UndieBomb 2.0 Archives - Page 3 of 4

Posts

“A Full Two Month Period” that Covers John Brennan’s Entire Drone Propaganda Campaign

May 13, 2013/31 Comments/in Drones, Press and Media /by emptywheel

In his letter to Eric Holder, AP’s President Gary Pruitt emphasized how inexcusably overbroad the call record seizure had been.

Last Friday afternoon, AP General Counsel Laura Malone received a letter from the office of United States Attorney Ronald C. Machen Jr. advising that, at some unidentified time earlier this year, the Department obtained telephone toll records for more than 20 separate telephone lines assigned to the AP and its journalists. The records that were secretly obtained cover a full two-month period in early 2012 and, at least as described in Mr. Machen’s letter, include all such records for, among other phone lines, an AP general phone number in New York City as well as AP bureaus in New York City, Washington, D.C., Hartford, Connecticut, and at the House of Representatives. This action was taken without advance notice to AP or to any of the affected journalists, and even after the fact no notice has been sent to individual journalists whose home phones and cell phone records were seized by the Department. [my emphasis]

AP’s most recent story on the seizure seems to suggest that “full two-month period” spanned April and May of last year.

In all, the government seized the records for more than 20 separate telephone lines assigned to AP and its journalists in April and May of 2012.

If so, it means the government grabbed phone records for Adam Goldman, Matt Apuzzo, Kimberly Dozier, Eileen Sullivan, and Alan Fram for three weeks after (and five weeks before) the UndieBomb 2.0 story Goldman and Apuzzo by-lined.

That would mean they’d get the sources for this Kimberly Dozier story published May 21 which starts,

White House counterterror chief John Brennan has seized the lead in guiding the debate on which terror leaders will be targeted for drone attacks or raids, establishing a new procedure to vet both military and CIA targets.

The move concentrates power over the use of lethal U.S. force outside war zones at the White House.

The process, which is about a month old, means Brennan’s staff consults the Pentagon, the State Department and other agencies as to who should go on the list, making a previous military-run review process in place since 2009 less relevant, according to two current and three former U.S. officials aware of the evolution in how the government targets terrorists.

Within 10 days of the time Dozier published that story, John Brennan had rolled out an enormous propaganda campaign — based on descriptions of the drone targeting process that Brennan’s power grab had replaced, not the new drone targeting process — that suckered almost everyone commenting on drones that drone targeting retained its previous, more deliberative, targeting process, the one Brennan had just changed.

And that propaganda campaign, in turn, hid another apparent detail: that UndieBomb 2.0, a Saudi sting had actually occurred earlier in April, and that UndieBomb 2.0 preceded and perhaps justified the signature strikes done at the behest of the Yemenis (or more likely the Saudis).

April 18: Greg Miller first reports on debate over signature strikes

Around April 20: UndieBomb 2.0 device recovered

Around April 22: John Brennan takes over drone targeting from JSOC

April 22: Drone strike that–WSJ reports, “Intelligence analysts [worked] to identify those killed” after the fact, suggesting possible signature strike

April 24: Robert Mueller in Yemen for 45 minute meeting, presumably to pick up UndieBomb

April 25: WSJ reports that Obama approved use of signature strikes

April 30: John Brennan gives speech, purportedly bringing new transparency to drone program, without addressing signature strikes

May 6: Fahd al-Quso killed

May 7: AP reports on UndieBomb 2.0

May 8: ABC reports UndieBomb 2.0 was Saudi-run infiltrator

May 15: Drone strike in Jaar kills a number of civilians

Now, frankly, I think the witch hunt response to the UndieBomb 2.0 plot was mostly just an excuse to start investigating the AP, though it did lead John Brennan to make it clear that it was a Saudi-manufactured plot in the first place.

But the response to that Dozier article, which provided the final piece of evidence for the timeline above showing Brennan grabbed control of drone targeting at roughly the moment we started signature strikes in Yemen, was more dramatic, at least in terms of the breathtaking propaganda the White House rolled out to pretend the drone strikes were more orderly than they actually were.

I’m guessing, but when Pruitt says this,

These records potentially reveal communications with confidential sources across all of the newsgathering activities undertaken by the AP during a two-month period, provide a road map to AP’s newsgathering operations, and disclose information about AP’s activities and operations that the government has no conceivable right to know.

I’m guessing he might have other AP stories in mind.

I know I’m as least as worried about DOJ targeting Dozier’s sources, who revealed a critical detail of how illegal the drone program was, as I am about the original UndieBomb 2.0 story.

DOJ Goes Nuclear on Goldman and Apuzzo

May 13, 2013/13 Comments/in Drones, Leak Investigations, Press and Media /by emptywheel

While the AP doesn’t say it in their report that DOJ got two months of unnamed reporters’ call records, but this effectively means they’ve gone nuclear on Goldman and Apuzzo for breaking a story the White House was going to break the following day anyway.

Prosecutors took records showing incoming and outgoing calls for work and personal numbers for individual reporters, plus for general AP offices in New York, Washington and Hartford, Conn. The government also seized those records for the main phone number for AP in the House of Representatives press gallery.

