30 September 2013
Al Qaeda Promotes Own Comsec
Qaeda Plot Leak Has Undermined U.S. Intelligence
By ERIC SCHMITT and MICHAEL S. SCHMIDT
Published: September 29, 2013
WASHINGTON — As the nation’s spy agencies assess the fallout from
disclosures about their surveillance programs, some government analysts and
senior officials have made a startling finding: the impact of a leaked terrorist
plot by Al Qaeda in August has caused more immediate damage to American
counterterrorism efforts than the thousands of classified documents disclosed
by Edward Snowden, the former National Security Agency contractor.
Since news reports in early August revealed that the United States intercepted
messages between Ayman al-Zawahri, who succeeded Osama bin Laden as the head
of Al Qaeda, and Nasser al-Wuhayshi, the head of the Yemen-based Al Qaeda
in the Arabian Peninsula, discussing an imminent terrorist attack, analysts
have detected a sharp drop in the terrorists’ use of a major communications
channel that the authorities were monitoring. Since August, senior American
officials have been scrambling to find new ways to surveil the electronic
messages and conversations of Al Qaeda’s leaders and operatives.
“The switches weren’t turned off, but there has been a real decrease
in quality” of communications, said one United States official, who
like others quoted spoke on the condition of anonymity to discuss intelligence
The drop in message traffic after the communication intercepts contrasts
with what analysts describe as a far more muted impact on counterterrorism
efforts from the disclosures by Mr. Snowden of the broad capabilities of
N.S.A. surveillance programs. Instead of terrorists moving away from electronic
communications after those disclosures, analysts have detected terrorists
mainly talking about the information that Mr. Snowden has disclosed.
Senior American officials say that Mr. Snowden’s disclosures have had
a broader impact on national security in general, including counterterrorism
efforts. This includes fears that Russia and China now have more technical
details about the N.S.A. surveillance programs. Diplomatic ties have also
been damaged, and among the results was the decision by Brazil’s president,
Dilma Rousseff, to postpone a state visit to the United States in protest
over revelations that the agency spied on her, her top aides and Brazil’s
largest company, the oil giant Petrobras.
The communication intercepts between Mr. Zawahri and Mr. Wuhayshi revealed
what American intelligence officials and lawmakers have described as one
of the most serious plots against American and other Western interests since
the attacks on Sept. 11, 2001. It prompted the closing of 19 United States
Embassies and consulates for a week, when the authorities ultimately concluded
that the plot focused on the embassy in Yemen.
McClatchy Newspapers first reported on the conversations between Mr. Zawahri
and Mr. Wuhayshi on Aug. 4. Two days before that, The New York Times agreed
to withhold the identities of the Qaeda leaders after senior American
intelligence officials said the information could jeopardize their operations.
After the government became aware of the McClatchy article, it dropped its
objections to The Times’s publishing the same information, and the newspaper
did so on Aug. 5.
In recent months, senior administration officials — including the director
of national intelligence, James Clapper Jr. — have drawn attention to
the damage that Mr. Snowden’s revelations have done, though most have
been addressing the impact on national security more broadly, not just the
effect on counterterrorism.
“We have seen, in response to the Snowden leaks, Al Qaeda and affiliated
groups seeking to change their tactics, looking to see what they can learn
from what is in the press and seek to change how they communicate to avoid
detection,” Matthew Olsen, the director of the National Counterterrorism
Center, told a security conference in Aspen, Colo., in July.
American counterterrorism officials say they believe the disclosure about
the Qaeda plot has had a significant impact because it was a specific event
that signaled to terrorists that a main communication network that the
group’s leaders were using was being monitored. The sharpest decline
in messaging has been among the Qaeda operatives in Yemen, officials said.
The disclosures from Mr. Snowden have not had such specificity about terrorist
communications networks that the government is monitoring, they said.
“It was something that was immediate, direct and involved specific people
on specific communications about specific events,” one senior American
official said of the exchange between the Qaeda leaders. “The Snowden
stuff is layered and layered, and it will take a lot of time to understand
it. There wasn’t a sudden drop-off from it. A lot of these guys think
that they are not impacted by it, and it is difficult stuff for them to
Other senior intelligence and counterterrorism officials offer a dissenting
view, saying that it is difficult, if not impossible, to separate the impact
of the messages between the Qaeda leaders from Mr. Snowden’s overall
disclosures, and that the decline is more likely a combination of the two.
“The bad guys are just not going to talk operational planning
electronically,” said one senior counterterrorism official. Moreover,
that official and others say, it could take months or years to fully assess
the impact of Mr. Snowden’s disclosures on counterterrorism efforts.
Over the past decade, the N.S.A. has invested billions of dollars in a
clandestine campaign to preserve its ability to eavesdrop. The agency has
circumvented or cracked much of the encryption, or digital scrambling, that
guards global commerce and banking systems, protects sensitive data like
trade secrets and medical records, and automatically secures the e-mails,
Web searches, Internet chats and phone calls of Americans and others around
the world, according to documents provided by Mr. Snowden.
The government’s greatest fear concerning its counterterrorism operations
is that over the next several months, the level of intercepted communications
will continue to fall as terrorists most likely find new ways to communicate
with one another, one senior American official said. It will likely take
the government some time to break into that method and monitor communications.
One way the terrorists may try to communicate, the official said, is strictly
through couriers, who would carry paper notes or computer flash drives. If
that happens, the official said, terrorists will find it very difficult to
communicate as couriers take significant time to move messages.
“The problem for Al Qaeda is they cannot function without cellphones,”
said one former senior administration official. “They know we listen
to them, but they use them anyhow. You can’t run a sophisticated
organization without communications in this world. They know all this, but
to operate they have to go on.”
A senior intelligence official put it this way: “They are agile, we
are agile. When we see a change in behavior, our guys are changing right
along with it, or we’re already seeing it and adapting to it. Our
capabilities are changing in hours and days, versus weeks and months like
we used to.”
To be sure, Qaeda leaders and their top lieutenants use other secure electronic
communications as well as old-fashioned means — like couriers, as Bin
Laden did — that pose major challenges to American intelligence services.
In the past few months, the Global Islamic Media
Front, the propaganda arm of Al Qaeda and other Islamic terrorist groups,
has released new software that allows users to encrypt communications for
instant-messaging and cellphones. Officials say these new programs may pose
fresh challenges for N.S.A. code breakers.
Jihadists have been working on camouflaging their communications through
encryption software for years.
Al Qaeda’s use of advanced encryption technology dates to 2007, when
the Global Islamic Media Front released the Asrar al-Mujahedeen, or so-called
“Mujahedeen Secrets,” software. An updated version, Mujahedeen
Secrets 2, was released in January 2008, and has been revised at least twice,
most recently in May 2012, analysts said.
The program was popularized in the first issue of Inspire, Al Qaeda in the
Arabian Peninsula’s quarterly online magazine, in a July 2010 post entitled
“How to Use Asrar al-Mujahedeen: Sending and Receiving Encrypted
Since then, each issue of Inspire has offered a how-to section on encrypting
communications, recommending MS2 as the main encryption tool.
Shortly after Mr. Snowden leaked documents about the secret N.S.A. surveillance
programs, chat rooms and Web sites used by jihadis and prospective recruits
advised users how to avoid N.S.A. detection, from telling them to avoid using
Skype to recommending specific online software programs like MS2 to keep
spies from tracking their computers’ physical locations.
A few months ago, the Global Islamic Media Front issued new software that
relies on the MS2’s “Asrar al-Dardashah, or “Secrets of
Chatting,” which allows users to encrypt conversations over
instant-messaging software like Paltalk, Google Chat, Yahoo and MSN, according
to Laith Alkhouri, a senior analyst at Flashpoint Global Partners, a New
York security consulting firm that tracks militant Web sites.
In early September, the Global Islamic Media Front said it had released an
encryption program for messages and files on mobile phones running the Android
and Symbian operating systems.
According to the group, the software can encrypt text messages and files
and send them by e-mail or between cellphones with different operating systems.
The software also lets users securely check e-mail and prevents users from
receiving nonencrypted messages, the group claimed.