TRIAL AND TERROR The U.S. government has prosecuted 796 people for terrorism since the 9/11 attacks. Most of them never even got close to committing an act of violence.

The U.S. government segregates terrorism cases into two categories — domestic and international. This database contains cases classified as international terrorism, though many of the people charged never left the United States or communicated with anyone outside the country.

Since the 9/11 attacks, most of the 796 terrorism defendants prosecuted by the U.S. Department of Justice have been charged with material support for terrorism, criminal conspiracy, immigration violations, or making false statements — vague, nonviolent offenses that give prosecutors wide latitude for scoring quick convictions or plea bargains. 523 defendants have pleaded guilty to charges, while the courts found 175 guilty at trial. Just 2 have been acquitted and 3 have seen their charges dropped or dismissed, giving the Justice Department a near-perfect record of conviction in terrorism cases.

Today, 345 people charged with terrorism-related offenses are in custody in the United States, including 58 defendants who are awaiting trial and remain innocent until proven guilty.

Very few terrorism defendants had the means or opportunity to commit an act of violence. The majority had no direct connection to terrorist organizations. Many were caught up in FBI stings, in which an informant or undercover agent posed as a member of a terrorist organization. The U.S. government nevertheless defines such cases as international terrorism.

415 terrorism defendants have been released from custody, often with no provision for supervision or ongoing surveillance, suggesting that the government does not regard them as imminent threats to the homeland.

A large proportion of the defendants who did have direct connections to terrorist groups were recruited as informants or cooperating witnesses and served little or no time in prison. At present, there have been 32 such cooperators. By contrast, many of the 296 defendants caught up in FBI stings have received decades in prison because they had no information or testimony to trade. They simply didn’t know any terrorists.

DATA LAST UPDATED ON APRIL 20, 2017
Find this story at 20 April 2017

Copyright The Intercept

THE RELEASED More Than 400 People Convicted of Terrorism in the U.S. Have Been Released Since 9/11

Trial and TerrorTrial and Terror
Part 1
The U.S. government has prosecuted almost 800 people for terrorism since the 9/11 attacks. Most of them never committed an act of violence.

OVER THE LAST 15 years, the U.S. government has quietly released more than 400 people convicted on international terrorism-related charges, according to a data analysis of federal terrorism prosecutions by The Intercept. Some were deported to other countries following their prison terms, but a large number of convicted terrorists are living in the United States. They could be your neighbors.

The release of people convicted on terrorism-related charges with little if any monitoring by law enforcement might suggest U.S. government officials believe they can be fully rehabilitated following minor prison terms. A more likely explanation is that many of these so-called terrorists weren’t particularly dangerous in the first place.

Among them is one of the Herald Square bombers, who plotted to attack the New York subway in 2004. Shahawar Matin Siraj and James Elshafay, egged on by informant Osama Eldawoody, conspired to plant bombs at the Herald Square station. They drew rough plans on napkins, surveilled the station, and discussed how they might acquire explosives. It was all talk. The two alleged bombers took different paths after their arrests. Siraj fought the charges and went to trial, where he was convicted and sentenced to 30 years in prison. He won’t be released until 2030. Elshafay pleaded guilty and received a comparably modest sentence of five years in prison and three years of supervised release. He’s been a free man since January 28, 2009.

Or consider the case of Wassim I. Mazloum, who was part of an alleged terror cell in Toledo, Ohio, with Mohammad Zaki Amawi and Marwan Othman El-Hindi. The group’s leader was Darren Griffin, a former U.S. Army Special Forces member who became an informant for the Drug Enforcement Administration and FBI following a drug arrest. As part of a sting, Griffin trained the three men to use firearms, watched jihadi videos online with them, and conspired with Amawi in a half-baked plot to smuggle laptops from Jordan to Iraq. Mazloum, who was convicted at trial for his role, was released in April 2014.

Others convicted on terrorism-related charges were more blustery than dangerous. Two of the men who operated the website RevolutionMuslim.com — Jesse Curtis Morton and Joseph Cohen — were released. Morton and Cohen (who went by Younus Abdullah Muhammad and Yousef Mohamid Al-Khattab, respectively) were converts to Islam and encouraged violence against various people, including Jewish-American community leaders and the creators of “South Park.” Cohen was released in August 2016. Morton became an FBI informant and was released in February 2015. He was a fellow at George Washington University’s Program on Extremism, which described him as a “reformed” extremist, until December 2016, when local police in Virginia arrested him for bringing crack cocaine to meet a prostitute. Because the drug and prostitution arrest violated his parole terms, Morton went back to prison — but he’s scheduled to be released again on April 23.

Some of the more than 400 people convicted on terrorism-related charges and freed since 9/11 appear from government evidence to have been involved in genuine plots or to have been connected to dangerous actors. For example, Hassan Abu-Jihaad was a Navy signalman who was convicted at trial of providing material support to Al Qaeda by disclosing the location of the USS Benfold in an online forum. Using coded language, he also provided an FBI informant with information about the movements of U.S. Navy ships. He was released in January 2016.

Still others are quietly reintegrating into society through halfway houses, or “residential re-entry management centers,” in the language of the U.S. Bureau of Prisons. Jamie Paulin-Ramirez, for instance, was once in the national spotlight as the co-conspirator of Colleen LaRose, better known by her online moniker, “JihadJane.” LaRose and Paulin-Ramirez were part of a small group that went to Ireland and plotted to murder Lars Vilks, a Swedish artist best known for his drawing of the Prophet Mohammed’s head on the body of a dog. In Ireland, Paulin-Ramirez married Ali Charaf Damache, who was arrested in Spain in December 2015 on a U.S. warrant alleging he was a terrorist recruiter. While Damache was fighting extradition from Spain, Paulin-Ramirez was finishing her prison term in a halfway house in Philadelphia, where she was released on March 21.

IN THE WAR on terror, U.S. District Courts have represented the primary stage of what can fairly be described as national security theater. With a near-perfect record of conviction, the Justice Department since the 9/11 attacks has hauled into court nearly 800 people on terrorism-related charges. While Justice Department and FBI news releases and press conferences heralded the arrests of such defendants, the U.S. government has said precious little about the hundreds of people convicted on terrorism-related charges who have been released back into the United States or deported to their home countries. During the remainder of President Donald Trump’s first term in office, for example, 67 people convicted on terrorism-related charges are scheduled to be released, according to The Intercept’s data analysis.

Those being released today, and the ones who will be released tomorrow, were yesterday examples the U.S. government held up as thwarted enemies caught by newly aggressive counterterrorism agents. One-fourth of those so far released were targets of FBI sting operations, in which an informant or undercover agent, posing as a terrorist operative, provided the means and opportunity for otherwise incapable individuals to move forward in terrorist plots. In congressional testimony, FBI Director James Comey and his predecessor, Robert Mueller, have specifically mentioned foiled plots from sting operations as examples of jobs well done, all part of a larger, ongoing pitch to justify to Congress and the public the more than $3 billion the FBI spends every year on counterterrorism efforts.

The FBI declined to answer specific questions about the release of people convicted on terrorism-related charges and did not provide any information about programs or policies to monitor those who have been released. “The FBI’s mission is to stay ahead of threats to the U.S. and its interests in order to protect the American people and uphold the U.S. Constitution,” FBI spokesperson Carol Cratty said, offering instead a blanket statement. “It is our duty to follow up on information we receive by using all lawful investigative techniques and methods to ensure public safety.”

The so-called Liberty City Seven case is indicative of how the U.S. government plays up the dangers of terrorism defendants when they are arrested but then never acknowledges that such purportedly dangerous individuals are routinely returned to their homes in the United States, in some cases just a few years after their arrests. As in other stings, the defendants in the Liberty City Seven case had no connection to terrorists. An undercover FBI informant, pretending to be an Al Qaeda agent, was the only alleged connection to terrorism. The case, one of the earliest of the FBI’s informant stings, was sloppier than most as well, because much of the bureau’s evidence seemed to support the men’s steadfast assertion that they were street hustlers trying to scam a big-talking Middle Easterner out of his money, not terrorists on the make. In fact, despite the government’s efforts to obfuscate this inconvenient fact, the seven men weren’t even Muslim; they considered themselves members of the Moorish Science Temple, blending together elements of Judaism, Christianity, and Islam in their belief system.

“The Liberty City case was a bellwether for the FBI and the Justice Department,” said James J. Wedick, a former FBI supervisory agent who was hired by the defense team to review the evidence. “If they could get convictions based on a thin case like this, they had a green light to be even more aggressive with terrorism stings.”

MIAMI – JUNE 23: Media stands outside the warehouse that the FBI raided last evening June 23, 2006 in the Liberty CIty neighborhood of Miami, Florida. The U.S. Justice Department was expected to provide details of an alleged plot to attack the Chicago Sears Tower, in which at least seven people who were staying in the warehouse were arrested in Miami. (Photo by Joe Raedle/Getty Images) Members of the media stand outside the warehouse raided by the FBI in the Liberty City neighborhood of Miami, Florida, June 23, 2006. Photo: Joe Raedle/Getty Images
IN 2004, THE brothers Burson and Rothschild Augustin lived in a Miami apartment above Narseal Batiste. Batiste, a former Chicago street preacher, operated a small drywall and construction business and considered himself a student of Western religions, studying the Old Testament, New Testament, and Quran. Inspired by the Guardian Angels he had seen patrolling in Chicago, Batiste also fashioned himself something of a community activist and guardian.
The Augustin brothers joined up with Batiste and, along with a half-dozen others, worked in his drywall business and together rented a warehouse in the Miami neighborhood known as Liberty City, where they offered martial arts training and religious studies to neighborhood kids. They called themselves the “Seas of David” and would sometimes wear military-style uniforms as they marched through the streets. The group was largely Batiste’s personality cult. He described himself as the “divine leader” and suggested once that “man has the authority to, on a certain level, be God.”

A Yemeni man named Abbas al-Saidi ran a convenience store in Miami that Batiste and his guys frequented. Al-Saidi, who had worked as an informant for the New York Police Department, got in touch with the FBI and reported a suspicious group of men from Liberty City, who he claimed had sent him to Yemen to make connections with Al Qaeda. FBI agents turned al-Saidi into a paid informant, and on instructions from the bureau, he introduced Batiste to a second informant, Elie Assaad, who was posing as a representative of Osama bin Laden. Assaad was a seasoned hand for the FBI, having conducted another terrorism sting in South Florida that lured a young man named Imran Mandhai into a bomb plot. (Mandhai was released from prison in March 2015 and deported to Pakistan.)

For Batiste, who is now incarcerated in a low-security facility in Texas, what happened next was nothing more than a street hustle; according to the U.S. government, the interaction between Batiste and Assaad was far more sinister.

“Al-Saidi made it perfectly clear that he was dealing with the police, and if we played the game the way he would lay it out, we’d be able to get a certain amount [of money] and then just basically break off and just go about our business and do all the things that we wanted to do,” Batiste said in a phone interview from prison.

FBI video footage of a meeting between Narseal Batiste and Elie Assaad, an informant posing as a representative of Osama bin Laden.

Batiste and Assaad met in a hotel room to discuss their future together. A hidden FBI video camera recorded their meeting. Following al-Saidi’s advice to dress the part of a Muslim extremist, Batiste wore what appeared to be a turban and carried a walking staff. He looked more like a Halloween partygoer than an Al Qaeda operative. “I’ve never met someone like you,” Batiste confessed to Assaad. “Someone on a mission.” They both sat at a table, where Assaad was eating a room service meal.

“I am a man that is determined. Whether I get any help from you or not, I’m going to do what needs to be done,” Batiste continued in the video, being as vague as possible. “And I’m well on my way of accomplishing that. I’m not far right now.”

“You’re not far? So I’m not wasting my time,” Assaad said, holding a french fry. He then added: “They didn’t bring me from over there just to hear words. I will see some action, or no?”

“Yeah, you’re not wasting your time,” Batiste said. “Absolutely, absolutely.”

MIAMI – JUNE 23: The inside of a warehouse that the FBI raided is viewed through a hole in the door June 23, 2006 in the Liberty CIty neighborhood of Miami, Florida.The US Justice Department was expected to provide details of an alleged plot to attack the Chicago Sears Tower, in which at least seven people who were staying in the warehouse were arrested in Miami. (Photo by Joe Raedle/Getty Images) Inside the Liberty City warehouse rented by the FBI for Narseal Batiste and his friends, viewed through a hole in the door, June 23, 2006, Miami, Florida. Photo: Joe Raedle/Getty Images
BUT THE LIBERTY City Seven plot consisted mainly of words. Assaad kept promising to transfer $25,000 to Batiste, who in turn said what he needed to say to string along Assaad. They talked about a harebrained plot to bomb the Sears Tower in Chicago. Batiste even boasted he could raise an army in Chicago. As time went by and no money arrived from Assaad, however, Batiste and his group became frustrated. So the FBI, through Assaad, rented them a newer, larger warehouse, complete with a refrigerator stocked with food and a new van they could use — all to keep them on the hook and to keep them plotting.
“At that time, we were just thinking, OK, we got the warehouse, and then inside the warehouse, they had food and everything,” Rothschild Augustin remembered. “Like frozen food, fish and stuff. So we were thinking, wow, the money is coming. Then they had a van in there. So we were thinking that all that was ours, so we just kept going along with it.”

The FBI had wired the new warehouse with cameras. Once they were in the warehouse, Assaad asked Batiste and his guys to swear a “bay’at,” or oath of allegiance, to Al Qaeda.

“It was kind of like we got blindsided. We just show up and, ‘Hey, you are going to take this oath.’ What? What oath? Whatever, we just went through it, uncomfortable,” Rothschild Augustin said.

Batiste was still trying to do whatever was necessary to sucker Assaad out of his money. Here was a guy giving them a warehouse, a van, and a promise to provide $25,000. So what if they had to pledge an oath like Boy Scouts? Each of the men stood before Assaad, gave his name, and then pledged allegiance to Al Qaeda. The hustle was finally working, everyone thought.

“The so-called bay’at, oath thing, that was placed upon us — all that was basically acting, just making up stuff,” Batiste recalled.

After the oath, Assaad asked Batiste to do one more thing: take pictures of the FBI office and federal courthouse in Miami. So Batiste and two of the guys gamely drove around Miami taking photographs from their van, with a camera provided by the FBI.

FBI video footage of Elie Assaad administering an oath of allegiance to Al Qaeda.