The Justice Department disclosed the seizure in a letter the AP received Friday.

[snip]

In the letter notifying the AP received Friday, the Justice Department offered no explanation for the seizure, according to Pruitt’s letter and attorneys for the AP. The records were presumably obtained from phone companies earlier this year although the government letter did not explain that. None of the information provided by the government to the AP suggested the actual phone conversations were monitored.

As a reminder, here’s a history of the White House’s attempts to dubiously claim they weren’t planning on releasing the information themselves, as they had the last time a Saudi infiltrator tipped us to a plot.

When the AP first broke the story on UndieBomb 2.0, it explained that it had held the story but decided to publish before the Administration made an official announcement on what would have been Tuesday, May 8.

The AP learned about the thwarted plot last week but agreed to White House and CIA requests not to publish it immediately because the sensitive intelligence operation was still under way.

Once those concerns were allayed, the AP decided to disclose the plot Monday despite requests from the Obama administration to wait for an official announcement Tuesday. [my emphasis]

Since that time, the Administration has tried to claim they never intended to make an official announcement about the “plot.” They did so for a May 9 LAT story.

U.S. intelligence officials had planned to keep the bomb sting secret, a senior official said, but the Associated Press learned of the operation last week. The AP delayed posting the story at the request of the Obama administration, but then broke the news Monday.

[snip]

“We were told on Monday that the operation was complete and that the White House was planning to announce it Tuesday,” he said.

Then the White House tried misdirection for a Mark Hosenball story last week–both blaming AP for information about the Saudi infiltrator the AP didn’t break, and attributing Brennan’s comments implying the plot involved an infiltrator to hasty White House efforts to ~~feed the news cyclespin~~respond to the story.

According to National Security Council spokesman Tommy Vietor, due to its sensitivity, the AP initially agreed to a White House request to delay publication of the story for several days.

But according to three government officials, a final deal on timing of publication fell apart over the AP’s insistence that no U.S. official would respond to the story for one clear hour after its release.

[snip]
The White House places the blame squarely on AP, calling the claim that Brennan contributed to a leak “ridiculous.”

“It is well known that we use a range of intelligence capabilities to penetrate and monitor terrorist groups,” according to an official statement from the White House national security staff.

“None of these sources or methods was disclosed by this statement. The egregious leak here was to the Associated Press. The White House fought to prevent this information from being reported and ultimately worked to delay its publication for operational security reasons. No one is more upset than us about this disclosure, and we support efforts to prevent leaks like this which harm our national security,” the statement said.

The original AP story, however, made no mention of an undercover informant or allied “control” over the operation, indicating only that the fate of the would-be suicide bomber was unknown. [my emphasis]

Now, there are several problems with this latest White House story. The allegation of a quid pro quo rests on the premise that the Administration was also about to release the information; it’s just a different version of the request to hold the story until an official White House announcement. Furthermore, if the White House didn’t want this information out there, then why brief Richard Clarke and Fran Fragos Townsend, who went from there to prime time news shows and magnified the story?

Meanwhile, John Brennan, who leaked the most damaging part of this (that it was just a Saudi sting), has since been promoted to run the CIA, even though, at least according to James Clapper’s definition, he’s a leaker.

Also, note the language used here: “seized.” Not “subpoenaed.”

That, plus the description of these as “phone records” suggests DOJ may well have relied on a National Security Letter to get journalist contacts, as I’ve long been predicting they’ve been doing.

Update, per the more detailed AP update: Apparently the letter says they were subpoenaed.

Update: Actually, the letter itself doesn’t say they were subpoenaed, and given that no notice was provided, it seems like NSLs are a likely candidate.

Last Friday afternoon, AP General Counsel Laura Malone received a letter from the office of United States Attorney Ronald C. Machen Jr. advising that, at some unidentified time earlier this year, the Department obtained telephone toll records for more than 20 separate telephone lines assigned to the AP and its journalists. The records that were secretly obtained cover a full two-month period in early 2012 and, at least as described in Mr. Machen’s letter, include all such records for, among other phone lines, an AP general phone number in New York City as well as AP bureaus in New York City, Washington, D.C., Hartford, Connecticut, and at the House of Representatives. This action was taken without advance notice to AP or to any of the affected journalists, and even after the fact no notice has been sent to individual journalists whose home phones and cell phone records were seized by the Department.

This entire leak investigation was always a witch hunt, because sources in the Middle East were blabbing about it anyway, because John Brennan was blabbing too, and because the White House planned to blab about it the following day.

But that, apparently, didn’t stop DOJ from throwing its most aggressive weapons against Adam Goldman and Matt Apuzzo, who first broke the story.

The 2011 DIOG Permits Using NSLs to Get Journalist Contacts

January 26, 2013/10 Comments/in Cybersecurity, Leak Investigations /by emptywheel

In what may be one of those stories telegraphing investigative details between people being investigated, the WaPo updates the StuxNet investigation.

Prosecutors are pursuing “everybody — at pretty high levels, too,” said one person familiar with the investigation. “There are many people who’ve been contacted from different agencies.”

