07.23.13
Posted in Culture of Lickspittle, Cyberterrorism at 3:48 pm by George Smith
Let’s repeat, again and again until it is crystal clear, Facebook is not your friend. The corporate American web is not your friend. Both practice malicious design in programming for the automation of grasping.
Today’s procedure:
Use Facebook Graph Search to unlike stuff you never should have ‘liked’ in the first place. Type “Photos [your name] likes.” Unlike the embarrassing stuff and pics on ‘friends’ pages who have always ignored you. Collegiality is mostly dead in cyberspace. Your likes of others, unless you actually have a chatting relationship with them, serve only to increase the perception of their popularity. It comes at your expense, too, because Facebook ranks material on this basis. So if you’ve ever wondered why nobody sees your stuff but you see all theirs, this is one contributing reason.
Type “Companies [your name] likes.” Untick most or all of them. Liking companies on Facebook will never do you any good. In fact, it’s bad. Facebook just uses it to insert things you don’t want to see into your “news feed” while it’s hiding your stuff from other people. You do know that, don’t you?
Now type “Movies [your name] likes.” Untick everything if you have more than a few but leave all the boring middle of the road crap that in no way describes you to marketers. Trust me. (There’s another way to go about this although it’s a little more work. Let’s call it signal jamming. You emit a signal for Facebook algorithms, one to be harvested for business. What if your signal makes no sense? Make a list of favorite movies choosing titles from, say, the Al Jolson catalog, or films of the vintage of “Gold Diggers of Broadway.”)
Tip 2: How to find proof Facebook hates you.
Look up at the ‘people you may know’ bar that Facebook uses to push potential ‘friends’ at you. Today or tomorrow you’ll see someone in there, or more than a few, who you either detest outright or who are laughably wrong. Go ahead, check their profiles. See? Facebook algorithms, those you get to “use,” are just to make you stupidly click shit that will never be of benefit.
In line with today’s Tech Tip, readers can tell from the next story that US military police and counter-terror units globally use Facebook’s Graph Search to spy on you, looking for keywords having to do with their units, bases, or other things. And they have no reading comprehension.
“As a joke, a German man recently invited some friends for a walk around a top secret NSA facility [on his Facebook page],” writes The Spiegel. An American military/counter-terror unit assigned to provide security for the NSA facility scans Facebook, netted the timeline post and sent the German federal police to the fellow’s door.
While he got a droll story out of it, if he’d been in the states they might have disappeared him for a bit until it was all sorted out.
The tale is here at The Spiegel.
Corporate American web design mainstreams malicious behavior.
One of the best examples are films, or overlays, which show between you and the sight soon after you browse to them. They serve no other purpose than to get in your face with demands for money, information or to deliver even more advertising on top of the revolving ad content the site already delivers.
A few years ago nuisance overlays were mostly the tool of web bottom-feeders. Now they are everywhere. They are on YouTube videos, forcing you to repeatedly dismiss them. They are dropped into news videos only minutes old. Want to see something about a local fire alert? First you’ll have to watch an advertisement for women’s shoes or a smartphone.
They come with the corporate American web business belief that the company has a right to demand something of you — money or attention to an advertiser, forcefully using what amounts to a denial-of-service attack (if one that can be dismissed, eventually), for the privilege of being there. These are the ethics of a sociopath. (And if you’re reading this and use them, you’re the enemy, too. Enough with the ‘buts’ and excuses. The moment of trust has passed.)
DailyKos, for example and despite the reality that some people of conscience work for it, nails you with an overlay dun passed off as a sincere blandishment every single time you access the page.
There is not much that can be done to eliminate them. You can abandon use of a site or refuse to ever buy something from it or contribute to it because of its use of overlays, making overlay films, on an individual level, counter-productive. You can also just take their stuff and not credit, which is a tactic I feel is justified by any type of push that is effectively denial-of-service or the phenomenon of the infinite download — another type of malicious web design in which a site never stops serving content and unresponsive scripting to the client.
