Donate for the Cryptome archive of files from June 1996 to the present

30 September 2013

Al Qaeda Promotes Own Comsec

Jump to comsec report.


http://www.nytimes.com/2013/09/30/us/qaeda-plot-leak-has-undermined-
us-intelligence.html

Qaeda Plot Leak Has Undermined U.S. Intelligence

By ERIC SCHMITT and MICHAEL S. SCHMIDT

Published: September 29, 2013

WASHINGTON — As the nation’s spy agencies assess the fallout from disclosures about their surveillance programs, some government analysts and senior officials have made a startling finding: the impact of a leaked terrorist plot by Al Qaeda in August has caused more immediate damage to American counterterrorism efforts than the thousands of classified documents disclosed by Edward Snowden, the former National Security Agency contractor.

Since news reports in early August revealed that the United States intercepted messages between Ayman al-Zawahri, who succeeded Osama bin Laden as the head of Al Qaeda, and Nasser al-Wuhayshi, the head of the Yemen-based Al Qaeda in the Arabian Peninsula, discussing an imminent terrorist attack, analysts have detected a sharp drop in the terrorists’ use of a major communications channel that the authorities were monitoring. Since August, senior American officials have been scrambling to find new ways to surveil the electronic messages and conversations of Al Qaeda’s leaders and operatives.

“The switches weren’t turned off, but there has been a real decrease in quality” of communications, said one United States official, who like others quoted spoke on the condition of anonymity to discuss intelligence programs.

The drop in message traffic after the communication intercepts contrasts with what analysts describe as a far more muted impact on counterterrorism efforts from the disclosures by Mr. Snowden of the broad capabilities of N.S.A. surveillance programs. Instead of terrorists moving away from electronic communications after those disclosures, analysts have detected terrorists mainly talking about the information that Mr. Snowden has disclosed.

Senior American officials say that Mr. Snowden’s disclosures have had a broader impact on national security in general, including counterterrorism efforts. This includes fears that Russia and China now have more technical details about the N.S.A. surveillance programs. Diplomatic ties have also been damaged, and among the results was the decision by Brazil’s president, Dilma Rousseff, to postpone a state visit to the United States in protest over revelations that the agency spied on her, her top aides and Brazil’s largest company, the oil giant Petrobras.

The communication intercepts between Mr. Zawahri and Mr. Wuhayshi revealed what American intelligence officials and lawmakers have described as one of the most serious plots against American and other Western interests since the attacks on Sept. 11, 2001. It prompted the closing of 19 United States Embassies and consulates for a week, when the authorities ultimately concluded that the plot focused on the embassy in Yemen.

McClatchy Newspapers first reported on the conversations between Mr. Zawahri and Mr. Wuhayshi on Aug. 4. Two days before that, The New York Times agreed to withhold the identities of the Qaeda leaders after senior American intelligence officials said the information could jeopardize their operations. After the government became aware of the McClatchy article, it dropped its objections to The Times’s publishing the same information, and the newspaper did so on Aug. 5.

In recent months, senior administration officials — including the director of national intelligence, James Clapper Jr. — have drawn attention to the damage that Mr. Snowden’s revelations have done, though most have been addressing the impact on national security more broadly, not just the effect on counterterrorism.

“We have seen, in response to the Snowden leaks, Al Qaeda and affiliated groups seeking to change their tactics, looking to see what they can learn from what is in the press and seek to change how they communicate to avoid detection,” Matthew Olsen, the director of the National Counterterrorism Center, told a security conference in Aspen, Colo., in July.

American counterterrorism officials say they believe the disclosure about the Qaeda plot has had a significant impact because it was a specific event that signaled to terrorists that a main communication network that the group’s leaders were using was being monitored. The sharpest decline in messaging has been among the Qaeda operatives in Yemen, officials said. The disclosures from Mr. Snowden have not had such specificity about terrorist communications networks that the government is monitoring, they said.