The FBI and prosecutors have interviewed several current and former senior government officials in connection with the disclosures, sometimes confronting them with evidence of contact with journalists, according to people familiar with the probe.

Here’s the detail everyone is focusing on (and I’ve seen similar claims on reporting of other leak investigations).

Investigators, they said, have conducted extensive analysis of the e-mail accounts and phone records of current and former government officials in a search for links to journalists.

[snip]

Former prosecutors said these investigations typically begin by compiling a list of people with access to the classified information. When government officials attend classified briefings or examine classified documents in secure facilities, they must sign a log, and these records can provide an initial road map for investigators.

Former prosecutors said investigators run sophisticated software to identify names, key words and phrases embedded in e-mails and other communications, including text messages, which could lead them to suspects.

The FBI also looks at officials’ phone records — who called whom, when, for how long. Once they have evidence of contact between officials and a particular journalist, investigators can seek a warrant to examine private e-mail accounts and phone records, including text messages, former prosecutors said.

Prosecutors and the FBI can examine government e-mail accounts and government-issued devices, including cellphones, without a warrant. They can also look at private e-mail accounts without a warrant if those accounts were accessed on government computers. [my emphasis]

This description may well be how the government is conducting the StuxNet (and the UndieBomb 2.0 investigation, which the article also describes).

But if WaPo is relying solely on former prosecutors, this description may be totally outdated.

After all–as I’ve reported repeatedly in the past–the 2011 update of FBI’s Domestic Investigations and Operations Guide permits using National Security Letters to get journalists’ contacts in National Security investigations (as all of these would be).

A heavily-redacted section (PDF 166) suggests that in investigations with a national security nexus (so international terrorism or espionage, as many leak cases have been treated) DOJ need not comply with existing restrictions requiring Attorney General approval before getting the phone records of a journalist. The reason? Because NSLs aren’t subpoenas, and that restriction only applies to subpoenas.

Department of Justice policy with regard to the issuances of subpoenas for telephone toll records of members of the news media is found at 28 C.F.R. § 50.10. The regulation concerns only grand jury subpoenas, not National Security Letters (NSLs) or administrative subpoenas. (The regulation requires Attorney General approval prior to the issuance of a grand jury subpoena for telephone toll records of a member of the news media, and when such a subpoena is issued, notice must be given to the news media either before or soon after such records are obtained.) The following approval requirements and specific procedures apply for the issuance of an NSL for telephone toll records of members of the news media or news organizations. [my emphasis]

So DOJ can use NSLs–with no court oversight–to get journalists’ call (and email) records rather than actually getting a subpoena.

The section includes four different approval requirement scenarios for issuing such NSLs, almost all of which are redacted. Though one only partly redacted passage makes it clear there are some circumstances where the approval process is the same as for anyone else DOJ wants to get an NSL on:

If the NSL is seeking telephone toll records of an individual who is a member of the news media or news organization [2 lines redacted] there are no additional approval requirements other than those set out in DIOG Section 18.6.6.1.3 [half line redacted]

And the section on NSL use (see PDF 100) makes it clear that a long list of people can approve such NSLs:

Deputy Director

Executive Assistant Director

Associate EAD for the National Security Branch

Assistant Directors and all DADs for CT/CD/Cyber

General Counsel

Deputy General Counsel for the National Security Law Branch

Assistant Directors in Charge in NY, Washington Field Office, and LA

All Special Agents in Charge

In other words, while DOJ does seem to offer members of the news media–which is itself a somewhat limited group–some protection from subpoena, it also seems to include loopholes for precisely the kinds of cases, like leaks, where source protection is so important.

In other words, this story about starting with the sign-in logs of people who’ve been briefed on a particular topic, then gather call records of those officials?

That may be what happened.

Or it may work the other way, with the government identifying a story it doesn’t like and then using call records to trace back from there to the potential sources of the story.

This curious phrasing would support the latter scenario.

[DC US Attorney Ronald] Machen is examining a leak to the Associated Press that a double agent inside al-Qaeda’s affiliate in Yemen allowed the United States and Saudi Arabia to disrupt the plot to bomb an airliner using explosives and a detonation system that could evade airport security checks.

The AP, after all, didn’t report that UndieBomb 2.0 was actually a sting set up by a Saudi-run infiltrator (and their reporting, at least, suggested they didn’t know UndieBomber 2.0 was an informant). John Brennan and Richard Clarke told that story. And yet WaPo describes the investigation as focusing on the AP part of the story, not the more damning part about an infiltrator.

If and when John Brennan goes unpunished for revealing the most damning part of this story, it’ll become increasingly clear: not only is the government starting with the journalists’ phone and email contacts, but it is doing so with journalists it might otherwise want to silence.

The Disposition of Informants and Citizens

January 4, 2013/2 Comments/in Drones, Informants /by emptywheel

A lot of the commentary about Craig Whitlock’s Tuesday article on three alleged al Shabaab members rendered to the US focused on whether he accurately described this rendition–to a law enforcement proceeding and not, as happened under Bush, to a black site–or not.