The continuous use of such overlays to harass people constitutes systemic bad behavior rationalized by a corporate philosophy that holds Net users in contempt. When you see them it is a signal you are thought of as someone who ought to be bullied into parting with something, usually money, daily.
This should be enough to tell you that we’re well past the point that some future revision of the web will make the digital automation of mass grasping go away. Instead, it’s time for people to start thinking about ways in which they can show counter-hostility to such American business activity.
American business, from content generation to entertainment and corporate services, has destroyed most of the reality and philosophy of the open web. It should eventually find there is a cost attached to that level of greed, cynicism and bad faith.
Permalink
07.11.13
Posted in Culture of Lickspittle, Cyberterrorism, Shoeshine at 10:58 am by George Smith
NSA director, Mr. Keith Alexander, encouraging young hackers to save the US from economic crippling and mass loss of life in the immediate future at the 2012 DefCon meeting in Las Vegas.
From Reuters:
The annual Defcon hacking convention has asked the federal government to stay away this year for the first time in its 21-year history, saying Edward Snowden’s revelations have made some in the community uncomfortable about having feds there.
“It would be best for everyone involved if the feds call a ‘time-out’ and not attend Defcon this year,” Defcon founder Jeff Moss said in an announcement posted Wednesday night on the convention’s website …
Moss, who is an advisor on cyber security to the Department of Homeland Security, told Reuters that it was “a tough call,” but that he believed the Defcon community needs time to make sense of the recent revelations about U.S. surveillance programs.
They need time to make sense of the recent revelation about US surveillance programs. Adorable.
It’s all eyewash and balderdash, anyway.
The NSA and Keith Alexander, of course, will be there. Everyone will. And that’s because everyone knows guvmint security agencies have money, lots of money.
The real affair is the $2000/ticket Black Hat conference, on July 31, a two day affair just before DefCon. The latter, on August 2 is $180 to get in.
Jeff Moss, DefCon founder, maintaining good public relations.
Keith Alexander — from the archives.
Permalink
07.09.13
Posted in Culture of Lickspittle, Cyberterrorism at 12:39 pm by George Smith
Last week GlobalSecurity.Org was consulted by a reporter from the Associated Press on the Dark Seoul/Operation Troy report on recent cyberattacks in South Korea issued by McAfee. I looked it over and talked with her awhile over the subject.
Mostly, what I said — whether it ever gets published is immaterial at this point — was that it was a straightforward analysis on the use of malware to get into South Korean networks. The final component in it, code that “wiped” the master boot record seemed childish, something that was normal for virus-writers to put in their creations 20 years ago. (The AP piece that resulted is here. Martha Mendoza gave the McAfee report to GlobalSecurity and called me.)
In fact, naming conventions within the code — and the hacking group names cited in the McAfee report — were standard computer hacker and cyber-vandal stuff.
Typically, the news media has tried to make it into something a little more than what McAfee corporate was willing to put on paper in “Dissecting Operation Troy: Cyberespionage in South Korea.”
And this is easily illustrated by comparing excerpts from the McAfee report on Dark Seoul/Operation Troy with a sample story today, taken from the Washington Times.
The WaTimes:
Highly trained, well-funded and very persistent computer hackers have been seeking to steal secrets from U.S. and South Korean military networks for at least four years, according to new data released by security researchers.
The hackers have all the characteristics of state-sponsored cyberattackers, said Ryan Sherstobitoff of the computer security firm McAfee Inc.
“The people behind this are highly trained, well-funded and very persistent,??? Mr. Sherstobitoff said. “They’ve been targeting the networks for years.???
The hackers, who identified themselves as the “New Romantic Cyber Army,??? used crude attacks and aped the tactics and jargon of so-called “hacktivist??? groups, such as the anarchistic coalition Anonymous.
But behind the scenes, they were exploiting highly specialized and targeted cyberespionage tools to burrow into classified networks of the U.S. and South Korean military.
“The primary mission was to steal secret military data,??? Mr. Sherstobitoff said. “That’s been in the shadows until now.???