AT THIS POINT, Batiste’s spiritual adviser, a Chicago preacher named Sultan Khan Bey of the Moorish Science Temple, arrived in Miami and the case transformed into theater of the bizarre. An FBI surveillance vehicle recorded Batiste and his guys picking up Khan Bey and his wife, both dressed in colorful flowing African-inspired garb, from the airport in Fort Lauderdale.

When Batiste explained to Khan Bey what had been happening — the generous Arab guy who gave them a warehouse with a refrigerator full of food in exchange for the oath and taking a few pictures — Khan Bey told the group what should have been obvious all along: They were fools being played by the feds. Khan Bey then held a trial of sorts for Batiste, banished him, and took possession of the warehouse and control of the small group. Another of Batiste’s spiritual advisers, Master G.J.G. Atheea, who unbeknownst to the others had agreed to wear a wire for the FBI, confronted Khan Bey at the warehouse and advocated for Batiste’s return as leader of the group. An argument erupted, and Khan Bey grabbed a gun and shot at Atheea, narrowly missing him.

The gun was legal and registered to Lyglenson Lemorin, a Haitian-born member of the group who had carried it for security detail work in the past. Lemorin had mistakenly left the gun at the warehouse, where Khan Bey found it.

Miami police arrested Khan Bey for the shooting, and federal prosecutors took over the case. Khan Bey cooperated by talking to agents with the Bureau of Alcohol, Tobacco, Firearms and Explosives. It wasn’t his first run-in with the law. Khan Bey had been convicted of rape in 1977 and attempted murder in 1973. He pleaded guilty to being a felon in possession of a firearm and received a sentence of 14 months in prison, to be followed by three years of supervised release, with the stipulation that his sentence be served at a facility near his home in Chicago.

During the madness in Miami, the group was falling apart. Lemorin, frustrated by Batiste and his ill-conceived scam, moved to Atlanta. Some of the other guys began to distance themselves from Batiste after the oath, believing he’d pushed the hustle too far. Patrick Abraham ignored all the folly around him by focusing on jobs with the drywall company.

IMG_20160515_192731-1492629195 Patrick Abraham now lives in Haiti, where he teaches English at a school in Port-au-Prince. Photo: Trevor Aaronson
ON JUNE 22, 2006, Abraham was driving to a worksite when he saw a Chevrolet Suburban accelerate past his van and then quickly stop in front of him. “I see people come out of everywhere and pull out guns, aiming at my window,” Abraham remembered. After the FBI agents rushed the car, one asked Abraham a question that perplexed him: “Do you have a bomb in the car?”
“What?” Abraham asked, confused.

“Do you have a bomb in the car?” the agent repeated.

Abraham shook his head, exasperated. “Go ahead with the bullshit, man,” Abraham said, giving the agents permission to search his vehicle.

The others were arrested in similarly dramatic ways. Seven agents, for example, arrested Rothschild Augustin while he was shopping for clothes.

After their arrests, the FBI brought each of the Liberty City Seven individually into interrogation rooms at the bureau’s Miami office. Stanley Phanor, one of the guys who had remained loyal to Batiste throughout, didn’t understand why he had been arrested when he wound up in an interrogation room. A slender, soft-spoken man of Haitian descent, Phanor had gone by the nickname Sonny since he was a child. In the indictment, prosecutors listed him as “Brother Sunni,” perhaps as a way of making him seem more menacing and Islamic.

None of the men accepted a plea deal, and they all stood trial together. The case was bullshit, they agreed. The first trial resulted in a hung jury for six of the seven defendants. Because he’d abandoned the group during the sting, Lemorin was acquitted — but was immediately detained by immigration officials for deportation.

“On the one hand, they just seemed like a hapless group of guys and their defense all along was that they were just going along with it because they were going to rip off [the FBI informant],” said Jeffrey Agron, who was the jury foreman. “There were a fair number of people on the jury who believed that it was a scam. … On the other hand, when asked to pledge an allegiance to Al Qaeda, they did it. When asked to take pictures for the plot, they did take the pictures.”

Family members of some of the seven men charged with plotting to destroy the Sears Tower in Chicago and other buildings, center left in white t-shirts, look on during a news conference where activists spoke, Thursday, June 29, 2006 at the Liberty City neighborhood warehouse in Miami where the FBI arrested most of the men. (AP Photo/Wilfredo Lee) Family members of the Liberty City Seven look on during a news conference on June 29, 2006, at the warehouse in Miami where the FBI arrested most of the men. Photo: Wilfredo Lee/AP
IT TOOK THREE trials to convict five of the seven men. While Lemorin was acquitted in the first trial, Naudimar Herrera, a bit player in the group, was acquitted following the third trial. But five others — Narseal Batiste, Patrick Abraham, Stanley Phanor, Burson Augustin, and Rothschild Augustin — were convicted of conspiracy to provide material support to a terrorist organization, among other charges, and sent to prison. Following their convictions, Jeffrey Sloman, who was then the acting U.S. attorney in Miami, said the prosecution “helped make our community safer by rooting out nascent terrorists before they could carry out their threats.” The convicted men received sentences ranging from six to 13 years. If the Justice Department thought the men were dangerous, the U.S. Bureau of Prisons seemed to disagree. The Liberty City Seven members were incarcerated in medium and minimum security facilities once in BOP custody. The FBI paid Assaad $85,000 and al-Saidi $21,000 for their work on the sting.
Burson Augustin was the first of the convicted Liberty City Seven defendants to be released, on September 21, 2012, after serving six years in prison. Instead of returning to Miami, he chose to move to Fort Myers, where he had an aunt and where no one else knew him. “I thought my best bet is to go to a place I don’t know,” Augustin said. “To get a fresh start.”

A well-built man who wears thick dreadlocks pulled back into a ponytail, Augustin tried to make an honest living in Fort Myers, but he found it impossible to land a job with a terrorism conviction on his record. So Augustin went back to his old trade, hustling, and was soon busted for dealing cocaine. Because he was on supervised release at the time of the drug deal, his case went to federal court and he was sentenced to another four years in prison.

Lemorin, a Haitian national who had fathered two children in Miami, fell victim to a unique kind of double jeopardy. After being acquitted in the first trial, the evidence from that trial was used against him in immigration court. It proved enough to justify his deportation order.

His deportation was delayed because of the 2010 earthquake, which devastated Haiti. But one year after the earthquake, with the island still recovering from the destruction, Lemorin was on one of the first deportee planes to Port-au-Prince. In some ways, despite being acquitted, his punishment was in line with that of the other defendants: Between the time he was in a holding cell awaiting trial and his time in an immigration detention center, Lemorin spent nearly six years behind bars.

When he arrived in Haiti, he found himself detained yet again. Not knowing who among the deportees was a violent criminal and who wasn’t, Haitian officials threw everyone into detention cells. Those whose families had money could offer bribes to get loved ones released. The ones without family or means were at the mercy of Haitian officials in a filthy prison where cholera was spreading and some detainees had already died.

“There’s feces everywhere,” Lemorin remembered. “Feces on the wall, feces on everything, feces on the place where you take a shower.”

When Lemorin finally got out of detention, his relatives in Leogane gave him a small plot of land on which to live. His mother in Miami collected old cellphones and other electronics and shipped them to Lemorin, who sold them to buy the concrete and rebar to build his new home. He only has walls around the bedroom, but the foundation is laid. In time, he hopes to build up the walls around a small living room and kitchen.

In the United States, he was not only forced to leave behind his mother, but also his son and daughter. In April 2011, Lemorin learned that his 15-year-old son, Lukenson Lemorin, had been killed in a car accident in Miami. U.S. authorities denied Lemorin’s visa application to attend the funeral, he said, and he was forced to observe the service through a grainy Skype connection.

“I got robbed of my son’s life because I beat the case,” Lemorin said, tears welling in his eyes. “Twelve jurors found me not guilty. … And when I’m supposed to be home with my son, I’m in Haiti, deported, sent back for the same trial I beat.”

Two years after arriving in Haiti, Lemorin learned that his old friend Patrick Abraham had also been deported. Patrick had only distant relatives to help him in Haiti. But he had Lemorin, who offered to share his one-room home. On a recent evening, Abraham brought home a watermelon from Port-au-Prince. They sliced up and ate the watermelon together as they watched the kids from the village playing soccer with a deflated ball. Impoverished and isolated from the rest of the world, the pair seemed the world’s least probable terrorists.

For his part, Lemorin isn’t bitter about his circumstances. He doesn’t blame the United States. “I love America,” he said. “America is a great country. But what happened to us, it’s not America that did it. It’s not America — it’s a few people in America that others put their trust in.”

IMG_20160512_153116-1492629193 Burson Augustin is now back in South Florida, where he is trying to rebuild his life after serving a decade in prison. Photo: Trevor Aaronson
ABOUT 700 MILES away, in Miami, the rest of the Liberty City Seven are mostly together. Burson and Rothschild Augustin live in a small studio apartment in Broward County, north of Miami. Burson landed a job as a valet on Miami Beach; these days, having learned from his experience in Fort Myers, when he fills out job applications, he just leaves the question about felony convictions blank. It’s best not to try to explain. Rothschild has bounced from job to job; he’s done stints sewing body armor in a factory in an industrial part of town and working in a juice bar in a trendy section of Miami.
Stanley Phanor was released on June 28, 2016, after a short stay at a halfway house. He’s living with his mother in Little Haiti, where Burson and Rothschild Augustin sometimes visit. If the FBI is at all concerned with members of an alleged terror cell associating again in the city of their crime, the three are unaware of it. The Bureau of Prisons does not treat the release of people convicted on terrorism-related charges any differently than that of other criminals, and the FBI does not have a program to track and monitor released terrorists, at least not that it has acknowledged publicly. Phanor and the Augustin brothers haven’t been prohibited from seeing each other, and none of them have seen anything to suggest they are under physical surveillance. As far as they can tell, no one is paying any attention to them at all.

They’ll have a new addition soon. The Liberty City Seven’s alleged ringleader, Narseal Batiste, will be released to a halfway house this summer, a little more than a decade after he purportedly tried to wage a ground war against the U.S. government.

Trevor Aaronson
April 20 2017, 7:12 p.m.

Find this story at 20 April 2017

Copyright https://theintercept.com/

THE COOPERATORS Terrorism Defendants With Concrete Ties to Violent Extremists Leverage Their Connections to Avoid Prison

Trial and TerrorTrial and Terror
Part 2
The U.S. government has prosecuted almost 800 people for terrorism since the 9/11 attacks. Most of them never committed an act of violence.

˅ EXPAND ALL PARTS
SINCE THE 9/11 attacks, at least 30 people convicted of international terrorism-related offenses have become informants and/or cooperating witnesses in exchange for leniency in sentencing, according to an analysis by The Intercept of federal terrorism prosecutions.

Using the threat of criminal prosecution to encourage someone to cooperate is a well-worn tactic that long predates the war on terror. But this tactic has been used to great effect by federal prosecutors in the 15 years since the 9/11 attacks. There’s a cruel irony in this system. The misguided men, and sometimes women, who are caught up in counterterrorism stings — where an undercover agent or informant encourages or facilitates plans for an attack — are often sentenced to decades in prison because they have no information to trade. Members of the so-called Liberty City Seven, a group of Miami men who discussed a bomb plot with an undercover informant posing as an Al Qaeda operative, spent six to 13 years behind bars; they couldn’t become cooperating witnesses, because they didn’t know any real terrorists. But the more dangerous a defendant, or the more extensive his contacts with terrorists, the more likely he can leverage his connections for leniency.

One early informant was Mohammed Junaid Babar, an Al Qaeda operative who provided material support to efforts against U.S. forces in Pakistan. In exchange for more than six years of cooperation, Babar received a sentence of time served and 10 years of supervised release. As part of his supervised release, Babar was required to continue to cooperate with the government. His whereabouts have never been disclosed publicly, and the U.S. Bureau of Prisons has no public record of Babar having entered custody at any point during his cooperation.

The case of Najibullah Zazi offers another example. Zazi trained with Al Qaeda in Pakistan and then mixed beauty-supply chemicals for backpack bombs in a motel outside Denver. He was arrested in September 2009, before he could drive to New York and place those bombs on the subway. Zazi, whose sentence has been pending since he pleaded guilty in February 2010, is currently working for the government as a cooperating witness.

Some of the government’s cooperating witnesses have been plucked from far-flung battlefields. Bryant Neal Vinas, who went by the name Bashir al-Ameriki, was captured in Pakistan. After admitting that he fired rockets on a U.S. military base in September 2008, Vinas turned informant. He provided information about a plot to blow up a Long Island Rail Road commuter train in New York’s Penn Station as well as information about Belgian and French men who attended the same training camp he did. Vinas pleaded guilty in January 2009 to an indictment charging him with, among other offenses, conspiracy to kill Americans and material support for terrorists. His sentence has been pending since then, and there is no record of him ever being turned over to the U.S. Bureau of Prisons, suggesting he is in a witness security program.

One of the most colorful and revealing cases of a terrorism defendant-turned-cooperator is that of Earnest James Ujaama, perhaps the most prolific cooperating witness in the war on terror. A would-be entrepreneur with an explosive temper and a penchant for running minor scams, Ujaama became a close associate of Abu Hamza al-Masri, the radical imam of the Finsbury Park Mosque in London, whom a senior Justice Department official once called “an unrepentant all-purpose terrorist.” But while Abu Hamza is now serving a life prison sentence, Ujaama is free, living in idyllic Berkeley, California, collecting approximately $2,000 per month from the federal government, at least until recently, and looking to tell his story to a receptive audience.

I first heard from Ujaama on November 12, 2015, when he sent me an email. “I’m looking to tell the story of a case that I think you will be most interested in,” he wrote. Later that day, in another email, Ujaama disclosed the primary condition of his cooperation. He wanted me to write a book with him about his life. “I’ve listened to you speak,” he wrote. “I’ve watched your presentation. I like your work.”

In a series of phone and email conversations, Ujaama described how he also wanted compensation for his story. “I don’t pay for access to people,” I told Ujaama.

This sort of back-and-forth continued for months. Sometimes I initiated contact, because I was intrigued by Ujaama’s story. Sometimes he reached out to me, for reasons that were not always clear. Our exchanges always were short-lived. Ujaama is a chameleon-like man who has been many things: entrepreneur, author, college student, religious scholar, newsletter publisher, aspiring movie producer, website designer, even a mule carrying cash into Afghanistan. Now, it seemed, he was attempting to fashion a new career as a terrorism expert, but at his core, the slender 51-year-old with close-cropped hair and braces on his teeth is a hustler — someone who, in the words of one federal judge, always plays “fast and loose.”

