Report: Feds’ leak of Osama video destroyed surveillance of AQ Internet ops; Update: Bogus? Update: Cyberspooks say they’ve still got a bead on AQ
posted at 9:55 am on October 9, 2007 by Allahpundit
Share on Facebook | printer-friendly
Years of painstaking work by SITE to break into and monitor Al Qaeda’s online servers, flushed in an instant by some moron who wanted to impress his media contacts with how in-the-loop he was.
A small private intelligence company that monitors Islamic terrorist groups obtained a new Osama bin Laden video ahead of its official release last month, and around 10 a.m. on Sept. 7, it notified the Bush administration of its secret acquisition. It gave two senior officials access on the condition that the officials not reveal they had it until the al-Qaeda release.
Within 20 minutes, a range of intelligence agencies had begun downloading it from the company’s Web site. By midafternoon that day, the video and a transcript of its audio track had been leaked from within the Bush administration to cable television news and broadcast worldwide…
[P]rivately, some intelligence officials called the incident regrettable, and one official said SITE had been “tremendously helpful” in ferreting out al-Qaeda secrets over time.
Fun bonus fact: SITE director Rita Katz claims White House counsel Fred Fielding told her that SITE had the video before the White House did, which is either nonsense they drummed up after the fact to lull Al Qaeda into thinking the feds are less hip to their game than a small, privately run intel organization or terrifying proof that the feds are, in fact, less hip to their game than a small, privately run intel organization.
The New York Sun picks up where WaPo leaves off:
[T]he disclosure from ABC and later other news organizations tipped off Qaeda’s internal security division that the organization’s Internet communications system, known among American intelligence analysts as Obelisk, was compromised. This network of Web sites serves not only as the distribution system for the videos produced by Al Qaeda’s production company, As-Sahab, but also as the equivalent of a corporate intranet, dealing with such mundane matters as expense reporting and clerical memos to mid- and lower-level Qaeda operatives throughout the world.
One intelligence officer who requested anonymity said in an interview last week that the intelligence community watched in real time the shutdown of the Obelisk system…
The founder of a Web site known as clandestineradio.com, Nick Grace, tracked the shutdown of Qaeda’s Obelisk system in real time. “It was both unprecedented and chilling from the perspective of a Web techie. The discipline and coordination to take the entire system down involving multiple Web servers, hundreds of user names and passwords, is an astounding feat, especially that it was done within minutes,” Mr. Grace said yesterday.
Exit question: What’s more frightening, the mind-boggling idiocy of whoever leaked the tape to the media, the possibility that people like SITE and Laura Mansfield might be further ahead of the terror curve than the feds, or the thought of Al Qaeda super-hackers baffling western techies with their Internet fu?
Update: A man who would know says the tape was circulating before SITE shared it with federal officials on September 7 and notes that ABC’s transcript is dated September 6. Which means either ABC has itself a dynamite intel-gathering operation or someone in the federal bureaucracy had the tape even before SITE did and shared it with ABC first. Which in turn means the White House surely had it also, contrary to what Fielding allegedly told Katz.
Update: Reassurance from the Blotter, which was one of the leak outlets here:
“The sources, methods and techniques utilized by IntelCenter to collect terrorist video material remain intact,” said Ben Venzke, the CEO of IntelCenter, a private contractor providing counterterrorism support work to the intelligence community…
Like Katz, Laura Mansfield, a pseudonym she uses for security reasons, also monitors extreme Islamist forums and Internet traffic looking for propaganda videos that are often released by al Qaeda’s media wing, As Sahab and others. Mansfield says that despite the recent video leak, she still has access to the material.
“It’s a cat-and-mouse game,” said Mansfield. “They know we’re watching them so they move around. I’m reprogramming my search tools at least once a week.”
You must be logged in to post a comment.
Blowback
Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.
Trackbacks/Pings
Trackback URL
Comments
Comment pages:
The leaks have got to stop… we are destoying ourselves in this silly bid to make ourselves look good to a media, who wants to do us harm.
One of the primary reasons you DON’T often act on intelligence when you get it, is that acting on it will reveal sources and methods…
That this happened over a Bin Laden propoganda clip, shows that we still don’t get it…
Loose lips no longer sink ships, but it does get our people blown up.