The Pentagon had no comment Monday.
The “very advanced, very sophisticated??? cybertools …
But what Ryan Sherstobitoff told the WaTimes isn’t what he and the two other McAfee employees whose names are on the report acturally write.
From its initial summary:
Our analysis of this attack—known first as Dark Seoul and now as Operation Troy—has revealed that in addition to the data losses of the MBR wiping, the incident was more than cybervandalism. An analysis of malware samples dating back to 2009 suggests the ongoing attacks on South Korean targets were actually the conclusion of a covert espionage campaign …
State sponsored or not, these attacks were crippling nonetheless. The overall tactics were not that sophisticated in comparison to what we have seen before. [Bold mine] The trend seems to be moving toward using the following techniques against targets:
• Stealing and holding data hostage and announcing the theft. Public news media have reported only that tens of thousands of computers had their MBRs wiped by the malware. But there is more to this story: The main group behind the attack claims that a vast amount of personal information has been stolen. This type of tactic is consistent with Anonymous operations and others that fall within the hacktivist category, in which they announce and leak portions of confidential information.
• Wiping the MBR to render systems unusable, creating an instant slowdown to operations within the target
An excerpt from the reports “Analysis” section:
What were the motives behind these attacks and why did the attackers chose certain targets? The attacks managed to create a significant disruption of ATM networks while denying access to funds. This wasn’t the first time that this type of attack—in which destructive malware wiped the systems belonging to a financial institution—has occurred in South Korea. In 2011 the same financial institution was hit with destructive malware that caused a denial of service.
The attackers left a calling card a day after the attacks in the form of a web pop-up message claiming that the NewRomanic Cyber Army Team was responsible and had leaked private information from several banks and media companies.
They also referenced destroying the data on a large number of machines (the MBR wiping) and left a message in the web pop-up identifying the group behind the attacks. The page title in Internet Explorer was “Hey, Everybody in Korea???????
The report goes on to explain the terminal part of the operation — by two groups which were probably the same (the second being named the Whois Hacking Crew) was preceded by a period of a couple of years in which south Korean networks had been penetrated by the same malware and related offshoots, the function of which was to scan hard disks for military subject files, zip them into an archive, and pipe them off to the intruders.
However, was this search a sophisticated one, as described by the media?
Not really, from the evidence in McAfee’s own report.
Here’s the germane material:
Drive scanning locates classified information on target systems and gives the attacker an overall idea of what these military networks have. The malware searches the root disk, counts the number of interesting files, and determines the level of that system’s importance to the attacker. The search criteria are primarily specific file extensions and keywords in document titles. The keywords are all military specific. Some refer to specific military units and programs that operate in South Korea.
[I’ve included a partial list of the search terms, which are elementary.
Really, anyone could come up with them and terms specific to South
Korea aren’t their in abundance, certainly nothing an outsider wouldn’t be expected to be aware of.
“Key Resolve drill,” for example, is just the name for a world publicized yearly joint exercise between the US and South Korea.]
Operation
Division
Corps
Brigade
Solidarity
Army
Navy
Battalion
Air force
U. S. Army
Joint Chiefs of Staff
Defense
Tactics
Password
North
Infantry
Key Resolve drill
Attack
Artillery
Engineer
One could conclude it would have been almost as specific to have just copied off the entire data volume of the disks.
The McAfee paper puts forward no proof the files grabbed using this search procedure were classified. Some may have been. Perhaps all were. Or maybe few or none. There is no way to make an estimate.
In the Associated Press’s piece on the matter, the McAfee researchers had this to say:
McAfee also said it listed only some of the keywords the malware searched for in its report. It said it withheld many other keywords that indicated the targeting of classified material, at the request of U.S. officials, due to the sensitivity of releasing specific names and programs.
“These included names of individuals, base locations, weapons systems and assets,” said Sherstobitoff.
Perhaps. Or maybe not.
US base locations, weapons systems, assets — even individuals (for example, commanders) are not secret in South Korea. Indeed, entire orders of battle and weapons systems are publicly available on the web. Rather notably, ahem, at GlobalSecurity.Org! For which I am a Senior Fellow! And which is a go to resource for thousands and thousands of American military men (civilian and enlisted) and those interested in global military affairs around the world!
Dear me, Ryan Sherstobitoff.
There is one matter worth noting, a critical difference between news reporting on Dark Seoul and the McAfee white paper on it.
The McAfee white paper, Shertobistoff et al, does not use the term “North Korea” even once.
More bluntly, McAfee corporate, being corporate, didn’t formally publish any explanation that “North Korea” was the responsible party.
It employs only the weasel-term, “state sponsored,” but did not — in print — even come down unequivocally on that.
In interviews, Sherstobitoff went well beyond what was actually published by McAfee, adding a variety of assertions and claims not put down on the digital paper.
Subsequently, every news piece came down with North Korea as the culprit.
“Was North Korea behind Operation Troy?” I was asked by the Associated Press.
I told the agency there was no way to tell from what what was in the report. Maybe, maybe not. Maybe a hacking gang. The wording included in the analysis, the destructive code “dropper” made it look childish and antique, like something virus writers did two decades back.
Whatever, I agreed with the assertion in the report that the tools and methods used, in the words of the McAfee authors, “were not that sophisticated in comparison to what we have seen before.”
From the Washington Times today:
Analysts say that the revelations about these attacks ought to prompt U.S. officials to reassess North Korea’s cybercapabilities.
Pyongyang’s hackers now must be rated “as good as Iran,??? said James A. Lewis, a cybersecurity scholar at the Washington-based Center for Strategic and International Studies.
“The Iranians moved up quickly,??? Mr. Lewis said, noting the recent spate of “denial of service??? attacks against U.S. banks laid at their door.
U.S. officials have said the greatest danger posed by cyberattacks is disruption of vital infrastructure, such as electric power transmission.
For the AP, Lewis was also quoted:
“I used to joke that it’s hard for the North Koreans to have a cyber army because they don’t have electricity, but it looks as if the regime has been investing heavily in this,” said Lewis.
If so, opinions would vary on whether this constitutes getting your money’s worth.
What actually happened during the North Korea imbroglio, though?
The Hermit Kingdom had a ritualized fit over the annual joint US/South Korean military exercise. It fueled it missiles, made silly videos, threatened that it would attack Guam, Hawaii or the west coast of America with a nuclear strike, shut down a joint business operation with South Korea and … and … and …
Nothing. The Hermit Kingdom’s ruler, the pudgy kid, had no cards to play.
But according to a news story, like many today, in the Washington Times, North Korea is punching above its weight (although never mentioned by McAfee) in cyberspace, as good as Iran.
Iran. Does it even matter?
Well, of course it matters to cybersecurity companies and the South Korean IT business workers who had to restore systems when master boot records were wiped, which would have taken time, but which was reversible.
The question unanswered is how critical was the loss of at least public (but not provably secret — although the latter is a very broad term — from) information, from Internet-connected military networks, but not classified networks, according to the South Korean military.
In summary, from the NewRomanic Cyber Army and keyword searches for “artillery,” “defense,” “secret” and “air force” to North Korea as a cyberpower, to “disruption of vital infrastructure, such as electric power transmission.”
In one thousand words or less. This is called putting your fingers on the scale.
Permalink
06.30.13
Posted in Culture of Lickspittle, Cyberterrorism at 10:28 am by George Smith
The world is not a bag of nails for which the US national security megaplex is the hammer.
It is difficult to know when, if ever, that reality will be perceived in this country where it counts enough to make a difference.
From Der Spiegel, by way of the Guardian:
The German publication Der Spiegel reported that it had seen documents and slides from the NSA whistleblower Edward Snowden indicating that US agencies bugged the offices of the EU in Washington and at the United Nations in New York. They are also accused of directing an operation from Nato headquarters in Brussels to infiltrate the telephone and email networks at the EU’s Justus Lipsius building in the Belgian capital, the venue for EU summits and home of the European council.