During his 13-year cooperation as a witness for the government, Ujaama has testified in two terrorism trials — including that of Abu Hamza, who was also known as Mustafa Kamel Mustafa — and would have testified in a third had the defendant not pleaded guilty. In a court filing, Assistant U.S. Attorney John P. Cronan called Ujaama’s cooperation with the government “extraordinary.”

Finally, in October 2016, Ujaama wrote me once again. He was irritated by a 60 Minutes story about Mary Quin, a New Zealander who was kidnapped in Yemen by an Al Qaeda-affiliated group and portrayed by CBS News as the U.S. Department of Justice’s star witness in Abu Hamza’s trial. This was outrageous to Ujaama, because in his view, he was the star witness against the religious cleric with connections to Al Qaeda. “You should come see me. I’m in the Bay Area until November,” Ujaama wrote. We agreed to meet the following month.

LONDON, United Kingdom: (FILES) Imam Abu Hamza al-Masri addresses followers during Friday prayer in near Finsbury Park mosque in north London, in this 26 March 2004 file photo. Hamza al-Masri was found guilty Tuesday 07 February 2006 of incitement of racial hatred and soliciting murder charges after a criminal trial in London. Hamza, 47, was convicted of six out of nine soliciting-to-murder charges and two out of four charges of “using threatening, abusive or insulting words or behaviour with the intention of stirring up racial hatred”.AFP PHOTO/ODD ANDERSEN/FILES (Photo credit should read ODD ANDERSEN/AFP/Getty Images) Imam Abu Hamza al-Masri addresses followers during Friday prayer near Finsbury Park Mosque in north London on March 26, 2004. Photo: Odd Andersen/AFP/Getty Images
BORN IN DENVER as James Earnest Thompson, Ujaama moved to Seattle as a boy. “I grew up under the Black Panthers,” he said in court testimony. By most accounts he was whip-smart, driven, and eager to make a mark on the world.

But Ujaama also had a fiery disposition. Once, when his girlfriend called police and reported that he had a gun, Ujaama got into a scuffle with a cop and broke the officer’s watch. Enacting revenge on his girlfriend for the incident, Ujaama poured a five-pound bag of sugar into her car’s gasoline tank.

In the mid-1980s, Ujaama moved to Pelican, Alaska, to take a job at a seafood company, where he said he struggled with a racist culture there. “I just got tired of being called nigger,” he recalled. One day, frustrated by the racism, Ujaama grabbed a .375 Winchester rifle and shot out the window of the housing unit where he was staying. He went to jail for the incident.

By the early 1990s, he’d returned to Seattle and joined the personal computer industry. Ujaama was a partner in Olympic Computers, which sold IBM clones at wholesale. But the company didn’t last; Ujaama began a scam, telling customers to send him checks so that he would get the money rather than his partner. In all, Ujaama raked in about $10,000 from the ploy.

Then Ujaama switched to writing books, positioning himself as a motivational speaker and community activist. One book, “The Young People’s Guide to Starting a Business Without Selling Drugs,” encouraged young black men to become entrepreneurs. “When a person lacks knowledge and vision,” Ujaama wrote in the foreword, “that person becomes a soldier in the wrong war, an enemy to others and to themselves.”

Ujaama followed these efforts with a work of fiction, “Coming Up,” a semi-autobiographical story about two friends — one becomes a drug dealer, the other a successful businessman. Ujaama moved to Los Angeles in the hopes of turning “Coming Up” into a movie. Although he claimed to have received a commitment for half of the money to produce the film adaptation, the promised funds were contingent on Ujaama raising the second half from other sources, which he couldn’t do. It was a flop, like most of Ujaama’s business ventures.

Despite characterizing himself as an entrepreneur, Ujaama has never run a successful business, at least not according to any measure the IRS would endorse. He has never paid taxes, and in some years did not file tax returns at all. “The understanding I had was that I did not owe taxes,” he said.

At a low point after failing to turn his book into a movie, Ujaama returned to Seattle and converted to Islam in late 1996. Ujaama devoted himself to Islam and moved to England to study under Abdullah El-Faisal, a Jamaican-born cleric who was imam of the Brixton Mosque in South London. Ujaama became something of an apostle for El-Faisal, traveling back and forth from London to Seattle, where he’d sell tapes of El-Faisal’s sermons. Yet rather than providing a portion of the sales to El-Faisal, Ujaama pocketed the proceeds.

While in London, Ujaama married a Muslim woman from Somalia, and they had a child. El-Faisal had taught Ujaama that jihad training was a Muslim’s obligation, so in late 1998, Ujaama traveled to Afghanistan for training. “I was looking to learn physical jihad training, which would include hand-to-hand combat, how to use weaponry, and live as a Muslim,” Ujaama explained later in court testimony. He made his way to a training camp run by a conservative Muslim missionary group. The camp used an aging Soviet-built military barracks, a soccer field, a large artillery gun, and some broken-down tanks. Ujaama received weapons training and learned how to recite the Quran. But he wasn’t much of a militant. One night, while in the bathroom, Ujaama accidentally fired his rifle. He soon fell ill and left the camp after just two weeks.

Ujaama returned to London and continued his studies under El-Faisal. At the time, El-Faisal was badmouthing Abu Hamza, the religious leader in London who would later be prosecuted in New York. Some of El-Faisal’s students asked Ujaama to meet with Abu Hamza and help mediate the dispute.

Abu Hamza commanded a mysterious aura because, well, he looked like a James Bond villain. He had one eye and was missing both of his hands, forcing him to use a prosthetic hook. Born in Egypt, Abu Hamza studied civil engineering before coming to the United Kingdom in 1979. Various stories have circulated about how Abu Hamza sustained his injuries, including one that alleged his hands were chopped off after he was caught stealing in Saudi Arabia. In truth, according to Abu Hamza, he lost his hands and an eye during an explosives accident while assisting the Pakistani military in a road-building project.

Ujaama recalled being “very impressed with Sheikh Abu Hamza” from that initial meeting. After listening to Abu Hamza’s taped lectures, Ujaama turned his back on El-Faisal. “I decided that he wasn’t a good person to follow,” Ujaama said. His spurned mentor began telling people that Ujaama had stolen money.

But it didn’t matter. Ujaama had his new teacher, Abu Hamza, who had a growing international following through the website of his organization, Supporters of Sharia. When Ujaama decided to return to the United States in 1999, Abu Hamza gave him about a dozen tapes of his lectures. The tapes bore Supporters of Sharia’s logo — a shackled man behind bars reaching out of the cell with a Quran in hand. The lectures were “very angry, but serious,” according to Ujaama, who distributed copies in Seattle’s Muslim community. As he did with El-Faisal’s tapes, Ujaama pocketed the profits.

It was during this return trip to Seattle that Ujaama heard about a ranch in southern Oregon. The entrepreneur in Ujaama saw an opportunity: He could build a training camp for Muslims and advertise it to Abu Hamza’s followers. Ujaama sent a fax to Abu Hamza describing his idea, but he also exaggerated the progress he’d made in turning the ranch into a training camp. He claimed he had secured weapons and recruits and had already started to build structures. He asked Abu Hamza to send two men from London to assist him.

Oussama Kassir, center, Lebanese-born Swedish citizen wanted in the United States on suspicion of plotting to set up a terrorist camp there, is escorted by heavily armed policemen to the courtroom in Prague on Wednesday, April 25, 2007. The Czech court ruled today that Oussama Kassir can be extradited to the USA however he immediately appealed the decision of the Municipal Court in Prague. Kassir is charged in the USA with conspiracy aimed at providing material support to terrorists for which he faces up to a life sentence if found guilty. Kassir was arrested by the Czech police upon an international arrest warrant at Prague’s Ruzyne airport during a stop-over of his plane flying from Stockholm to Beirut in December 2005. (AP Photo/CTK) ** SLOVAKIA OUT ** Oussama Kassir, center, a Lebanese national and Swedish citizen wanted in the United States on suspicion of plotting to set up a terrorist camp, is escorted by armed police officers to the courtroom in Prague on April 25, 2007. Photo: CTK/AP
THE MEN ABU HAMZA sent were Oussama Kassir, a Lebanese national and Swedish citizen who claimed to have been a bodyguard for Osama bin Laden, and Haroon Aswat, a slender British man. The brawny Kassir was to be a physical trainer at the camp, while the studious Aswat would act as a religious and Arabic tutor there. They flew to New York on November 26, 1999, and then took a Greyhound bus across the country to Seattle.

After they arrived, Ujaama drove the two men for eight hours to southern Oregon, where Ujaama showed them the ranch. Instead of having the makings of a training camp, it was desolate. There were no stockpiles of weapons. There were no recruits. The only structures were dilapidated trailers.

Ujaama, true to his roots, had been running a hustle. He just needed Abu Hamza’s stamp of approval and support, and he figured if he could get a couple of Abu Hamza’s guys on site, he could line up investments to get the weapons he claimed he already had and start the construction he said was already underway.

But Kassir, realizing that Ujaama had lied about the camp, became angry. “He got in my face and began to point his finger at me,” Ujaama later testified.

His training camp scheme dashed following the argument with Kassir, Ujaama fled back to Seattle, leaving behind the two men Abu Hamza had sent. Ujaama never returned to the ranch.

Instead, Ujaama moved back to London in the spring of 2000 and returned to his studies under Abu Hamza. If the religious cleric was irritated by Ujaama’s overselling of the training camp, or his dispute with Kassir, he didn’t seem to show it. He took in Ujaama as a close aide, and Ujaama began to work on the Supporters of Sharia website, expanding the English-language portion in order to reach non-Arabic speakers.

Eventually Abu Hamza had a mission for Ujaama. He asked him to travel to Afghanistan to deliver money and escort a member of the London mosque, a Ugandan-born British man named Feroz Abbasi. Abu Hamza gave Ujaama a letter addressed to the foreign minister of the Taliban government to guarantee safe passage into Afghanistan.

Ujaama and Abbasi purchased plane tickets and traveled to Pakistan. After checking into a hotel in Quetta, Ujaama snuck away without telling Abbasi and headed to the Taliban embassy. “I decided that because he would interfere with what I was doing,” Ujaama said. At the embassy, Ujaama handed the Taliban representative the letter from Abu Hamza.

The Taliban escorted Ujaama in an SUV across the border and to the Kandahar compound of Ibn al-Shaykh al-Libi, a Libyan who ran a training camp in Afghanistan. Following Abu Hamza’s instruction, he gave al-Libi an envelope containing 500 British pounds. Ujaama then traveled to Khost to find a girls’ school to deliver another envelope of money, but wasn’t able to locate it. Instead, he encountered a man who wanted to send Ujaama to the front lines in the Taliban’s war against the Northern Alliance. Ujaama called Abu Hamza in London to intercede. “I’m not here for that purpose,” he said.

The call prevented Ujaama’s military conscription, but Abu Hamza asked him about Abbasi. “I left him behind,” Ujaama said. Angry, Abu Hamza demanded that Ujaama go back to Pakistan and bring Abbasi to Afghanistan. Ujaama told Abu Hamza that he would collect Abbasi, even though he had no intention of doing so.

Back at the Finsbury Park Mosque in London, Ujaama continued to assist Abu Hamza and work on the Supporters of Sharia website. In early September 2001, Ujaama agreed to travel once more to Afghanistan to deliver money.

On September 11, 2001, on his way to Afghanistan, Ujaama was awoken to the Pakistani military police knocking on his hotel door. “They asked me if I needed protection,” Ujaama recalled. He learned that hijacked airplanes had been turned into weapons in New York, Washington, D.C., and Pennsylvania.

Abu Hamza wanted Ujaama to continue into Afghanistan and deliver the money, but Ujaama refused. The U.S. military had begun bombing the country. Instead, Ujaama made his way to the United States, with 1,000 pounds of Abu Hamza’s cash in hand.

Ujaama was arrested in July 2002 at his grandmother’s former home in Denver, Colorado. “The government is conducting a witch hunt,” Ujaama said in a public statement at the time. The federal government first held Ujaama on a material witness warrant, then indicted him on material support charges related to the supposed training camp in Oregon.

Though he seemed destined for a lengthy prison sentence, Ujaama’s life was about to take a new turn.

AFTER HIS ARREST, Ujaama followed a path similar to those of other post-9/11 terrorism defendants. As part of a plea deal, Ujaama admitted that he conspired to aid the Taliban. In exchange for a sentence of two years in prison, Ujaama agreed to be a witness in the U.S. government’s prosecutions of Abu Hamza and the two other men who collaborated with Ujaama on the purported training camp in Oregon — Oussama Kassir and Haroon Aswat. In 2004, prosecutors in Manhattan charged Abu Hamza, Kassir, and Aswat with terrorism-related charges.

When they were indicted, Abu Hamza was in the United Kingdom, Kassir in the Czech Republic, and Aswat in Zambia. All three fought extradition to the United States, creating a prolonged legal battle that meant Ujaama would wait years to fulfill his obligation to testify in their cases.

By December 2006, Ujaama grew impatient and frustrated by what he viewed as the government forcing him to testify against Abu Hamza. He fled to Belize, where he hoped he could be reunited with his wife and child, but he was arrested by local authorities. Since he violated his plea deal in Washington, federal prosecutors indicted Ujaama again in Manhattan, this time with additional charges. As part of a second cooperating agreement, Ujaama pleaded guilty to three terrorism-related counts, including a conspiracy to build the training camp in Oregon. He served an additional four years in prison.

Ujaama testified against Kassir in 2009, helping the government to win a conviction and ensuring that the man he’d argued with on the ranch received a sentence of life in prison.

Five years after Kassir’s trial, federal prosecutors finally put Abu Hamza on trial in Manhattan. Ujaama testified for four days in the spring of 2014, describing in detail how he helped his former mentor with the Supporters of Sharia website and newsletter, how he asked him to send two men to the ranch in Oregon, and how he delivered money to Afghanistan.

Abu Hamza was convicted on May 19, 2014, and sentenced to life in prison. He is reportedly in solitary confinement and without his prosthetic limbs.

Haroon Aswat pleaded guilty in March 2015 following the successful convictions of Kassir and Abu Hamza. He received a sentence of 30 years in prison.

On October 23, 2015, Ujaama was sentenced, for the final time, in U.S. District Court in Manhattan. “I wish I would have never gotten involved with Abu Hamza,” Ujaama said at his sentencing. “And I think he’s a bad man.”

Judge Katherine B. Forrest said she did not believe Ujaama posed a terrorist threat. If he posed any threat to society, she said, it was “petty fraud or something like that.” She sentenced Ujaama to time served, and in recognition of Ujaama’s years of cooperation with the government, she declined to give him any term of supervised release.

