Tag Archives: CIA secret wars

The CIA Plan to Destroy Emails

recover-deleted-email

A CIA plan to erase tens of thousands of its internal emails — including those sent by virtually all covert and counterterrorism officers after they leave the agency — is drawing fire from Senate Intelligence Committee members concerned that it would wipe out key records of some of the agency’s most controversial operations.  The agency proposal, which has been tentatively approved by the National Archives, “could allow for the destruction of crucial documentary evidence regarding the CIA’s activities,” Senate Intelligence Committee Chair Dianne Feinstein and ranking minority member Sen. Saxby Chambliss, R-Ga., wrote in a letter to Margaret Hawkins,  (pdf) the director of records and management services at the archives.

But agency officials quickly shot back, calling the committee’s concerns grossly overblown and ill informed. They insist their proposal is completely in keeping with — and in some cases goes beyond — the email retention policies of other government agencies. “What we’ve proposed is a totally normal process,” one agency official told Yahoo News.

The source of the controversy may be that the CIA, given its secret mission and rich history of clandestine operations, is not a normal agency. And its proposal to destroy internal emails comes amid mounting tensions between the CIA and its Senate oversight panel, stoked by continued bickering over an upcoming committee report — relying heavily on years-old internal CIA emails — that is sharply critical of the agency’s use of waterboarding and other aggressive interrogation techniques against al-Qaida suspects in the aftermath of the 9/11 terror attacks.

In this case, however, Chambliss — a conservative Republican who has sided with the CIA on the interrogation issue — joined with Feinstein in questioning the agency’s proposed new email policy, which would allow for the destruction of email messages sent by all but a relatively small number of senior agency officials.  “In our experience, email messages are essential to finding CIA records that may not exist in other so-called permanent records,” the two senators wrote in their letter, a copy of which was also sent this week to CIA Director John Brennan and Director of National Intelligence James Clapper. …

Under the new proposal, only the emails of 22 senior agency officials would be permanently retained; all others, including all covert officers except the director of the National Clandestine Service, could be deleted three years after the employees leave the CIA “or when no longer needed, whichever is sooner,” according to a copy of the agency’s plan….

But the plan has sparked criticism from watchdog groups and historians who note the agency’s track record of destroying potentially embarrassing material: In 2007, it was disclosed that agency officials had destroyed hundreds of hours of videotapes documenting the waterboarding of two high-value detainees. The disclosure prompted a criminal investigation by the Justice Department as well as a separate National Archives probe into whether the agency had violated the Federal Records Act. Neither inquiry led to any federal charges.

The CIA has a history of destroying records “that are embarrassing” and “disclose mistakes” or “reflect poorly on the conduct of the CIA,” said Tim Weiner, the author of “Legacy of Ashes, a history of the CIA,” in comments filed with the National Archives by Open the Government, a watchdog group that is seeking to block the CIA proposal. He noted that during the Iran-Contra Affair, for example, those involved “fed so many records into the shredder that they jammed the shredder.” “It cannot be left to the CIA to determine what is a record of historical significance,” Weiner said.

Excerpts from Michael Isikoff,The CIA wants to destroy thousands of internal emails covering spy operations and other activities, Yahoo News, Nov. 20, 2014

West versus the Islamic State: the Apostles

ODA 525 team picture taken shortly before infiltration in Iraq, February 1991.  Image from wikipedia

Undercover warriors [led by the US spy agency CIA] will aim to “cut the head off the snake” by hitting the command structure of the Islamist terror group responsible for a trail of atrocities across Iraq and Syria, reports the Sunday People.  PM David Cameron has told the SAS and UK spy agencies to direct all their ­resources at defeating IS [Islamic State] after a video of US journalist James Foley being beheaded shocked the world.

British special forces will work with America’s Delta Force and Seal Team 6. The move sees a rebirth of top secret Task Force Black, which helped defeat al-Qaeda terrorists in Iraq .This time the counter-terrorist ­experts will be targeting Abu Bakr ­al-Baghdadi, leader of IS and now the world’s most wanted terrorist.

