Electronic Surveillance Failures Leading up to the 2008 Mumbai Terrorist Attacks

Long New York Times article based on "former American and Indian officials and classified documents disclosed by Edward J. Snowden" outlining the intelligence failures leading up to the 2008 Mumbai terrorist attacks:

Although electronic eavesdropping often yields valuable data, even tantalizing clues can be missed if the technology is not closely monitored, the intelligence gleaned from it is not linked with other information, or analysis does not sift incriminating activity from the ocean of digital data.

This seems to be the moral:

Although the United States computer arsenal plays a vital role against targets ranging from North Korea's suspected assault on Sony to Russian cyberthieves and Chinese military hacking units, counterterrorism requires a complex mix of human and technical resources. Some former counterterrorism officials warn against promoting billion-dollar surveillance programs with the narrow argument that they stop attacks.

That monitoring collects valuable information, but large amounts of it are "never meaningfully reviewed or analyzed," said Charles (Sam) Faddis, a retired C.I.A. counterterrorism chief. "I cannot remember a single instance in my career when we ever stopped a plot based purely on signals intelligence."

[...]

Intelligence officials say that terror plots are often discernible only in hindsight, when a pattern suddenly emerges from what had been just bits of information. Whatever the reason, no one fully grasped the developing Mumbai conspiracy.

"They either weren't looking or didn't understand what it all meant," said one former American official who had access to the intelligence and would speak only on the condition of anonymity. "There was a lot more noise than signal. There usually is."

Posted on February 12, 2015 at 6:57 AM • 17 Comments

Comments

zFebruary 12, 2015 7:32 AM

I think the real purpose of broad electronic surveillance is to go back in time, not to look ahead. As good as the sorting and analyzing algorithms might be, the evidence suggests that there is just too much data to be analyzed properly to stop a future attack.

However, if you caught a terrorist in the act or after it, you can then go back and find out with whom he communicated and when. That would be immensely easier than finding the terrorist in the haystack before he strikes.

Obviously, the most perilous attribute is that this same technique can be used to find dirt on anyone, for any reason. Want the Supreme Court to rule a certain way? Go through the browsing history of each Justice and threaten to leak their porn habits. Want a company to install a backdoor? Sift through the CEO's past emails and see if there's a crime in there, or something embarrassing and potentially ruinous to the company.

But the "We do this to prevent terrorism" nonsense is ridiculous. That's the one thing it has shown to be very poor at doing.

Sancho_PFebruary 12, 2015 9:02 AM

Yes, you need more than the average intelligence to see terror plots in hindsight.

Average intelligence should be enough to understand that sophisticated assassinating of defenseless bystanders, suppressing minorities, exploiting people in poverty and other crimes against humanity over the years will result in terror and revolution.

Those who can’t understand shouldn’t go for AI [1] but ask their mom.

Btw:
What about those anonymous cowards speaking out as “former American officials”?
Is this the new American society, a bunch of ex-official chicken?
Frightened because they know the system they were in?
Secret? Classified? Dishonest? Vindictive? Above the law?

@ official cowards:
Look into the eyes of that brave youngster who stands his opinion that there’s something wrong.

[1]
This is what they will ask for: More money and machines. Faster machines.
Just to produce more terror in less time.

Sancho_PFebruary 12, 2015 9:05 AM

ouch, correction:
Yes, you need more than the average intelligence to see terror plots in foresight.

65535February 12, 2015 10:43 AM

One of the main Mumbai murder architects, David Coleman Headley (born Daood Sayed Gilani; 30 June 1960), had an extensive criminal recorded, was busted for sizable heroin trafficking, was an informant for the DEA, had been interviewed by ICE, changed his name without a background check, and was turned into to American intelligence as a potential terrorist.

“Mr. Headley’s many-sided life — three wives, drug-smuggling convictions and a past as an informant for the United States Drug Enforcement Administration…” –NYT

http://www.nytimes.com/2014/12/22/world/asia/in-2008-mumbai-attacks-piles-of-spy-data-but-an-uncompleted-puzzle.html?_r=0

