NSA's key role in targeted killings

Eugen Leitl eugen at leitl.org
Thu Oct 17 06:40:29 PDT 2013


http://www.washingtonpost.com/world/national-security/documents-reveal-nsas-extensive-involvement-in-targeted-killing-program/2013/10/16/29775278-3674-11e3-8a0e-4e2cf80831fc_story.html

Documents reveal NSA’s extensive involvement in targeted killing program

Video: In June, President Obama said the NSA’s programs “help us prevent
terrorist attacks.”

By Greg Miller, Julie Tate and Barton Gellman, Thursday, October 17, 2:07 AM
E-mail the writers

It was an innocuous e-mail, one of millions sent every day by spouses with
updates on the situation at home. But this one was of particular interest to
the National Security Agency and contained clues that put the sender’s
husband in the crosshairs of a CIA drone.

Days later, Hassan Ghul — an associate of Osama bin Laden who provided a
critical piece of intelligence that helped the CIA find the al-Qaeda leader —
was killed by a drone strike in Pakistan’s tribal belt.

The U.S. government has never publicly acknowledged killing Ghul. But
documents provided to The Washington Post by former NSA contractor Edward
Snowden confirm his demise in October 2012 and reveal the agency’s extensive
involvement in the targeted killing program that has served as a centerpiece
of President Obama’s counterterrorism strategy.

An al-Qaeda operative who had a knack for surfacing at dramatic moments in
the post-Sept. 11 story line, Ghul was an emissary to Iraq for the terrorist
group at the height of that war. He was captured in 2004 and helped expose
bin Laden’s courier network before spending two years at a secret CIA prison.
Then, in 2006, the United States delivered him to his native Pakistan, where
he was released and returned to the al-Qaeda fold.

But beyond filling in gaps about Ghul, the documents provide the most
detailed account of the intricate collaboration between the CIA and the NSA
in the drone campaign.

The Post is withholding many details about those missions, at the request of
U.S. intelligence officials who cited potential damage to ongoing operations
and national security.

The NSA is “focused on discovering and developing intelligence about valid
foreign intelligence targets,” an NSA spokeswoman said in a statement
provided to The Post on Wednesday, adding that the agency’s operations
“protect the nation and its interests from threats such as terrorism and the
proliferation of weapons of mass destruction.”

In the search for targets, the NSA has draped a surveillance blanket over
dozens of square miles of northwest Pakistan. In Ghul’s case, the agency
deployed an arsenal of cyber-espionage tools, secretly seizing control of
laptops, siphoning audio files and other messages, and tracking radio
transmissions to determine where Ghul might “bed down.”

The e-mail from Ghul’s wife “about her current living conditions” contained
enough detail to confirm the coordinates of that household, according to a
document summarizing the mission. “This information enabled a capture/kill
operation against an individual believed to be Hassan Ghul on October 1,” it
said.

The file is part of a collection of records in the Snowden trove that make
clear that the drone campaign — often depicted as the CIA’s exclusive domain
— relies heavily on the NSA’s ability to vacuum up enormous quantities of
e-mail, phone calls and other fragments of signals intelligence, or SIGINT.

To handle the expanding workload, the NSA created a secret unit known as the
Counter-Terrorism Mission Aligned Cell, or CT MAC, to concentrate the
agency’s vast resources on hard-to-find terrorism targets. The unit spent a
year tracking Ghul and his courier network, tunneling into an array of
systems and devices, before he was killed. Without those penetrations, the
document concluded, “this opportunity would not have been possible.”

At a time when the NSA is facing intense criticism for gathering data on
Americans, the drone files may bolster the agency’s case that its resources
are focused on fighting terrorism and supporting U.S. operations overseas.

“Ours is a noble cause,” NSA Director Keith B. Alexander said during a public
event last month. “Our job is to defend this nation and to protect our civil
liberties and privacy.”

The documents do not explain how the Ghul e-mail was obtained or whether it
was intercepted using legal authorities that have emerged as a source of
controversy in recent months and enable the NSA to compel technology giants
including Microsoft and Google to turn over information about their users.
Nor is there a reference to another NSA program facing scrutiny after
Snowden’s leaks, its metadata collection of numbers dialed by nearly every
person in the United States.

To the contrary, the records indicate that the agency depends heavily on
highly targeted network penetrations to gather information that wouldn’t
otherwise be trapped in surveillance nets that it has set at key Internet
gateways.

The new documents are self-congratulatory in tone, drafted to tout the NSA’s
counterterrorism capabilities. One is titled “CT MAC Hassan Gul Success.” The
files make no mention of other agencies’ roles in a drone program that
escalated dramatically in 2009 and 2010 before tapering off in recent years.

Even so, former CIA officials said the files are an accurate reflection of
the NSA’s contribution to finding targets in a campaign that has killed more
than 3,000 people, including thousands of alleged militants and hundreds of
civilians, in Pakistan, according to independent surveys. The officials said
the agency has assigned senior analysts to the CIA’s Counterterrorism Center,
and deployed others to work alongside CIA counterparts at almost every major
U.S. embassy or military base overseas.

“NSA threw the kitchen sink at the FATA,” said a former U.S. intelligence
official with experience in Afghanistan and Pakistan, referring to the
Federally Administered Tribal Areas, the region in northwest Pakistan where
al-Qaeda’s leadership is based.

NSA employees rarely ventured beyond the security gates of the U.S. Embassy
in Islamabad, officials said. Surveillance operations that required placing a
device or sensor near an al-Qaeda compound were handled by the CIA’s
Information Operations Center, which specializes in high-tech devices and
“close-in” surveillance work.

“But if you wanted huge coverage of the FATA, NSA had 10 times the manpower,
20 times the budget and 100 times the brainpower,” the former intelligence
official said, comparing the surveillance resources of the NSA to the smaller
capabilities of the agency's IOC. The two agencies are the largest in the
U.S. intelligence community, with budgets last year of $14.7 billion for the
CIA and $10.8 billion for the NSA. “We provided the map,” the former official
said, “and they just filled in the pieces.”

In broad terms, the NSA relies on increasingly sophisticated versions of
online attacks that are well-known among security experts. Many rely on
software implants developed by the agency’s Tailored Access Operations
division with code-names such as UNITEDRAKE and VALIDATOR. In other cases,
the agency runs “man-in-the-middle” attacks in which it positions itself
unnoticed midstream between computers communicating with one another,
diverting files for real-time alerts and longer-term analysis in data
repositories.

Through these and other tactics, the NSA is able to extract vast quantities
of digital information, including audio files, imagery and keystroke logs.
The operations amount to silent raids on suspected safe houses and often are
carried out by experts sitting behind desks thousands of miles from their
targets.

The reach of the NSA’s Tailored Access Operations division extends far beyond
Pakistan. Other documents describe efforts to tunnel into systems used by
al-Qaeda affiliates in Yemen and Africa, each breach exposing other
corridors.

An operation against a suspected facilitator for al-Qaeda’s branch in Yemen
led to a trove of files that could be used to “help NSA map out the movement
of terrorists and aspiring extremists between Yemen, Syria, Turkey, Egypt,
Libya and Iran,” according to the documents. “This may enable NSA to better
flag the movement of these individuals” to allied security services that “can
put individuals on no-fly lists or monitor them once in country.”

A single penetration yielded 90 encrypted al-Qaeda documents, 16 encryption
keys, 30 unencrypted messages as well as “thousands” of chat logs, according
to an inventory described in one of the Snowden documents.

The operations are so easy, in some cases, that the NSA is able to start
downloading data in less time than it takes the targeted machine to boot up.
Last year, a user account on a social media Web site provided an instant
portal to an al-Qaeda operative’s hard drive. “Within minutes, we
successfully exploited the target,” the document said.

The hunt for Ghul followed a more elaborate path.

Ghul, who is listed in other documents as Mustafa Haji Muhammad Khan, had
surfaced on U.S. radar as early as 2003, when an al-Qaeda detainee disclosed
that Ghul escorted one of the intended hijackers to a Pakistani safe house a
year before the Sept. 11, 2001, attacks.

A trusted facilitator and courier, Ghul was dispatched to Iraq in 2003 to
deliver a message to Abu Musab al-Zarqawi, the al-Qaeda firebrand who angered
the network’s leaders in Pakistan by launching attacks that often slaughtered
innocent Muslims.

When Ghul made another attempt to enter Iraq in 2004, he was detained by
Kurdish authorities in an operation directed by the CIA. Almost immediately,
Ghul provided a piece of intelligence that would prove more consequential
than he may have anticipated: He disclosed that bin Laden relied on a trusted
courier known as al-Kuwaiti.

The ripples from that revelation wouldn’t subside for years. The CIA went on
to determine the true identity of al-Kuwaiti and followed him to a heavily
fortified compound in Abbottabad, Pakistan, where bin Laden was killed in
2011.

Because of the courier tip, Ghul became an unwitting figure in the
contentious debate over CIA interrogation measures. He was held at a CIA
black site in Eastern Europe, according to declassified Justice Department
memos, where he was slapped and subjected to stress positions and sleep
deprivation to break his will.

Defenders of the interrogation program have cited Ghul’s courier disclosure
as evidence that the agency’s interrogation program was crucial to getting
bin Laden. But others, including former CIA operatives directly involved in
Ghul’s case, said that he identified the courier while he was being
interrogated by Kurdish authorities, who posed questions scripted by CIA
analysts in the background.

The debate resurfaced amid the release of the movie “Zero Dark Thirty” last
year, in which a detainee’s slip after a brutal interrogation sequence is
depicted as a breakthrough in the bin Laden hunt. Ghul’s case also has been
explored in detail in a 6,000-page investigation of the CIA interrogation
program by the Senate Intelligence Committee that has yet to be released.

Sen. Dianne Feinstein (D-Calif.), the chairman of the panel, sought to settle
the Ghul debate in a statement last year that alluded to his role but didn’t
mention him by name.

“The CIA detainee who provided the most significant information about the
courier provided the information prior to being subjected to coercive
interrogation techniques,” Feinstein said in the statement, which was signed
by Sen. Carl Levin (D-Mich.).

The George W. Bush administration’s decision to close the secret CIA prisons
in 2006 set off a scramble to place prisoners whom the agency did not regard
as dangerous or valuable enough to transfer to Guantanamo Bay. Ghul was not
among the original 14 high-value CIA detainees sent to the U.S. installation
in Cuba. Instead, he was turned over to the CIA’s counterpart in Pakistan,
with ostensible assurances that he would remain in custody.

A year later, Ghul was released. There was no public explanation from
Pakistani authorities. CIA officials have noted that Ghul had ties to
Lashkar-e-Taiba, a militant group supported by Pakistan’s intelligence
service. By 2007, he had returned to al-Qaeda’s stronghold in Waziristan.

In 2011, the Treasury Department named Ghul a target of U.S. counterterrorism
sanctions. Since his release, the department said, he had helped al-Qaeda
reestablish logistics networks, enabling al-Qaeda to move people and money in
and out of the country. The NSA document described Ghul as al-Qaeda’s chief
of military operations and detailed a broad surveillance effort to find him.

“The most critical piece” came with a discovery that “provided a vector” for
compounds used by Ghul, the document said. After months of investigation, and
surveillance by CIA drones, the e-mail from his wife erased any remaining
doubt.

Even after Ghul was killed in Mir Ali, the NSA’s role in the drone strike
wasn’t done. Although the attack was aimed at “an individual believed to be”
the correct target, the outcome wasn’t certain until later when, “through
SIGINT, it was confirmed that Hassan Ghul was in fact killed.”



More information about the cypherpunks mailing list