For the first time since 2002, Ujaama was free.

ujaama_edit-1492629291 Earnest James Ujaama poses for a photograph at the University of Washington, where he became a graduate student while serving as a government witness in terrorism prosecutions. Photo: Wikipedia
UJAAMA NOW DIVIDES his time between Berkeley and Seattle. He’s collected at least $100,000 in payments from the government for his cooperation and has amassed student loan debt, which, as of late 2015, had reached $86,000. He expects to finish his doctoral studies at the University of Washington.
Following my year of on-and-off exchanges with Ujaama, we met for the first time in Berkeley in December 2016. I agreed to one condition: We’d keep the first day off the record, and then once we’d gotten acquainted, our conversations thereafter would be on the record.

But after speaking with me over coffee and lunch in Berkeley, Ujaama still wasn’t willing to participate in an interview for an article he couldn’t control. After several hours, I told him it was now his choice. I walked toward the Berkeley BART station. Ujaama followed. We chatted for another hour, standing in the train station lobby. I finally told him that if he wanted to be interviewed, he could come see me in San Francisco the next day.

That evening, I emailed Ujaama to give him one last chance to talk, and to let him know I’d be writing about him, regardless of his cooperation.

“Have a safe return home, bro,” was his only reply.

The next week, I sent Ujaama a list of questions for this story. “I’m in the middle of a research project for my doctoral studies and am very busy,” he wrote. He didn’t respond to any of the questions.

Ujaama doesn’t want to be seen as just another snitch in the ongoing war on terror. He clings to a personal brand of exceptionalism that paints him as both a victim of overzealous prosecution and a star actor on the larger stage of U.S. terrorism prosecutions. And while he insists he wants to spark reform, his case best illustrates the injustice of a system that gives light sentences to those who trade terrorist contacts and cooperation for leniency, while sending those with no such connections to prison for decades.

In the meantime, during my discussions with Ujaama, his Wikipedia entry was being updated almost daily with granular detail about his life.

The entry at one point refers directly to the editor responsible for the frequent updates: “This author is in possession of all court transcripts, sentencing memorandums, and primary documents related to United States vs. Earnest James Ujaama,” the entry read, noting that many of the documents are filed under seal. “Most of what is found on the Internet is piece-meal journalism, speculation or theory, and is outdated,” the entry continued.

I sent Ujaama one final question. “Are you the one writing your Wikipedia entry?” I asked. Ujaama never responded.

Trevor Aaronson
April 20 2017, 7:14 p.m.

Find this story at 20 April 2017
Copyright The Intercept

THE NEW TARGETS FBI Stings Zero In on ISIS Sympathizers. Few Have Terrorist Links.

Trial and TerrorTrial and Terror
Part 3
The U.S. government has prosecuted almost 800 people for terrorism since the 9/11 attacks. Most of them never committed an act of violence.

˅ EXPAND ALL PARTS
BOSTON POLICE CAPT. Robert Ciccolo was one of the first responders to the Boston Marathon bombings. When his 23-year-old son, Alexander, who had converted to Islam and given himself the name Ali Al Amriki, began telling his father he was “not afraid to die for the cause,” Ciccolo became alarmed. Alexander had a history of mental illness, and his interest in Islam had become an obsession. In October 2014, Ciccolo contacted the FBI about his son.

The federal agents could have monitored Alexander, or perhaps confronted him. Instead, as the bureau does in most such cases, agents launched an investigation. They found Alexander’s Facebook page, listed under his nom de guerre. There was a photograph of a young man in a wooded area wearing a head covering and holding a machete. “Another day in the forest strengthening myself,” the caption read. Another photo on his Facebook page appeared to show a dead American soldier. “Thank you Islamic State!” read the caption.

As part of a sting, an FBI informant contacted Alexander and offered to provide him with guns for an attack. After Alexander collected the weapons on July 4, 2015, FBI agents arrested him and charged him with terrorism-related offenses. As he was being processed at a detention center, he stabbed a nurse with a pen, causing a minor injury. His case made national news, and FBI Director James Comey told reporters that Alexander Ciccolo’s was among several plots related to the Fourth of July holiday that were foiled by counterterrorism agents. “I do believe that our work disrupted efforts to kill people, likely in connection with July 4,” Comey told reporters during a July 7, 2015, briefing.

Alexander Ciccolo is among 63 men and women who have been arrested in FBI stings targeting ISIS sympathizers, according to an analysis of federal terrorism prosecutions by The Intercept.

Demonstrating the evolving threat of terrorism in the United States, alleged ISIS sympathizers are now the primary targets of FBI stings, upstaging Al Qaeda, the Shabab, and all other terrorist groups. The first ISIS case in the United States culminated in an arrest in March 2014, and the number quickly grew. Fifty-eight people were charged in 2015 for alleged ISIS affiliations. In 2016, 32 FBI cases involved ISIS sympathizers, compared to just one each that year involving Al Qaeda and Shabab sympathizers.

But as with earlier FBI stings that primarily targeted Al Qaeda sympathizers, most of the targets of the bureau’s ISIS stings are aspirational, not operational.

In the majority of ISIS stings, targets were not in direct contact with ISIS representatives and did not have weapons of their own, government evidence showed. Instead, these targets were inspired by online propaganda to join ISIS and either made arrangements on their own to travel to Syria or were aided by FBI informants or undercover agents in their attempts join ISIS or plot attacks inside the United States.

BOSTON, MA – JUNE 24: Boston cab drivers rallied this morning before attending a hearing, chaired by Capt. Robert Ciccolo, seen here, with Boston Police Hackney Division at Roxbury Community College regarding a proposed fare increase. (Photo by George Rizer/The Boston Globe via Getty Images) Capt. Robert Ciccolo chairing a hearing at Roxbury Community College. Photo: George Rizer/The Boston Globe/Getty Images
After Alexander was arrested, FBI agents read him his Miranda rights. He then sat for an interview with FBI agents Paul Ambrogio and Julia Cowley.
Dressed in a black T-shirt and jeans, he refused to talk about the guns, but he defended ISIS as a just organization, even as he demonstrated his ignorance about the group. The FBI recorded the interview.

“ISIS claimed responsibility, right, for a lot of beheadings?” Ambrogio asked. “There’s someone who names himself Jihadi John and he beheads people, right? He does it in an online way so that people can see it. So what’s your feeling about that? They represent themselves as ISIS; they’re ISIS. What’s your feeling?”

“The people that you see being executed are criminals,” Alexander answered. “They’re criminals. They’re the lowest of the low.”

According to his family, Alexander, a high school dropout, had battled off and on with alcohol addiction. He was also admitted to a psychiatric institution when he was a teenager.

As a child, he went back and forth between the homes of his father, a stern cop who did not respond to requests for comment for this story, and his mother, something of a free spirit. Alexander followed in his mother’s footsteps.

“I raised him Catholic; he was baptized Catholic,” said Shelley MacInnes, his mother. “He stayed with his Catholic beliefs for quite a long time. I would say he is a very religious person and very spiritual, but as he got older, I think he started searching.”

Alexander Ciccolo first gravitated toward Buddhism and spent time at the Grafton Peace Pagoda in Petersburgh, New York. In 2012, he and other members of the Peace Pagoda walked around Lake Ontario to raise awareness of the dangers of nuclear power. A photograph from the time shows him wearing a green V-neck T-shirt and holding a handwritten sign that reads: “Peace walk for no more Fukushima.”

Shortly after, he returned to Massachusetts and announced that he would become a Muslim. “One day we were out having dinner, and he went to the bathroom,” MacInnes recalled. “He ran into an imam. … He was so excited. ‘Mom, you’re aren’t going to believe what just happened.’”

Alexander became fixated on Islam and ISIS, and he would talk often with his parents about his newfound beliefs. “He’s always been an investigator, never takes anything at face value,” MacInnes said. “As far as ISIS goes, my personal opinion is that he was investigating the validity of that organization, rather than taking the media’s answer for it.”

Following its sting playbook, the FBI introduced to Alexander an informant posing as an ISIS sympathizer. The informant and Alexander met for the first time in person on June 24, 2015. The young man told the informant that he wanted to travel to another state and use pressure cooker bombs to attack two bars and a police station. Over the course of a week, his plan changed from bombing bars and a police station to attacking a university. He boasted that he knew how to use sniper rifles and had grown up with guns. “I know what I’m doing,” he said.

But Alexander didn’t have any weapons, aside from a couple of machetes. His only would-be bomb components were a pressure cooker purchased from Wal-Mart and some half-made Molotov cocktails.

That’s where the FBI stepped in again. The undercover informant provided Alexander with two assault rifles and two handguns. As soon as Alexander took possession of the guns, FBI agents arrested him, charging him with attempting to provide material support to a terrorist organization and attempting to use weapons of mass destruction. He was also charged with being a felon in possession of firearms, owing to an earlier state conviction of driving under the influence.

BRIGHTON — Buddhist nun Jun Yasuda, left, Lauren Carlbon and Alex Ciccolo on their recent peace walk through Brighton. Ms. Yasuda and her fellow walkers are traveling 600 km around Lake Ontario to spread awareness about the dangers of nuclear energy and weapons. July 26, 2012. Alexander Ciccolo, right, along with Buddhist nun Jun Yasuda and Lauren Carlbon, on a peace walk through Brighton, Mass., July 26, 2012. Photo: Dave Fraser/Metroland Media/The Independent
WHETHER OUT OF mental illness, immaturity, or naiveté, Alexander Ciccolo professed support for ISIS, but it’s unclear whether he would have posed a threat had the FBI informant not encouraged him and provided him with weapons. In this way, Ciccolo’s case is prototypical of ISIS stings.

In these cases, the FBI provides encouragement and capacity to otherwise hapless individuals.

For example, in a similar case in April 2016, the FBI arrested a South Florida man who allegedly plotted to bomb a Jewish community center. An FBI informant gave James Medina, a homeless man with a history of making baseless threats of violence, the opportunity. It was in fact the FBI informant who first came up with the idea of crediting their attack to ISIS. Farther north, in upstate New York, Emanuel L. Lutchman, another homeless man, told an FBI informant that he had received directions from an overseas ISIS member and was planning an attack, using a machete and knives, on a New Year’s Eve celebration in Rochester. The FBI’s informant provided the $40 Lutchman needed to purchase the machete and knives.

In other ISIS stings, the FBI has encouraged and helped to facilitate the international travel of would-be ISIS recruits. An example is the case of Jason Michael Ludke, a Milwaukee man who made contact with an FBI undercover employee through social media. The FBI undercover employee, pretending to be affiliated with ISIS, encouraged Ludke and his friend Yosvany Padilla-Conde to join the terrorist group. The pair drove from Wisconsin to Texas, where they were arrested. According to Padilla-Conde’s statements after the arrest, they were under the impression that the FBI undercover employee was going to assist them in crossing the border into Mexico and then traveling to Iraq or Yemen. Ludke and Padilla-Conde are facing charges of material support for terrorists.

The analysis of terrorism prosecutions by The Intercept shows that federal judges have wrestled with appropriate punishments for those convicted of ISIS-related terrorism offenses.

Some defendants who were arrested before they had an opportunity to travel to Syria have received relatively lenient sentences. Mohammed Hamzah Khan, of Bolingbrook, Illinois, was arrested as he attempted to board a flight to Turkey at O’Hare International Airport. He received about three years in prison. Shannon Maureen Conley, who lived in Colorado, received about four years after she was arrested at the airport in Denver, on her way to Turkey.

At the same time, defendants whose support for ISIS consisted of online activity, such as distributing propaganda on social media, have received comparable sentences to, and in some cases more prison time than, defendants who tried to join ISIS on the battlefield. Heather Elizabeth Coffman, of Glen Allen, Virginia, used several social media accounts to communicate with FBI informants posing as ISIS agents. She was sentenced to 4 1/2 years in prison. Ali Shukri Amin, who also lived in Virginia, admitted that he operated a pro-ISIS Twitter account and blog and provided instructions to ISIS supporters on how to use Bitcoin to avoid currency transfer restrictions. He was sentenced to more than 11 years in prison.

But the most significant prison sentences await those who, like Alexander Ciccolo, moved forward with terrorist plots in the United States, even if it was the FBI making them possible. Christopher Cornell, of Cincinnati, Ohio, plotted with an FBI informant to travel to Washington, D.C., and attack the U.S. Capitol. He was arrested as he was leaving a gun store. After pleading guilty to terrorism-related charges, Cornell was sentenced to 30 years in prison. Lutchman, who was involved in the purported plans to attack a New Year’s Eve celebration in upstate New York, pleaded guilty to material support and received a 20-year prison sentence.

It’s still too early to establish conclusive trends about the sentencing of ISIS defendants in U.S. District Courts. Of the 110 ISIS defendants charged, only 45 have been sentenced.

Yet the arrests of ISIS sympathizers continue at a steady clip, even when the targets of stings have proven themselves to be incompetent ISIS recruits.

An example is Mohamed Rafik Naji, of New York, who attempted five times to travel to ISIS territory but never made it. That’s when an FBI informant, posing as an ISIS affiliate, contacted him through Facebook.

The informant told him that ISIS needed someone to attack Times Square with a garbage truck. “I was saying if there is a truck, I mean a garbage truck, and one drives it there to Times Square and crushes them,” Naji told the informant, repeating the idea. Naji was indicted in November 2016 on a charge of material support for terrorists, the 93rd person to be charged in federal court in an ISIS-related case.

Alexander Ciccolo is now undergoing psychological evaluation; his trial is pending. MacInnes, Ciccolo’s mother, believes he was an impressionable young man manipulated by the FBI and set up with weapons that he never could have obtained on his own. “I don’t think he even knew what his plan was,” MacInnes said.

Trevor Aaronson
April 20 2017, 7:15 p.m.

Find this story at 20 April 2017

Copyright https://theintercept.com/

THE BANNED The Government’s Own Data Shows Country of Origin Is a Poor Predictor of Terrorist Threat

Trial and Terror
Part 4
The U.S. government has prosecuted almost 800 people for terrorism since the 9/11 attacks. Most of them never committed an act of violence.

WHILE THE TRUMP administration has struggled to provide evidence to support the need for a travel ban targeting Muslims, Attorney General Jeff Sessions has been working since at least 2015 to limit Muslim immigration.

In November 2015, in a letter co-signed by Texas Sen. Ted Cruz, then-Alabama Sen. Sessions accused the Obama administration of refusing to provide immigration information about defendants who had been charged in U.S. District Court with international terrorism-related offenses.