Without citing sources, the magazine reported that more than five years ago security officers at the EU had noticed several missed calls apparently targeting the remote maintenance system in the building that were traced to NSA offices within the Nato compound in Brussels.
The impact of the Der Spiegel allegations may be felt more keenly in Germany than in Brussels. The magazine said Germany was the foremost target for the US surveillance programmes, categorising Washington’s key European ally alongside China, Iraq or Saudi Arabia in the intensity of the electronic snooping.
The US cannot and will not now ever be able to live down its exhausting campaign to make everyone believe that we were being spied on and probed in cyberspace, unfairly, by others.
Keys: Edward Snowden.
Permalink
06.27.13
Posted in Culture of Lickspittle, Cyberterrorism at 9:12 pm by George Smith
Nothing good was every going to come from unleashing computer viruses on Iran. Now everything about the program appears to have blown up.
From the WaPo:
A retired four-star Marine Corps general who served as the nation’s second-ranking military officer is a target of a Justice Department investigation into a leak of information about a covert U.S.-Israeli cyberattack on Iran’s nuclear program, a senior Obama administration official said.
Retired Gen. James E. “Hoss??? Cartwright served as deputy chairman of the Joint Chiefs of Staff and was part of President Obama’s inner circle on a range of critical national security issues before he retired in 2011.
The administration official said that Cartwright is suspected of revealing information about a highly classified effort to use a computer virus later dubbed Stuxnet to sabotage equipment in Iranian nuclear enrichment plants.
Stuxnet was part of a broader cyber campaign called Olympic Games that was disclosed by the New York Times last year as one of the first major efforts by the United States to use computer code as a destructive weapon against a key adversary.
Cartwright, who helped launch that campaign under President Bush and pushed for its escalation under Obama, was recently informed that he was a “target??? of a wide-ranging Justice Department probe into the leak …
The campaign is believed to have destroyed as many as 1,000 of Iran’s 6,000 centrifuges at the time. But the virus also escaped those closed systems and was subsequently discovered on the Internet, raising concern about the potential that government-sponsored viruses could cause widespread and unintentional harm.
Stuxnet and Olympic Games unleashed a global state-sponsored race to develop malware. As part of secret war against Iran it also triggered retaliations against the US and other nations in the Middle East.
Permalink
06.24.13
Posted in Culture of Lickspittle, Cyberterrorism, Shoeshine at 12:27 pm by George Smith
I’d skipped this last week because it was a particularly exceptional example of pathetic American journalism, a feature at high button Vanity Fair, on the “terrifying” nature of cyberwar.
It was made for the print edition, so it was completed before the Edward Snowden affair blew the rubbish of it into the trash. It’s standard script-writing, take the pants-wetting stories from anonymous government security sources, embellish with purple prose, and let a couple hackers of either stock smarm or villainy be presented as potentially able to take down portions of the the US with just a few keystrokes because they are so smart.
The latter was old stew over a decade ago.
Anyway, some of the worst of it (no link, Vanity Fair being another website of the infinite download):
On the hidden battlefields of history’s first known cyber-war, the casualties are piling up. In the U.S., many banks have been hit, and the telecommunications industry seriously damaged, likely in retaliation for several major attacks on Iran.
(Did you notice the telecommunications industry was seriously damaged by Iran? Somehow Escape from WhiteManistan missed it.)
Even so, many current and former government officials took account of the brute force on display and shuddered to think what might have happened if the target had been different: the Port of Los Angeles, say, or the Social Security Administration, or O’Hare International Airport. Holy shit, one former national-security official recalls thinking—pick any network you want, and they could do this to it. Just wipe it clean.
(Yes, terrible. Iran could take down the US through cyberspace. Never mind restore from backup. Repeat terrifying script of puny country making entire US infrastructure collapse.)
Asymmetric warfare — unconventional, guerrilla-style attacks on more powerful adversaries, such as the U.S.— is a cornerstone of Iranian military doctrine.
Repeat script third time. Puny country, master of guerrilla cyber-warfare, threatens US infrastructure.