But I was more interested in whether the treatment of these three–Swedish citizens Ali Yasin Ahmed and Mohamed Yusuf and Madhi Hashi, a Somali who was raised in the UK, got citizenship there when he was 14, only to have it stripped shortly before he was detained–was indicative of the so-called disposition matrix first reported back in October then reportedly put on hold after Obama beat Mitt.

Consider the timing of both series of events. Hashi was stripped of his British citizenship in June. Shortly thereafter he disappeared from his home in Mogadishu. All three men were in detention in Djibouti by August. On October 18–five days before the first reporting on the disposition matrix–a grand jury returned a sealed indictment against the three. On November 14–conveniently after the election–the US government officially took custody of the men, thereby violating the intent of last year’s NDAA by bringing foreigners onto US soil. And on December 21, while most people were distracted by holidays and fiscal cliffs, the men were arraigned in the Eastern District (curiously, not the Southern District) of New York.

All of which took place as hints of this disposition matrix–an effort to map out contingencies for alleged extremists in a range of different positions–were reported.

“We had a disposition problem,” said a former U.S. counterterrorism official involved in developing the matrix.

The database is meant to map out contingencies, creating an operational menu that spells out each agency’s role in case a suspect surfaces in an unexpected spot. “If he’s in Saudi Arabia, pick up with the Saudis,” the former official said. “If traveling overseas to al-Shabaab [in Somalia] we can pick him up by ship. If in Yemen, kill or have the Yemenis pick him up.”

In other words, the rendition of these three men–in addition to whatever else it was, and I think the case that it was a legitimate use of US law enforcement is thus far weak, though still preferable to a drone strike against the three–seems like a test drive of this disposition process.

Which is why I find it so interesting that two wired up commentators like Daniel Byman and Benjamin Wittes have rolled out what they represent to be the flow chart–they even call it the disposition matrix–the Obama Administration uses if it believes you’re a terrorist.

Because that flow chart is not just incomplete, but factually wrong on several points.

Take step 11, which asks whether a person overseas is an operational leader or not.

Propagandists, to some degree, are also protected under U.S. law. Glorifying jihad and saying that Americans fighting in Iraq and Afghanistan, or even living ordinary lives stateside, deserve death, is not in itself a crime. So even Anwar al-Awlaki, who inspired Americans and Western Muslims in general to take up jihad, was not aggressively targeted until he was linked to attacks on U.S. airlines and aviation targets in the United Kingdom — thus going from “propagandist” to “operator.” Non-operational figures abroad — however dangerous — will tend to be tolerated to the extent they cannot be captured.

The claim that Awlaki was “not aggressively targeted until he was linked to attacks on U.S. airlines” is false. JSOC targeted him the day before the Intelligence Community first started tying him to operations.

But the case of these three men also illustrates the grey areas of this matrix. Presumably, their path would go:

1. Where is the suspect located? Abroad.

3. Is he coming [back to] the US? No. [As far as we know, none were ever in the US]

5. Can a reliable government arrest him? Yes.

6. Will the ally transfer him to the US? Yes.

2. Arrest, indict, prosecute.

As a threshold matter, what happened before this matrix–at least for Hashi–is that the suspect was returning to the UK when his “disposition” process started. As far back as April 2009, MI5 was blackmailing Hashi and his friends to turn informants.

Five Muslim community workers have accused MI5 of waging a campaign of blackmail and harassment in an attempt to recruit them as informants.

The men claim they were given a choice of working for the Security Service or face detention and harassment in the UK and overseas.

[snip]

Madhi Hashi, a 19-year-old care worker from Camden, claims he was held for 16 hours in a cell in Djibouti airport on the orders of MI5. He alleges that when he was returned to the UK on 9 April this year he was met by an MI5 agent who told him his terror suspect status would remain until he agreed to work for the Security Service. He alleges that he was to be given the job of informing on his friends by encouraging them to talk about jihad.

After that he returned to Somalia and married. In June, he was stripped of his citizenship, and then disappeared even before he could have appealed the decision.

In June 2012, a letter delivered to Hashi’s family home in London informed him that the home secretary Theresa May had decided to strip him of his British citizenship, claiming he had been ‘involved in Islamist extremism’.

The letter added that he had four weeks to appeal, but he disappeared before he was able to act.

A man later contacted his family in Somalia claiming he had been held alongside Hashi in a Djibouti jail.

Mahdi’s father Mohamed Hashi told the Bureau: ‘He said [Hashi] was fingerprinted and his DNA was taken, and they found out that he was a British citizen and contacted the British consulate – but the British said sorry, we took his citizenship away from him and we can’t help him.’

And somewhere along the line, Hashi got transferred from Somalia (does that count as a reliable government?) to Djibouti, which has largely become an appendix to the US base there.

Then Hashi sat in Djibouti for up to four months, undergoing who knows what kind of interrogations and under whose authorities. That grey zone interrogation curiously doesn’t show up on Byman and Wittes’ matrix, though such extended interrogations leading to US prosecutions are becoming more and more frequent.

