National News

June 27, 2013

Al-Qaida said to be changing its ways after leaks

WASHINGTON — U.S. intelligence agencies are scrambling to salvage their surveillance of al-Qaida and other terrorists who are working frantically to change how they communicate after a National Security Agency contractor leaked details of two NSA spying programs. It’s an electronic game of cat-and-mouse that could have deadly consequences if a plot is missed or a terrorist operative manages to drop out of sight.

Terrorist groups had always taken care to avoid detection — from using anonymous email accounts, to multiple cellphones, to avoiding electronic communications at all, in the case of Osama bin Laden. But there were some methods of communication, like the Skype video teleconferencing software that some militants still used, thinking they were safe, according to U.S. counterterrorism officials who follow the groups. They spoke anonymously as a condition of describing their surveillance of the groups. Those militants now know to take care with Skype — one of the 9 U.S.-based Internet servers identified by former NSA contractor Edward Snowden’s leaks to The Guardian and The Washington Post.

Two U.S. intelligence officials say members of virtually every terrorist group, including core al-Qaida members, are attempting to change how they communicate, based on what they are reading in the media, to hide from U.S. surveillance. It is the first time intelligence officials have described which groups are reacting to the leaks. The officials spoke anonymously because they were not authorized to speak about the intelligence matters publicly.

The officials wouldn’t go into details on how they know this, whether it’s terrorists switching email accounts or cellphone providers or adopting new encryption techniques, but a lawmaker briefed on the matter said al-Qaida’s Yemeni offshoot, al-Qaida in the Arabian Peninsula, has been among the first to alter how it reaches out to its operatives.

The lawmaker spoke anonymously because he would not, by name, discuss the confidential briefing.

Shortly after Edward Snowden leaked documents about the secret NSA surveillance programs, chat rooms and websites used by like-minded extremists and would-be recruits advised users how to avoid NSA detection, from telling them not to use their real phone numbers to recommending specific online software programs to keep spies from tracking their computers’ physical locations.

House Intelligence Committee Chairman Mike Rogers, R-Mich., said there are “changes we can already see being made by the folks who wish to do us harm, and our allies harm.”

Sen. Angus King, I-Maine, said Tuesday that Snowden “has basically alerted people who are enemies of this country ... (like) al-Qaida, about what techniques we have been using to monitor their activities and foil plots, and compromised those efforts, and it’s very conceivable that people will die as a result.”

Privacy activists are more skeptical of the claims. “I assume my communication is being monitored,” said Andrea Prasow, senior counterterrorism counsel for Human Rights Watch. She said that’s why her group joined a lawsuit against the Director of National Intelligence to find out if its communications were being monitored. The case was dismissed by the U.S. Supreme Court last fall. “I would be shocked if terrorists didn’t also assume that and take steps to protect against it,” she said.

“The government is telling us, ‘This has caused tremendous harm.’ But also saying, ‘Trust us we have all the information. The US government has to do a lot more than just say it,” Prasow said.

At the same time, NSA and other counterterrorist analysts have been focusing their attention on the terrorists, watching their electronic communications and logging all changes, including following which Internet sites the terrorist suspects visit, trying to determine what system they might choose to avoid future detection, according to a former senior intelligence official speaking anonymously as a condition of discussing the intelligence operations.

“It’s frustrating. You have to start all over again to track the target,” said M.E. “Spike” Bowman, a former intelligence officer and deputy general counsel of the FBI, now a fellow at the University of Virginia’s Center for National Security Law. But the NSA will catch up eventually, he predicted, because there are only so many ways a terrorist can communicate. “I have every confidence in their ability to regain access.”

Terror groups switching to encrypted communication may slow the NSA, but encryption also flags the communication as something the U.S. agency considers worth listening to, according to a new batch of secret and top-secret NSA documents published last week by The Guardian, a British newspaper. They show that the NSA considers any encrypted communication between a foreigner they are watching and a U.S.-based person as fair game to gather and keep, for as long as it takes to break the code and examine it.

Documents released last week also show measures the NSA takes to gather foreign intelligence overseas, highlighting the possible fallout of the disclosures on more traditional spying. Many foreign diplomats use email systems like Hotmail for their personal correspondence. Two foreign diplomats reached this week who use U.S. email systems that the NSA monitors overseas say they plan no changes, because both diplomats said they already assumed the U.S. was able to read that type of correspondence. They spoke on condition of anonymity because they were not authorized to discuss their methods of communication publicly.

The changing terrorist behavior is part of the fallout of the release of dozens of top-secret documents to the news media by Snowden, 30, a former systems analyst on contract to the NSA.

The Office of the Director for National Intelligence and the NSA declined to comment on the fallout, but the NSA’s director, Gen. Keith Alexander, told lawmakers that the leaks have caused “irreversible and significant damage to this nation.”

“I believe it will hurt us and our allies,” Alexander said.

“After the leak, jihadists posted Arabic news articles about it ... and recommended fellow jihadists to be very cautious, not to give their real phone number and other such information when registering for a website,” said Adam Raisman of the SITE Intelligence Group, a private analysis firm. They also gave out specific advice, recommending jihadists use privacy-protecting email systems to hide their computer’s IP address, and to use encrypted links to access jihadi forums, Raisman said.

Other analysts predicted a two-track evolution away from the now-exposed methods of communication: A terrorist who was using Skype to plan an attack might stop using that immediately so as not to expose the imminent operation, said Ben Venzke of the private analysis firm IntelCenter.

But if the jihadi group uses a now-exposed system like YouTube to disseminate information and recruit more followers, they’ll make a gradual switch to something else that wasn’t revealed by Snowden’s leaks — moving slowly in part because they’ll be trying to determine whether new systems they are considering aren’t also compromised, and they’ll have to reach their followers and signal the change. That will take time.

“Overall, for terrorist organizations and other hostile actors, leaks of this nature serve as a wake-up call to look more closely at how they’re operating and improve their security,” Venzke said. “If the CIA or the FBI was to learn tomorrow that its communications are being monitored, do you think it would be business as usual or do you think they would implement a series of changes over time?”

Terrorist groups have already adapted after learning from books and media coverage of “how U.S. intelligence mines information from their cellphones found at sites that get raided in war zones,” said Scott Swanson, a forensics intelligence expert with Osprey Global Solutions. “Many are increasingly switching the temporary phones or SIM cards they use and throw them away more often, making it harder to track their network.”

The disclosure that intelligence agencies were listening to Osama bin Laden drove him to drop the use of all electronic communications.

“When it leaked that bin Laden was using a Thuraya cellphone, he switched to couriers,” said Jane Harman, former member of the House Intelligence Committee and now director of the Woodrow Wilson International Center. “The more they know, the clearer the road map is for them.”

It took more than a decade to track bin Laden down to his hiding place in Abbottabad, Pakistan, by following one of those couriers.

1
Text Only
National News
  • 10 Things to Know for Friday

    Your daily look at late-breaking news, upcoming events and the stories that will be talked about Friday.

    April 24, 2014

  • Afghan hospital guard kills 3 American doctors

    An Afghan government security guard opened fire Thursday on a group of foreign doctors at a Kabul hospital, killing three American physicians and wounding a U.S. nurse, officials said.

    April 24, 2014

  • Nevada rancher condemned for racist remarks

     A Nevada rancher who has become a conservative folk hero for resisting the federal government’s attempts to round up his cattle faced sharp criticism Thursday for racist comments published in a New York Times article.

    April 24, 2014

  • NRA seeks universal gun law at national meeting

    With concealed weapons now legal in all 50 states, the National Rifle Association’s focus at this week’s annual meeting is less about enacting additional state protections than on making sure the permits already issued still apply when the gun owners travel across the country.

    April 24, 2014

  • 10 Things to Know for Thursday

    Your daily look at late-breaking news, upcoming events and the stories that will be talked about Thursday.

    April 23, 2014

  • US weighs clemency for inmates jailed for 10 years

    The Justice Department is encouraging nonviolent federal inmates who have behaved in prison, have no significant criminal history and have already served more than 10 years behind bars to apply for clemency, officials announced Wednesday.

    April 23, 2014

  • High court tosses $3.4M award to child porn victim

    The Supreme Court on Wednesday rejected a plea to make it easier for victims of child pornography to collect money from people who view their images online, throwing out a nearly $3.4 million judgment in favor of a woman whose childhood rape has been widely seen on the Internet. Two dissenting justices said Congress should change the law to benefit victims.

    April 23, 2014

  • Airport security vulnerabilities not uncommon

    For all the tens of billions of dollars that the nation has spent on screening passengers and their bags, few airports made a comparable investment to secure the airplanes themselves.

    April 23, 2014

  • Deal signs bill expanding gun rights in Georgia

    Gov. Nathan Deal has signed legislation expanding where people with licenses to carry can bring their guns in Georgia.

    April 23, 2014

  • Indian film awards arrive in Tampa, Fla., but why?

    The so-called Bollywood Oscars have been held in Macau, Singapore, London — and now, Tampa?

    April 23, 2014