During the second week of September 2012, a new spate of cyber-attacks against American interests began. This time, the targets were on American soil: U.S. banks. A previously unknown group calling itself the Izz ad-Din al-Qassam Cyber Fighters and presenting itself as an organization of Sunni jihadists made an online posting written in broken English, referring to an anti-Islamic video on YouTube called “Innocence of Muslims??? that had sparked riots in the Muslim world the week before. The posting stated that “Muslims must do whatever is necessary to stop spreading this movie All the Muslim youths who are active in the Cyber world will attack to American and Zionist Web bases as much as needed such that they say that they are sorry about that insult.???
Next script: They attacked the financial system. Yes, nothing gets up the sympathy of the man in the street against the outside enemy by telling him someone attacked the websites of giant American banks.
To absorb the gargantuan volume of traffic coming their way, banks had to buy more bandwidth, which telecommunication companies had to create and provide. Telecoms have borne the brunt of these battles, just as the banks have, spending large sums to expand their networks, and to strengthen or replace hardware associated with their “scrubber??? services, which absorb DDoS traffic. Qassam’s first wave of attacks was so intense that it reportedly broke the scrubbers of one of this country’s largest and best-known telecom companies. In December, AT&T executive director of technology security Michael Singer reportedly stated that the attacks posed a growing threat to the telecommunications infrastructure …
Be afraid, very afraid. Because, like … the banks (!) and … AT&T!
A hacker in Iran who appeared to be the prime mover in this group goes by the name of Mormoroth. Some of the information concerning these attack tools was posted to his blog; the blog has since disappeared. His Facebook page includes pictures of himself and his hacker friends in swaggering poses reminiscent of Reservoir Dogs. Also on Facebook, his hacking group’s page bears the slogan “Security is like sex, once you’re penetrated, you’re fucked.???
Another hack, which occurred even as the bank attacks continued through the spring, delivered a still more dramatic financial threat, although its ultimate source was difficult to discern. On April 23, the Twitter account of the Associated Press sent this message: “Breaking: Two Explosions in the White House and Barack Obama Is Injured.??? Faced with this news, the Dow Jones Industrial Average dropped 150 points—the equivalent of $136 billion in value—within a matter of minutes. Upon learning that the information was false—and that the A.P.’s Twitter account had simply been hacked—the markets rebounded. A group calling itself the Syrian Electronic Army (S.E.A.) claimed credit for the disruption.
Enough, really enough. Perfect Culture of Lickspittle material.
Permalink
Posted in Culture of Lickspittle, Cyberterrorism at 2:39 pm by George Smith
This, in my mail, from Daniel Ellsberg on another petition making the rounds, an ACLU-sponsored plea to undo NSA spying:
There has not been in American history a more important leak than Edward Snowden’s release of NSA material …
The technical capabilities are in place. With the flip of the switch or another major attack, we may find ourselves in a dangerous situation in which average citizens, along with Congresspersons, journalists and their sources, even judges, are watched around the clock and are afraid to dissent. The core fixtures of our democracy—the right to protest, the right to live freely in the pursuit of life, liberty, and happiness without government intrusion—could be weakened beyond repair.
I remain afraid of this reality, but we cannot hesitate to address it. I believe we now have the information and inspiration we need to stand up before it’s too late to turn back …
I remain both pessimistic and skeptical. It’s already too late for many things.
Do Internet petitions work? Do you think the national security megaplex will be wilted by tens of thousands of people using their smartphones to digitally sign an on-line petition?
Go ahead, stab that app with your righteous digit of anger! Take that, nosy surveillance state!
Permalink
Posted in Culture of Lickspittle, Cyberterrorism at 12:13 pm by George Smith
Formally:
Did the NSA foil the Zazi peroxide bomb plot?
For those who can’t deal with my rock ‘n’ roll nickname (from ’85).
