FBI Archives - Page 16 of 23 - Schneier on Security

Entries Tagged "FBI"

Page 16 of 23

Terrorism Entrapment

Back in 2007, I wrote an essay, “Portrait of the Modern Terrorist as an Idiot,” where I said:

The JFK Airport plotters seem to have been egged on by an informant, a twice-convicted drug dealer. An FBI informant almost certainly pushed the Fort Dix plotters to do things they wouldn’t have ordinarily done. The Miami gang’s Sears Tower plot was suggested by an FBI undercover agent who infiltrated the group. And in 2003, it took an elaborate sting operation involving three countries to arrest an arms dealer for selling a surface-to-air missile to an ostensible Muslim extremist. Entrapment is a very real possibility in all of these cases.

Over on Salon, Stephan Salisbury has an essay on FBI entrapment and domestic terrorism plots. It’s well worth reading.

Posted on September 6, 2010 at 7:24 AM • View Comments

Vigilant Citizens: Then vs. Now

This is from Atomic Bombing: How to Protect Yourself, published in 1950:

Of course, millions of us will go through our lives never seeing a spy or a saboteur going about his business. Thousands of us may, at one time or another, think we see something like that. Only hundreds will be right. It would be foolish for all of us to see enemy agents lurking behind every tree, to become frightened of our own shadows and report them to the F.B.I.

But we are citizens, we might see something which might be useful to the F.B.I. and it is our duty to report what we see. It is also our duty to know what is useful to the F.B.I. and what isn’t.

[…]

If you think your neighbor has “radical” views—that is none of your or the F.B.I.’s business. After all, it is the difference in views of our citizens, from the differences between Jefferson and Hamilton to the differences between Truman and Dewey, which have made our country strong.

But if you see your neighbor—and the views he expresses might seem to agree with yours completely—commit an act which might lead you to suspect that he might be committing espionage, sabotage or subversion, then report it to the F.B.I.

After that, forget about it. Mr. Hoover also said: “Do not circulate rumors about subversive activities, or draw conclusions from information you furnish the F.B.I. The data you possess might be incomplete or only partially accurate. By drawing conclusions based on insufficient evidence grave injustices might result to innocent persons.”

In other words, you might be wrong. In our system, it takes a court, a trial and a jury to say a man is guilty.

It would be nice if this advice didn’t seem as outdated as the rest of the book.

Posted on July 1, 2010 at 1:05 PM • View Comments

Cryptography Success Story

From Brazil: the moral, of course, is to choose a strong key and to encrypt the entire drive, not just key files.

Posted on June 30, 2010 at 9:16 AM • View Comments

Baby Terrorists

This, from Congressman Louie Gohmert of Texas, is about as dumb as it gets:

I talked to a retired FBI agent who said that one of the things they were looking at were terrorist cells overseas who had figured out how to game our system. And it appeared they would have young women, who became pregnant, would get them into the United States to have a baby. They wouldn’t even have to pay anything for the baby. And then they would turn back where they could be raised and coddled as future terrorists. And then one day, twenty…thirty years down the road, they can be sent in to help destroy our way of life. ‘Cause they figured out how stupid we are being in this country to allow our enemies to game our system, hurt our economy, get setup in a position to destroy our way of life.

This is simply too stupid to even bother refuting. But this sort of fear mongering is nothing new for Gohmert.

Posted on June 29, 2010 at 6:28 AM • View Comments

Dating Recordings by Power Line Fluctuations

Interesting:

The capability, called “electrical network frequency analysis” (ENF), is now attracting interest from the FBI and is considered the exciting new frontier in digital forensics, with power lines acting as silent witnesses to crime.

In the “high profile” murder trial, which took place earlier this year, ENF meant prosecutors were able to show that a seized voice recording that became vital to their case was authentic. Defence lawyers suggested it could have been concocted by a witness to incriminate the accused.

[…]

ENF relies on frequency variations in the electricity supplied by the National Grid. Digital devices such as CCTV recorders, telephone recorders and camcorders that are plugged in to or located near the mains pick up these deviations in the power supply, which are caused by peaks and troughs in demand. Battery-powered devices are not immune to to ENF analysis, as grid frequency variations can be induced in their recordings from a distance.

At the Metropolitan Police’s digital forensics lab in Penge, south London, scientists have created a database that has recorded these deviations once every one and a half seconds for the last five years. Over a short period they form a unique signature of the electrical frequency at that time, which research has shown is the same in London as it is in Glasgow.

On receipt of recordings made by the police or public, the scientists are able to detect the variations in mains electricity occurring at the time the recording was made. This signature is extracted and automatically matched against their ENF database, which indicates when it was made.

The technique can also uncover covert editing—or rule it out, as in the recent murder trial—because a spliced recording will register more than one ENF match.

Posted on June 16, 2010 at 7:00 AM • View Comments

Terrorists Placing Fake Bombs in Public Places

Supposedly, the latest terrorist tactic is to place fake bombs—suspicious looking bags, backpacks, boxes, and coolers—in public places in an effort to paralyze the city and probe our defenses. The article doesn’t say whether or not this has actually ever happened, only that the FBI is warning of the tactic.

Citing an FBI informational document, ABC News reports a so called “battle of suspicious bags” is being encouraged on a jihadist website.

I have no doubt that this may happen, but I’m sure these are not actual terrorists doing the planting. We’re so easy to terrorize that anyone can play; this is the equivalent of hacking in the real world. One solution is to continue to overreact, and spend even more money on these fake threats. The other is to refuse to be terrorized.

Posted on June 9, 2010 at 6:24 AM • View Comments

Crypto Comic Book

I have no idea.

EDITED TO ADD (4/10): It’s out. Here’s a review.

Posted on February 12, 2010 at 1:48 PM • View Comments

Fixing Intelligence Failures

President Obama, in his speech last week, rightly focused on fixing the intelligence failures that resulted in Umar Farouk Abdulmutallab being ignored, rather than on technologies targeted at the details of his underwear-bomb plot. But while Obama’s instincts are right, reforming intelligence for this new century and its new threats is a more difficult task than he might like. We don’t need new technologies, new laws, new bureaucratic overlords, or—for heaven’s sake—new agencies. What prevents information sharing among intelligence organizations is the culture of the generation that built those organizations.

The U.S. intelligence system is a sprawling apparatus, spanning the FBI and the State Department, the CIA and the National Security Agency, and the Department of Homeland Security—itself an amalgamation of two dozen different organizations—designed and optimized to fight the Cold War. The single, enormous adversary then was the Soviet Union: as bureaucratic as they come, with a huge budget, and capable of very sophisticated espionage operations. We needed to defend against technologically advanced electronic eavesdropping operations, their agents trying to bribe or seduce our agents, and a worldwide intelligence gathering capability that hung on our every word.

In that environment, secrecy was paramount. Information had to be protected by armed guards and double fences, shared only among those with appropriate security clearances and a legitimate “need to know,” and it was better not to transmit information at all than to transmit it insecurely.

Today’s adversaries are different. There are still governments, like China, who are after our secrets. But the secrets they’re after are more often corporate than military, and most of the other organizations of interest are like al Qaeda: decentralized, poorly funded and incapable of the intricate spy versus spy operations the Soviet Union could pull off.

Against these adversaries, sharing is far more important than secrecy. Our intelligence organizations need to trade techniques and expertise with industry, and they need to share information among the different parts of themselves. Today’s terrorist plots are loosely organized ad hoc affairs, and those dots that are so important for us to connect beforehand might be on different desks, in different buildings, owned by different organizations.

Critics have pointed to laws that prohibited inter-agency sharing but, as the 9/11 Commission found, the law allows for far more sharing than goes on. It doesn’t happen because of inter-agency rivalries, a reliance on outdated information systems, and a culture of secrecy. What we need is an intelligence community that shares ideas and hunches and facts on their versions of Facebook, Twitter and wikis. We need the bottom-up organization that has made the Internet the greatest collection of human knowledge and ideas ever assembled.

The problem is far more social than technological. Teaching your mom to “text” and your dad to Twitter doesn’t make them part of the Internet generation, and giving all those cold warriors blogging lessons won’t change their mentality—or the culture. The reason this continues to be a problem, the reason President George W. Bush couldn’t change things even after the 9/11 Commission came to much the same conclusions as President Obama’s recent review did, is generational. The Internet is the greatest generation gap since rock and roll, and it’s just as true inside government as out. We might have to wait for the elders inside these agencies to retire and be replaced by people who grew up with the Internet.

A version of this op-ed previously appeared in the San Francisco Chronicle.

I wrote about this in 2002.

EDITED TO ADD (1/17): Another opinion.

Posted on January 16, 2010 at 7:13 AM • View Comments

FBI/CIA/NSA Information Sharing Before 9/11

It’s conventional wisdom that the legal “wall” between intelligence and law enforcement was one of the reasons we failed to prevent 9/11. The 9/11 Comission evaluated that claim, and published a classified report in 2004. The report was released, with a few redactions, over the summer: “Legal Barriers to Information Sharing: The Erection of a Wall Between Intelligence and Law Enforcement Investigations,” 9/11 Commission Staff Monograph by Barbara A. Grewe, Senior Counsel for Special Projects, August 20, 2004.

The report concludes otherwise:

“The information sharing failures in the summer of 2001 were not the result of legal barriers but of the failure of individuals to understand that the barriers did not apply to the facts at hand,” the 35-page monograph concludes. “Simply put, there was no legal reason why the information could not have been shared.”

The prevailing confusion was exacerbated by numerous complicating circumstances, the monograph explains. The Foreign Intelligence Surveillance Court was growing impatient with the FBI because of repeated errors in applications for surveillance. Justice Department officials were uncomfortable requesting intelligence surveillance of persons and facilities related to Osama bin Laden since there was already a criminal investigation against bin Laden underway, which normally would have preempted FISA surveillance. Officials were reluctant to turn to the FISA Court of Review for clarification of their concerns since one of the judges on the court had expressed doubts about the constitutionality of FISA in the first place. And so on. Although not mentioned in the monograph, it probably didn’t help that public interest critics in the 1990s (myself included) were accusing the FISA Court of serving as a “rubber stamp” and indiscriminately approving requests for intelligence surveillance.

In the end, the monograph implicitly suggests that if the law was not the problem, then changing the law may not be the solution.

James Bamford comes to much the same conclusion in his book, The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America: there was no legal wall that prevented intelligence and law enforcement from sharing the information necessary to prevent 9/11; it was inter-agency rivalries and turf battles.

Posted on November 12, 2009 at 2:26 PM • View Comments

John Mueller on Zazi

I have refrained from commenting on the case against Najibullah Zazi, simply because it’s so often the case that the details reported in the press have very little do with reality. My suspicion was, that as in in so many other cases, he was an idiot who couldn’t do any real harm and was turned into a bogeyman for political purposes.

However, John Mueller—who I’ve written about before—has done the research:

Recalls his step-uncle affectionately, Zazi is “a dumb kid, believe me.” A high school dropout, Zazi mostly worked as doughnut peddler in Lower Manhattan, barely making a living. Somewhere along the line, it is alleged, he took it into his head to set off a bomb and traveled to Pakistan where he received explosives training from al-Qaeda and copied nine pages of chemical bombmaking instructions onto his laptop. FBI Director Robert Mueller asserted in testimony on September 30 that this training gave Zazi the “capability” to set off a bomb.

That, however, seems to be a substantial overstatement—not unlike the Director’s 2003 testimony assuring us that, although his agency had yet to identify an al-Qaeda cell in the U.S., such unidentified entities nonetheless presented “the greatest threat,” had “developed a support infrastructure” in the country, and were able and intended to inflict “significant casualties in the US with little warning.”

An overstatement because, upon returning to the United States, Zazi allegedly spent the better part of a year trying to concoct the bomb he had supposedly learned how to make. In the process, he, or some confederates, purchased bomb materials using stolen credit cards, a bone-headed maneuver guaranteeing that red flags would go up about the sale and that surveillance videos in the stores would be maintained rather than routinely erased.

However, even with the material at hand, Zazi still apparently couldn’t figure it out, and he frantically contacted an unidentified person for help several times. Each of these communications was “more urgent in tone than the last,” according to court documents.

Clearly, if Zazi was able eventually to bring his alleged aspirations to fruition, he could have done some damage, though, given his capacities, the person most in existential danger was surely the lapsed doughnut peddler himself.

As I said in 2007:

Terrorism is a real threat, and one that needs to be addressed by appropriate means. But allowing ourselves to be terrorized by wannabe terrorists and unrealistic plots—and worse, allowing our essential freedoms to be lost by using them as an excuse—is wrong.

[…]

I’ll be the first to admit that I don’t have all the facts in any of these cases. None of us do. So let’s have some healthy skepticism. Skepticism when we read about these terrorist masterminds who were poised to kill thousands of people and do incalculable damage. Skepticism when we’re told that their arrest proves that we need to give away our own freedoms and liberties. And skepticism that those arrested are even guilty in the first place.

The problem with these arrests is that the crimes have not happened yet. So these cases involve trying to divine what people will do in the future. They involve trying to guess as to people’s motives and abilities. They often involve informants with questionable integrity, and my worry is that in our zeal to prevent terrorism, we create terrorists where there weren’t any to begin with.

Mueller writes:

It follows that any terrorism problem within the United States principally derives from homegrown people like Zazi, often isolated from each other, who fantasize about performing dire deeds. Penn State’s Michael Kenney has interviewed dozens of officials and intelligence agents and analyzed court documents, and finds homegrown Islamic militants to be operationally unsophisticated, short on know-how, prone to make mistakes, poor at planning, and severely hampered by a limited capacity to learn. Another study documents the difficulties of network coordination that continually threaten operational unity, trust, cohesion, and the ability to act collectively. And the popular notion these characters have the capacity to steal or put together an atomic bomb seems, to put it mildly, as fanciful as some of the terrorists’ schemes.

By contrast, the image projected by the Department of Homeland Security continues to be of an enemy that is “relentless, patient, opportunistic, and flexible,” shows “an understanding of the potential consequence of carefully planned attacks on economic transportation, and symbolic targets,” seriously threatens “national security,” and could inflict “mass casualties, weaken the economy, and damage public morale and confidence.” That description may fit some terrorists—the 9/11 hijackers among them. But not the vast majority, including the hapless Zazi.

EDITED TO ADD (11/9): This is the Michael Kenney paper that Mueller cites.

Posted on November 9, 2009 at 12:15 PM • View Comments