“It is quite telling that this administration — which seems to have unlimited resources to circumvent our immigration laws and further its executive amnesties — cannot find the time or resources to provide timely answers to these simple questions,” Sessions and Cruz wrote.

So the two senators took matters into their own hands. Using a list of 580 terrorism-related defendants provided by the Justice Department, Sessions assigned the staff of the Subcommittee on Immigration and the National Interest, which he chaired at the time, to research the country of origin and immigration status of each defendant. The committee staff found that of the 580 terrorism defendants they researched, 375 were born outside the United States. To Sessions and Cruz, this validated their view that terrorism was a largely foreign threat.

In another letter to the Obama administration in June 2016, Sessions and Cruz wrote that the information “makes clear that the United States lacks the ability to properly screen individuals prior to their arrival to the United States. It further makes clear that our nation has a serious assimilation problem.”

The Sessions data, which included country of origin and immigration data for some, but not all, of the defendants, was among the sources used by The Intercept to build a database of international terrorism prosecutions since the 9/11 attacks. (The Intercept intends to keep the database up to date and expand the fields regularly; at present, staff members are researching, among other data, the country of origin for approximately 350 international terrorism-related defendants not found by the subcommittee staff.)

A review of the Sessions data, however, suggests that neither country of origin nor immigration status is a clear indicator of heightened national security concern.

COUNTRY OF ORIGIN NUMBER OF PEOPLE
United States 73
Pakistan 61
Lebanon 27
Somalia 21
Colombia 20
Yemen 20
Iraq 19
Egypt 17
Jordan 16
Afghanistan 10
Palestine 9
Saudi Arabia 9
India 8
Gaza 7
Syria 7
Morocco 6
West Bank 6
Indonesia 5
Kuwait 5
Canada 4
El Salvador 4
Iran 4
Turkey 4
United Kingdom 4
Albania 3
Bangladesh 3
Guyana 3
Mali 3
Sri Lanka 3
Sudan 3
Tunisia 3
Algeria 2
Bosnia 2
Eritrea 2
Ethiopia 2
France 2
Haiti 2
Kazakhstan 2
Kosovo 2
Libya 2
Nigeria 2
Senegal 2
Singapore 2
South Africa 2
Tanzania 2
Venezuela 2
Angola 1
Australia 1
Brazil 1
Cambodia 1
Chile 1
Denmark 1
Djibouti 1
Dominican Republic 1
Germany 1
Greece 1
Guatemala 1
Israel 1
Ivory Coast 1
Kuwait – Citizen of Jordan 1
Lebanon – Canada 1
Malaysia 1
Mexico 1
Nicaragua 1
Pakistan – Canada 1
Panama 1
Paraguay 1
Peru 1
Philippines 1
Qatar 1
Russia 1
South Korea 1
Trinidad & Tobago 1
United Kingdom – India 1
Uzbekistan 1
Vietnam 1
Yugoslavia 1
In June 2016, the Senate Subcommittee on Immigration and the National Interest chaired by Jeff Sessions released data on 580 terrorism defendants, including country of origin for 448, as part of his campaign to limit Muslim immigration. The data shows that national birthplace is a poor predictor of terrorist threat.

While at first blush the Sessions data may seem to suggest disproportionate numbers of terrorism defendants from countries affected by the travel ban, or by immigrants who came to the United States as refugees, the data is incomplete — country of origin is not known for 132 defendants, or 23 percent — and inherently biased by prosecutorial targeting. Following the 9/11 attacks, with the FBI increasing its number of informants in Muslim communities due to a presidential mandate, Muslims became the primary focus of terrorism investigations and, by extension, prosecutions for charges related to international terrorism. Many of these prosecutions were not for serious offenses such as material support or weapons of mass destruction, but instead for nonviolent crimes such as immigration violations or lying to FBI agents.

In addition, the U.S. government segregates terrorism prosecutions into two types — domestic and international. The Sessions data includes only prosecutions related to international terrorism and leaves out all prosecutions of domestic terrorists, who are in most cases born in the United States.

Of the 580 defendants in the list, Sessions’s committee staff found the country of birth for 448 based on open-source research. Of those, U.S.-born American citizens represented the single largest group, with 73 defendants. The second largest group, consisting of 61 defendants, was from Pakistan, which is not affected by the travel ban.

The numbers fall precipitously from there. The third-largest group, consisting of 21 defendants, was from Somalia, which is included in the travel ban. The other countries included in Trump’s travel ban were Iran (four), Libya (two), Sudan (three), Syria (seven), and Yemen (20). Iraq, which was in the first version of the travel ban but not the second, had 19 terrorism defendants in Sessions’s data.

For comparison, 20 of the terrorism defendants in the Sessions data were born in Colombia, the same number of defendants who were born in Yemen. If the travel ban were indeed about restricting travel from terror-prone nations, as the Trump administration has claimed, the Sessions data would in theory provide a compelling case for adding Colombia, a Catholic-majority nation, to the ban list.

The Trump administration’s travel ban, which was established by executive order and affected seven Muslim-majority nations in its first iteration and six in its second, also temporarily blocks refugees from entering the country. Of the 448 defendants for whom Sessions’s committee staffers could find information, 24 entered the United States as refugees. According to the Sessions data, not a single refugee from Syria has been charged with terrorism-related offenses in the United States. Trump’s first travel ban blocked Syrian refugees indefinitely. The current travel ban places a temporary halt on the entry of all refugees.

Neither version of Trump’s travel ban is in effect, following multiple successful court challenges arguing that the executive orders discriminate against Muslims. The Trump administration has filed notice to appeal at least one ruling that halted the second version of the travel ban.

Trevor Aaronson
April 20 2017, 7:15 p.m.

Find this story at 20 April 2017

Copyright https://theintercept.com/

Mossad Reportedly Turned French Spies Into Double Agents After Joint Syria Op

Le Monde reveals how Israeli espionage agency allegedly exploited a successful chemical weapons operation to get French counterparts to become sources; former head of French counterintelligence agency being questioned as suspect in case.

PARIS – An internal report written by French intelligence, parts of which were published in the daily newspaper Le Monde on Sunday, reveal efforts by the Mossad to develop relationships with French spies, “to the point of crossing the line of turning them into double agents.”
The audit report recommends investigating Bernard Squarcini, the head of the General Directorate for Internal Security until 2012, on suspicion of maintaining unauthorized and unreported ties with the Mossad’s Paris bureau chief at the time (identified in the report only by his initials, D.K.).

The background to all this was a joint operation launched by the Mossad and French counterintelligence agency in 2010 to collect intelligence about Syrian President Bashar Assad’s chemical warfare plans. The operation, code-named Ratafia, aimed to recruit a senior Syrian engineer, who was meant to come to France to do additional training in chemistry and also to help recruit other engineers.
The Mossad and French agents would hold work meetings using assumed names, as is customary. The French agents, who belonged to three different counterintelligence units, were responsible for the operation in Paris, while the Mossad agents were responsible for the plot that would enable the Syrian target to leave the country for studies and to recruit others in the French capital.
Police officers guard the General Directorate for Internal Security headquarters in Levallois Perret, outside Paris, 2015.
Police officers guard the General Directorate for Internal Security headquarters in Levallois Perret, outside Paris, 2015.Christophe Ena / AP
But according to the report, the Israelis exploited the operation to persuade an unknown number of French agents to also serve as intelligence sources for Israel.
One of the French agents under surveillance was seen going up to the apartment of the Mossad’s Paris chief for dinner one Friday night. Later, he reported to his superiors that he was going to Dubai on vacation, when in fact he flew with his family to Israel, where he spent time with Mossad agents without permission and without reporting the meetings afterward.
In addition, according to the report, suspicious sums of money were deposited in the bank accounts of those French agents who were involved in the Ratafia operation.
The internal report calls for further investigation to understand what damage was done to the French intelligence service.
Le Monde also published details about the Ratafia operation. The paper claimed that the Mossad succeeded in recruiting the Syrian engineer and extracted information from him about Assad’s chemical weapons arsenal.
The French daily said the operation enabled Israel to prove that the scientific cooperation between the European Union and Syria was being used to boost Assad’s chemical weapons program, which led to the cancellation of the agreement with the Syrians in 2011.
According to Le Monde, the Mossad’s interest in building relations with French spies was exposed because a different French espionage agency, responsible for information security, was keeping the agents under surveillance and photographed them with Mossad agents.
The paper said that all the Mossad agents involved were identified by their real names. The French filed a formal complaint, and two Israeli diplomats in the Israeli Embassy in Paris left their posts and returned to Israel. The Mossad chief, D.K., also returned to Israel following the French complaint.
According to the report, the two Mossad agents suspected of contacts with the French have left the service and are now private businessmen in Tel Aviv. But during 2016, the report noted, they made contact with Squarcini (the counterintelligence head they’d worked with) in Paris.
Squarcini, who is now being questioned as a suspect in the case, told investigators he met the two “totally by chance.”
A short time before the suspicions came to light, Squarcini himself launched an internal inquiry into whether the Mossad was trying to recruit French agents as sources. However, the agents he put under surveillance did not include those involved in the Ratafia operation, even though Squarcini was fully aware of the close ties that had developed between his people and the Mossad operatives, the report said.
An investigating judge appointed by the French filed an official request with Israel to question the two ex-Mossad agents who made contact with Squarcini in 2016. It isn’t clear if he received a response.
The judge is seeking to build on the internal investigative report and broaden the investigation into whether the Mossad infiltrated French intelligence under Squarcini.

Dov Alfon Mar 27, 2017 5:40 PM

Find this story at 27 March 2017

Copyright http://www.haaretz.com/

Associés dans l’opération « Ratafia », les espions français et israéliens se sont-ils espionnés entre eux ?

Le Mossad aurait tenté d’infiltrer le service de contre-espionnage
français dans le cadre de l’opération visant à lutter contre le
programme d’armes chimiques syrien, à partir de 2010.

Dans le monde de l’espionnage, si des services décident d’unir leurs
efforts, cela n’en fait pas pour autant des amis. Rien ne les empêchera
de s’espionner. Jamais. La preuve lors d’une opération qui a réuni, à
partir de 2010, la sécurité intérieure française et le service secret
israélien du Mossad pour lutter contre le programme d’armes chimiques
développé par le régime syrien de Bachar Al-Assad.

L’enquête de sécurité interne diligentée par la Direction centrale du
renseignement intérieur (DCRI, devenue Direction générale de la sécurité
intérieure en 2014) sur la tentative du Mossad d’infiltrer, à cette
occasion, le service de contre-espionnage français illustre ces
pratiques. Lorsque l’opération ayant pour nom de code « Ratafia »
débute, en 2010, c’est encore l’union sacrée pour prendre au piège un
Syrien qui doit effectuer des séjours en France. Il s’agit de l’amener à
livrer des secrets sur le programme d’armes chimiques syrien auquel il
appartient.

Lorsque le Mossad obtient le soutien de plusieurs groupes de la DCRI et
d’agents de la DGSE, tous ses membres agissent sous de faux noms et une
dizaine d’entre eux sont des clandestins à l’exception de D.K., chef de
poste du Mossad à Paris. Selon les accusations de la DCRI, auxquelles Le
Monde a eu accès, le Mossad aurait profité du contact quotidien avec ces
agents français lors des séjours de la cible syrienne pour nouer des
liens jugés suspects.

L’un des agents français a ainsi été vu fêtant le shabbat avec le chef
de poste du Mossad à Paris, il est également parti faire du tir à Dubaï
puis a rejoint, en famille, ses camarades du Mossad à Jérusalem. Une
proximité revenant, selon la DCRI, à franchir la ligne jaune. Des
soupçons portent également sur le versement de sommes d’argent en
espèces et l’existence de cadeaux contraire aux règles internes.
Résultat, plusieurs agents français intégrés dans l’équipe conjointe
avec le Mossad se verront retirer leur habilitation secret défense et
seront mutés dans des services subalternes.

L’enquête interne de la DGSI se garde cependant de rappeler qu’un autre
groupe de la DCRI, chargé de contre-espionnage, s’est arrangé pour
prendre en photo, à leur insu, les agents du Mossad qui travaillaient
avec les Français. Un audit sera, enfin, déclenché sur l’utilisation des
fonds de l’opération « Ratafia » après la découverte de demandes de
remboursement de frais douteux.

Compromission

Cette enquête interne a été évoquée dans le cadre d’une information
judiciaire visant Bernard Squarcini, chef de la sécurité intérieure de
2007 à 2012. Soupçonné d’avoir pu utiliser les moyens d’écoutes de son
service à des fins personnelles, il s’est défendu en indiquant que le
bref placement sur écoute d’un fonctionnaire qui lui est reproché était
destiné à vérifier s’il n’avait pas été, à son tour, « touché » par ce
service étranger. Ce qui se révéla infondé. « Le service de sécurité de
la DCRI m’a informé qu’une entreprise de matériel côtoyait de très près
des personnels ex-RG affectés aux missions de surveillance
opérationnelle et qu’il s’agissait d’une tentative du Mossad ou de gens
considérés comme très proches d’infiltrer le service », a ajouté M.
Squarcini. S’il a évoqué la compromission de policiers de son service,
il n’a, en revanche, pas dit un mot sur l’opération « Ratafia » menée
avec le Mossad.

La DCRI fit part de ses griefs à la hiérarchie du Mossad à Tel-Aviv.
Deux membres de l’ambassade d’Israël à Paris furent priés de quitter la
France, dont D. K. Ils ont quitté le Mossad et se sont reconvertis dans
le privé. M. Squarcini a affirmé qu’il avait, par hasard, rencontré, en
2016, ces deux hommes venus en France pour affaires.

Fin décembre, les juges d’instruction ont émis, à l’attention de
l’Inspection générale de la police nationale (IGPN), deux commissions
rogatoires pour en savoir plus sur cette affaire. La première sur
l’enquête de contre-espionnage visant le Mossad et les relations
existant entre ce service et la DGSI, la seconde demande aux policiers
d’entendre les deux anciens du Mossad qu’aurait rencontrés M. Squarcini.

LE MONDE | 25.03.2017 à 11h26
Par Jacques Follorou

Find this story at 25 March 2017
Copyright http://www.lemonde.fr/

Mostefaï, kamikaze du Bataclan, sept ans en pointillés sur les radars policiers

A la lumière de notes déclassifiées de la DGSI, «Libération» retrace le
parcours d’Ismaël Omar Mostefaï, l’un des assaillants du 13 Novembre,
sous-estimé par les services français.