Permalink
06.18.13
Posted in Cyberterrorism, War On Terror at 3:29 pm by George Smith
THe NSA’s Keith Alexander has pointed to the case of Najibullah Zazi, a foiled improvised bomber (peroxide explosives, specifically) who was seized by the FBI in 2009, as evidence its PRISM surveillance program is critical for the safety of Americans. In the case, Zazi quickly reached a plea agreement with the government and was assumed to be cooperating with authorities. Many details in the plot against the NYC subway remain cloudy.
Nevertheless, it was big news at the time. Peroxide bombs were supposedly easy to make, great anxiety over them arising from failed shoe bomber Richard Reid and the infamous “liquid bombs” plot that got so many carry-on containers banned from flying in 2006.
The idea from the latter was that it was easy to mix a bomb in an airplane toilet.
The Guardian investigated the case and came more strongly down on the side of an assertion that the clue that led to Zazi had been found in a British counter-terror operation called Pathway.
Writes the Guardian:
In the case of Zazi, an Afghan American who planned to attack the New York subway, the breakthrough appears to have come from Operation Pathway, a British investigation into a suspected terrorism cell in the north-west of England in 2009. That investigation discovered that one of the members of the cell had been in contact with an al-Qaida associate in Pakistan via the email address sana_pakhtana@yahoo.com.
British newspaper reports at the time of Zazi’s arrest said that UK intelligence passed on the email address to the US. The same email address … was cited in Zazi’s 2011 trial as a crucial piece of evidence. Zazi, the court heard, wrote to sana_pakhtana@yahoo.com asking in coded language for the precise quantities to use to make up a bomb.
Eric Jurgenson, an FBI agent involved in investigating Zazi once the link to the Pakistani email address was made, told the court: “My office was in receipt – I was notified, I should say. My office was in receipt of several email messages, email communications. Those email communications, several of them resolved to an individual living in Colorado.”
Zazi, living in Aurora with his father, made attempts to purchase an inordinate amount of hydrogen peroxide at beauty parlor supply stores in a plan to concentrate the oxidizer, a necessary step in making a peroxide bomb. Later he holed up at a hotel in Aurora where he attempted to concentrate the material by heating on a stove. An FBI detention memorandum from 2009, here, traces his actions — he was under surveillance — and delivers an analysis of their meaning.
It mentions Zazi was observed and his communications with a confidant monitored by the FBI, exchanges in which he continued to ask for better instructions on making peroxide bombs. None of the notes indicate he was successful. Indeed, he may not have solved the problem of making bombs when he set out for New York City. There he had intended to visit a swimming pool supply store to buy hydrocloric acid, another ingredient used to catalyze the production of the final explosive peroxide-derived compound.
Zazi was subsequently arrested.
Another complaint, this against an FBI informant who was charged with making false statements in a terror investigation, shows that Border Patrol and Customs had been aware of Najibullah Zazi when he traveled to Pakistan, ostensibly for terrorism training in August of 2008, returning to NYC in January of 2009.
The complaint against Ahmad Afzali, lodged at Cryptome, is here. In it Najibullah Zazi is represented as “Individual A.”
Taken together, most of this points to the old-fashioned assembly of clues, along with a bit of good fortune, in the tip-off to the Zazi plot. There’s no conclusive indication that NSA findings were the Holy Grail on the case.
Coincidentally, old DD blog wrote a great deal about Zazi’s apprehension because of the hysterical statements that tended to accompany the discovery of peroxide bomb plots. In the US, there have been none successful during the war on terror.
From September 2009:
Yesterday, DD commented that whenever would-be peroxide bombing terrorists are in the news, web hits go up. Way up. (This because of an old post that attracted people doing Google search on peroxide bombs entitled, Peroxide Bombs — Easy to Make.)
Everyone (well not everyone …) is looking for ‘how to make a peroxide bomb. Naturally, after reading about it in the news.
However, in retrospect, DD blog had an unusual spike of searches on how to make peroxide bombs from at least mid-August until yesterday. Some of it was attributed to continued news coverage and fallout from the Airplane Liquid Bomber Plot convictions in early September.
