Friday, November 13, 2015

The Breakout

ISIS has long vowed to expand its operations beyond Iraq and the Levant, and they are well on their way to accomplishing that goal, with horrific results.

As we write this, Paris is reeling from a string of deadly terrorist attacks at the city's main soccer stadium, a concert hall and a sidewalk cafe.  Sky News reports at 120 people were killed, mainly at the music venue.  So far, ISIS has not officially claimed responsibility, but one of the surviving terrorists told French police that he was recruited for the operation by the terror group.

The carnage in France comes on the heels of this week's attacks in Beirut and the recent downing of a Russian jetliner over the Sinai Peninsula.  ISIS is suspected in both attacks, which underscore the group's growing capabilities outside its original operating areas.

At first, there was a certain tendency among so-called "experts" to downplay the significance of the earlier strikes.  The Russian flight originated from Sharm el Sheik, the Egyptian resort on the Red Sea where security had been questioned before the Metrojet A320 went down, killing all 224 passengers and crew on board.   That was followed by the bombings in Beirut, which some suggested were a renewal of the long-standing conflict between the Sunni terrorists of ISIS and Shia of Hezbollah, and a sign that ISIS is under "pressure" from its simultaneous conflicts with Iran, Russian, the U.S. and its western partners and Hezbollah.

Such claims seem laughable in light of tonight's terrorist rampage in France.  The attack was complex, well-planned and expertly coordinated--a blended strike similar to the one that occurred in Mumbai, India in 2008.  More than 160 people died in that attack; the death toll in Paris may likely be higher.  Carrying out that type of assault required at least two dozen operatives, along with a large support network of safe houses, logisticians, drivers, financiers and others.

Apparently, there were no advance indications that an attack was imminent.  As one analyst bitterly noted, "they read Snowden," underscoring how terrorists learned about NSA surveillance techniques from his massive disclosure of sensitive intelligence.  The signals intelligence branch of the DGSE uses similar measures, so the counter-measures applied to NSA can be used against a variety of western SIGINT organizations.

In the hours following the Paris attacks, there was predictable chatter among terrorists and their sympathizers.  One message, quoted by Fox News, left little doubt as to ISIS's ultimate goal.  "American blood is the sweetest," one terrorist tweeted, "and we will taste it soon."  There was also a reference to terrorists in cars, an obvious reference to VBIED attacks.

While security was reportedly increased in New York City and Washington, D.C., Americans officials said late Friday night there was "no known threat" to the CONUS at this time.  A few hours earlier, President Obama told ABC News that ISIS had been "contained."

Meanwhile, the FBI says more than 1,000 ISIS-related investigations are underway in the U.S.  In the coming days, expect to see the usual, strange dichotomy that often occurs at times like these.  Officially, we will be told that "everything is being done" to deter a possible attack, while privately, other sources will warn that the nation remains highly vulnerable, with genuine fears that ISIS teams are in place and will strike very, very soon.

In this environment, that latter scenario is probably closer to the truth.  We are two weeks from Black Friday, and the start of the Christmas shopping season.  Attacks during the holiday period, when stores, airports and other public places are jammed, has always represented a nightmare scenario for federal, state and local law enforcement.

This may well be the year the nightmare comes true.  Far from being "contained," ISIS has staged a spectacular "breakout," and the threat (in all likelihood) is already here.


During Saturday night's Democratic candidate presidential debate, Hillary Clinton said she supports plans to bring up to 65,000 Syrian refugees to the U.S., despite the fact that the FBI (and other law enforcement agencies) have warned there is no way to properly vet those individuals. 
Tellingly, Mrs. Clinton made the remarks after French authorities announced that two of the terrorists involved in Friday's attacks entered Europe through the recent waves of migrants that have made their way from the Middle East.  She also refused to say the U.S. is at war with radical Islam.  Go figure.



The Savage Possum said...

Not hard to stage a well planned operation where there's no chance of resistance from the target to gunk up the works. They learned that from Charlie Hebdo where if the sheeple hadn't been so busy filming with their phones and thrown a few rocks or bricks (heaven forbid they have guns), the endding might have been different.

Paul G. said...

Obama's quote is specifically about ISIL not gaining additional ground in Iraq & Syria not a broad statement about the complete containment about ISIL. Copied directly from Breitbart: “I don’t think they’re gaining strength,” Obama responded. “What is true is that from the start, our goal has been first to contain and we have contained them. They have not gained ground in Iraq, and in Syria they’ll come in, they’ll leave, but you don’t see this systemic march by ISIL across the terrain.”

Rob said...

Instead of "they read Snowden", you could also say "they read Tom Clancy or Daniel Shiva". I haven't seen anything in Snowden's stuff that you couldn't logically deduce from reading public-sourced materials. The whole business about encryption is mostly misdirection, IMHO. Any cipher can be broken, but codes, not so much (you have to know the difference between a cipher and a code to play this game). A code can be something as simple as "the eagle has landed" meaning "attack at dawn". Ciphers are much more convenient, but codes, if used properly, can be unbreakable.

Does anyone really think that Ahmed is calling or texting Mohammed and saying, "we will attack the infidels at Charlie Hebdo headquarters at noon, bring your AK-47 and extra ammunition"? It seems to me that operational planning very likely takes place in private conversation, with a few code phrases or actions set up for mid-course corrections later on (abort, fall back to plan B, Thursday is the day of the attack, etc). When Mohammed wears his blue ball cap to the mosque to let his teammates know that "the attack is tomorrow", no amount of signals intelligence is going to help thwart the plot.

Surely we have to give these guys credit for being as smart as the average thriller writer, right?

Nancy Reyes said...

President Obama is so unworried that he arrived in Manila this morning. We have known "sleeper cells" and terrorists could get not just Obama but a lot of other VIP's.

The city has blocked off a lot of roads and has a no fly zone over the area, but locals are taking it in stride: mainly complaining of the traffic jams and blocked roads. Hashtag #Carmageddon.

the usual idiots are demonstrating, but the numbers are in the hundreds. It's not big for grass roots groups I guess since our help hasn't taken the day off to join in the protest.

Unknown said...

It isn't so much the "golden nugget" that SIGINT detects (though it happens on occasion). It's patterns of communication that can help analysts connect the dots and map networks. Snowden gave additional insights into surveillance patterns and capabilities that helped the terrorists avoid detection. From what we've been told, there wasn't the faintest hint of an attack before it unfolded; nothing in cell phone traffic, nothing on-line. Either we missed important clues, terrorist encryption is beyond anything we can quickly crack, or they went to school on Snowden and have enhanced their understanding of how we operate--and how to avoid detection.

Rob said...

Nate Hale,

As you said above, there is a great deal to be learned from "patterns of communication", the "metadata" of who called who from where and at what time of day. I would argue that there is more to glean from this than from the actual content of the calls or texts, because the calls and texts probably don't contain any overt information at all. You don't need to crack encryption to track this.

If it were me (and I'm purely a layman, but with a bit of experience in software and encryption) I would be using encrypted messages inserted steganographicly into images in the comments sections of widely read websites, or perhaps coded (not encrypted) messages in the comments themselves. Then, the only pattern would be that all of the suspects happened to visit the same popular website visited by thousands of other people.

We (the US) had a lot of success rolling up networks of drug dealers and Afghani warlords through signals intelligence. Those days are over, however, if the targets of our investigations are just reading the newspaper. They've known for years that cellphone conversations, texts and emails are not secure. As I mentioned before, Tom Clancy was using these facts as plot points all the way back in the 1990s.

Wait until ISIS starts putting artificial intelligence to work, that will be a crazy day.