Did Snowden Tip Off Al-Qaeda’s Cryptographers? Ctd

Contradicting a report issued last month by the intelligence firm Recorded Future (and subsequently dismissed as state-sponsored agitprop by Greenwald), Murtaza Hussain highlights a new report from Flashpoint Global Partners that concludes that Snowden’s leaks about NSA surveillance were not to blame for improvements in jihadist groups’ cyber security:

The report itself goes on to make the point that, “Well prior to Edward Snowden, online jihadists were already aware that law enforcement and intelligence agencies were attempting to monitor them.” This point would seem obvious in light of the fact that terrorist groups have been employing tactics to evade digital surveillance for years. Indeed, such concerns about their use of sophisticated encryption technology predate even 9/11. Contrary to claims that such groups have fundamentally altered their practices due to information gleaned from these revelations, the report concludes. “The underlying public encryption methods employed by online jihadists do not appear to have significantly changed since the emergence of Edward Snowden.”

These findings are notable both for empirical rigor through which they ascertained, as well as their contradiction of apparently baseless statements made by high-ranking U.S. officials regarding the impact of the leaks on U.S. national security. This is particularly important as it pertains to the ongoing public debate over the alleged threat of ISIS.

In Joseph Cox’s reading, the report actually questions whether al Qaeda’s counter-surveillance methods have improved dramatically in the first place:

The history of Islamic terrorists using encryption far predates Snowden, and even Wikileaks. An early milestone was an article in Al-Qaida in the Arabian Peninsula’s (AQAP) English language magazine Inspire in October 2010, which exhorted readers to use encryption. The programme suggested then was Asrar al-Mujahideen, originally launched back in 2007. It runs in a similar vein to popular open source encryption Pretty Good Privacy (PGP), utilising public and private keys to securely send files and messages. A 2.0 version was available in 2008, and after this other programmes came out for popular chat programmes, then Android and Symbian mobile devices.

From Asrar al-Mijahideen in 2007 to developments today, Flashpoint’s findings suggest jihadists haven’t made any major changes to their use of encryption: they’re just taking established models and applying them to different areas, such as instant messaging services or mobile phones.

Greenwald Derangement Syndrome And Political Mind Reading

by Freddie deBoer

Edward Snowden is a hero, in the truest sense. At the age of 29, he sacrificed a comfortable, fulfilling life, working a stable and well-paid job in Hawaii, and exposed himself to great risk—most certainly including risk to his life—out of personal conviction. Even if I were not convinced that Snowden had made the United States a more informed, more democratic, and in fact, safer country through his controlled leaks to Glenn Greenwald, Laura Poitras, and Barton Gelliman, I would admire his commitment to principles above self-interest. As it stands, I think that he has done a tremendous service for his country, in a way that the apostles of patriotism constantly invoke, and for his troubles he has been forced from his home and family, under a state of constant legal and physical threat, and reviled by many.

Many or most of my fellow travelers on the left, in my experience, support Snowden. It’s not hard to imagine why, given that he has exposed the inner workings of a key cog in the violent, invasiveGERMANY-US-RUSSIA-INTELLIGENCE-NSA-PARLIAMENT apparatus of American empire. Yet there has also been a strain of leftism that has been deeply suspicious of Snowden and sought to question, or out-and-out discredit, his work. I don’t mean natural skepticism, which we should bring to bear on any public figure, but active hostility and fear-mongering. (I’m also not talking about die-hard Democratic partisans, who object to Snowden under the simple logic that Snowden has harmed a Democratic president and is thus the enemy. I’ve spent far too much of my life debating that kind of partisanship, so I’ll just set it aside—that’s their logic, they stick to it, fine.) My interest here is instead focused on those who criticize Snowden neither because he’s undermined the national security state, as is typical of “terrorism experts” and various imperial stenographers, nor because he’s hurt Obama and Congressional Democrats. I’m talking about those who think Snowden should be distrusted or rejected because he’s, alternatively, a secret libertarian, an open libertarian, a quasi-libertarian, a crypto-libertarian, or similar.

You can find this argument all over. For a balanced, fair take, here’s Salon’s Andrew Leonard. On the other side of the ledger is this piece by Sean Wilentz of (of course) The New Republic, still the go-to magazine for establishment whining and the fetish for “legitimacy,” which at TNR tends to refer to those political opinions that have had the blessings of establishment power.  But a little Googling will show you that the subject of Snowden’s libertarianism, whether real or imagined, has attracted a great deal of attention from those who identify as part of the broad left-wing.

