Schneier on Security
A blog covering security and security technology.
« JCS Chairman Sows Cyberwar Fears |
| Cybercrime as a Tragedy of the Commons »
May 1, 2012
When Investigation Fails to Prevent Terrorism
I've long advocated investigation, intelligence, and emergency response as the places where we can most usefully spend our counterterrorism dollars. Here's an example where that didn't work:
Starting in April 1991, three FBI agents posed as members of an invented racist militia group called the Veterans Aryan Movement. According to their cover story, VAM members robbed armored cars, using the proceeds to buy weapons and support racist extremism. The lead agent was a Vietnam veteran with a background in narcotics, using the alias Dave Rossi.
Code-named PATCON, for "Patriot-conspiracy," the investigation would last more than two years, crossing state and organizational lines in search of intelligence on the so-called Patriot movement, the label applied to a wildly diverse collection of racist, ultra-libertarian, right-wing and/or pro-gun activists and extremists who, over the years, have found common cause in their suspicion and fear of the federal government.
The undercover agents met some of the most infamous names in the movement, but their work never led to a single arrest. When McVeigh walked through the middle of the investigation in 1993, he went unnoticed.
The whole article is worth reading.
Posted on May 1, 2012 at 7:31 AM
• 22 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Irrespective of how good or bad an intel led investigation is, at the end of the day there will always be failures.
For instance a lone individual who is very carefull about what they do can amass a considerable amount of "equipment" to carry out their individual "cause".
Nothing can prevent this and it's what we would expect if rational thought is to be used.
Likewise small groups can "stay bellow the radar" if they are close knit and carefull.
But where it goes wrong to often is when a line is crossed and LEO's push an agender onto others in order to show their work has benifit.
I'm left wondering what the writer's point is. For the first half, he takes a tone heavily critical of the FBI for conducting general intelligence-gathering activities in an operation that was only authorised for prosecuting specific crimes, but by the end he is criticising them for not gathering general intelligence effectively enough.
I think we need to recognise that intelligence gathering is a hit and miss game and fundamentally different to criminal investigation. In a criminal investigation, we are trying to answer a specific question: Who did X and why? In intelligence gathering, we don't have specific questions, only a general pattern of information that we're interested in filling in. All you can do is make judgements about what leads are likely to lead to valuable intelligence and follow them up. This sort of strategy has been pretty successful overall, especially in Britain, in preventing terrorist attacks. Press articles that ridicule intelligence gathering operations because they sometimes don't produce as much useful intelligence as we'd like are pretty counter-productive in my view.
I wonder how long it will be before terrorist groups begin to develop sophisticated counter-intelligence strategies? This, in my view, is the biggest risk of a focus on intelligence gathering; a good counter-intelligence operation can cause enormous confusion, because the intelligence gathered tends to be used to focus other resources.
Not the ending I was expecting.
I naturally assumed the failure was that in order to fit in with the group the FBI members were forced to commit a variety of terrorist acts, and by the end of the investigation were forced to conclude that the only significant acts of terrorism commited by the group were done or encouraged by the agents themselves.
Oh, wait. That report wouldn't be published openly.
More FBI agents posing as terrorists?:
5 arrested in alleged terrorist plot to blow up Cleveland-area bridge
This is the interesting bit:
"Federal officials in Cleveland said the public was never in danger because the explosives were under the control of an FBI employee."
"Originally, the group had planned to use smoke grenades to distract law enforcement in order for the co-conspirators to topple signs for financial institutions atop high-rise buildings in downtown Cleveland, according to the complaint."
I wonder who came up with the idea of using explosives? The guy that had the explosives under control?
I've long advocated investigation, intelligence, ...
As far as I know, McVeigh never actually joined any extreme group, at least not for any length of time sufficient to ID him as a practicioner of their agenda/creed/whatever. I'd guess detecting such a loner in a world of, shall we say colorful personalities, would be nearly imppossible.
This piece would be news if it revealed the failure of intelligence activities to uncover or ID an instance When Investigation Fails to Prevent Organized Terrorism
IMHO, You're still right.
Exactly. Intelligence is the "best" way to disrupt terrorists, but that is not to say it works all the time. The other roles of government are disaster recovery and punishment of wrongdoers. Our stool has three legs, none of which happens to be "taking over the Universe". Yet we continue to see folks who think that taking over in the name of "fighting terrorism" is their assignment.
The report does confirm that this is a smart and efficient way to spend your anti-terrorism dollars. Compared to TSA, this might actually provide useful information and prevent some plot at a fraction of the cost of operating the airport security screening.
At the beginning of the article, the author writes "PATCON stayed under wraps for nearly 15 years, until it was discovered in Freedom of Information Act requests by the author."
There is some information in the article that was new to me, but the vast majority of it was in "Every Knee Shall Bow", a book about the Ruby Ridge tragedy which was published in '95 based largely on evidence presented during the federal criminal trial of Weaver and the redacted form of the 1994 Task Force report.