Rétrospectivement, c’est peut-être sur le parcours d’Ismaël Omar
Mostefaï, l’un des trois kamikazes du Bataclan, que la faillite du
renseignement intérieur s’avère la plus crue dans le dossier des
attentats du 13 novembre 2015. Connu du contre-terrorisme français
depuis 2008, le jeune homme – qui s’est fait exploser à 29 ans dans la
salle de spectacle avec Samy Amimour et Foued Mohamed-Aggad – n’a jamais
fait l’objet d’une surveillance assidue. Et ce, malgré près de six
années passées au contact des sphères fondamentalistes. Une proximité
dont la Direction centrale du renseignement intérieur (DCRI, devenue
DGSI en 2014) avait parfaitement connaissance. Libération retrace
l’itinéraire d’Ismaël Omar Mostefaï, à la lumière des notes
déclassifiées sur demande des juges antiterroristes parisiens.

Décrochage.

Fils d’un chauffeur routier algérien aux pratiques rigoristes, Ismaël
Omar Mostefaï grandit à Courcouronnes (Essonne). Entre 2004 et 2010, le
jeune homme cumule décrochage scolaire et huit condamnations pénales
pour détention de stupéfiants, violences, outrage et conduite sans
permis. En 2005, la famille Mostefaï déménage à Chartres, où Ismaël Omar
intègre peu à peu un groupe salafiste.

Dès 2009, huit membres de cette cellule se réunissant dans des
appartements font l’objet d’une attention particulière de la DCRI. Et
pour cause : comme l’a révélé Mediapart une dizaine de jours après les
attentats du 13 Novembre, le petit noyau de fondamentalistes est fédéré
autour d’Abdelilah Ziyad, un prédicateur marocain au CV bien rempli. Et
qui, surtout, n’a rien à faire dans la préfecture d’Eure-et-Loir.

En effet, Ziyad, la soixantaine, n’est autre que le «co-instigateur des
attentats de Fès et Marrakech», selon les notes de la DGSI que nous
avons pu consulter. Le 24 août 1994, trois Français recrutés par Ziyad
abattent deux touristes et en blessent un autre dans le hall de l’hôtel
Atlas Asni de Marrakech. Arrêté en août 1995, il est jugé un an plus
tard. A l’audience, il confesse son implication et écope de huit ans de
prison. La peine est assortie de dix ans d’interdiction du territoire
français. Libéré en 2001, Ziyad disparaît. Du moins momentanément.

En 2008, l’émir est donc débusqué à Chartres. Mais la réalité est bien
pire : en violation de son interdiction du territoire, Ziyad vit depuis
des années sous de fausses identités à Migennes (Yonne). Il effectue
alors secrètement des allers-retours à Chartres. C’est à son contact que
Mostefaï épouse l’idéologie jihadiste. En août 2012, sa famille
redéménage. Cette fois-ci, à Romilly-sur-Seine (Aube). Pile dans la
sphère d’influence de Ziyad, qui réside à Migennes mais qui dispose
d’attaches dans l’Aube. Cet emménagement est-il fortuit ? A l’époque, en
tout cas, les services spécialisés ne semblent guère s’en inquiéter.
Pourtant, à l’été 2012, Ismaël Omar Mostefaï coupe les ponts avec sa
famille.

«Leur maître».

Quelques semaines plus tard, le 29 septembre, il est localisé à Charmoy,
une commune limitrophe de… Migennes. Les gendarmes arrêtent un véhicule
avec deux personnes à bord, dont Mostefaï. Aux pandores, les deux
acolytes expliquent chercher une rue. Pour la DGSI, cette virée a une
tout autre motivation. Dans une note du 24 octobre 2012, le service
intérieur écrit : «Certains membres de ce groupe [les huit salafistes de
Chartres, ndlr] ont repris leurs déplacements dans l’agglomération de
Migennes afin d’y rencontrer leur maître.» Un maître qui n’est autre
qu’Abdelilah Ziyad, empruntant désormais l’identité d’Abdelmalek Bachir.
Malgré ces éléments, qui caractérisent la volonté récurrente de Mostefaï
de côtoyer son mentor, la DGSI n’adopte aucune surveillance poussée.
Plusieurs mois passent. Et Mostefaï est des plus discrets. Le 6
septembre 2013, il pénètre en Turquie avec deux hommes, dont Samy
Amimour. Leur destination est la Syrie, ce que la France n’apprendra que
des mois plus tard, presque par hasard. Rien dans les notes de la DGSI
ne documente ce premier voyage au Levant. Pire, les agents se disent
probablement que Mostefaï ne s’est jamais rendu en Syrie lorsqu’ils le
relocalisent le 9 avril 2014 à… Chartres.

«Combat de rue».

Ce jour-là, le futur kamikaze participe encore à une réunion sous
l’égide de Ziyad. Une entrevue jugée suffisamment sérieuse par la DGSI
pour que soient engagées des mesures de surveillance de certains
participants. D’aucuns feront l’objet d’écoutes et de filatures jusqu’en
septembre 2015. Dans une note de ce même 9 avril, que révèle Libération,
la DGSI écrit : «Les membres du groupe se sont entraînés physiquement en
présence de Bachir Abdelmalek, qu’ils considèrent comme leur maître. Ils
se sont également livrés à l’apprentissage de techniques de combat de
rue, sous l’égide de Bachir Abdelmalek, qu’ils jugent expert en la
matière.» Malgré ces renseignements clairs, Mostefaï est jugé
«périphérique» et ne bénéficie, une nouvelle fois, d’aucune attention
soutenue.

La suite est encore plus invraisemblable. Mostefaï part une deuxième
fois en Syrie. Quand ? Nul ne le sait aujourd’hui. En octobre 2014, la
France envoie une requête à la Turquie concernant le passage sur son sol
de jihadistes présumés. Ankara retourne une liste sur laquelle figure
Mostefaï pour… son premier séjour, celui effectué en septembre 2013.
Quatorze mois plus tard, les autorités françaises sont enfin au parfum.
Mais ni la DGSI ni son homologue extérieur, la DGSE, ne parviendront à
relocaliser précisément Mostefaï et à prévenir son deuxième retour et sa
participation à l’attentat du 13 Novembre au Bataclan, dans lequel 90
personnes ont trouvé la mort.

Par Willy Le Devin — 29 mars 2017 à 19:46
Find this story at 29 March 2017

Copyright http://www.liberation.fr/

NYPD officers accessed Black Lives Matter activists’ texts, documents show

Exclusive: Documents obtained by the Guardian reveal details of how police posed as protesters amid unrest following the death of Eric Garner
People protest after a grand jury decided not to indict officer Daniel Pantaleo in the Eric Garner case.

Undercover officers in the New York police department infiltrated small groups of Black Lives Matter activists and gained access to their text messages, according to newly released NYPD documents obtained by the Guardian.

The records, produced in response to a freedom of information lawsuit led by New York law firm Stecklow & Thompson, provide the most detailed picture yet of the sweeping scope of NYPD surveillance during mass protests over the death of Eric Garner in 2014 and 2015. Lawyers said the new documents raised questions about NYPD compliance with city rules.

The documents, mostly emails between undercover officers and other NYPD officials, follow other disclosures that the NYPD regularly filmed Black Lives Matter activists and sent undercover personnel to protests. The NYPD has not responded to the Guardian’s request for comment or interview.

Emails show that undercover officers were able to pose as protesters even within small groups, giving them extensive access to details about protesters’ whereabouts and plans. In one email, an official notes that an undercover officer is embedded within a group of seven protesters on their way to Grand Central Station. This intimate access appears to have helped police pass as trusted organizers and extract information about demonstrations. In other emails, officers share the locations of individual protesters at particular times. The NYPD emails also include pictures of organizers’ group text exchanges with information about protests, suggesting that undercover officials were either trusted enough to be allowed to take photos of activists’ phones or were themselves members of a private planning group text.

protesters text message
Police obtained access to protesters’ text messages, the documents show. Photograph: NYPD/Screenshot/Scribd
“That text loop was definitely just for organizers, I don’t know how that got out,” said Elsa Waithe, a Black Lives Matter organizer. “Someone had to have told someone how to get on it, probably trusting someone they had seen a few times in good faith. We clearly compromised ourselves.”

Keegan Stephan, a regular attendee of the Grand Central protests in 2014 and 2015, said information about protesters’ whereabouts was limited to a small group of core organizers at that time. “I feel like the undercover was somebody who was or is very much a part of the group, and has access to information we only give to people we trust,” said Stephan, who has been assisting attorneys with a lawsuit to obtain the documents on behalf of plaintiff James Logue, a protester. “If you’re walking to Grand Central with a handful of people for an action, that’s much more than just showing up to a public demonstration – that sounds like a level of friendship.”

Joseph Giacalone, a retired NYPD detective sergeant and professor at John Jay College, agreed that it would not be easy for an undercover officer to join a small group of protesters and hear their plans. “It would be pretty amazing that they would be able to get into the core group in such a short window of time,” said Giacalone. “This could have been going on a while before for these people to get so close to the inner circle.”

The NYPD documents also included a handful of pictures and one short video taken at Grand Central Station demonstrations. Most are pictures of crowds milling about or taking part in demonstrations. In one picture of a small group of activists, the NYPD identifies an individual in a brown jacket as the “main protester”. These images of protesters are reminiscent of those taken by undercover transit police, who were also deployed to Black Lives Matter protests in Grand Central Station in 2015.

nypd documents
Facebook Twitter Pinterest
An individual is identified as the ‘main protester’. Photograph: NYPD/Screenshot/Scribd
Giacalone said this type of leadership identification was standard police practice at protests. “If you take out the biggest mouth, everybody just withers away, so you concentrate on the ones you believe are your organizers,” he said. “Once you identify that person, you can run computer checks on them to see if they have a warrant out or any summons failures, then you can drag them in before they go out to speak or rile up the crowd, as long as you have reasonable cause to do so.”

Attorneys say the documents raise legal questions about whether the NYPD was acting in compliance with the department’s intelligence-gathering rules, known as the Handschu Guidelines. The guidelines, which are based on an ongoing decades-old class-action lawsuit, hold that the NYPD can begin formally investigating first amendment activity “when facts or circumstances reasonably indicate that an unlawful act has been, is being, or will be committed” and if the police surveillance plan has been authorized by a committee known as the Handschu Authority. (That committee was exclusively staffed by NYPD officials at the time.) However, according to the guidelines, before launching a formal investigation, the NYPD can also conduct investigative work such as “checking of leads” and “preliminary inquiries” with even lower standards of suspicion.

Michael Price, counsel at the Brennan Center for Justice, said it was difficult to know whether NYPD’s undercover surveillance operations crossed the line, as the documents did not make clear what, if any, stage of investigation the police were in at the time of the operations. But he said the department’s retention of pictures and video raised questions, since police are not allowed to retain information about public events unless it relates to unlawful activity.

“So my question would be: what was the unlawful activity that police had reason to suspect here?” said Price. “It doesn’t appear that there was any criminal behavior they were talking about in the emails. Most references are to protesters being peaceful, so I would be very concerned if they were hinging their whole investigation on civil disobedience, such as unpermitted protests or blocking of pedestrians.”

Throughout the emails, the NYPD’s undercover sources provide little indication of any unlawful activity, frequently characterizing demonstrators as peaceful and orderly with only one mention of a single arrest.

“The documents uniformly show no crime occurring, but NYPD had undercovers inside the protests for months on end as if they were al-Qaida,” said David Thompson, an attorney of Stecklow & Thompson, who helped sue for the records.

Giacalone argued that police could have easily come up with a legal justification to initiate surveillance, especially if such operations occurred after the shooting of two NYPD officers in December of 2014 (all dates in the NYPD’s email communications were redacted). But he noted that such investigative activities would be harder to justify if officers were not directly observing signs of unlawful activity.

“If they’re not talking about any crimes being committed, they’re going to have a difficult time defending this. It may end up in another one of these lawsuits,” said Giacalone. “Some may say this is good police work, fine, but good police work or not, we have rules against this kind of thing in New York.”

Attorneys have already filed a petition charging that the NYPD may have failed to produce all of its surveillance records. But for some protesters, the damage has already been done.

“In the first couple of months, we had a lot of people in and out of the group, some because they didn’t fit our style but others because of the whispers that they were undercovers,” recalled Waithe. “Whether it was real or perceived, that was the most debilitating part for me, the whispers … It’s really hard to organize when you can’t trust each other.”

George Joseph in New York
Tuesday 4 April 2017 11.00 BST Last modified on Tuesday 4 April 2017 22.00 BST
Find this story at 4 April 2017

© 2017 Guardian News and Media Limited

Met police accused of using hackers to access protesters’ emails

Exclusive: Watchdog investigates claim that secretive unit worked with Indian police to obtain campaigners’ passwords

An anonymous letter claimed the Scotland Yard unit accessed activists’ email accounts for ‘a number of years’.

The police watchdog is investigating allegations that a secretive Scotland Yard unit used hackers to illegally access the private emails of hundreds of political campaigners and journalists.

The allegations were made by an anonymous individual who says the unit worked with Indian police, who in turn used hackers to illegally obtain the passwords of the email accounts of the campaigners, and some reporters and press photographers.

Met presses undercover police inquiry to examine fewer officers
Read more
The person, who says he or she previously worked for the intelligence unit that monitors the activities of political campaigners, detailed their concerns in a letter to the Green party peer Jenny Jones. The peer passed on the allegations to the Independent Police Complaints Commission (IPCC), which is investigating.

Hacked passwords were passed to the Metropolitan police unit, according to the writer of the letter, which then regularly checked the emails of the campaigners and the media to gather information. The letter to Jones listed the passwords of environmental campaigners, four of whom were from Greenpeace. Several confirmed they matched the ones they had used to open their emails.

The letter said: “For a number of years the unit had been illegally accessing the email accounts of activists. This has largely been accomplished because of the contact that one of the officers had developed with counterparts in India who in turn were using hackers to obtain email passwords.”

Jones said: “There is more than enough to justify a full-scale criminal investigation into the activities of these police officers and referral to a public inquiry. I have urged the Independent Police Complaints Commission to act quickly to secure further evidence and to find out how many people were victims of this nasty practice.”

The letter also alleges that emails of reporters and photographers, including two working for the Guardian, were monitored. A spokesperson for the Guardian said: “Allegations that the Metropolitan police has accessed the email accounts of Guardian journalists are extremely concerning and we expect a full and thorough investigation into these claims.”

The IPCC has for several months been investigating claims that the national domestic extremism and disorder intelligence unit shredded a large number of documents over a number of days in May 2014.