My response to the claim that Edward Snowden is a libertarian is simple: I don’t care. At all. It’s simply immaterial to me. I have no particular interest in his broader ideological or political beliefs. Snowden is not a candidate for President or Congress. He’s not my political czar or my personal friend. What has distinguished Snowden has been his actions, the action of releasing a small portion of a vast trove of secret government documents to the public, in order to reveal to us the extent to which our national security system has trod on our rights and on our freedom. It is of little consequence to me whether he believes in socialism or fascism or anything in between, so long as the fruits of his efforts leave us more informed and better able to at least understand how the military state has harmed us. I don’t know why that indifference to his broader politics would be surprising to anyone. I respect and value his actions, and I feel that we owe him a great debt. If he proposes political ideas that I find immoral or unwise, I will say so. There is no contradiction there.

When we’re discussing Snowden, of course, we’re also discussing Glenn Greenwald.

Since he first burst onto the scene as a vicious critic of the George W. Bush administration and its War on Terror, Greenwald has been a divisive figure, capable of moving ordinarily reserved writers into fits of anger. Like Snowden, Greenwald has been cast as a libertarian many times, and as with Snowden, this is frequently represented as a reason for a socialist like myself to fear and mistrust Greenwald. I will admit that, with a political writer and journalist like Greenwald, there is a greater reason to consider his broader politics than there is with Snowden. It’s never been clear to me that he remotely fits the libertarian profile that he has frequently been assigned. But more, Greenwald has always been a writer who has restricted his professional work to a small range of issues, involving foreign policy, surveillance, and civil liberties. On those topics, I substantially agree with him. If he turns around and writes against universal health care or union rights, I’ll register my disagreements with him, in print, as I do with any other issue or any other writer. I don’t see anything complicated about that.

Peter Frase wrote a brilliant piece on these issues at the socialist magazine Jacobin, where I have also been a contributor. As Frase writes, “there seems to be an instinct among some on the Left to suppose that defending the possibility of government requires rejecting any alliance with libertarians who might criticize particularly noxious aspects of the existing state. Or, to be a bit more subtle, that any critique that emphasizes government authoritarianism merely distracts us from the critique of private power.” Like Frase, I find that a reductive misunderstanding of the nature of the state and the purpose of socialist practice. But beyond the specific political questions involved, I become frustrated and impatient with this line of thinking because of what it implies about political behavior. To a degree, politics will always involve finding alliances and building coalitions. But those alliances are also necessarily conditional and limited. With all the endless contentious political issues people argue about, the odds of any two people agreeing on every issue are very slim. So we work together on what we can and we disagree on what we disagree about. I could never vote for Rand Paul, for any number of reasons. But when he writes an op/ed calling for the de-militarization of America’s police force, that’s useful and valuable, and I can say so without being a member of the Rand Paul fan club. The notion that we obligate ourselves to permanent alliances with everyone we find common cause with is a juvenile, destructive vision of politics—and one, incidentally, that makes meaningful change nearly impossible, in a country where the rich dominate politics on both sides of the aisle.

More, there’s the seemingly growing phenomenon of people involved in political arguments arguing about what one side or the other truly believes, rather than about what’s true, what’s moral, or what’s best. Every day, I read people insisting that they believe one thing while their interlocutors insist that they secretly believe something else. Someone misspeaks, or someone else misunderstands them, and suddenly the argument is over what that someone really thinks instead of the merits of the argument. Awhile back, I realized that I had come to hate my own political writing, simply from an aesthetic standpoint. I had grown to spend so much time defending myself about things I didn’t say and don’t believe that I had no time or energy to argue the things that I did say and do believe. So I’ve come to lard so much of my writing with statements about what I’m explicitly not saying that it’s a stylistic mess. I feel like I have no choice. But even so, I constantly get commenters and emailers saying “You believe X,” when I have directly and unambiguously said “I’m not arguing X.” It’s exhausting and pointless.

Trying to define what the other side thinks, or trying to read their minds to find the evil hiding within, is a road that has no ending. There is no way for anyone to prove what they really believe. And while we are busy trying to define our own beliefs, we are leaving the important work of politics undone. I know how to argue. I know how to press my case. I know how to advocate for what I believe in. I don’t know how to prove to someone that I’m not secretly harboring beliefs that I say I don’t have, and I have no patience for hunting secret libertarians. The issues that the Snowden affair has brought up concern the most basic questions of democratic society, of individual rights and collective responsibility. We have plenty to argue about already. So let’s just argue. It’s a lot less aggravating, and a lot more useful for all of us.

(Photo: Outside the Reichstag building in Berlin on May 8, 2014 a demonstrator holds a poster depicting fugitive US intelligence leaker Edward Snowden during a demonstration in favor of an appearance by Snowden as a witness in German NSA hearings. By Adam Berry/AFP/Getty Images)

This Snowden Profile Is Really About The NSA

by Dish Staff

James Bamford’s lengthy new profile of Edward Snowden, based on a series of in-person interviews in Moscow, purports to be a look at the leaker’s motivations but will more likely be remembered for its two new revelations about the NSA’s cyber-espionage activities. The first is that a cock-up at the NSA was responsible for the nationwide Internet outage Syria experienced in late 2012, not the Syrian government as everyone thought at the time:

One day an intelligence officer told him that TAO—a division of NSA hackers—had attempted in 2012 to remotely install an exploit in one of the core routers at a major Internet service provider in Syria, which was in the midst of a prolonged civil war. This would have given the NSA access to email and other Internet traffic from much of the country. But something went wrong, and the router was bricked instead—rendered totally inoperable. The failure of this router caused Syria to suddenly lose all connection to the Internet—although the public didn’t know that the US government was responsible.

The bigger scoop, however, is about a program codenamed MonsterMind, with which the NSA is trying to automate the process of detecting, defeating, and striking back against cyberattacks:

The program, disclosed here for the first time, would automate the process of hunting for the beginnings of a foreign cyberattack. Software would constantly be on the lookout for traffic patterns indicating known or suspected attacks. When it detected an attack, MonsterMind would automatically block it from entering the country—a “kill” in cyber terminology. Programs like this had existed for decades, but MonsterMind software would add a unique new capability:

Instead of simply detecting and killing the malware at the point of entry, MonsterMind would automatically fire back, with no human involvement. That’s a problem, Snowden says, because the initial attacks are often routed through computers in innocent third countries. “These attacks can be spoofed,” he says. “You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital. What happens next?”

Yishai Schwartz pans the profile, which he says “reads like a release from a Snowden PR press office”, and Bamford’s “bewildering reluctance to ask any challenging questions at all”:

Bamford never asks why Snowden acceptedand even pursueda series of high-level jobs in signals intelligence despite his misgivings. Bamford never pushes Snowden to face the moral complexity of his choices. And he never asks Snowden to explain whether it was responsible of him to release troves of information that not even he himself had seen. Most remarkably, Bamford seems unwilling to push Snowden on even his most outlandish claims, like Snowden’s insistence that he tried “to leave a trail of digital bread crumbs” so that his colleagues could determine what he had taken, prepare for future leaks, and mitigate damage. Alas, Snowden explains to a sympathetic Bamford, the NSA was simply too incompetent to decipher his clues. …

Now, national security isn’t quite Grimm’s Fairy Tales, nor is it a Dan Brown novel, so perhaps it might have made sense for Bamford to ask why Snowden chose this particular method for helping out his old colleagues at the NSA. And although Bamford is clearly enamored with Snowden’s brilliance (virtually the only family quotation about Snowden that Bamford thought worthy of inclusion was Snowden’s father’s proud mention of his son’s high IQ scores), it’s doubtful that Snowden’s attempts at helping were simply too clever for the combined powers of the American intelligence agencies. But again, Bamford doesn’t see fit to ask.

The piece reinforced Dreher’s sympathy for Snowden, though he acknowledges the moral dilemmas that Bamford largely elides:

If I had been in Snowden’s shoes, I might have done the same thing, out of fidelity to the moral law. As Augustine said, an immoral law is no law at all. At the same time, it is perfectly clear that a government riddled with even a thousand Snowdens, who believe they have the right to determine which of the government’s secrets to make public, could not function. Snowden may have had a clear moral mandate to become a whistleblower, but what about someone whose motives weren’t as pure as Snowden’s seem to have been? Where do you draw the line? In the case of the church, or Wall Street, I would cheer for any whistleblower who broke his (assumed) pledge of loyalty to expose grave injustice or serious wrongdoing. But national security is a more serious matter, and not one to be taken lightly. This is what troubles me about the Snowden case, even though my sympathies definitely lie with him.

Did Snowden Tip Off Al-Qaeda’s Cryptographers? Ctd

by Jonah Shepp

Not by a long shot, Glenn Greenwald and Andrew Fishman answer, hitting back forcefully at the report claiming that al-Qaeda overhauled its cryptography in response to the Snowden leaks. To begin with, they point out that Recorded Future, the intelligence firm that issued the report, has deep and longstanding financial ties to the US intelligence community and as such cannot be considered an independent referee. Furthermore, another Snowden document reveals that al-Qaeda already knew about Western intelligence agencies’ surveillance technologies and how to get around them, long before Snowden came into the picture:

The Recorded Future “report”—which was actually nothing more than a short blog post—is designed to bolster the year-long fear-mongering campaign of U.S. and British officials arguing that terrorists would realize the need to hide their communications and develop effective means of doing so by virtue of the Snowden reporting. … But actual terrorists—long before the Snowden reporting—have been fixated on developing encryption methods and other techniques to protect their communications from electronic surveillance. And they have succeeded in a quite sophisticated manner.