Finally, note the US focus of the matrix: US presence, “return to” US, US prosecution.

In this case, all for crimes connected with a group with which we’re not at war (though we have declared it a terrorist organization). (In his piece on renditions, Whitlock correctly points to Ahmed Warsame as a direct precedent, but in that case Warsame was conspiring with AQAP, against which we are at war.)

The indictments, too, are interesting. Not only do both the October indictment and the November superseding indictment obscure the timeline involved by stating only the alleged crimes occurred from 2008 (before the Brits started harassing Hashi) until 2012 (when he was detained). But the superseding indictment adds the weaker charge of conspiracy to commit material support, suggesting some concern about the strength of the material support charge itself. In press releases but not the indictments, the government claims the men were training at a suicide bomber camp, but even after having Djibouti detain Hashi for 5 months and then detaining him secretly here for a month, they apparently don’t tie any charge to that alleged suicide bomb training.

Given the timing of all this, I wonder whether the celebrated British-recruited Saudi-run UndieBomb infiltrator was once buddies with Hashi, and they rolled Hashi up in the aftermath of that plot?

In any case, the most likely thing that will come out of this “disposition” is that, having refused to become an informant, Hashi will spend the rest of his life living in US taxpayer funded prisions, without the government actually accusing him of plotting against the US.

Maybe he did, in which case the disposition matrix worked. But that’s why we used to demand transparency (and no five month period without due process) for this kind of thing

In short, this rendition might be an improvement over the drone strikes. But if it is, the government has not made the case it is.

“Dear John Brennan: You’re Being Investigated”

August 2, 2012/4 Comments/in Cybersecurity, Drones, Intelligence, Leak Investigations /by emptywheel

A number of people have pointed to Scott Shane’s story on the leak witch hunt for the details it gives on the increasing concern about leak witch hunts among journalists and national security experts.

But this paragraph includes the most interesting news in the article.

The F.B.I. appears to be focused on recent media disclosures on American cyberattacks on Iran, a terrorist plot in Yemen that was foiled by a double agent and the so-called “kill list” of terrorist suspects approved for drone strikes, some of those interviewed have told colleagues. The reports, which set off a furor in Congress, were published by The New York Times, The Associated Press, Newsweek and other outlets, as well as in recent books by reporters for Newsweek and The Times. [my emphasis]

That’s because prior reporting had indicated that the Kill List stories were not being investigated.

Recent revelations about clandestine U.S. drone campaigns against al Qaeda and other militants are not part of two major leak investigations being conducted by federal prosecutors, sources familiar with the inquiries said.

[snip]

The CIA has not filed a “crime report” with the Justice Department over reports about Obama’s drone policy and a U.S. “kill list” of targeted militants, an action which often would trigger an official leak investigation, two sources familiar with the matter said. They

So Shane’s revelation that the Kill List stories are being investigated amounts to the author of one of the Kill List stories reporting that some people who have been interviewed by the FBI told colleagues they got asked about the Kill List. Which might go something like, “Scott, they’re asking about your story, too.”

All without Shane acknowledging that Shane wrote one of the main Kill List Shiny Object stories.

Meanwhile, I find his reference to the outlets involved very interesting. Using the principle of parallelism, the passage seems to suggest the FBI is investigating the NYT for David Sanger’s sources on StuxNet, the AP for Adam Goldman and Matt Apuzzo’s sources on the UndieBomb 2.0 plot, and Newsweek for Daniel Klaidman’s sources on the Kill List. But of course the NYT also wrote a Kill List story, the AP wrote what is probably the most interesting Kill List story (which reported that the Kill List is now run by John Brennan). “And other outlets.” Which might include ABC for revealing that the UndieBomb 2.0 plotter was actually an infiltrator (ABC got the story indirectly from John Brennan, though Richard Clarke). Or the WaPo for Greg Miller’s original story on drone targeting, revealing that we were going to use signature strikes in Yemen. Or the WSJ, reporting that we had started using signature strikes.

In other words, it presents a rather interesting group of potential stories and sources.

Now I don’t know that John Brennan was the source for all this or that he’s really being investigated. I’m not saying Shane is being manipulative by reporting on this (though seriously, it’s another example of the NYT having a reporter report on a story that he is really a part of).

But I do find it rather interesting that a reporter targeted in this leak witch hunt just made news about the scope of the leak witch hunt.

Lamar Smith’s Futile Leak Investigation

July 13, 2012/4 Comments/in CIA Leak Case, Cybersecurity, Drones, Intelligence, Leak Investigations, Pixie Dust /by emptywheel

Lamar Smtih has come up with a list of 7 national security personnel he wants to question in his own leak investigation. (h/t Kevin Gosztola)

House Judiciary Committee Chairman Lamar Smith, R-Texas, told President Obama Thursday he’d like to interview seven current and former administration officials who may know something about a spate of national security leaks.

[snip]

The administration officials include National Security Advisor Thomas Donilon, Director of National Intelligence James Clapper, former White House Chief of Staff Bill Daley, Assistant to the President for Homeland Security and Counterterrorism John Brennan, Deputy National Security Advisor Denis McDonough, Director for Counterterrorism Audrey Tomason and National Security Advisor to the Vice President Antony Blinken.