Hmmm… Wheres Waxman and his oversite commitee on this? Oh… wait, he’s to busy investigant Rush Limbaugh…
Romeo13 on October 9, 2007 at 10:06 AM
It’s actually not as impressive as they’d like to make it out to be. As someone who runs a data center and quite a few websites if you’ve properly documented things and prepared for disaster scenarios (In AQ’s case US investigation.) such a scenario is easily planned and executed.
The fact that a private firm was ahead of the feds doesn’t bother me that much. It was likely due more to luck than skill anyways with the vastness of the net needing to be scoured to find this stuff. That’s what makes the shutdown so damaging. It’s not infiltrating the network that is hard it is finding it.
What really pisses me off as I’ve said in the links that were posted last night about this the Bush Admin will do nothing about the leak.
bj1126 on October 9, 2007 at 10:06 AM
Well, the private sector does generally do a better job than govt. I suppose we shouldn’t be surprised if SITE hacked in to the AQ network, and we shouldn’t be surprised that a govt. hack spilled the beans either.
The leak, if it happened the way it’s been told, is THE most troubling problem in this whole story.
CliffHanger on October 9, 2007 at 10:06 AM
Another leak that won’t be pursued. Let’s get back to parsing that Valerie Plame bullshinola again, shall we?!?
Hoodlumman on October 9, 2007 at 10:08 AM
We can pick all of the above for the exit question, right?
chrisro on October 9, 2007 at 10:08 AM
I read both of the links in the HA news links late last night and am stunned. We need to find and stop these leaks out of our government. This is past frustrating. It’s downright dangerous.
Idiots are willfully blinding us to the actions of our enemies.
techno_barbarian on October 9, 2007 at 10:08 AM
I say the AQ super hackers are most frightening. Prior to reading this I would have put our nerds up against any nerds on the planet. Clearly, the nerds will inherit the earth.
mugged on October 9, 2007 at 10:12 AM
And Valerie Plame is exactly why the leaks wont be pursued. Civil servants at all levels are good for nothing liberal rat bastards.
doriangrey on October 9, 2007 at 10:17 AM
The answer is:
D) all of the above.
Troy Rasmussen on October 9, 2007 at 10:29 AM
I actually think that… hold on, gotta bring down my website really quick… ok, done. Where was I? Oh yeah… I actually think that Nick Grace is being misquoted at least a little bit, because nobody who runs a website would believe that to be “an astounding feat”.
DaveS on October 9, 2007 at 10:35 AM
Dave S. has restored my faity. thanks dave.
mugged on October 9, 2007 at 10:37 AM
Yes I found that statement rather incredulous myself. Anyone who has ever administered a network is all too aware of just how quickly a network can be brought down. Bringing a network with thousands of remote servers down in a matter of minutes isn’t anything amazing.
doriangrey on October 9, 2007 at 10:47 AM
make that “faith”
mugged on October 9, 2007 at 10:50 AM
The CIA needs to set up a mirror of the shut-down site …and then pretend -to the jihadis at large- that “Oh, Lions of Allah, we [al-Qaeda] are back online after the efforts of the infidels to try to silence us, so take that you Crusader dogs!”.
As flypaper for the terrorists on the web.
Or can’t they think that cunningly/far ahead?
profitsbeard on October 9, 2007 at 10:57 AM
If this is true, I find it utterly unsurprising that a private organization would be better at intelligence gathering than the federal government. The private sector is always superior.
Enrique on October 9, 2007 at 11:02 AM
Wow. We have already shot ourselves in both feet and both arms. Next is the headshot with all these damn leaks.
FireFly on October 9, 2007 at 11:08 AM
Yup, they should have had the Obelisk network back up within minutes claiming that the CIA had temporarily shut them down and that anyone claiming that they were the real Obelisk were just CIA operatives trying to sabotage the real Obelisk network. God only knows how many fools they could have caught that way.
But of course the CIA is being run by the likes of Valeria Plame so its no great surprise that they cant find their own a$$holes with both hands.
doriangrey on October 9, 2007 at 11:10 AM
Opp’s that should have read: that anyone claiming that they were not the real Obelisk…
doriangrey on October 9, 2007 at 11:11 AM
doriangrey on October 9, 2007 at 10:47 AM
Yeah. Plus, the media has a tendency to exaggerate these sorts of things for the sensational, dramatic effect.
For example, lefties poo-poo busted terrorist groups as incompetent boobs and overblown threats. In that case, it doesn’t take an ultra-competent group to kill a lot of people, so the lefties are misguided, but they are at least partly correct: the media will take something that any sysadmin may do on any given day of the week, and paint it as some ridiculously complicated and scary capability of a terrorist menace that can outfox even our most brilliant minds.
In reality, of course, it’s a less-than-tech-savvy journalism school graduate who is looking for a little buzz on an otherwise very ignorable story.
DaveS on October 9, 2007 at 11:26 AM
“Ignorable story” may be overstating it a bit, but you get my point.
DaveS on October 9, 2007 at 11:27 AM
Exit question:
“So. . . how do you catch a leaker?”
Well, first you have to suspect someone. Then you give them something to leak.
In the Washington Post story is the clue that the video was downloaded numerous times by computers with an internet address that traces back to a government agency. It is an easy thing to embed in each download a unique identifier. When something is published, you look for the unique identifier in the published version.
Now, if you know how murky, muddled, and misdirected things can be in the spooky underground world, when you find your embedded unique identifier, that is only a clue, not yet proof.
As
opens this thread with
reveals one reason why you often don’t leak something you have, because doing so reveals that there is a leaker somewhere with access to the information.
So don’t go jumping to conclusions.
rockhauler on October 9, 2007 at 11:30 AM
Two observations:
1. It is a lot easier to take a network down than to bring it up!!
2. In the murky spy-vs-spy world, who is to say that both the video leak and the subsequent whining about a lost source of intelligence were not both ruses designed to lull the enemy into complacency?
landlines on October 9, 2007 at 11:46 AM
Either way, SOMEBODY leaked the fact that Al Qaeda’s network of servers had been hacked by leaking the video.
It doesn’t matter WHOSE copy of the tape they used, Al Qaeda now knows that their servers are vulnerable and will take action to block it in the future.
So, to the government-employee ASSHOLE who leaked the tape to ABC, F*CK YOU VERY MUCH!
georgej on October 9, 2007 at 11:48 AM
Two points…
Rockhauler may be corrrect that this is a really a method to figure out who is leaking…
But if it is, then why has no one been popped for it? The fastest way to stop leaks is to publicly nail them… get the word out that leaks will not be tolerated….
Problem is we have NOT done this in the past, and did not do this in this case, so we burned a source to no apparent net gain.
Second point. This was a world wide web of servers. With the comparmentalization needed for security, it would not have been a single Admin doing this… but a large group of disconnected admins who would not know each other for security reasons.
That we watched this thing get taken down, tells me we KNEW who those admins were… but for some reason could not reach/prosecute them…
But the leak did burn a method by which we could track a lot of Al Q personel…
Romeo13 on October 9, 2007 at 11:53 AM
doriangrey-
You mean they couldn’t find this at the CIA?
Agreed.
profitsbeard on October 9, 2007 at 11:57 AM
Ewwww… come to think on it a bit more…
Is the date at the bottom of the document the smoking gun of where it was leaked from? and by whom?
Tasty!
/puts on his dark glasses… and starts to play Secret Agent Man on his stereo…
Romeo13 on October 9, 2007 at 12:05 PM
ROTFLMAO………Good thing I swallowed my coffee before clinking on that link or I would be needing a new keyboard and monitor right now, yes that is exactly what I meant.
doriangrey on October 9, 2007 at 12:09 PM
The interesting part of this is did they leak for a reason?
If they (AQ) think we only had this site under watch, would they be more comfortable with their other sites? Did we force them to change? Adding new sites would be relatively easy to track and find. We apparently had the tape before Katz, so did shutting out Katz put AQ at ease thinking they are out of the picture? The internet is a cat and mouse game, a shell game, bait and switch…I will give you odds that we were forcing AQ’s internet hand, and we garnered a lot of information as they shut down and rerouted their sites.
We will never know…except one thing I am sure of, we are a lot further along in gathering information than AQ knows.
right2bright on October 9, 2007 at 12:12 PM
Of this likewise am I convinced.
doriangrey on October 9, 2007 at 12:15 PM
The other question is who leaked the AQ password, assuming that’s how everyone was getting in, to SITE. The more distributed these things get the harder it is to keep a secret. For the same reason, it doesn’t sound like an insurmountable problem to get the new password from some captured AQ laptop.
It’s also fun to think that not only were we downloading stuff from AQ, hopefully we were uploading changes to their documents also. And a little keylogging would go a long way to cutting off AQ funding.
pedestrian on October 9, 2007 at 12:15 PM
I think it was the WaPo article, though, that stated the ABC transcript of the had all the earmarks of the SITE translation work. Something is not right in that respect.
In reading Jawa, I’ll agree that more than just SITE had it and, maybe just as early, but the 9/6/07 he notes was for the transcript and that would be consistent with SITE providing the Feds with a transcript/translation completed on the 6th and provided on the 7th.
Dusty on October 9, 2007 at 12:18 PM
Good point.
the question still remains though, how did ABC get it…
Ewww… and even more interesting question just hit me…
If this was from a Commercial, non government source, does SITE, through litigation, have the right to find out from the Press how they got it. This now becomes a case of INDUSTRIAL not just governmental spying, thus copyright laws come into effect.
Romeo13 on October 9, 2007 at 12:25 PM
Further explanation…
All of these news agencys used the Translation of the tape, which SITE, a commercial entity, created.
Now, this document was created by SITE, and thus was covered under the Copyright laws.
These other commercial entities then PUBLISHED it without SITEs permision… blatanty abuse of the Copyright laws.
SITE will now have the ability to start discovery proceedings in a COPYRIGHT infringment case… somthing which the courts have been pretty adamant over the years about NOT allowing the Reporter privelege of not naming sources on, as it is now essentialy a case of theft of intellectual property.
Romeo13 on October 9, 2007 at 12:31 PM
Password..chortal cough cough we don’t need no stinking password…There is no such thing as a secure network, nor are password required to exploit network security vulnerabilities.
doriangrey on October 9, 2007 at 12:37 PM
Come on Dorian, you don’t really mean that do you. Couple of things to consider:
(1) Many civil servants are retired military enlisted and officer types. They choose the lower pay for a couple of reasons; familiar with the military way of doing business and job security.
(2) Twenty plus years of convictions and habits don’t dissipate between the retirement ceremony and being hired as a civil servant.
(3) Most non-prior military civil servants worked through the ranks legitimately, obeyed the non-disclosure agreements they are required to sign and genuinely feel they have an ownership in seeing the job done right. Many see the higher paid contractors and are extra diligent in ensuring the best interests of the country and government are represented.
(4) The number of liberals, Dems and Republicans is not that much different than the demographics of the general population
Bradky on October 9, 2007 at 12:55 PM
[Bradky on October 9, 2007 at 12:55 PM]
I agree, but I also agree with AP with his “some moron who wanted to impress his media contacts with how in-the-loop he was.”
I couldn’t sleep last night so where was I? On HA and clicking out the below. But I wanted to sleep on it and then on waking this morning it was already off Headlines, so I’ll put it here.
—
Let me start by saying they really ought to fire someone. This is an egregious breach of trust which causes second thoughts on the sharing of information, not only in private-public relationships but in nation-nation intelligence relationships.
My preference for the culprit is Leiter and here’s my thinking. Fielding didn’t do anything. Bagnal’s group is probably small and probably only needed one download then make copies from the disk. There were probably three people involved, Bangal, his assistant, and the gofer who the assistant told to download it. In that short a time frame they would have to have a bunch of meetings before they could decide what to do.
Leiter, on the other hand, has a rather large bureaucracy with lots of departments specializing in different aspects that would be put to work on this. Leiter told his secretary to distribute a notice to the relevant departments that this was available and to get on it right away. It’s possible the memo had some classified rating, though, in the rush there may have been no classification instructions, or they were sketchy. Once that occurred the flood gates opened. Each department head gave it to however many they thought needed it, say two project heads. If the classification system was included, it could have been dropped by one or more of them. Anyway, each project head may have a team that needs it. All have their own computer. The website url has now been passed around like a standard office a rumor after the Christmas party.
Once people get it, the concentration is on their work, not on maintaining secrecy. After all, there are hardly any secrets in a bureaucracy that deals with secrets everyday. That, in conjunction with the likelihood many got the impression “Hey it’s on the internet”, and there you have it, secrecy went right out the window.
Benjamin Franklin once said “Three people can keep a secret, if two of them are dead.” (John’s Bathroom Reader, 3rd Edition) Intelligence services can’t operate with office staffed by one worker and two corpses, so their mission statement ought to revise this to “A thousand people can keep a secret, if the last one who didn’t is in jail.”
—
The last is corny, but I’ve always like this Franklin quote and just had to work it in somehow.
Dusty on October 9, 2007 at 1:11 PM
What is SITE’s standing to sue over a video they stole from AQ’s internal network?
pedestrian on October 9, 2007 at 1:14 PM
Well I’m betting that the video wasn’t copyrighted, whereas SITE’s translation of it was. Pretty strong case.
doriangrey on October 9, 2007 at 1:24 PM
[pedestrian on October 9, 2007 at 1:14 PM]
I think the point is the transcript, not the video.
Dusty on October 9, 2007 at 1:25 PM
Shadow Government Exists
Kini on October 9, 2007 at 1:28 PM
“There is no such thing as a secure network, nor are password required to exploit network security vulnerabilities.”
[Followed by a quote from Gene Spafford.]
doriangrey on October 9, 2007 at 12:37 PM
A former fortune 40 employer (who shall not be named), and who, at the time, had a number of classified military contracts, invited the National Security Agency to discuss with us I. T. people the issue of network security. This person said, as part of the presentation, that the only secure computer on a network is one with AT LEAST 6 INCHES OF AIR between the NIC card and the network cable. Plus all the Spafford jazz mentioned above.
In other words, there is no way to absolutely secure a system, especially a system on a network. There will always be “exploits” or bug-based bits of code that can defeat whatever security paradigm imposed. Or there will always be someone who decides to use a password that can be determined by societal means or personal knowledge. OR there will always be the risk of an internal, disloyal employee.
Or there will always be people who write their login passwords on a stickynote and place it on their monitor or on the underside of their keyboard. A perennial favorite of security administrators, everywhere!
OR, as was the case with Motorola and Kevin Mitnick a decade or so back, someone using “social engineering” obtain access. For those who don’t remember, Mitnick sweet-talked his way past a security administrator by calling in and claiming he was a contractor who lost his security token and had a multi-million dollar contract on the line that was “due tomorrow.” Said administrator overrode the security server, granted him access, and Mitnick pwn3d Motorola’s network.
The point is there is NO SUCH THING as a secure network or computer, especially one that is the target of a powerful national government with all its resources available. The best one can hope is to make it difficult enough that “red flag” warnings are raised in time to take the machines off line and off network.
The problem with this incident, is that now that they know they had a vulnerability, Al Qaeda will close it — if they have to behead somebody.
georgej on October 9, 2007 at 1:30 PM
You can’t sue someone for republishing your translation of the latest Harry Potter book.
pedestrian on October 9, 2007 at 2:27 PM
“The fact that a private firm was ahead of the feds doesn’t bother me that much. It was likely due more to luck than skill anyways with the vastness of the net needing to be scoured to find this stuff.”
bj1126
You are so wrong… Read the book Terrorist Hunter written by Rita Katz. It will make your blood boil over the ineptness of our Federal employees vs. a private, small firm with smart and competant people. Rita Katz is right up there with Ayan Hersi Allie as far as brains and balls are concerned. You just never heard of her before…
Babs on October 9, 2007 at 2:35 PM
Remember that story about HotAir dropping boingboing.net from it’s link section?
Well, their shopping cart has been offline since taking a pounding from all the HA and boingboing traffic. It seems that the server load was too high and their database(s) started spitting out garbage data. Apparently someone found a way to exploit this because there was more than one report of security exploits directly resulting from the overload.
So what? Just offering a realtime example of how much easier it is to go offline than it is to bring a server back up.
No admin ever wants to power down unscheduled…but anybody worth their IT salt can do so in a heartbeat if their network is threatened by virii, malware, etc.
Ever seen someone in IT get fired from a huge corporation? That’s when systems really get tested.
The Race Card on October 9, 2007 at 3:21 PM
Yep, its a hell of a lot harder to get a network up and running than it is to take it down.
doriangrey on October 9, 2007 at 3:27 PM
Yeah, let’s get this into court!
Maybe the court will say that AQ owns the copyright.
Maybe that will sucker AQ into a DC courtroom to sue for damages, and we can….
Oh wait, this would be a DC court, and AQ is already using the liberal DC courts as a weapon against the US…
landlines on October 9, 2007 at 4:00 PM
Comment pages: