CAUI: Dismantling of Saudi-CIA Web site illustrates need for clearer cyberwar policies

with one comment

By Ellen Nakashima
Washington Post Staff Writer
Friday, March 19, 2010; A01

By early 2008, top U.S. military officials had become convinced that extremists planning attacks on American forces in Iraq were making use of a Web site set up by the Saudi government and the CIA to uncover terrorist plots in the kingdom.

“We knew we were going to be forced to shut this thing down,” recalled one former civilian official, describing tense internal discussions in which military commanders argued that the site was putting Americans at risk. “CIA resented that,” the former official said.

Elite U.S. military computer specialists, over the objections of the CIA, mounted a cyberattack that dismantled the online forum. Although some Saudi officials had been informed in advance about the Pentagon’s plan, several key princes were “absolutely furious” at the loss of an intelligence-gathering tool, according to another former U.S. official.

Four former senior U.S. officials, speaking on the condition of anonymity to discuss classified operations, said the creation and shutting down of the site illustrate the need for clearer policies governing cyberwar. The use of computers to gather intelligence or to disrupt the enemy presents complex questions: When is a cyberattack outside the theater of war allowed? Is taking out an extremist Web site a covert operation or a traditional military activity? Should Congress be informed?

“The point of the story is it hasn’t been sorted out yet in a way that all the persons involved in cyber-operations have a clear understanding of doctrine, legal authorities and policy, and a clear understanding of the distinction between what is considered intelligence activity and wartime [Defense Department] authority,” said one former senior national security official.

The rest HERE:

I had been seeing traffic on the Muj sites that was claiming there were sites that had been set up by the CIA. It seems now that the rumours were true. Of course it was only natural that such a gambit be used to gather intelligence on the jihadists, but to unceremoniously tear down the sites is rather foolish in my mind.

By taking these sites down they have broken the chain in intelligence gathering from many perspectives. Sure, they may have stopped some planning or finishing touches on a certain attack, but, they have managed to make all of the users not only potentially move on to another site, but to change their modus operandi altogether.

Now the jihadi’s are likely to either start dark net sites, or use more traditional means of communication that would be on par with intelligence tradecraft. Means such as dead drops and encoded messages that are transmitted to one another via personal contact. Much as just after OBL learned that his SAT Phone was being listened to, he then began to talk directly to his people or send “runners” with messages ala Roman general methods.

Post this incident there has been a lot of talk about how this will create fallout for the intelligence gathering types. The CIA was opposed to this site’s being taken down but the NSA and the military won out much like they did during the run up to the now infamous UN session where Colin Powel presented the CBRN data on Iraq. I guess that the CIA is still in the dog house post Tenet’s “slam dunk”…

All of this brings up some good points though on how to handle the “Cyber Insurgency” that has been building over the years. Just what do you do about cyber jihad? What are the ground rules on a move like the one carried out by the NSA? I can bet there were more clients other than the CIA and  Re’asat Al Istikhbarat Al A’amah that are pissed about this intelligence gathering tool’s loss.

I foresee much more talking having to be done in the near future to hammer out the details of such things. For now though, expect the insurgents to re-group and come up with new ways to communicate.

CoB

Written by Krypt3ia

2010/03/23 at 18:28

Posted in .gov, .mil, Advanced Persistent Threat, APT, CAUI, Covert Ops, CyberWar, DD0S, FIRE SALE!, Geopolitics, GWOT, HUMINT, Infosec, Infowar, INTEL, Internet Jihad, jihad, Jihad Recruitment, Jokey, OPSEC, OSINT, PsyOPS, Qaeda, Shahid, SIGINT, Terrorism