Of course the effort is sure to be futile–if Smith’s goal is to figure out who leaked to the media (though it’ll serve its purpose of creating a political shitstorm just fine)–for two reasons.

First, only Clapper serves in a role that Congress has an unquestioned authority to subpoena (and even there, I can see the Intelligence Committees getting snippy about their turf–it’s their job to provide impotent oversight over intelligence, not the Judiciary Committees).

As for members of the National Security Council (Tom Donilon, John Brennan, Denis McDonough, Audrey Tomason, and Antony Blinken) and figures, like Bill Daley, who aren’t congressionally approved? That’s a bit dicier. (Which is part of the reason it’s so dangerous to have our drone targeting done in NSC where it eludes easy congressional oversight.)

A pity Republicans made such a stink over the HJC subpoenaing Karl Rove and David Addington and backed Bush’s efforts to prevent Condi Rice from testifying, huh?

The other problem is that Smith’s list, by design, won’t reveal who leaked the stories he’s investigating. He says he wants to investigate 7 leaks.

Smith said the committee intends to focus on seven national security leaks to the media. They include information about the Iran-targeted Stuxnet and Flame virus attacks, the administration’s targeted killings of terrorism suspects and the raid which killed Usama bin Laden.

Smith wants to know how details about the operations of SEAL Team Six, which executed the bin Laden raid in Pakistan, wound up in the hands of film producers making a film for the president’s re-election. Also on the docket is the identity of the doctor who performed DNA tests which helped lead the U.S. to bin Laden’s hideout.

But his list doesn’t include everyone who is a likely or even certain leaker.

Take StuxNet and Flame. Not only has Smith forgotten about the programmers (alleged to be Israeli) who let StuxNet into the wild in the first place–once that happened, everything else was confirmation of things David Sanger and security researchers were able to come up with on their own–but he doesn’t ask to speak to the Israeli spooks demanding more credit for the virus.

Failed Overseers Prepare to Legislate Away Successful Oversight

July 7, 2012/16 Comments/in Cybersecurity, Drones, FISA, Leak Investigations /by emptywheel

Before I talk about the Gang of Four’s proposed ideas to crack down on leaks, let’s review what a crop of oversight failures these folks are.

The only one of the Gang of Four who has stayed out of the media of late–Dutch Ruppersberger–has instead been helping Mike Rogers push reauthorization of the FISA Amendments Act through the House Intelligence Committee with no improvements and no dissents. In other words, Ruppersberger has delivered for his constituent–the NSA–in spite of the evidence the government is wiretapping those pesky little American citizens Ruppersberger should be serving.

Then there’s Rogers himself, who has been blathering to the press about how these leaks are the most damaging in history. He supported such a claim, among other ways, by suggesting people (presumably AQAP) would assume for the first time we (or the Saudis or the Brits) have infiltrators in their network.

Some articles within this “parade” of leaks, Rogers said late last week, “included at least the speculation of human source networks that now — just out of good counterintelligence activities — they’ll believe is real, even if its not real. It causes huge problems.”

Which would assume Rogers is unaware that the last time a Saudi infiltrator tipped us off to a plot, that got exposed too (as did at least one more of their assets). And it would equally assume Rogers is unaware that Mustafa Alani and other “diplomatic sources” are out there claiming the Saudis have one agent or informant infiltrated into AQAP regions for every 850 Yemeni citizens.

In short, Rogers’ claim is not credible in the least.

Though Rogers seems most worried that the confirmation–or rather, reconfirmation–that the US and Israel are behind StuxNet might lead hackers to try similar tricks on us and/or that the code–which already escaped–might escape.

Rogers, who would not confirm any specific reports, said that mere speculation about a U.S. cyberattack against Iran has enabled bad actors. The attack would apparently be the first time the U.S. used cyberweapons in a sustained effort to damage another country’s infrastructure. Other nations, or even terrorists or hackers, might now believe they have justification for their own cyberattacks, Rogers said.

This could have devastating effects, Rogers warned. For instance, he said, a cyberattack could unintentionally spread beyond its intended target and get out of control because the Web is so interconnected. “It is very difficult to contain your attack,” he said. “It takes on a very high degree of sophistication to reach out and touch one thing…. That’s why this stuff is so concerning to me.”

Really, though, Rogers is blaming the wrong people. He should be blaming the geniuses who embraced such a tactic and–if it is true the Israelis loosed the beast intentionally–the Israelis most of all.

And while Rogers was not a Gang of Four member when things started going haywire, his colleague in witch hunts–Dianne Feinstein–was. As I’ve already noted, one of the problems with StuxNet is that those, like DiFi, who had an opportunity to caution the spooks either didn’t have enough information to do so–or had enough information but did not do their job.The problem, then, is not leaks; it’s inadequacy of oversight.

In short, Rogers and Ruppersberger and Chambliss ought to be complaining about DiFi, not collaborating with her in thwarting oversight.