A source said: “We need to go into Syria and Iraq and kill as many IS members as we can. You can’t ­negotiate with these people.  “This is not a war of choice. They are cash rich and have a plentiful ­supply of arms. If we don’t go after them, they will soon come after us…You have to get on the ground and take out the commanders – cut off the snake’s head.

The new task force will comprise a squadron of the SAS, special forces aircrews from the RAF and agents from MI5 and MI6. The operation will be led by America’s CIA spy agency.

One of the first jobs will be to identify the British Muslim shown on an IS video released last week apparently cutting Foley’s head off with a knife. UK intelligence sources confirmed that the killer, believed to be a British-born Pakistani from London, is already at the top of a CIA “kill list”…

Troops will also train Kurdish Peshmerga fighters…There are also moves to revive a defunct Iraqi special forces unit called the Apostles, which was ­created by the first Task Force Black a­fter the Iraq War.

Excerpts from Aaron Sharp, SAS and US special forces forming hunter killer unit to ‘smash Islamic State’, Mirror, Aug.23, 2014

What Putin and the CIA have in Common

ukraine

The West has made NATO’s military alliance the heart of its response to Russia’s power grab in Ukraine. But we may be fighting the wrong battle: The weapons President Vladimir Putin has used in Crimea and eastern Ukraine look more like paramilitary “covert action” than conventional military force.  Putin, the former KGB officer, may in fact be taking a page out of America’s playbook during the Ronald Reagan presidency, when the Soviet empire began to unravel thanks to a relentless U.S. covert-action campaign. Rather than confront Moscow head on, Reagan nibbled at the edges, by supporting movements that destabilized Russian power in Afghanistan, Nicaragua, Angola and, finally, Poland and eastern Europe.

It was a clever American strategy back then, pushing a wounded Soviet Union and opportunistically exploiting local grievances, wherever possible. And it’s an equally clever Russian approach now, offering maximum gain at minimum potential cost.  The parallel was drawn for me this past week by John Maguire, a former CIA paramilitary covert-action officer, who served in the contras program in Nicaragua and later in the Middle East. “At the end of the day, Putin is a case officer,” says Maguire. “He watched what we did in the 1980s, and now he’s playing it back against us.”..  [T]he real action was covert destabilization of major cities in eastern Ukraine. Since these cities are largely Russian-speaking, Putin could count on a base of local popular support.  Last week, Pro-Russian “demonstrators” seized buildings in Donetsk, Kharkiv and Luhansk. Some demonstrators said they wanted to conduct referendums on joining Russia, just as Crimea did prior to its annexation. It was a clever exploitation of local cultural and religious bias — the sort of “divide and rule” move favored by intelligence agencies for centuries…

If you look back at the way the United States worked with Solidarity in Poland in the 1980s, you can see why this form of clandestine activity is so powerful. The CIA’s primary ally was the Catholic Church, headed by a Polish pope, John Paul II, who believed as a matter of religious conviction that Soviet communism should be rolled back. To work with the church, the agency needed a waiver from rules that banned operations with religious organizations.

One thing Putin learned from watching the Soviet empire fall is that the most potent weapons are those that go under the radar — and are nominally legal in the countries where operations are taking place. All the nuclear might of the Soviet Union was useless against the striking workers in Poland, or hit-and-run guerrillas in Nicaragua, or mujahedeen fighters in Afghanistan. The Soviet Union was a giant beast felled by a hundred small pricks of the lance.

How can America and the West fight back effectively against Putin’s tactics?… The trick for the interim government in Kiev is to fight a nonviolent counterinsurgency — keeping a unified Ukrainian population on its side as much as possible.

The Ukrainian struggle tells us that this is a different kind of war. Putin has learned the lessons of Iraq and Afghanistan, yes, but also those of Poland and East Germany. An ex-spy is calling the shots in Moscow, using a dirty-tricks manual he knows all too well.
Excerpt, David Ignatius, David Ignatius: Putin steals CIA playbook on anti-Soviet covert operations, Washington Post, May 4, 2014

How to Tell a Secret and Keep it: United States, Iran and the Stuxnet Worm

From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.  Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.  At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.  “Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.  Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.