The stories you need to read, in one handy email
Read more
Last month the IPCC said it had uncovered evidence suggesting the documents had been destroyed despite a specific instruction that files should be preserved to be examined by a judge-led public inquiry into the undercover policing of political groups.

The letter claimed that the shredding “has been happening for some time and on a far greater scale than the IPCC seems to be aware of”. The author added that “the main reason for destroying these documents is that they reveal that [police] officers were engaged in illegal activities to obtain intelligence on protest groups”.

The letter to Jones lists 10 individuals, alongside specific passwords that they used to access their email accounts. Lawyers at Bindmans, who are representing Jones, contacted six on the list and, after outlining the allegations, asked them to volunteer their passwords.

Five of them gave the identical password that had been identified in the letter. The sixth gave a password that was almost the same. The remaining four on the list have yet to be approached or cannot be traced.

Colin Newman has for two decades volunteered to help organise mainly local Greenpeace protests which he says were publicised to the media. He used the password specified in the letter for his private email account between the late 1990s and last year.

Newman said he felt “angry and violated, especially for the recipients”. He added: “I am open about my actions as I make a stand and am personally responsible for those, but it is not fair and just that others are scrutinised.

“I am no threat. There is no justification for snooping in private accounts unless you have a reason to do so, and you have the authority to do that.”

He said he had been cautioned by the police once, for trespassing on the railway during a protest against coal about two years ago.

Another on the list was Cat Dorey who has worked for Greenpeace, both as an employee and a volunteer, since 2001. She said all the protests she had been involved in were non-violent.

The password specified in the letter sent to Jones had been used for emails that contained private information about her family and friends.

She said: “Even though Greenpeace UK staff, volunteers, and activists were always warned to assume someone was listening to our phone conversations or reading our emails, it still came as a shock to find out I was being watched by the police. It’s creepy to think of strangers reading my personal emails.”

In 2005, she was part of a group of Greenpeace protesters who were sentenced to 80 hours of community service after installing solar panels on the home of the then deputy prime minister, John Prescott, in a climate change demonstration.

According to the letter, the “most sensitive side of the work was monitoring the email accounts of radical journalists who reported on activist protests (as well as sympathetic photographers) including at least two employed by the Guardian newspaper”. None were named.

Investigators working for the IPCC have met Jones twice with her lawyer, Jules Carey, and have asked to interview the peer. An IPCC spokesperson said: “After requesting and receiving a referral by the Metropolitan police service, we have begun an independent investigation related to anonymous allegations concerning the accessing of personal data. We are still assessing the scope of the investigation and so we are not able to comment further.”

The letter’s writer said he or she had spoken out about the “serious abuse of power” because “over the years, the unit had evolved into an organisation that had little respect for the law, no regard for personal privacy, encouraged highly immoral activity and, I believe, is a disgrace”.

In recent years, the unit has monitored thousands of political activists, drawing on information gathered by undercover officers and informants as well as from open sources such as websites. Police chiefs say they need to keep track of a wide pool of activists to identify the small number who commit serious crime to promote their cause.

But the unit has come in for criticism after it was revealed to be compiling files on law-abiding campaigners, including John Catt, a 91-year-old pensioner with no criminal record as well as senior members of the Green party including the MP Caroline Lucas.

The Metropolitan police said the IPCC had made it “aware of anonymous allegations concerning the accessing of personal data, and requested the matters were referred to them by the MPS. This was done. The MPS is now aware that the IPCC are carrying out an independent investigation.”

Rob Evans
Tuesday 21 March 2017 16.35 GMT Last modified on Wednesday 22 March 2017 00.50 GMT

Find this story at 22 March 2017

© 2017 Guardian News and Media Limited

The letter I received about alleged police hacking shows how at risk we all are

The whistleblower lists damning claims of spying on innocent individuals by a secretive Scotland Yard unit. It’s now vital that we hold the police to account
‘When the police act with impunity all of our private lives are put at risk’

As the only Green party peer I receive a lot of post to my office in the House of Lords. Rarely, though, do I open letters like the one that has been revealed. The anonymous writer alleged that there was a secretive unit within Scotland Yard that has used hackers to illegally access the emails of campaigners and journalists. It included a list of 10 people and the passwords to their email accounts.

As soon as I read the first sentence of the letter, I knew the content would be astonishing – and when some aspects of the letter were corroborated by lawyers and those on the list – I was convinced that we owed it to this brave whistleblower to hold the police to account.

The list of allegations is lengthy. It includes illegal hacking of emails, using an Indian-based operation to do the dirty work, shredding documents and using sex as a tool of infiltration. And these revelations matter to all of us. None of us knows whether the police organised for our emails to be hacked, but all of us know the wide range of personal information that our emails contain. It might be medical conditions, family arguments, love lives or a whole range of drug- or alcohol-related misdemeanours.

When the police act with impunity, all of our private lives are put at risk. Whether you’re involved in a local campaign against library closures, a concerned citizen worried about air pollution or someone working for a charity – who’s to say that officers won’t be spying on the emails you send? The police put me on the domestic extremism database during the decade when I was on the Metropolitan Police Authority signing off their budgets and working closely with officers on the ground to fight crimes such as road crime and illegal trafficking. If someone in my position – no criminal record and on semi-friendly terms with the Met commissioner – can end up on the database, then you can too.

The truth is that without the bravery and professionalism of two serving police officers who have blown the whistle on state snooping I would know nothing about my files, and those of other campaigners, being shredded by the Domestic Extremism Unit. We would have had no suspicion that those files had been shredded to cover up the illegal hacking of personal and work e-mails by the police.

Please don’t fall for the old establishment lie that the problem is a few rotten apples. This alleged criminality is the result of a deliberate government policy of using the police and security services to suppress dissent and protest in order to protect company profits and the status quo. Such an approach inevitably leads to police officers overstepping the mark as they feel emboldened by those at the top levels of government and an immunity from prosecution provided by senior officers keen to please the people who decide their budgets.

The stories you need to read, in one handy email
Read more
The police don’t always act as neutral agents of the law. We know that the Thatcher government’s determination to break the miners’ strike led to the Orgreave confrontation in 1984. There are still allegations about the links between the police and those running blacklisting databases that led to hundreds of construction workers being condemned to unemployment and poverty.

And don’t mistake this for a partisan attack on Conservative politicians. Theresa May has forced through the draconian Investigatory Powers Act, but the Labour party too has been timid at best in opposing this snoopers’ charter. Indeed it was the Blair government that left a legacy of draconian public order laws, and which broadly defined the anti-terrorism legislation upon which an edifice of modern surveillance powers has been constructed.

Many are unaware that joining an anti-fracking group, or going on a demonstration, could get you labelled a domestic extremist, photographed, questioned and followed for months or even years – without ever having been convicted of a crime.

It’s only by speaking out against these intrusions that we are able to challenge this rotten culture of impunity. After all, it was David Cameron who gave us the Hillsborough inquiry and Theresa May who set up the Pitchford inquiry into undercover officers. Politicians don’t always do things for good reasons, but they do respond to public pressure.

Change is possible, but in the meantime, we should be doing everything we can to make it hard for the police to spy on us. Use encryption, two-step email security and other precautions suggested by organisations such as Liberty. Don’t stop saying what you think, or working to make the world a better place, but do assume that the police will be working to protect the companies, banks or energy companies that you want to challenge.

It isn’t how things should be, but the evidence shows that is the way things are.

A campaign to get the police out of the lives of environmentalists and social justice campaigners is a good start, but it will fail unless it reaches out – starting by working with those in the Muslim community intimidated by Prevent.

Above all, we must convince the middle ground of society that everyone will be safer if the security services focused on what we all want them to do – stopping terrorists and serious criminals. This is not unreasonable, and the starting point is a change to the legislation so that it narrows the definition of terrorism to exclude the nonviolent, noisy and rebellious

Wednesday 22 March 2017 15.23 GMT Last modified on Wednesday 22 March 2017 17.29 GMT
Jenny Jones
Find this story at 22 March 2017

© 2017 Guardian News and Media Limited

Police Scotland confirms secret G8 file on notorious undercover police unit

POLICE Scotland has confirmed that a secret file was created on the activities of a disgraced undercover unit at the G8 summit at Gleneagles.

The “intelligence briefings” on the National Public Order Intelligence Unit, whose officers had sex with the protestors they spied on, will now be examined by a watchdog as part of its covert policing probe. Police Scotland said they would not comment on the contents of the file.

Two Met-based units – the Special Demonstration Squad and the NPOIU – were set up to keep tabs on so-called subversives and domestic extremists.

Loading article content

A key strategy was to embed undercover officers in campaign groups, which included anti-racism organisations, and report back to handlers.

However, some of the tactics deployed by officers in the units, such as using the identities of dead babies and deceiving women into long-term sexual relationships before vanishing, have since been exposed.

The Pitchford Inquiry, set up by Theresa May when she was Home Secretary, is examining undercover policing going back decades.

Although the judicial-led investigation does not apply to Scotland, NPOIU activity took place north of the border in the run up to the G8 summit in Scotland in 2005.

Mark “Stone” was a driver for campaigners at the G8, but was unmasked as undercover officer Mark Kennedy.

He later said in an interview: “My superior officer told me on more than one occasion, particularly during the G8 protests in Scotland in 2005, that information I was providing was going directly to Tony Blair’s desk.”

Ahead of the G8, the then Scottish Executive issued a Ministerial Certificate blocking the release of information connected with the summit. The blackout applied to all Scottish public authorities, including police forces, health bodies and the Government.

However, it can be revealed that the SNP Government quietly revoked the certificate in 2010, a decision that could result in information on the summit being released.

After being asked by this newspaper for the titles of all files produced by on the G8 in 2005, Police Scotland confirmed the names of 1168 files.

Forty-four were created by the former Fife Constabulary, whose patch included the Gleneagles hotel, while 1124 files were produced by Lothian and Borders police.

Many of the files are on routine policing matters, but one document is described as “intelligence briefings” on the “National Public Order Intelligence Unit”.

Other files include “stop the war coalition – regulatory board” and “indymedia”, which was a left-wing website at the time.

There was also correspondence with the security services on the “Senior Leadership Development Programme”, a funding request for a “special branch operation” in May 2005 and over a dozen files on the peaceful Make Poverty History march.

After the UK Government refused to extend the Pitchford Inquiry to Scotland, Her Majesty’s Inspectorate of Constabulary in Scotland launched its own review of undercover policing.

A spokesperson for HMICS said: “As outlined in our terms of reference HMICS will examine the scale and extent of undercover police operations in Scotland conducted by the SDS and the NPOIU. As part of our scrutiny, we will review the authorisations for undercover deployments during the G8 Summit in Scotland in July 2005. HMICS are currently engaged in this process with the full cooperation of Police Scotland. With specific regard to the intelligence file, HMICS will ?examine this file for any information that may inform our review process.”

Donal O’Driscoll, a core participant in the Pitchford Inquiry who was spied on in Scotland, said: “We have long argued that the both the SDS and the NPOIU were active in Scotland, particularly around the 2005 G8. The existence of this file strengthens our case that there needs to be a full inquiry into the activities of spy cops in Scotland – and renders the exclusion of Scotland from the Pitchford Inquiry even more inexplicable.

“We continue to have no confidence in the HMICS review. Nevertheless, I’d expect them to at least make the effort to examine this and related briefings as part of the bare minimum they need to do. Not least because it is now beyond dispute there were multiple undercover police from the NPOIU and foreign police forces present at the G8 protests. However, only a full public inquiry can get to the truth as to what the police and the state had planned and co-ordinated when they interfered in legitimate democratic protest.”

A Police Scotland spokesperson said: “Police Scotland does not routinely comment on covert policing or intelligence. We will not offer any comment on the contents of any specific files. Any inquiries relating to the NPOIU should be directed to the Met Police. Police Scotland will also fully and openly co-operate with the review of undercover policing to be carried out by HMICS.”

/ Paul Hutcheon, Investigations Editor / @paulhutcheon

Find this story at 25 March 2017
© Copyright 2017 Herald & Times Group

Donald Trump’s Muslim Laptop Ban Could Be a Protectionist Scheme

THE DEPARTMENT OF Homeland Security announced an unprecedented new restriction on travelers from 10 airports in eight Muslim-majority countries on Tuesday.

The DHS restriction states “that all personal electronic devices larger than a cell phone or smart phone be placed in checked baggage at 10 airports where flights are departing for the United States.”

It’s a Muslim laptop ban.

The 10 airports are in Jordan, Egypt, Turkey, Saudi Arabia, Kuwait, Morocco, Qatar, and the United Arab Emirates.

American-based airlines do not fly directly to the United States from these airports, so these restrictions will not apply to them. The impact of this move will instead fall on nine airlines, including Gulf-based carriers that U.S. airlines have been asking President Trump to punish since the day after his election.

The U.S. carriers have long complained that Gulf carriers such as Emirates, Etihad Airways, and Qatar Airways are unfairly subsidized by their national governments.

Executives at Delta Airlines, United Airlines, and American Airlines met with Trump in early February. The day before the meeting, a group representing these American airlines, called the Partnership for Open & Fair Skies, distributed a slick video using Trump’s own words to argue against the subsidies.

With this new travel impediment, Trump may be throwing these executives a bone. The new restrictions appear to be targeting airports that serve as flight “hubs” for these airlines — such as Dubai International, which is the hub of Emirates. Airlines use these hub airports to transfer passengers between flights, delivering significant savings.

California Democratic Rep. Adam Schiff, who is the ranking member of the House Intelligence Committee, quickly rose to the defense of Trump’s DHS on Tuesday, calling the restrictions both “necessary and proportional to the threat”:

Ranking House Intel Dem Schiff backs new electronics ban on US-bound flights from 8 Muslim-maj countries – critics say measure is arbitrary pic.twitter.com/3zPwehf2ZW

— Jessica Schulberg (@jessicaschulb) March 21, 2017

In 2015, Schiff was one of 262 Members of the House who signed a letter protesting subsidies for the Gulf airlines. The letter is featured on the website of the Partnership for Open & Fair Skies.

Whatever the motivation, the security justifications are unclear at best. The Guardian interviewed a number of top technologists about the new policy on Tuesday, and they were puzzled. “If you assume the attacker is interested in turning a laptop into a bomb, it would work just as well in the cargo hold,” Nicholas Weaver, who is a researcher at the International Computer Science Institute, told the paper.

“From a technological perspective, nothing has changed between the last dozen years and today. That is, there are no new technological breakthroughs that make this threat any more serious today,” Bruce Schneier, a top technologist at the Berkman Klein Center for Internet & Society at Harvard University, told the Guardian. “And there is certainly nothing technological that would limit this newfound threat to a handful of Middle Eastern airlines.”