So I decided to drill down a bit and Colorado jumped out and bit me. DD blog almost never has any readers from Colorado. California, New York, northern Virginia, Texas, Pennsylvania and the UK are where most of the regulars phone in from.
Using screen snaps of Google Analytics returns, unusual search results line up from Aurora. Why is Aurora interesting?
Because, according to the US government — Najibullah Zazi and the Beauty Parlor Supply Store Bomb Gang were there shopping around for ingredients.
For example, from today’s Los Angeles Times:
“During July and August 2009 Zazi and others … purchased unusually large quantities of hydrogen peroxide from beauty supply stores in the Denver area … Zazi [made purchases] from a supply store in Aurora … In July, August and September 2009 [individuals associated with Zazi made purchases] from three different beauty supply stores around Aurora.”
Colorado logons for peroxide bombs, many in the last few days. (September/Fall 2009) Big circle is Denver. Aurora sticks out on drill down.
The significant number of logons for information on peroxide bombs occurs prior to the permanent detention of Zazi.
Zazi and unknown collaborators were in Aurora from September 6 – 10, at which point he flew to Queens on the 10th, and was back in Denver by the 12th. Are one, two or three hits here from Zazi and/or accomplices surveying the net? Maybe, maybe not. The information does not resolve it.
Continued from the old DD blog post:
At SITREP yesterday, I commented that the government’s indictment of Zazi showed the frequently seen al Qaeda poor man’s approach — to ineptly surf the Internet for bomb-making recipes, hoping something will fall into one’s lap that makes it as easy as baking a cake.
Despite a lot of media coverage on peroxide bombing being easy in 2006, this is not really the case. If it was, peroxide bombs would have been exploding quite frequently over the past few years.
Nevertheless, it led to a survey using Google Analytics and data-mining on DD blog statistics for search on peroxide bomb instructions, linked to times and countries of origin.
That piece, entitled Trends in Terror Prep Net Surfing from 2009, at GlobalSecurity.Org is here.
The original coverage of Najibullah Zazi was overwhelmingly focused on the peroxide bomb angle. This was because peroxide bomb-making, despite its total lack of success in the US, had become one of the hobby horses of US counter-terrorism and the media, starting in 2006. The script was that peroxide bombs were simple and could be brewed up on the spot.
History has shown this to be untrue, certainly in this country. Peroxide bombs can be made but they’re no easier to make than any other kind of improvised explosive. Instructions can be printed on the net, or in an issue of al Qaeda’s Inspire magazine, and still they do not spring up like daisies.
It requires an experienced bomb-maker, someone who knows the art and has done it many times, to make peroxide bomb-making, or any other kind of bomb-making, successful.
Zazi traveled to Pakistan for training, of some type, it is assumed. Was the training effective? Evidence in the FBI complaints against him does not paint the picture of an accomplished bomb-maker but rather someone who, up to the last minute, was still seeking advice on it.
Zazi was one of the clear first examples of a growing problem in al Qaeda — its inability, under US attack, to put dangerous and extremely competent agents into the field. As the war on terror continued it became more obvious. Quality of the personnel means a lot and al Qaeda men, increasingly, did not have it.
The American public has a short attention span. When Keith Alexander went before Congress and mentioned the Zazi bomb plot against the NYC subway hardly anyone would have been expected to remember the details.
On the other hand, it also hurt his testimony. Alexander is not a generalist expert on the war on terror. Up until last week he was a specialist who runs cyberwar and cyber-spying operations at the NSA for the Obama administration. He has been most famously in the press for saying Chinese cyber-espionage is causing “the greatest transfer of wealth in history,” congressional testimony on expanding American cyberwar operations and being the first NSA director to go to the DefCon hacker convention to hobnob and pat young people on the back.
So any testimony about the NSA’s alleged contribution to uncovering the Zazi plot, back in 2008-2009, was never going to be compelling or persuasive.
It is just an argument from authority. And do you believe such an argument? The Edward Snowden affair is all about not believing arguments from authority.
Najibullah Zazi — from the archives.
Permalink
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »
