brennan pointed to “a number of unauthorized disclosures” over the past several years that have made tracking suspected terrorists even more difficult. He said there has been “hand wringing” over the government’s role in tracking suspects, leading to policies and legal action that make finding terrorists more challenging, an indirect reference to the domestic surveillance programs that were restricted after leaks by Edward Snowden revealed their existence.

I find it interesting that Rogin, of all people, is so certain that this is an “indirect reference to the domestic surveillance programs that were restricted after leaks by Edward Snowden revealed their existence.” It’s a non-sensical claim on its face, because no surveillance program has yet been restricted in the US, though FBI has been prevented from using NSLs and Pen Registers to bulk collection communications. The phone dragnet, however, is still going strong for another 2 weeks.

That reference — as I hope to show by end of day — probably refers to tech companies efforts to stop the NSA and GCHQ from hacking them anymore, as well as European governments and the EU trying to distance themselves from the US dragnet. That’s probably true, especially, given that Brennan emphasized international cooperation in his response.

I’m also confused by Rogin’s claim Jim Comey said Tor was thwarting FBI, given that the FBI Director said it wasn’t in September.

Even more curious is that Rogin is certain this is about Snowden and only Snowden. After all, while Snowden’s leaks would give terrorists a general sense of what might not be safe (though not one they tracked very closely, given the Belgian Minister of Home Affair’s claim that they’re using Playstation 4 to communicate, given that one of Snowden’s leaks said NSA and CIA were going after targets use of gaming consoles to communicate at least as early as 2008).

But a different leak would have alerted terrorists that their specific communications techniques had been compromised. The leak behind this story (which was a follow-up on leaks to the NYT, McClatchy, and WaPo).

It wasn’t just any terrorist message that triggered U.S. terror alerts and embassy closures—but a conference call of more than 20 far-flung al Qaeda operatives, Eli Lake and Josh Rogin report.
The crucial intercept that prompted the U.S. government to close embassies in 22 countries was a conference call between al Qaeda’s senior leaders and representatives of several of the group’s affiliates throughout the region.

The intercept provided the U.S. intelligence community with a rare glimpse into how al Qaeda’s leader, Ayman al-Zawahiri, manages a global organization that includes affiliates in Africa, the Middle East, and southwest and southeast Asia.

Several news outlets reported Monday on an intercepted communication last week between Zawahiri and Nasser al-Wuhayshi, the leader of al Qaeda’s affiliate based in Yemen. But The Daily Beast has learned that the discussion between the two al Qaeda leaders happened in a conference call that included the leaders or representatives of the top leadership of al Qaeda and its affiliates calling in from different locations, according to three U.S. officials familiar with the intelligence. All told, said one U.S. intelligence official, more than 20 al Qaeda operatives were on the call.

[snip]

Al Qaeda leaders had assumed the conference calls, which give Zawahiri the ability to manage his organization from a remote location, were secure. But leaks about the original intercepts have likely exposed the operation that allowed the U.S. intelligence community to listen in on the al Qaeda board meetings.

That story — by Josh Rogin himself! (though again, this was a follow-up on earlier leaks) — gave Al Qaeda, though maybe not ISIS, specific notice that one of their most sensitive communication techniques was compromised.

It’s really easy for journalists who want to parrot John Brennan and don’t know what the current status of surveillance is to blame Snowden. But those who were involved in the leak exposing the Legion of Doom conference call (which, to be sure, originated in Yemen, as many leaks that blow US counterterrorism efforts there do) might want to think twice before they blame other journalism.

Government (and Its Expensive Contractors) Really Need to Secure Their Data Collections

/8 Comments/in /by

Given two recent high profile hacks, the government needs to either do a better job of securing its data collection and sharing process, or presume people will get hurt because of it.

After the hackers Crackas With Attitude hacked John Brennan, they went onto hack FBI’s Deputy Director Mark Giuliano as well as a law enforcement portal run by the FBI. The hack of the latter hasn’t gotten as much attention — thus far, WikiLeaks has not claimed to have the data, but upon closer examination of the data obtained, it appears it might provide clues and contact information about people working undercover for the FBI.

Then, the hackers showed Wired’s Kim Zetter what the portal they had accessed included. Here’s a partial list:

Enterprise File Transfer Service—a web interface to securely share and transmit files.

Cyber Shield Alliance—an FBI Cybersecurity partnership initiative “developed by Law Enforcement for Law Enforcement to proactively defend and counter cyber threats against LE networks and critical technologies,” the portal reads. “The FBI stewards an array of cybersecurity resources and intelligence, much of which is now accessible to LEA’s through the Cyber Shield Alliance.”

IC3—“a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime.”

Intelink—a “secure portal for integrated intelligence dissemination and collaboration efforts”

National Gang Intelligence Center—a “multi-agency effort that integrates gang information from local, state, and federal law enforcement entities to serve as a centralized intelligence resource for gang information and analytical support.”

RISSNET—which provides “timely access to a variety of law enforcement sensitive, officer safety, and public safety resources”

Malware Investigator—an automated tool that “analyzes suspected malware samples and quickly returns technical information about the samples to its users so they can understand the samples’ functionality.”

eGuardian—a “system that allows Law Enforcement, Law Enforcement support and force protection personnel the ability to report, track and share threats, events and suspicious activities with a potential nexus to terrorism, cyber or other criminal activity.”

While the hackers haven’t said whether they’ve gotten into these information sharing sites, they clearly got as far as the portal to the tools that let investigators share information on large networked investigations, targeting things like gangs, other organized crime, terrorists, and hackers. If hackers were to access those information sharing networks, they might be able to both monitor investigations into such networked crime groups, but also (using credentials they already hacked) to make false entries. And all that’s before CISA will vastly expand this info sharing.

Meanwhile, the Intercept reported receiving 2.5 years of recorded phone calls — amounting to 70 million recorded calls — from one of the nation’s largest jail phone providers, Securus. Its report focuses on proving that Securus is not defeat-listing calls to attorneys, meaning it has breached attorney-client privilege. As Scott Greenfield notes, that’s horrible but not at all surprising.

But on top of that, the Intercept’s source reportedly obtained these recorded calls by hacking Securus. While we don’t have details of how that happened, that does mean all those calls were accessible to be stolen. If Intercept’s civil liberties-motivated hacker can obtain the calls, so can a hacker employed by organized crime.

The Intercept notes that even calls to prosecutors were online (which might include discussions from informants). But it would seem just calls to friends and associates would prove of interest to certain criminal organizations, especially if they could pinpoint the calls (which is, after all, the point). As Greenfield notes, defendants don’t usually listen to their lawyers’ warnings — or those of the signs by the phones saying all calls will be recorded — and so they say stupid stuff to everyone.

So we tell our clients that they cannot talk about anything on the phone. We tell our clients, “all calls are recorded, including this one.”  So don’t say anything on the phone that you don’t want your prosecutor to hear.

Some listen to our advice. Most don’t. They just can’t stop themselves from talking.  And if it’s not about talking to us, it’s about talking to their spouses, their friends, their co-conspirators. And they say the most remarkable things, in the sense of “remarkable” meaning “really damaging.”  Lawyers only know the stupid stuff they say to us. We learn the stupid stuff they say to others at trial. Fun times.

Again, such calls might be of acute interest to rival gangs (for example) or co-conspirators who have figured out someone has flipped.

It’s bad enough the government left OPM’s databases insecure, and with it sensitive data on 21 million clearance holders.

But it looks like key law enforcement data collections are not much more secure.

On the Leak Crackdown: Donald Sachtleben Was a Convenient Scapegoat

/1 Comment/in /by

I’m reading Charlie Savage’s Power Wars. While I disagree with some parts of it and have additional information that isn’t included in others (the book is already 700 pages, so it’s possible they were left out because of length), it is absolutely worth reading and provides a ton of insight about what Obama’s legal insiders were willing to share with Savage. Here’s a long interview with Glenn Greenwald about it.

As it happens, last year I wrote but never finalized a post on an area that is misleading in Savage’s chapter on the Obama Administration’s serial prosecution of leakers, about the prosecution of Donald Sachtleben, the retired FBI guy who, after being busted for kiddie porn, ultimately got prosecuted for being the leaker behind the AP’s UndieBomb 2.0 story. I’m tweaking it and posting it now. This post explains his bust.

Savage claims that Sachtleben never got IDed because he didn’t access any classified documents about the bomb and hadn’t signed the sign-in sheet of the room where it was being investigated — which is all stuff claimed in a Statement of Offense that is obviously designed to be misleading (though Sachtleben’s FBI badge did show him entering the examination space where the bomb was being examined; the Statement doesn’t say whether the specific room tracked badge entries). Savage states, Sachtleben “had visited the Quantico lab where the new underwear bomb was being examined on May 1, 2012, a few hours before Goldman and a colleague, Matt Apuzzo, first called government officials to say they knew the FBI had intercepted a new underwear bomb from Yemen” [that date of the call in the Statement is May 2]. That suggests (again, as the statement does) that Sachtleben was therefore the source for the things the AP told the government it knew on May 2.

As I’ve noted, Sacthleben contested this claim at his sentencing, which is actually consistent with what the text messages with him show: Goldman and Apuzzo were looking for confirmation of something they already knew.

“I was neither the sole nor the original source of information to ‘Reporter A’ about the suicide bomb,” Sachtleben said in a statement sent by his law firm. “The information I shared with Reporter A merely confirmed what he already believed to be true. Any implication that I was the direct source of a serious leak is an exaggeration.”

But in CIA Public Affairs emails obtained by FOIA by The Intercept last year, there’s further support for this. The emails reveal that by April 25, 2012 — 5 days before talking to Sachtleben — Goldman was already asking roughly the same questions about Ibrahim al-Asiri asked of Sachtleben. (PDF 548-9)

Screen Shot 2015-11-09 at 6.49.23 PM

“We’re hearing about aqap activity that has USG spun up and Ibrahim al-asiri is back on agency’s radar.” None of that’s surprising, of course, since AP sourced the initial story to numerous officials, and it’s unlikely two Pulitzer Prize winners would single source a story.

The Statement misleadingly suggests that the when Goldman and Apuzzo called the government on May 2, two and a half hours after speaking with Sachtleben (and a full week after Goldman’s email to the CIA Public Affairs office), they stated for the first time that “they believed, but had not confirmed, that the bomb was linked to AQAP’s premier bomb-maker, Ibrahim al-Asiri.” Except the government knew, but did not reveal in the Statement, that the AP reporters had already reached out via official government channels a week earlier with some of that information. Contrary to what Savage suggests, the call on May 2 was not the “first” that government officials learned the AP was working on the story, though it may have been the first time they claimed to have confirmed details about the bomb.

The emails also show the extent of AP’s efforts to provide CIA an opportunity to weigh in on the story.

After several exchanges the week before (including a “chat” between Deputy CIA Director Mike Morell and an AP editor in which the AP agreed to hold the story), CIA’s press office set up a meeting between Goldman, Apuzzo, and Morell at 9:30 on the morning they released their story, May 7. An Apuzzo email describes the purpose. “[T]his meeting is just the one the DDCIA [Morell] suggested, to offer some details to the story we agreed to hold for a few days.” (PDF 308)

This confirms a point the AP long insisted on — that they heeded an administration request for a few days before they published the story. And in response, Apuzzo’s email makes clear, Morell had offered to provide further details on the plot. That of course means that Mike Morell was himself a source for the story, probably including for the detail that CIA had just drone-killed Fahd al-Quso. Last I checked, Morell is not in prison for leaking to the AP (though of course his influence on the story would be considered official declassification and therefore cool).

Apuzzo followed up on the meeting and the story later that day. “I know that there were some strained conversations between our bosses this evening, but as far as Adam and I are concerned, I hope you found the story fair, accurate and responsible.” (PDF 308)

Of course, CIA had no reason to be pissed, given that the AP story celebrated their successful interception of a plot. Indeed, there is a very high likelihood that the CIA talked the AP reporters out of including more sensitive details — such as that the plot was really a sting run by a Saudi asset — that detail came out in other outlets, thanks in part to John Brennan and Peter King (the latter of whom was in turn blabbing about something the CIA had just briefed him), within a day. Or, something implied by the story but not stated directly, that the Administration had deployed a bunch of Air Marshals to Europe to protect against a threat that had never really been a threat and that they had already neutralized anyway. Those are the damning details of the story, but they weren’t in the AP’s version of it.

But the government came after them anyway. And, after members of Congress — including Peter King, who had served as a source for journalists!! — demanded a head, Donald Sachtleben served as a convenient one to offer up.

The story the government has told about Sachtleben — that they found he had a Secret CIA cable among his kiddie porn but didn’t pursue it any further until they exposed the sources of the entire AP newsroom — has never made sense. But as a guy who had already confessed to kiddie porn charges and had actually only served as the confirming source for some of the least sensitive information in the leak, he was convenient.

And while Savage appropriately lays into the Administration for the damage they did to journalism with their pursuit of leakers, the back story behind the scapegoating of Sachtleben suggests DOJ has been far more cynical about leaks and who gets prosecuted for them than suggested in Savage’s chapter.

Read more

Hacking John Brennan, Hacking OPM

/12 Comments/in , /by

In Salon, I’ve got my take on the hack of John Brennan’s AOL account by a 13-year old stoner.

While I think it sucks that WikiLeaks posted unredacted data on Brennan’s family, I’m not at all sympathetic to Brennan himself. After all he’s the guy who decided hacking his SSCI overseers would be appropriate. He’s one of the people who’ve been telling us we have no expectation of privacy in the kinds of data hackers obtained from Verizon — alternate phone number, account ID, password, and credit card information — for years.

But most of all, I think we should remember that Brennan left this data on an AOL server through his entire Obama Administration career, which includes 4 years of service as Homeland Security Czar, a position which bears key responsibility for cybersecurity.

Finally, this hack exposes the Director of the CIA exercising almost laughable operational security. The files appear to date from the period leading up to Brennan’s appointment as White House Homeland Security Czar, where a big part of Brennan’s job was to prevent hacks in this country. To think he was storing sensitive documents on an AOL server — AOL! — while in that role, really demonstrates how laughable are the practices of those who purport to be fighting hackers as the biggest threat to the country. For at least 6 years, the Homeland Security Czar, then the CIA Director — one of the key intelligence officials throughout the Obama Administration — left that stuff out there for some teenagers to steal.

Hacking is a serious problem in this country. Like Brennan, private individuals and corporations suffer serious damage when they get hacked (and the OPM hack of Brennan’s materials may be far more serious). Rather than really fixing the problem, the intelligence community is pushing to give corporations regulatory immunity in exchange for sharing information that won’t be all that useful.

A far more useful initial step in securing the country from really basic types of hacking would be for people like Brennan to stop acting in stupid ways, to stop leaving both their own and the public’s sensitive data in places where even stoned kids can obtain it, to provide a good object lesson in how to limit the data that might be available for malicious hackers to steal.

I would add, however, that there’s one more level of responsibility here.

As I noted in my piece, Brennan’s not the only one who got his security clearance application stolen recently. He is joined in that by 21 million other people, most of whom don’t have a key role in cybersecurity and counterintelligence. Most of those 21 million people haven’t even got official notice their very sensitive data got hacked by one of this country’s adversaries — not even those people who might be particularly targeted by China. Like Brennan, the families of those people have all been put at risk. Unlike Brennan, they didn’t get to choose to leave that data sitting on a server.

In fact, John Brennan and his colleagues have not yet put in place a counterintelligence plan to protect those 21 million people.

If it sucks that John Brennan’s kids got exposed by a hacker (and it does), then it sucks even more than people with far fewer protections and authority to fix things got exposed, as well.

John Brennan should focus on that, not on the 13 year old stoner who hacked his AOL account.

CISA Moves: A Summary

/13 Comments/in /by

This afternoon, Aaron Richard Burr moved the Cyber Intelligence Sharing Act forward by introducing a manager’s amendment that has limited privacy tweaks (permitting a scrub at DHS and limiting the use of CISA information to cyber crimes that nevertheless include to prevent threat to property), with a bunch of bigger privacy fix amendments, plus a Tom Cotton one and a horrible Sheldon Whitehouse one called as non-germane amendments requiring 60 votes.

Other than that, Burr, Dianne Feinstein, and Ron Wyden spoke on the bill.

Burr did some significant goalpost moving. Whereas in the past, he had suggested that CISA might have prevented the Office of Public Management hack, today he suggested CISA would limit how much data got stolen in a series of hacks. His claim is still false (in almost all the hacks he discussed, the attack vector was already known, but knowing it did nothing to prevent the continued hack).

Burr also likened this bill to a neighborhood watch, where everyone in the neighborhood looks out for the entire neighborhood. He neglected to mention that that neighborhood watch would also include that nosy granny type who reports every brown person in the neighborhood, and features self-defense just like George Zimmerman’s neighborhood watch concept does. Worse, Burr suggested that those not participating in his neighborhood watch were had no protection, effectively suggesting that some of the best companies on securing themselves — like Google — were not protecting customers. Burr even suggested he didn’t know anything about the companies that oppose the bill, which is funny, because Twitter opposes the bill, and Burr has a Twitter account.

Feinstein was worse. She mentioned the OPM hack and then really suggested that a series of other hacks — including both the Sony hack and the DDOS attacks on online banking sites that stole no data! — were worse than the OPM hack.

Yes, the Vice Chair of SSCI really did say that the OPM hack was less serious than a bunch of other other hacks that didn’t affect the national security of this country. Which, if I were one of the 21 million people whose security clearance data had been compromised, would make me very very furious.

DiFi also used language that made it clear she doesn’t really understand how the information sharing portal works. She said something like, “Once cyber information enters the portal it will move at machine speed to other federal agencies,” as if a conveyor belt will carry information from DHS to FBI.

Wyden mostly pointed out that this bill doesn’t protect privacy. But he did call out Burr on his goalpost moving on whether the bill would prevent (his old claim) or just limit the damage 0f (his new one) attacks that it wouldn’t affect at all.

Wyden did, however, object to unanimous consent because Whitehouse’s crappy amendment was being given a vote, which led Burr to complain that Wyden wasn’t going to hold this up.

Finally, Burr came back on the floor, not only to bad mouth companies that oppose this bill again (and insist it was voluntary so they shouldn’t care) but also to do what I thought even he wouldn’t do: suggest we need to pass CISA because a 13 year old stoner hacked the CIA Director.

If Ending DOD’s Train and Assist Program Is about Returning to Covert Status, Will Congress Get Details?

/7 Comments/in /by

When Mike Lee, Joe Manchin, Chris Murphy, and Tom Udall wrote the Administration calling for an end to the Syria Train and Equip Program last week, they addressed it to CIA Director John Brennan, along with Defense Secretary Ash Carter (its primary addressee, given the clear reference to details about DOD’s T&E mission) and Secretary of State John Kerry.

It appears the Senators got the result they desired. As a number of outlets are reporting, Carter has decided to end DOD’s T&E program, which has done little except arm al Qaeda affiliates in Syria. But it’s not that we’re going to end our involvement in Syria. The stories provide different descriptions of what we intend to continue doing. The NYT, which pretended not to know about the CIA covert program, described a shift of training to Turkey, while discussing armed Sunnis in eastern Syria.

A senior Defense Department official, who was not authorized to speak publicly and who spoke on the condition of anonymity, said that there would no longer be any more recruiting of so-called moderate Syrian rebels to go through training programs in Jordan, Qatar, Saudi Arabia or the United Arab Emirates. Instead, a much smaller training center would be set up in Turkey, where a small group of “enablers” — mostly leaders of opposition groups — would be taught operational maneuvers like how to call in airstrikes.

[snip]

The official said the training was “to be suspended, with the option to restart if conditions dictate, opportunities arise.” The official also said that support to Sunni Arab fighters in eastern Syria was an example of focusing on groups already fighting the Islamic State, also known as ISIS or ISIL, “rather than using training to try to manufacture new brigades.”

The LAT to its credit did acknowledge the parallel CIA program in a piece vaguely describing our “new” approach of working with a wide range of groups on the Turkish border.

Under the new approach, the administration will continue to work with a range of groups to capitalize on the successes that Kurdish, Arab and Turkmen groups have had over the last several months driving the Islamic State forces out of much of the Turkey-Syria border region.‎

[snip]

The decision to end the Pentagon training program does not appear to immediately affect a separate program run by the CIA.

While Ash Carter’s public remarks associated with this discussion make it clear Russia’s actions in the same region remain a concern, the reporting I’ve seen thus far hasn’t tied the decision to end the DOD program to the need to respond to Russia in any way.

Which raises the question: is this just an attempt to shift our existing T&E efforts entirely under a covert structure again? There are many reasons why you’d want to do that, not least because it would make it a lot easier to hide that not only aren’t your “rebels” “moderate,” but they’re al Qaeda affiliates (as David Petraeus and others were floating we should do). Given Qatari and Saudi efforts to flood more weapons into Syria in response to Russia’s involvement, you’d think the US would want to play along too.

But especially since Tom Udall is the guy who — a year ago — raised the crazy notion that Congress should know some details about the (at that point) two year long effort by CIA to support “moderate” forces …

Everybody’s well aware there’s been a covert operation, operating in the region to train forces, moderate forces, to go into Syria and to be out there, that we’ve been doing this the last two years. And probably the most true measure of the effectiveness of moderate forces would be, what has been the effectiveness over that last two years of this covert operation, of training 2,000 to 3,000 of these moderates? Are they a growing force? Have they gained ground? How effective are they? What can you tell us about this effort that’s gone on, and has it been a part of the success that you see that you’re presenting this new plan on?

… I wonder whether Congress has ever gotten fully briefed on that program — and whether they would going forward.

After all, none of the men who signed this letter would be privy to how a covert effort to train rebels was going under normal guidelines unless Udall or Murphy were getting details on the Appropriations Committee.

So while it may be — and I think it likely this is — just an effort to make it easier to partner with al Qaeda to defeat Bashar al-Assad and Putin (teaming with al Qaeda to fight Russia! just like old times!) — I also wonder whether this is an effort to avoid telling most of Congress just how problematic (even if effective from an anti-Assad perspective) both the DOD and CIA effort are.