This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.  These officials gave differing assessments of how successful the sabotage program was in slowing Iran’s progress toward developing the ability to build nuclear weapons. Internal Obama administration estimates say the effort was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that Iran’s enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.

Whether Iran is still trying to design and build a weapon is in dispute. The most recent United States intelligence estimate concludes that Iran suspended major parts of its weaponization effort after 2003, though there is evidence that some remnants of it continue.

Iran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. Last year, the nation announced that it had begun its own military cyberunit, and Brig. Gen. Gholamreza Jalali, the head of Iran’s Passive Defense Organization, said that the Iranian military was prepared “to fight our enemies” in “cyberspace and Internet warfare.” But there has been scant evidence that it has begun to strike back.

The United States government only recently acknowledged developing cyberweapons, and it has never admitted using them. There have been reports of one-time attacks against personal computers used by members of Al Qaeda, and of contemplated attacks against the computers that run air defense systems, including during the NATO-led air attack on Libya last year. But Olympic Games was of an entirely different type and sophistication.

It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives. The code itself is 50 times as big as the typical computer worm, Carey Nachenberg, a vice president of Symantec, one of the many groups that have dissected the code, said at a symposium at Stanford University in April. Those forensic investigations into the inner workings of the code, while picking apart how it worked, came to no conclusions about who was responsible.

A similar process is now under way to figure out the origins of another cyberweapon called Flame that was recently discovered to have attacked the computers of Iranian officials, sweeping up information from those machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games. They have declined to say whether the United States was responsible for the Flame attack.

Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons — even under the most careful and limited circumstances — could enable other countries, terrorists or hackers to justify their own attacks.

“We discussed the irony, more than once,” one of his aides said. Another said that the administration was resistant to developing a “grand theory for a weapon whose possibilities they were still discovering.” Yet Mr. Obama concluded that when it came to stopping Iran, the United States had no other choice.If Olympic Games failed, he told aides, there would be no time for sanctions and diplomacy with Iran to work. Israel could carry out a conventional military attack, prompting a conflict that could spread throughout the region.

The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before.

Iran’s president, Mahmoud Ahmadinejad, took reporters on a tour of the plant and described grand ambitions to install upward of 50,000 centrifuges. For a country with only one nuclear power reactor — whose fuel comes from Russia — to say that it needed fuel for its civilian nuclear program seemed dubious to Bush administration officials. They feared that the fuel could be used in another way besides providing power: to create a stockpile that could later be enriched to bomb-grade material if the Iranians made a political decision to do so.  Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.

For years the C.I.A. had introduced faulty parts and designs into Iran’s systems — even tinkering with imported power supplies so that they would blow up — but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before.

The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet — called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.  The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an Iranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail.

Eventually the beacon would have to “phone home” — literally send a message back to the headquarters of the National Security Agency that would describe the structure and daily rhythms of the enrichment plant. Expectations for the plan were low; one participant said the goal was simply to “throw a little sand in the gears” and buy some time. Mr. Bush was skeptical, but lacking other options, he authorized the effort.  It took months for the beacons to do their work and report home, complete with maps of the electronic directories of the controllers and what amounted to blueprints of how they were connected to the centrifuges deep underground.  Then the N.S.A. and a secret Israeli unit respected by American intelligence officials for its cyberskills set to work developing the enormously complex computer worm that would become the attacker from within.  The unusually tight collaboration with Israel was driven by two imperatives. Israel’s Unit 8200, a part of its military, had technical expertise that rivaled the N.S.A.’s, and the Israelis had deep intelligence about operations at Natanz that would be vital to making the cyberattack a success. But American officials had another interest, to dissuade the Israelis from carrying out their own pre-emptive strike against the Iranian nuclear facilities. To do that, the Israelis would have to be convinced that the new line of attack was working. The only way to convince them, several officials said in interviews, was to have them deeply involved in every aspect of the program.