“It was something that was immediate, direct and involved specific people on specific communications about specific events,” one senior American official said of the exchange between the Qaeda leaders. “The Snowden stuff is layered and layered, and it will take a lot of time to understand it. There wasn’t a sudden drop-off from it. A lot of these guys think that they are not impacted by it, and it is difficult stuff for them to understand.”

Other senior intelligence and counterterrorism officials offer a dissenting view, saying that it is difficult, if not impossible, to separate the impact of the messages between the Qaeda leaders from Mr. Snowden’s overall disclosures, and that the decline is more likely a combination of the two.

“The bad guys are just not going to talk operational planning electronically,” said one senior counterterrorism official. Moreover, that official and others say, it could take months or years to fully assess the impact of Mr. Snowden’s disclosures on counterterrorism efforts.

Over the past decade, the N.S.A. has invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, according to documents provided by Mr. Snowden.

The government’s greatest fear concerning its counterterrorism operations is that over the next several months, the level of intercepted communications will continue to fall as terrorists most likely find new ways to communicate with one another, one senior American official said. It will likely take the government some time to break into that method and monitor communications.

One way the terrorists may try to communicate, the official said, is strictly through couriers, who would carry paper notes or computer flash drives. If that happens, the official said, terrorists will find it very difficult to communicate as couriers take significant time to move messages.

“The problem for Al Qaeda is they cannot function without cellphones,” said one former senior administration official. “They know we listen to them, but they use them anyhow. You can’t run a sophisticated organization without communications in this world. They know all this, but to operate they have to go on.”

A senior intelligence official put it this way: “They are agile, we are agile. When we see a change in behavior, our guys are changing right along with it, or we’re already seeing it and adapting to it. Our capabilities are changing in hours and days, versus weeks and months like we used to.”

To be sure, Qaeda leaders and their top lieutenants use other secure electronic communications as well as old-fashioned means — like couriers, as Bin Laden did — that pose major challenges to American intelligence services.

In the past few months, the Global Islamic Media Front, the propaganda arm of Al Qaeda and other Islamic terrorist groups, has released new software that allows users to encrypt communications for instant-messaging and cellphones. Officials say these new programs may pose fresh challenges for N.S.A. code breakers.

Jihadists have been working on camouflaging their communications through encryption software for years.

Al Qaeda’s use of advanced encryption technology dates to 2007, when the Global Islamic Media Front released the Asrar al-Mujahedeen, or so-called “Mujahedeen Secrets,” software. An updated version, Mujahedeen Secrets 2, was released in January 2008, and has been revised at least twice, most recently in May 2012, analysts said.

The program was popularized in the first issue of Inspire, Al Qaeda in the Arabian Peninsula’s quarterly online magazine, in a July 2010 post entitled “How to Use Asrar al-Mujahedeen: Sending and Receiving Encrypted Messages.” [http://cryptome.org/2012/01/inspire/inspire-1.pdf]

Since then, each issue of Inspire has offered a how-to section on encrypting communications, recommending MS2 as the main encryption tool.

Shortly after Mr. Snowden leaked documents about the secret N.S.A. surveillance programs, chat rooms and Web sites used by jihadis and prospective recruits advised users how to avoid N.S.A. detection, from telling them to avoid using Skype to recommending specific online software programs like MS2 to keep spies from tracking their computers’ physical locations.

A few months ago, the Global Islamic Media Front issued new software that relies on the MS2’s “Asrar al-Dardashah, or “Secrets of Chatting,” which allows users to encrypt conversations over instant-messaging software like Paltalk, Google Chat, Yahoo and MSN, according to Laith Alkhouri, a senior analyst at Flashpoint Global Partners, a New York security consulting firm that tracks militant Web sites.

In early September, the Global Islamic Media Front said it had released an encryption program for messages and files on mobile phones running the Android and Symbian operating systems.

According to the group, the software can encrypt text messages and files and send them by e-mail or between cellphones with different operating systems. The software also lets users securely check e-mail and prevents users from receiving nonencrypted messages, the group claimed.