I would like a Ferrari and I can see a clear path to get one (years of hard work). The path isn't even obfuscated but it is unpleasant enough to deter me. I'm not sure how I would get a Stinger missile or a Ryder-truck full of explosives but I suspect it isn't really that much harder to get than a Ferrari.
It seems that when an LEO finds an angry young man (of which there are many) and says to him, "how about I give you a Stinger missile and you can do what you want with it?", they're removing a significant hurdle which is then minimized or ignored in prosecution.
I'm not sure how I would get a Stinger missile or a Ryder-truck full of explosives but I suspect it isn't really that much harder to get than a Ferrari.
A Stinger missile, sure. But a moving van full of explosive or flammables isn't difficult or (relatively) expensive at all. Certainly not on the scale of a Ferrari. US$2000-4000 isn't an unreasonable estimation for an improvised explosive plus a rented delivery vehicle.
How well an angry young man could assemble this without setting off intelligence alarms is another matter. I can't speak to that, being a young man who's not angry. ^_^
I think the title of the post is misleading and inaccurate. It's true that the investigation did not prevent the OK City bombing but in fairness it wasn't designed too. McVeigh was at best on the periphery of the men and events that were being targeted by the investigation. So I don't see how that can be seen by anyone as an intelligence failure; at least it wasn't an intelligence failure of that specific PATCON team, which is what the article is about.
@E Fraker: I assume you're talking about entrapment. For the sake of argument let's break this into two parts though:
1. Legal Entrapment -- entrapment per the law.
2. Impediment Removal -- lowering the barrier of entry of terrorism.
As far as I understand, legally, entrapment requires that a normal, reasonable person would follow through with the action prompted by the officer. In this case even given a Stinger I doubt a normal, reasonable person would then shoot down a plane. If the officer also implied that not doing so would "put your family in jeopardy" or some other coercive implication would probably tip that though. /Technically/ it's theft if you pick up and pocket a $100 bill that's on the ground. If a cop drops a $100 bill then watches to catch the "thief" /that/ would be entrapment because normal, reasonable people wouldn't pass up that $100. Of course, there are grey areas -- $1k in an unmarked envelope would be somewhere between "just take it" and "turn it in" for normal, reasonable people, I think.
As for impediment removal, giving a dangerous person a dangerous object is exactly that, but I don't think it changes the situation all that much. Let's say I present to you a button that will end the universe and let you choose whether or not to push it. If you do, am I responsible? I think, to some extent, yes, because I could have chosen not to. But are you responsible for ending the universe? Definitely. I provided a possibility. You provided the certainty.
I very much agree with the legal definition of entrapment (and my bias probably shows) in most cases, but I have this small tinge of belief that it may be prosecuting thoughtcrime to find someone who wants to vandalize a billboard, offer that we should blow up the building instead, then arrest him when he says, "Yeah, awesome!"
Of course it led to no arrests, because it targeted the group LEAST LIKELY to cause terrorism, patriots! Just another example of trying to manufacture a conspiracy/crisis where none exists. Just the same as Fast And Furious.
@Moderator: The post above mine (May 2, 2012 6:22 AM) looks suspiciously like spam.
If anything, I think this story confirms that investigation and infiltration is a good way to spend anti-terrorism money. Like anything, it won't always be successful. But it sounds like they collected lots of "alarming" info about things which reasonably could have blossomed into full-blown plots, but didn't (apparently because the talkers were all talk and no action).
If even one of those extremists had moved forward towards actual terrorist action, and been indiscreet enough to mention it to his extremist buddies (or try to involve them in the plot), then these undercover operatives would have been well-placed to find out and possibly get critical info needed to disrupt the plot. And that single success would have easily justified the whole expense and effort of PATCON. Unfortunately, McVeigh went and acted on his own without saying or doing things that would alert the investigators to his intentions. A smart, radicalized "lone wolf" terrorist is almost impossible to stop unless you happen to get extremely lucky (e.g. if he tries to buy explosives from a criminal who turns out to be an FBI informant or something).
Anyway, just because they didn't catch anybody with it, that doesn't mean the whole sting operation was a waste of time! It seems like a far better use of taxpayer dollars than anything done by the TSA.
@Jim - I think you will find almost all terrorists are 'patriots'.
The elephant in the room? Whenever the government tries to effectively do "investigation" and "intelligence", the usual suspects call it racist profiling, without regard to whether or not profiling is happening. That's why we get ridiculous blanket policies where the TSA gropes octogenarians and adolescents.
Terrorism nowadays are the main concern of the Government and society, indeed we put too much pressure on our security agent.But we must consider our self to be aware of this,we can do anything about this issue even we are not a security agent, by keeping our eyes open and speak out what we knew about terrorism,
Best RC Helicopter
If Berger's descriptions of what they actually did in the field are accurate, they cannot be accused of failed investigation. They were not investigating. They were looking for some loud-mouth stooges to entrap for a showtrial.
Any real terrorist might have checked them out, low profile, and left asap. McVeigh seems to have done exactly that.
Happens a lot in security: looking at the loud and clear things, while the real risk is in those acting stealthy. Got 101 packets and 100 identified as threats and stopped? I would look into number 101.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.