Finally, Chambliss, the boss of the likely sources out there bragging about how unqualified they are to conduct intelligence oversight, even while boasting about the cool videogames they get to watch in SCIFs, appears to want to toot his horn rather the conduct oversight.

Which brings me back to the point of this post, before I got distracted talking about how badly the folks offering these “solutions” to leaks are at oversight.

Their solutions:

Discussions are ongoing over just how stringent new provisions should be as the Senate targets leakers in its upcoming Intelligence Authorization bill, according to a government source.

Read more →

Some Data Points on Minh Qhang Pham, AQAP’s Graphic Artist of Mass Destruction

July 2, 2012/8 Comments/in Informants, Intelligence, Terrorism /by emptywheel

On Friday, the government indicted Minh Quang Pham for material support of al Qaeda in the Arabian Peninsula. The indictment and the press release make it clear (though don’t say explicitly–though this report confirms it) that Pham’s primary alleged crime was helping Samir Khan produce Inspire magazine.

In or about April 2011, PHAM worked with a United States citizen (“American CC-1”) to create online propaganda for Al Qaeda in the Arabian Peninsula.

[snip]

[Pham] facilitated communications between al Qa’ida in the Arabian Peninsula and supporters; and provided expert advice and assistance in photography and graphic design of media for al Qa’ida in the Arabian Peninsula.

Meaning CC-2 is Anwar al-Awlaki.

In or about April 2011, PHAM met with a United States citizen (“American CC-2”) in Yemen.

Given the centrality of Pham’s alleged association with Khan and Awlaki, consider the following chronology and the additional details below.

December 2010: Pham travels from the UK to Yemen.

March and April 2011: Pham carries a Kalashnikov.

April 2011: Pham works with Samir Khan and meets Anwar al-Awlaki.

“About” May 2011: UndieBomb infiltrator travels from UK to Yemen.

September 27, 2011: AQAP releases Inspire, Issue 7.

September 30, 2011: Khan and Awlaki killed in drone strike

December 2011: Pham returns to the UK; “Prior to his arrest [June 29, 2012], PHAM was held by British authorities in immigration custody.”

Around April 20, 2012: UndieBomb 2.0 and his handler removed from Yemen.

May 3, 2012: AQAP releases Inspire Issues 8 and 9.

May 7, 2012: UndieBomb 2.0 revealed.

May 11, 2012: British role in recruiting UndieBomb 2.0 revealed.

May 26, 2012: False AQAP statement released.

June 29, 2012: Pham arrested (presumably in Britain); indicted in US.

First, note that some of alleged acts–notably carrying a Kalashnikov–might require an inside source to learn.

Then consider you had someone coming from the UK to Yemen not long before the UndieBomb 2.0 infiltrator. Unlike UndieBomb 2.0, Pham appears to have decided to leave after his partner in propaganda, Khan, got killed. But then he appears to have been held in immigration custody for 6 months–which happens to cover the time UndieBomb 2.0 infiltrator and his handler were still in Yemen.

How interesting, too, that Pham is being tried here in the US, not in the UK (where the crimes are slightly different but where terrorist propaganda is even more criminalized than here, if I understand the law correctly). Why do you suppose they’re trying him here and not in the UK, where he has just been held for 6 months?

Meanwhile, I’ve always been intrigued that the latest versions of Inspire were released between the time when UndieBomb 2.0 was whisked out of Yemen and the time first the purported plot, then UndieBomb 2.0’s role it, was revealed. Then, several weeks later, someone released a false AQAP announcement claiming AQAP had been infiltrated. Pham would have been in British custody during this period.

Finally, there’s this rather interesting language. As a lot of indictments that fall under the federal terrorism statute do, this one has language on forfeiture under 18 USC 981. But note the way it phases this language on forfeiture.

As a result of planning and perpetuating Federal crimes of terrorism against the United States … defendant [] shall forfeit … all right, title, and interest in all assets, foreign and domestic, affording a source of influence over al Shabaab and AQAP.

This guy, presumably, doesn’t have a whole lot of financial goods to forfeit. Nevertheless, the government is going to the trouble of seizing all his interest in assets affording Pham influence over al Shabaab and AQAP.

Those are, mind you, just data points. But some fairly intriguing ones.

“The Yemeni situation and … the Iranian cyber situation”

June 14, 2012/16 Comments/in Cybersecurity, Drones, Intelligence, Leak Investigations, Terrorism, War /by emptywheel

As MadDog noted yesterday, Dianne Feinstein seemed to answer a question I’ve written about here and here regarding the scope of the leak investigations.

She said the U.S. attorneys would not face political pressures from the Obama administration and would “call the shots as they see them.”

“We can move ahead much more rapidly,” Feinstein said. “Instead of one special prosecutor, you essentially have two here, one is the Yemeni situation and the other is the Iranian cyber situation. I think you’re going to get there much quicker.”

I’m not sure I agree with MD, though, that “the UndieBomb 2.0 and the Stuxnet leaks are the ones being investigated,” meaning implicitly that just those two “leaks” are being investigated.