Soon the two countries had developed a complex worm that the Americans called “the bug.” But the bug needed to be tested. So, under enormous secrecy, the United States began building replicas of Iran’s P-1 centrifuges, an aging, unreliable design that Iran purchased from Abdul Qadeer Khan, the Pakistani nuclear chief who had begun selling fuel-making technology on the black market. Fortunately for the United States, it already owned some P-1s, thanks to the Libyan dictator, Col. Muammar el-Qaddafi.  When Colonel Qaddafi gave up his nuclear weapons program in 2003, he turned over the centrifuges he had bought from the Pakistani nuclear ring, and they were placed in storage at a weapons laboratory in Tennessee. The military and intelligence officials overseeing Olympic Games borrowed some for what they termed “destructive testing,” essentially building a virtual replica of Natanz, but spreading the test over several of the Energy Department’s national laboratories to keep even the most trusted nuclear workers from figuring out what was afoot.

Those first small-scale tests were surprisingly successful: the bug invaded the computers, lurking for days or weeks, before sending instructions to speed them up or slow them down so suddenly that their delicate parts, spinning at supersonic speeds, self-destructed. After several false starts, it worked. One day, toward the end of Mr. Bush’s term, the rubble of a centrifuge was spread out on the conference table in the Situation Room, proof of the potential power of a cyberweapon. The worm was declared ready to test against the real target: Iran’s underground enrichment plant.

“Previous cyberattacks had effects limited to other computers,” Michael V. Hayden, the former chief of the C.I.A., said, declining to describe what he knew of these attacks when he was in office. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction,” rather than just slow another computer, or hack into it to steal data…  Getting the worm into Natanz, however, was no easy trick. The United States and Israel would have to rely on engineers, maintenance workers and others — both spies and unwitting accomplices — with physical access to the plant. “That was our holy grail,” one of the architects of the plan said. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”

In fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code.  The first attacks were small, and when the centrifuges began spinning out of control in 2008, the Iranians were mystified about the cause, according to intercepts that the United States later picked up. “The thinking was that the Iranians would blame bad parts, or bad engineering, or just incompetence,” one of the architects of the early attack said.  The Iranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally. “This may have been the most brilliant part of the code,” one American official said.

Later, word circulated through the International Atomic Energy Agency, the Vienna-based nuclear watchdog, that the Iranians had grown so distrustful of their own instruments that they had assigned people to sit in the plant and radio back what they saw.  “The intent was that the failures should make them feel they were stupid, which is what happened,” the participant in the attacks said. When a few centrifuges failed, the Iranians would close down whole “stands” that linked 164 machines, looking for signs of sabotage in all of them. “They overreacted,” one official said. “We soon discovered they fired people.”

Imagery recovered by nuclear inspectors from cameras at Natanz — which the nuclear agency uses to keep track of what happens between visits — showed the results. There was some evidence of wreckage, but it was clear that the Iranians had also carted away centrifuges that had previously appeared to be working well.  But by the time Mr. Bush left office, no wholesale destruction had been accomplished. Meeting with Mr. Obama in the White House days before his inauguration, Mr. Bush urged him to preserve two classified programs, Olympic Games and the drone program in Pakistan. Mr. Obama took Mr. Bush’s advice….

But the good luck did not last. In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. It fell to Mr. Panetta and two other crucial players in Olympic Games — General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C.I.A. — to break the news to Mr. Obama and Mr. Biden.

“I don’t think we have enough information,” Mr. Obama told the group that day, according to the officials. But in the meantime, he ordered that the cyberattacks continue. They were his best hope of disrupting the Iranian nuclear program unless economic sanctions began to bite harder and reduced Iran’s oil revenues.

American cyberattacks are not limited to Iran, but the focus of attention, as one administration official put it, “has been overwhelmingly on one country.” There is no reason to believe that will remain the case for long. Some officials question why the same techniques have not been used more aggressively against North Korea. Others see chances to disrupt Chinese military plans, forces in Syria on the way to suppress the uprising there, and Qaeda operations around the world. “We’ve considered a lot more attacks than we have gone ahead with,” one former intelligence official said….

Mr. Obama has repeatedly told his aides that there are risks to using — and particularly to overusing — the weapon. In fact, no country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran.

DAVID E. SANGER,Obama Order Sped Up Wave of Cyberattacks Against Iran, New York Times, June 1, 2012