Al-Qaeda Changing Its Ways After Leaks
By Kimberly Dozier-June 27, 2013
WASHINGTON (AP) -- U.S. intelligence agencies are scrambling to salvage their surveillance of al-Qaida and other terrorists who are working frantically to change how they communicate after a National Security Agency contractor leaked details of two NSA spying programs. It's an electronic game of cat-and-mouse that could have deadly consequences if a plot is missed or a terrorist operative manages to drop out of sight.
Terrorist groups had always taken care to avoid detection - from using anonymous email accounts, to multiple cellphones, to avoiding electronic communications at all, in the case of Osama bin Laden. But there were some methods of communication, like the Skype video teleconferencing software that some militants still used, thinking they were safe, according to U.S. counterterrorism officials who follow the groups. They spoke anonymously as a condition of describing their surveillance of the groups. Those militants now know to take care with Skype - one of the 9 U.S.-based Internet servers identified by former NSA contractor Edward Snowden's leaks to The Guardian and The Washington Post.
Two U.S. intelligence officials say members of virtually every terrorist group, including core al-Qaida members, are attempting to change how they communicate, based on what they are reading in the media, to hide from U.S. surveillance. It is the first time intelligence officials have described which groups are reacting to the leaks. The officials spoke anonymously because they were not authorized to speak about the intelligence matters publicly.
The officials wouldn't go into details on how they know this, whether it's terrorists switching email accounts or cellphone providers or adopting new encryption techniques, but a lawmaker briefed on the matter said al-Qaida's Yemeni offshoot, al-Qaida in the Arabian Peninsula, has been among the first to alter how it reaches out to its operatives.
The lawmaker spoke anonymously because he would not, by name, discuss the confidential briefing.
Shortly after Edward Snowden leaked documents about the secret NSA surveillance programs, chat rooms and websites used by like-minded extremists and would-be recruits advised users how to avoid NSA detection, from telling them not to use their real phone numbers to recommending specific online software programs to keep spies from tracking their computers' physical locations.
House Intelligence Committee Chairman Mike Rogers, R-Mich., said there are "changes we can already see being made by the folks who wish to do us harm, and our allies harm."Sen. Angus King, I-Maine, said Tuesday that Snowden "has basically alerted people who are enemies of this country ... (like) al-Qaida, about what techniques we have been using to monitor their activities and foil plots, and compromised those efforts, and it's very conceivable that people will die as a result."
Privacy activists are more skeptical of the claims. "I assume my communication is being monitored," said Andrea Prasow, senior counterterrorism counsel for Human Rights Watch. She said that's why her group joined a lawsuit against the Director of National Intelligence to find out if its communications were being monitored. The case was dismissed by the U.S. Supreme Court last fall. "I would be shocked if terrorists didn't also assume that and take steps to protect against it," she said.
"The government is telling us, `This has caused tremendous harm.' But also saying, `Trust us we have all the information. The US government has to do a lot more than just say it," Prasow said.
At the same time, NSA and other counterterrorist analysts have been focusing their attention on the terrorists, watching their electronic communications and logging all changes, including following which Internet sites the terrorist suspects visit, trying to determine what system they might choose to avoid future detection, according to a former senior intelligence official speaking anonymously as a condition of discussing the intelligence operations.
"It's frustrating. You have to start all over again to track the target," said M.E. "Spike" Bowman, a former intelligence officer and deputy general counsel of the FBI, now a fellow at the University of Virginia's Center for National Security Law. But the NSA will catch up eventually, he predicted, because there are only so many ways a terrorist can communicate. "I have every confidence in their ability to regain access."
Terror groups switching to encrypted communication may slow the NSA, but encryption also flags the communication as something the U.S. agency considers worth listening to, according to a new batch of secret and top-secret NSA documents published last week by The Guardian, a British newspaper. They show that the NSA considers any encrypted communication between a foreigner they are watching and a U.S.-based person as fair game to gather and keep, for as long as it takes to break the code and examine it.
Documents released last week also show measures the NSA takes to gather foreign intelligence overseas, highlighting the possible fallout of the disclosures on more traditional spying. Many foreign diplomats use email systems like Hotmail for their personal correspondence. Two foreign diplomats reached this week who use U.S. email systems that the NSA monitors overseas say they plan no changes, because both diplomats said they already assumed the U.S. was able to read that type of correspondence. They spoke on condition of anonymity because they were not authorized to discuss their methods of communication publicly.
The changing terrorist behavior is part of the fallout of the release of dozens of top-secret documents to the news media by Snowden, 30, a former systems analyst on contract to the NSA.
The Office of the Director for National Intelligence and the NSA declined to comment on the fallout, but the NSA's director, Gen. Keith Alexander, told lawmakers that the leaks have caused "irreversible and significant damage to this nation."
"I believe it will hurt us and our allies," Alexander said.
"After the leak, jihadists posted Arabic news articles about it ... and recommended fellow jihadists to be very cautious, not to give their real phone number and other such information when registering for a website," said Adam Raisman of the SITE Intelligence Group, a private analysis firm. They also gave out specific advice, recommending jihadists use privacy-protecting email systems to hide their computer's IP address, and to use encrypted links to access jihadi forums, Raisman said.
Other analysts predicted a two-track evolution away from the now-exposed methods of communication: A terrorist who was using Skype to plan an attack might stop using that immediately so as not to expose the imminent operation, said Ben Venzke of the private analysis firm IntelCenter.
But if the jihadi group uses a now-exposed system like YouTube to disseminate information and recruit more followers, they'll make a gradual switch to something else that wasn't revealed by Snowden's leaks - moving slowly in part because they'll be trying to determine whether new systems they are considering aren't also compromised, and they'll have to reach their followers and signal the change. That will take time.
"Overall, for terrorist organizations and other hostile actors, leaks of this nature serve as a wake-up call to look more closely at how they're operating and improve their security," Venzke said. "If the CIA or the FBI was to learn tomorrow that its communications are being monitored, do you think it would be business as usual or do you think they would implement a series of changes over time?"
Terrorist groups have already adapted after learning from books and media coverage of "how U.S. intelligence mines information from their cellphones found at sites that get raided in war zones," said Scott Swanson, a forensics intelligence expert with Osprey Global Solutions. "Many are increasingly switching the temporary phones or SIM cards they use and throw them away more often, making it harder to track their network."
The disclosure that intelligence agencies were listening to Osama bin Laden drove him to drop the use of all electronic communications.
"When it leaked that bin Laden was using a Thuraya cellphone, he switched to couriers," said Jane Harman, former member of the House Intelligence Committee and now director of the Woodrow Wilson International Center. "The more they know, the clearer the road map is for them."
It took more than a decade to track bin Laden down to his hiding place in Abbottabad, Pakistan, by following one of those couriers.