DiFi’s quote seems to confirm that there is a distinct investigation into the source of the detail (one of the only new parts of David Sanger’s StuxNet reporting) that Israel let StuxNet free, possibly deliberately. Since Eric Holder suggested there was a jurisdictional component to his choice of US Attorneys on these investigations, we can assume that Rod Rosenstein, US Attorney for the National Security Agency, will investigate that alleged leak.

But what does DiFi include when she says, “the Yemeni situation”? Does it include only the leaks about UndieBomb 2.0? And if so, why isn’t it being investigated out of Eastern District of VA, the CIA’s US Attorney district, which purportedly had a lead on that operation in the US?

Further, MD suggested (though did not say explicitly) this means they’re not investigating the drone targeting leaks.

Now, as I’ve noted, one possible reason they wouldn’t investigate the drone targeting “leaks” would be if the stories reported falsehoods or–more charitably–a drone targeting process that was no longer in place, as the AP has reported to be the case and the White House, in their response to the AP story, seemed to confirm. That is, one possible reason why they wouldn’t investigate the “leaks” about drone targeting would be because those stories did not report accurate classified information (and I’ll remind here that the Klaidman story differs in some notable ways from the Joby Warrick story, which we now know came in part from Rahm Emanuel’s effort to publicize Baitullah Mehsud’s killing).

But there’s another possibility. I’m struck by DiFi’s description of “the Yemeni situation” rather than–as most people refer to it–the “thwarted” bomb “plot.” It’s possible that in DiFi’s mind–the mind of a Gang of Four member who has presumably been briefed on our ongoing operations in Yemen–that the leak of the bomb sting, the leak of the Saudi role in it, and the stories that made it clear that John Brennan is running a secret war against Yemeni insurgents using signature strikes out of the NSC largely at the behest of the Saudis all constitute for her “the Yemeni situation.” UndieBomb 2.0 is a part of that secret war–perhaps the legal justification for US involvement in it (and also a useful way to remove an asset and a key handler before the drones start wreaking havoc). But if this speculation is right, it may well be the other details–the report that this war is being run out of NSC, the details that make it clear we’re targeting insurgents, not just AQAP, the fact that we’re clearly in an undeclared war–that DiFi worries about most.

Mind you, this is all supposition. It may be that DiFi was just using shorthand for the UndieBomb 2.0 plot. But to a great degree, all the stories about drone targeting were efforts to expose–and then cover up–the war we’re engaging in Yemen. And that does seem like a secret the Administration is trying to prevent the American public from learning about.

Why Isn’t Neil MacBride Investigating the Alleged UndieBomb 2.0 Leak?

June 12, 2012/3 Comments/in Leak Investigations /by emptywheel

I’ll have more general comments about today’s Senate Judiciary Committee oversight scrum and what it says about leak investigations. But I want to note a very small point Eric Holder made.

When trying to explain to the Republicans why it made sense for DC US Attorney Ronald Machen and Maryland US Attorney Rod Rosenstein, he said there parts of the matters under investigation in their districts. In other words, he assigned the US Attorneys according to jurisdiction (or, to be cynical, he just made a big show of having the people who should investigate these matters anyway investigate them).

But consider. The three alleged leaks that might be investigated are:

UndieBomb 2.0
StuxNet
Drone targeting

Now, StuxNet is easy. Rosenstein’s district includes NSA; StuxNet is a NSA project; therefore it’s probably safe to assume he’s investigating that alleged leak.

Then things get confusing. It would make sense to investigate drone targeting in DC, which is where stories portrayed the Terror Tuesday meetings occurring, and therefore to have Machen lead that investigation, and that may well be happening. Though drone targeting is the one alleged leak that public reports haven’t made clear have been included in the scope of the investigations. Let’s just assume that if drone targeting is being investigated, it is being done by Machen.

I’m more confused still about who is investigating the UndieBomb 2.0 alleged leak. There seems to be little doubt that alleged leak is being investigated. But why isn’t being investigated in Eastern District of VA?

CIA thwarted a plot!!! the headlines read, until it became clear that it was really a Saudi investigation and it wasn’t a plot but a sting. Yet the CIA was definitely involved, at least according to all the reporting on the story. And the US Attorney from EDVA–Neil MacBride–would have a jurisdiction over CIA issues that is just as strong as the US Attorney from MD’s jurisdiction over NSA investigations.

These spooky agencies like keeping their investigations close to home.

So why didn’t Holder include MacBride in the dog-and-pony show last week?

There are several possibilities, all curious:

FBI has reason to believe the main leak did come from John Brennan’s conference call with Richard Clarke and Fran Fragos Townsend, which he placed from the White House
The op wasn’t run out of CIA after all, but was instead liaised with the Saudis through the NSC or State
The story never really existed, and the Saudis just fed us the story of an UndieBomb to give an excuse to start bombing insurgents in Yemen

Maybe there’s some entirely different, completely bureaucratically boring explanation. But Holder’s comment about district based selection (he didn’t use the word jurisdiction, though) suggests it should have been logical for MacBride to take the lead on UndieBomb 2.0. But he isn’t.

Why not?