One document found in the GCHQ archive provided by Snowden is a 45-page, single-spaced manual that the British spy agency calls a “Jihadist Handbook.” Though undated, the content suggests it was originally written in 2002 or 2003: more than 10 years before the Snowden reporting began. It appears to have been last updated shortly after September 2003, and translated into English by GCHQ sometime in 2005 or 2006. … So sophisticated is the 10-year-old “Jihadist Manual” that, in many sections, it is virtually identical to the GCHQ’s own manual, developed years later (in 2010), for instructing its operatives how to keep their communications secure[.]

Greenwald and Fishman also stress that the report offers no evidence to support a causal link between the Snowden leaks and al-Qaeda’s recent crypto upgrades:

Critically, even if one wanted to accept Recorded Future’s timeline as true, there are all sorts of plausible reasons other than Snowden revelations why these groups would have been motivated to develop new encryption protections. One obvious impetus is the August 2013 government boasting to McClatchy (and The Daily Beast) that the State Department ordered the closing of 21 embassies because of what it learned from an intercepted “conference call” among Al Qaeda leaders

This speaks to an infraction we in the media are frequently guilty of: lending greater weight to new information when it feeds into a pre-existing narrative, regardless of whether that new information is credible on its own merits. Officials in the government and the intelligence community have spent the past year crying to the press that Snowden’s revelations have weakened America’s defenses against terrorism by revealing our tradecraft to our enemies. Spooks are not wont to provide proof for such claims, because the evidence always seems to be classified, but “if only we knew what they knew”, we’d see that they were right. And it requires no great leaps of logic to intuit that al-Qaeda and its allies, who clearly know a thing or two about the Internet, might have come across the Snowden leaks and used them to their advantage.

So that narrative, underpinned by intuition but not hard evidence, became conventional, at least on one side of the surveillance debate. There was a demand for proof of that received wisdom, and when something purporting to be that proof came to light, the product was delivered to the market with all due speed. And giving people tools to support the opinions they already hold, rather than distinguishing truth from propaganda, is the core business of much of today’s clickbaity media. That’s a serious problem.

On the other hand, the full impact of these leaks won’t be clear for some time, and the question of whether and to what extent they exposed us to new threats is not conclusively settled, so Snowden and Greenwald can’t claim vindication any more surely than their critics can call them traitors and terrorists. But the broader point, that Snowden shouldn’t be convicted of treason in the court of public opinion solely based on accusations and innuendo, stands strong. We’d do well to remember that the next time we come across “evidence” like this.

Did Snowden Tip Off Al-Qaeda’s Cryptographers?

The terrorist group and its allies appear to have changed their encryption systems in response to the Snowden leaks, according to a new report by the intelligence firm Recorded Future:

The report concludes that “it’s pretty clear” that there is an “increased pace of innovation in encryption technology by Al-Qaeda post Snowden.” The encryption, the report added, “is based on best practice, off the shelf, algorithms.” What’s more, the latest crypto tools follow other crypto programs terrorists have developed following the Snowden leaks. Recorded Future reported in May that three of the tools were created within five months of The Guardian first publishing the Snowden leaks in June 2013.

Though it’s not quite a “smoking gun”, Jazz Shaw urges anyone who thinks Snowden is an unmitigated hero to read the report:

None of this sounds terribly surprising and likely just serves as confirmation that the terrorists are keenly aware of international news headlines and respond to whatever information they can get accordingly. It’s also worth noting – as another analyst in the story mentions – that this isn’t absolute proof of a causal relationship between the two events. It’s possible that they just felt the software was long past due for an overhaul and would have done it anyway. But that’s relying awfully heavily on coincidence.

Of course, the real questions about the Snowden leaks go unanswered in this report. The fact that they upgraded their software is interesting, but what we still don’t know – and may never know, for obvious reasons – is how much other damage was done. How many agents had to be moved around or removed for protection? How many foreign informants supplying us with information were compromised, or simply disappeared? What opportunities were lost which our intelligence agencies clearly can’t talk about in public?

On the other hand, the jihadists’ new crypto might not make much difference:

Whatever the reason, [Bruce] Schneier says, al-Qaida’s new encryption program won’t necessarily keep communications secret, and the only way to ensure that nothing gets picked up is to not send anything electronically. Osama bin Laden understood that. That’s why he ended up resorting to couriers. Upgrading encryption software might mask communications for al-Qaida temporarily, but probably not for long, Schneier said.

“It is relatively easy to find vulnerabilities in software,” he added. “This is why cybercriminals do so well stealing our credit cards. And it is also going to be why intelligence agencies are going to be able to break whatever software these al-Qaida operatives are using.”