'During his frequent trips to Pakistan, Gilani hung out with heroin users and started using the drug himself. He became involved in Pakistani drug trafficking. When he was twenty-four, Gilani smuggled half a kilogram of heroin out of Pakistani tribal areas and used Tahawwur Hussain Rana, a Pakistani army doctor who Gilani knew from military school, as an unwitting shield. Several days later, police in Lahore arrested Gilani for drug possession... he somehow managed to beat the charges. Rana continued to be used by Gilani over the course of his career as a drug trafficker; in the late 1990s, after Rana had emigrated to the U.S., Gilani used Rana's legitimate immigration consulting company in Chicago to smuggle drugs… the DEA seemingly made great gains from Gilani's intelligence, there is ample evidence that Gilani abused his status as an informant. He allegedly tried to set up heroin dealers with jailhouse phone calls that were not monitored by DEA agents. A mentally impaired Pakistani immigrant, Ikram Haq, was found to have been tricked into making a drug deal by Gilani, and was subsequently acquitted on the grounds of entrapment when brought to trial. Despite this result, Gilani was released from prison and put on probation for his contribution to the case. One anonymous former associate of Gilani later suggested that he was exploiting his rapport with the DEA, saying, "The DEA agents liked him. He would brag about it. He was manipulating them. He said he had them [DEA] in his pocket."' - wikipedia

https://en.wikipedia.org/wiki/David_Headley

[and]

https://en.wikipedia.org/wiki/David_Headley#Drug_convictions_and_DEA_deal

"In the summer of 2005, Gilani's second wife confronted him after learning about his other marriage, and about his trips to the Lashkar training camps, from his father. On August 25, 2005, Gilani hit his wife during an argument at his New York video store. After having Gilani arrested for assault, his wife called a government hotline and disclosed his terrorist activities. She was subsequently interviewed three times by the FBI's Joint Terrorism Task Force." - wikipedia

https://en.wikipedia.org/wiki/David_Headley#Post-9.2F11_activities

Gilani was known to the FBI, DEA, and ICE and on 'lists' of said agencies – yet with the mountain of “hay” he could not be spotted as a terrorist.

There is already too “hay.” the NSA doesn’t need to pile more on by collecting enormous amounts in drag-net spying of all Americans.

The government doesn’t need any more stingrays, license plate readers, tapping of communication backbones, 3-5 billion mobile device locations per day, radar imaging of civilian’s houses, and the cattle search lines of the TSA. Basic, police work should have caught or deterred this guy – but it did not.

The police are too mesmerized by the wiz-bang gadgets of the NSA.

And,the NSA is mesmerized by their infatuation for day-to-day details of each and every American's activity and hunger for more of this addicting “hay” - including vacuuming up sexually explicit pictures embedded in civilian communications. This hay is becoming a distraction and a hindrance.

JacobFebruary 12, 2015 11:08 AM

Intercepted talk between FSB and FBI 4 years ago:

Boris: "Hey Mike, you better keep an eye on one Tamerlan Tsarnaev - we got some info that this guy in on the East Coast and is bad and active..I've got a full dossier on him if you need.."

Mike:"Thanks for the tip, Boris. However, we are now busy with the NSA program directive in using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States"

Boris: "Eh... sorry.. my bad English... can you repeat that please.. "

Mike: " Another time, Boris. Gotta go - we got sigint about some home-grown terrorists I need to follow. Thanks and Bye!"

GrauhutFebruary 12, 2015 2:21 PM

"There was a lot more noise than signal. There usually is."

If they dont have working filters for prevention they dont need our private data.

After an attack there is enough evidence.

albertFebruary 12, 2015 3:37 PM

I think we all kinda expected this; failed intelligence due to SIGINT, and I'll bet you can trace back connections to other terrorists whose attacks weren't prevented either. Filtering algorithms aren't going to work, and computers certainly aren't capable of analysis and reasoning. What's the best thing to employ for making those important connections? The human brain.

It's obvious that the TLAs don't need more SIGINT. They are like those tollways, which, after the tolls have repaid the construction costs, continue forever to perpetuate their bureaucracies. Its not a perfect simile, because tollways do provide a useful service. What does the NSA provide? The list of gov't agencies that provide useful services is short indeed.

Maybe it's impossible to prevent all terrorist activity; maybe that's part of the 'cost' of maintaining our global hegemony. We accept >20,000 deaths on our highways each year, not to mention deaths directly attributed to alcoholism, smoking, drug addiction and related crime, and a host of others.

Maybe we'll have to accept a certain number of deaths by terrorist activity as well.

Maybe we should spend those trillions on hardening our computer and network infrastructure, getting critical systems off of the internet, and enforcing proper security practices in critical infrastructure.

Being caught and punished just doesn't seem to be a deterrent anymore, for most violent crimes, terrorism especially. Most terrorists are caught (and usually killed) after the fact anyway.

We have choices to make, and quickly.

I gotta go...

anonymousFebruary 12, 2015 4:59 PM

"The surveillance state is part of the state. Where surveillance is a priority — say, when political enemies are concerned — it’ll be ruthlessly efficient. The rest of the time, like when it involves protecting Americans from terrorists, it’s just another government job."

- Glenn Reynolds. April 27, 2013

Dirk PraetFebruary 12, 2015 7:06 PM

We've had this discussion before. It's symptomatic for what is now commonly referred to as "drinking from the firehose". Unless somebody comes up with Minority Report- or Deja Vu-like technologies, it doesn't really look like all the SIGINT mass surveillance in the world alone is going to be playing any major role in preventing terrorist attacks anywhere soon. The statistics are clear. A growing number of experts agree. It's the emperor's new clothes.

@ Jacob

Intercepted talk between FSB and FBI 4 years ago:

+1

Bob S.February 12, 2015 7:40 PM

The idyllic analogy of mass surveillance is the search for the needle in the haystack. The haystack can easily be seen out in the field. Everyone knows the difference between a straw and a needle. It's honest, interesting work.

But, that's all wrong.

What our overseers are really sorting out is a Mt. Everest of Garbage. It's humongous. It stinks. It's dirty. It's hard work and regular people look down on the pickers.

Half the time they don't even know for sure what they are seeing, and simply don't know at all what they are not seeing. Instead of that crafty analyst carefully looking at each straw, what you have is thousands and thousands of garbage sorters of varying skills and ambition rummaging through the stinking mess all competing with each other to find something valuable in the pile of poop.

To find value many times requires piecing together parts of garbage-data here and there, getting their hands dirty with soggy bits of goo to determine it's value, and when you have a hundred thousand people sorting through it, it's natural no one really knows what the other guy is doing, has done, or will do.

And after awhile, the garbage sorters stink too, it does rub off, they look and act more like garbage every day. Then predictably the one who stinks the most is put in charge of the dump.

No wonder they don't like talking about their job and can't figure out why they are no good at it.

One thing is sure though, the whole thing stinks top to bottom.

Frank.February 13, 2015 1:24 AM

"Because whenever you have trouble connecting the dots what you need is... more dots."_v

Err, no. You paint the whole paper black. That is Mass surveillance. Connecting is just so 1990.


"We've had this discussion before. It's symptomatic for what is now commonly referred to as "drinking from the firehose" _Dirk Praet

Hence the time machine analogy. keep it all in a safe well, where you can sip it one sip at a time.

Snarki, child of LokiFebruary 13, 2015 6:25 AM

"Because whenever you have trouble connecting the dots what you need is... more dots."

Because you can connect N dots in N! ways, adding more dots is unlikely to help unless you already know how to connect them.

PhylFebruary 13, 2015 11:09 AM

Now they can say: "Do you see? There's no reason in complaining about electronic eavesdropping and bulk data collection; we can hardly analyze it to cause you any trouble".

AnakinMarch 1, 2015 4:57 AM

"(...) warn against promoting billion-dollar surveillance programs with the narrow argument that they stop attacks."

But perhaps these arguments still need to be used so that the project can get funding? Even if the entire Intelligence Community is aware that the surveillance program won't stop attacks by itself, they'll probably not get that much support if they say the program won't do a lot by itself.

Clive RobinsonMarch 1, 2015 7:13 AM

@ Anakin

Even if the entire Intelligence Community is aware that the surveillance program won't stop attacks by itself, they'll probably not get that much support if they say the program won't do a lot by itself.

Obtaining money etc by lying is a form of fraud. If you need to commit fraud to get something going, people have the right to ask the question "When and where does the criminal activity stop?"

It's why we have the concept of "fruit from the poisoned vine", you can not trust the output of such a program to be honest, because you can not tell it's another lie just to keep funding.

But that point aside if the project has merit then it should not require lies to get funding. If funding is not forth comming it means that others find the project lacks merit for any number of reasons. Whilst some of those reasons might be self interested as another seeks to protect their turf from loss or competition in the main they should not be in an open culture.

Whilst all those who think a project lacks merit might be wrong, the lack of ability to get that across to them in no way excuses making false claims to change their opinions.

It's that sort of long term bad behaviour that has got us a long way into the mess we are currently in, and the short term gain the liers made is costing us dearly long term and will continue to do so for longer than you, I or our grandchildren will see.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.