US official: Al-Qaida plot leak has undermined intelligence

Eric SchmittThe New York Times,Michael S. Schmidt

WASHINGTON -- As the nation's spy agencies assess the fallout from disclosures about their surveillance programs, some government analysts and senior officials have made a startling finding: The impact of a leaked terrorist plot by al-Qaida in August has caused more immediate damage to U.S. counterterrorism efforts than the thousands of classified documents disclosed by Edward J. Snowden, the former National Security Agency contractor.

Since news reports in early August revealed that the United States intercepted messages between Ayman al-Zawahri, who succeeded Osama bin Laden as the head of al-Qaida, and Nasser al-Wuhayshi, the head of the Yemen-based al-Qaida in the Arabian Peninsula, discussing an imminent terrorist attack, analysts have detected a sharp drop in the terrorists' use of a major communications channel that authorities were monitoring. Since August, senior U.S. officials have been scrambling to find new ways to tap into the electronic messages and conversations of al-Qaida's leaders and operatives.

"The switches weren't turned off but there has been a real decrease in quality" of communications, said one U.S. official, who like others quoted spoke on the condition of anonymity to discuss intelligence programs.

The drop in message traffic after the communication intercepts contrasts with what analysts describe as a far more muted impact on counterterrorism efforts from the disclosures by Snowden of the broad capabilities of NSA surveillance programs. Instead of terrorists moving away from electronic communications after those disclosures, analysts have detected terrorists mainly talking about the information that Snowden has disclosed.

Senior U.S. officials say that Snowden's disclosures have had a broader impact on national security in general, including counterterrorism efforts. This includes fears that Russia and China now have more technical details about the NSA surveillance programs. Diplomatic ties have also been damaged, and among the results was the decision by Brazil's president, Dilma Rousseff, to postpone a state visit to the United States in protest over revelations that the agency spied on her, her top aides and Brazil's largest company, the oil giant Petrobras.

The communication intercepts between al-Zawahri and Wuhayshi revealed what U.S. intelligence officials and lawmakers have described as one of the most serious plots against American and other Western interests since the attacks on Sept. 11, 2001. It prompted the closure of 19 U.S. Embassies and consulates for a week, when the authorities ultimately concluded that the plot focused on the embassy in Yemen.

McClatchy Newspapers first reported on the conversations between al-Zawahri and Wuhayshi on Aug. 4. Two days before that, The New York Times agreed to withhold the identities of the al-Qaida leaders after senior U.S. intelligence officials said the information could jeopardize their operations. After the government became aware of the McClatchy article, it dropped its objections to The Times' publishing the same information, and the newspaper did so on Aug. 5.

In recent months, senior administration officials - including the director of national intelligence, James Clapper Jr. - have drawn attention to the damage that Snowden's revelations have done, though most have been addressing the impact on national security more broadly, not just the effect on counterterrorism.

"We have seen, in response to the Snowden leaks, al-Qaida and affiliated groups seeking to change their tactics, looking to see what they can learn from what is in the press and seek to change how they communicate to avoid detection," Matthew Olsen, the director of the National Counterterrorism Center, told a security conference in Aspen, Colo., in July.

U.S. counterterrorism officials say they believe the disclosure about the al-Qaida plot has had a significant impact because it was a specific event that signaled to terrorists that a main communication network that the group's leaders were using was being monitored. The sharpest decline in messaging has been among the al-Qaida operatives in Yemen, officials said. The disclosures from Snowden have not had such specificity about terrorist communications networks that the government is monitoring, they said.

"It was something that was immediate, direct and involved specific people on specific communications about specific events," one senior U.S. official said of the exchange between the al-Qaida leaders. "The Snowden stuff is layered and layered, and it will take a lot of time to understand it. There wasn't a sudden drop-off from it. A lot of these guys think that they are not impacted by it, and it is difficult stuff for them to understand."

Other senior intelligence and counterterrorism officials offer a dissenting view, saying it is difficult, if not impossible, to separate the impact of the messages between the al-Qaida leaders from Snowden's overall disclosures, and that the decline is more likely a combination of the two.

"The bad guys are just not going to talk operational planning electronically," said one senior counterterrorism official.

Moreover, that official and others say, it could take months or years to fully assess the impact of Snowden's disclosures on counterterrorism efforts.

Over the past decade, the NSA has invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the emails, Web searches, Internet chats and phone calls of Americans and others around the world, according to documents provided by Snowden.

The government's greatest fear concerning its counterterrorism operations is that over the next several months, the level of intercepted communications will continue to fall as terrorists most likely find new ways to communicate with one another, one senior U.S. official said. It will likely take the government some time to break into that method and monitor communications.

One way the terrorists may try to communicate, the official said, is strictly through couriers, who would carry paper notes or computer flash drives. If that happens, the official said, terrorists will find it very difficult to communicate as couriers take significant time to move messages.

"The problem for al-Qaida is they cannot function without cellphones," said one former senior administration official. "They know we listen to them but they use them anyhow. You can't run a sophisticated organization without communications in this world. They know all this, but to operate they have to go on."

A senior intelligence official put it this way: "They are agile, we are agile. When we see a change in behavior, our guys are changing right along with it, or we're already seeing it and adapting to it. Our capabilities are changing in hours and days, versus weeks and months like we used to."

To be sure, al-Qaida leaders and their top lieutenants use other secure electronic communications as well as old-fashioned means - like couriers, as bin Laden did - that pose major challenges to American intelligence services.

In the past few months, the Global Islamic Media Front, the propaganda arm of al-Qaida and other Islamic terrorist groups, has released new software that allows users to encrypt communications for instant-messaging and cellphones. Officials say these new programs may pose fresh challenges for NSA code breakers.

Jihadists have been working on camouflaging their communications through encryption software for years.

Al-Qaida's use of advanced encryption technology dates to 2007, when the Global Islamic Media Front released the Asrar al-Mujahedeen, or so-called "Mujahedeen Secrets" software. An updated version, Mujahedeen Secrets 2, was released in January 2008, and has been revised at least twice, most recently in May 2012, analysts said.

The program was popularized in the first issue of Inspire, al-Qaida in the Arabian Peninsula's quarterly online magazine, in a July 2010 post titled "How to Use Asrar al-Mujahedeen: Sending and Receiving Encrypted Messages."

Since then, each issue of Inspire has offered a how-to section on encrypting communications, recommending MS2 as the main encryption tool.

Shortly after Snowden leaked documents about the secret NSA surveillance programs, chat rooms and websites used by jihadis and prospective recruits advised users how to avoid NSA detection, from telling them to avoid using Skype to recommending specific online software programs like MS2 to keep spies from tracking their computers' physical locations.

A few months ago, Global Islamic Media Front issued new software that relies on the MS2's "Asrar al-Dardashah, or "Secrets of Chatting," which allows users to encrypt conversations over instant-messaging software like Paltalk, Google Chat, Yahoo and MSN, according to Laith Alkhouri, a senior analyst at Flashpoint Global Partners, a New York security consulting firm that tracks militant Web sites.

In early September, the Global Islamic Media Front said it had released an encryption program for messages and files on mobile phones running the Android and Symbian operating systems.

According to the group, the software can encrypt text messages and files and send them by email or between cellphones with different operating systems. The software also lets users securely check email and prevents users from receiving nonencrypted messages, the group claimed.


The New York Times