The United Kingdom enacted similar restrictions hours after the United States, but with two puzzling differences. The U.K. ban includes 14 airlines, including six based in the U.K. And it does not include airports in Qatar or the UAE — which are the epicenter of the subsidies dispute. Canada is reportedly weighing its own restrictions.

For its part, Emirates responded by inviting customers to sample its in-flight entertainment in lieu of tablets and laptops — by repurposing an old advertisement featuring Jennifer Anniston:

Let us entertain you. pic.twitter.com/FKqayqUdQ7

— Emirates airline (@emirates) March 21, 2017

Zaid Jilani
March 21 2017, 7:51 p.m.
Find this story at 21 March 2017

Copyright https://theintercept.com/

The Many Mysteries of the Muslim Laptop Ban

A new Homeland Security rule will ban electronics on flights from airports in Muslim-majority countries. Is this protectionism or prudence? Well, it’s complicated.

Travelers from eight different Muslim-majority nations will no longer be allowed to carry laptops, tablets, or certain other electronic devices with them in the cabin on flights inbound to the U.S., according to new rules that take effect on Tuesday. The U.K. was quick to announce that it would follow suit with a Muslim laptop ban of its own.

Officials at the U.S. Department of Homeland Security and Transportation Security Administration say that the new rules reflect a potential threat of terrorists smuggling explosive devices on board planes using portable electronic devices—iPads, Kindles, and the like. The DHS guidance cites a 2016 attempted airliner downing in Somalia as one recent incident that could be linked to a laptop bomb. The U.S. rules affect last-point-of-departure airports from 10 airports—some of them the busiest hubs in the Middle East—from Saudi Arabia to Istanbul to the UAE.

Behind the order, though, lies a long history of conflict between America’s big three carriers—Delta, United, and American—and their peers in the Gulf. Critics spied an ulterior motive behind the Trump administration’s new rule: a protectionist measure for U.S. carriers promised by President Donald Trump.

Henry Farrell and Abraham Newman floated this notion in the Washington Post, suggesting that the financial security of United, American, and Delta might be behind the new counterterrorism measures. The U.S. airlines have grumbled for years that their counterparts from the Gulf—specifically Emirates, Etihad Airways, and Qatar Airways—benefit unfairly from government subsidies. Those carriers have recently expanded their service to U.S. cities such as Chicago and Washington, D.C. (as any Washington Wizards fan can tell you, since Etihad is a major advertiser in the Verizon Center).

Back in February, the chief executives of United, American, and Delta sent a letter to U.S. Secretary of State Rex Tillerson complaining about the “massive subsidization of three state-owned Gulf carriers … and the significant harm this subsidized competition is causing to U.S. airlines and U.S. jobs.” In a meeting with the executives shortly thereafter, Trump promised “phenomenal” tax relief, broad deregulation, and other forms of support to the industry.

It’s not yet clear whether this laptop travel ban applies exclusively to all inbound flights from Muslim-majority airports or just those from Gulf carriers. If the latter, that would be a boon to U.S. operators. International business-class travelers—and there are a lot of them circulating between the U.S. and the Middle East—are bound to prefer flights that allow them to work on the plane. During a 14-hour nonstop haul from Dubai to Dulles, passengers are likely to appreciate all the electronic conveniences and entertainment they can carry.

But a one-sided ban would also be a plain violation of trade rules. Global airline carriers have been duking it out over national subsidies for years. In September, the World Trade Organization ruled that the European Union had been illegally propping up Airbus to the tune of $22 billion, a decision that the Washington Post described as “the most expensive dispute in international history.”

A U.K. electronics ban in the Gulf would bite the hand that feeds British Airways.
The Financial Times reports that the rule applies only to non-U.S. carriers: Saudi Arabian Airlines, Royal Jordanian Airlines, Emirates, Etihad Airways, Qatar Airways, Kuwait Airways, Turkish Airlines, EgyptAir, and Royal Air Maroc. Several of these state-owned airlines have indeed enjoyed massive subsidies from their governments. But there’s nothing in the guidance released by Homeland Security that specifies those carriers or otherwise exempts U.S. domestic airlines from the electronics ban. DHS is specific only about the 10 affected airports.

According to CNN, domestic carriers are not affected by the ruling because they do not operate any direct flights to the U.S. from those airports. A travel engine search corroborates and complicates that explanation. Delta runs flights from Cairo to Washington, D.C., that are operated by Air France, for example. British Airways operates American Airlines flights from Istanbul to New York. Both Delta and United operate inbound flights by other carriers—Lufthansa, KLM, and so on—from the restricted airports.

Homeland Security has not responded to a request for clarification. Across the pond, an electronics ban is even more more complicated, since Qatar Airways has increased its ownership stake in the parent company for British Airways to 20 percent after Brexit. A U.K. electronics ban in the Gulf would bite the hand that feeds British Airways.

These bans may be motivated by urgent and legitimate national security concerns. Rep. Adam Schiff, the ranking member of the House Permanent Select Committee on Intelligence and a Democrat, says that the electronics ban is justified. There is a debate to be had even if the threat is real, though. The tradeoff between travel security and convenience is an enormous drag on productivity (not to mention a cost for airports and airlines). The new rules may sidestep that debate. If an electronics ban applies solely to Gulf carriers, exempting domestic airlines, then it’s pretty plainly a protectionist measure, of the kind that Trump has explicitly promised to deliver for U.S. airlines.

The risk, of course, is that Gulf states could respond in kind—meaning that no one gets to binge on Netflix on international flights. Trade battles have a way of escalating quickly. After the European Union restricted hormone-treated beef from America in 1999, the Clinton administration retaliated with a 100 percent tariff on Roquefort from France. The Bush administration escalated the conflict—totally arbitrarily!—with a 300 percent duty on Roquefort in 2003. The ensuing cheese war lasted nearly through the Obama administration.

Depriving Americans of imported fromage is one thing; taking screens away from their toddlers could represent a whole other degree of inconvenience. Whether or not the Trump administration is pushing protectionist trade policies under the guise of national security, it seems likely that international flights are going to feel a whole hell of a lot longer.

KRISTON CAPPS @kristoncapps Mar 21, 2017 10 Comments

Find this story at 21 March 2017

Copyright 2017 The Atlantic Monthly Group.

Were the hackers who broke into the DNC’s email really Russian?

The question of whether political operative Roger Stone helped Russian hackers break into the email of Democratic politicians, to some people, invites another: Who says the hackers were Russian?

The FBI does, and so do several U.S. intelligence agencies, as they’ve declared repeatedly over the past five months. But among private-sector computer security companies, not everybody thinks the case is proven.

“I have no problem blaming Russia for what they do, which is a lot,” said Jeffrey Carr of the international cybersecurity company Taia Global Inc. “I just don’t want to blame them for things we don’t know that they did. It may turn out that they’re guilty, but we are very short on evidence here.”

As Carr notes, the FBI never examined the servers that were hacked at the Democratic National Committee. Instead, the DNC used the private computer security company CrowdStrike to detect and repair the penetrations.

“All the forensic work on those servers was done by CrowdStrike, and everyone else is relying on information they provided,” said Carr. “And CrowdStrike was the one to declare this the work of the Russians.”

The CrowdStrike argument relies heavily on the fact that remnants of a piece of malware known as AGENT-X were found in the DNC computers. AGENT-X collects and transmits hacked files to rogue computers.

“AGENT-X has been around for ages and ages, and its use has always been attributed to the Russian government, a theory that’s known in the industry as ‘exclusive use,’” Carr said. “The problem with exclusive use is that it’s completely false. Unlike a bomb or an artillery shell, malware doesn’t detonate on impact and destroy itself.

“You can recover it, reverse-engineer it, and reuse it. The U.S. government learned a lesson about that when it created the Stuxnet computer worm to destroy Iran’s nuclear program. Stuxnet survived and now other people have it.”

Carr said he is aware of at least two working copies of AGENT-X outside Russian hands. One is in the possession of a group of Ukrainian hackers he has spoken with, and the other is with an American cybersecurity company. “And if an American security company has it, you can be certain other people do, too,” he said.

There’s growing doubt in the computer security industry about CrowdStrike’s theories about AGENT-X and Russian hackers, Carr said, including some critical responses to a CrowdStrike report on Russian use of the malware to disable Ukrainian artillery.

“This is a close-knit community and criticizing a member to the outside world is kind of like talking out of turn,” Carr said. “I’ve been repeatedly criticized for speaking out in public about whether the hacking was really done by the Russians. But this has to be made public, has to be addressed, and has to be acknowledged by the House and Senate Intelligence Committees.”

MARCH 24, 2017 7:00 AM
BY GLENN GARVIN

Find this story at 24 March 2017
Copyright http://www.miamiherald.com/

Did the Russians Really Hack the DNC?

Russia, we are told, breached the servers of the Democratic National Committee (DNC), swiped emails and other documents, and released them to the public, to alter the outcome of the U.S. presidential election.

How substantial is the evidence backing these assertions?

Hired by the Democratic National Committee to investigate unusual network activity, the security firm Crowdstrike discovered two separate intrusions on DNC servers. Crowdstrike named the two intruders Cozy Bear and Fancy Bear, in an allusion to what it felt were Russian sources. According to Crowdstrike, “Their tradecraft is superb, operational security second to none,” and “both groups were constantly going back into the environment” to change code and methods and switch command and control channels.

On what basis did Crowdstrike attribute these breaches to Russian intelligence services? The security firm claims that the techniques used were similar to those deployed in past security hacking operations that have been attributed to the same actors, while the profile of previous victims “closely mirrors the strategic interests of the Russian government. Furthermore, it appeared that the intruders were unaware of each other’s presence in the DNC system. “While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations,” Crowdstrike reports, “in Russia this is not an uncommon scenario.” [1]

Those may be indicators of Russian government culpability. But then again, perhaps not. Regarding the point about separate intruders, each operating independently of the other, that would seem to more likely indicate that the sources have nothing in common.

Each of the two intrusions acted as an advanced persistent threat (APT), which is an attack that resides undetected on a network for a long time. The goal of an APT is to exfiltrate data from the infected system rather than inflict damage. Several names have been given to these two actors, and most commonly Fancy Bear is known as APT28, and Cozy Bear as APT29.

The fact that many of the techniques used in the hack resembled, in varying degrees, past attacks attributed to Russia may not necessarily carry as much significance as we are led to believe. Once malware is deployed, it tends to be picked up by cybercriminals and offered for sale or trade on Deep Web black markets, where anyone can purchase it. Exploit kits are especially popular sellers. Quite often, the code is modified for specific uses. Security specialist Josh Pitts demonstrated how easy that process can be, downloading and modifying nine samples of the OnionDuke malware, which is thought to have first originated with the Russian government. Pitts reports that this exercise demonstrates “how easy it is to repurpose nation-state code/malware.” [2]

In another example, when SentinalOne Research discovered the Gyges malware in 2014, it reported that it “exhibits similarities to Russian espionage malware,” and is “designed to target government organizations. It comes as no surprise to us that this type of intelligence agency-grade malware would eventually fall into cybercriminals’ hands.” The security firm explains that Gyges is an “example of how advanced techniques and code developed by governments for espionage are effectively being repurposed, modularized and coupled with other malware to commit cybercrime.” [3]

Attribution is hard, cybersecurity specialists often point out. “Once an APT is released into the wild, its spread isn’t controlled by the attacker,” writes Mark McArdle. “They can’t prevent someone from analyzing it and repurposing it for their own needs.” Adapting malware “is a well-known reality,” he continues. “Finding irrefutable evidence that links an attacker to an attack is virtually unattainable, so everything boils down to assumptions and judgment.” [4]

Security Alliance regards security firm FireEye’s analysis that tied APT28 to the Russian government as based “largely on circumstantial evidence.” FireEye’s report “explicitly disregards targets that do not seem to indicate sponsorship by a nation-state,” having excluded various targets because they are “not particularly indicative of a specific sponsor’s interests.” [5] FireEye reported that the APT28 “victim set is narrow,” which helped lead it to the conclusion that it is a Russian operation. Cybersecurity consultant Jeffrey Carr reacts with scorn: “The victim set is narrow because the report’s authors make it narrow! In fact, it wasn’t narrowly targeted at all if you take into account the targets mentioned by other cybersecurity companies, not to mention those that FireEye deliberately excluded for being ‘not particularly indicative of a specific sponsor’s interests’.” [6]

FireEye’s report from 2014, on which much of the DNC Russian attribution is based, found that 89 percent of the APT28 software samples it analyzed were compiled during regular working hours in St. Petersburg and Moscow. [7]

But compile times, like language settings, can be easily altered to mislead investigators. Mark McArdle wonders, “If we think about the very high level of design, engineering, and testing that would be required for such a sophisticated attack, is it reasonable to assume that the attacker would leave these kinds of breadcrumbs? It’s possible. But it’s also possible that these things can be used to misdirect attention to a different party. Potentially another adversary. Is this evidence the result of sloppiness or a careful misdirection?” [8]

“If the guys are really good,” says Chris Finan, CEO of Manifold Technology, “they’re not leaving much evidence or they’re leaving evidence to throw you off the scent entirely.” [9] How plausible is it that Russian intelligence services would fail even to attempt such a fundamental step?

James Scott of the Institute for Critical Infrastructure Technology points out that the very vulnerability of the DNC servers constitutes a muddied basis on which determine attribution. “Attribution is less exact in the case of the DNC breach because the mail servers compromised were not well-secured; the organization of a few hundred personnel did not practice proper cyber-hygiene; the DNC has a global reputation and is a valuable target to script kiddies, hacktivists, lone-wolf cyber-threat actors, cyber-criminals, cyber-jihadists, hail-mary threats, and nation-state sponsored advanced persistent threats; and because the malware discovered on DNC systems were well-known, publicly disclosed, and variants could be purchased on Deep Web markets and forums.” [10]

Someone, or some group, operating under the pseudonym of Guccifer 2.0, claimed to be a lone actor in hacking the DNC servers. It is unclear what relation – if any – Guccifer 2.0 has to either of the two APT attacks on the DNC. In a PDF file that Guccifer 2.0 sent to Gawker.com, metadata indicated that it was it was last saved by someone having a username in Cyrillic letters. During the conversion of the file from Microsoft Word to PDF, invalid hyperlink error messages were automatically generated in the Russian language. [11]

This would seem to present rather damning evidence. But who is Guccifer 2.0? A Russian government operation? A private group? Or a lone hacktivist? In the poorly secured DNC system, there were almost certainly many infiltrators of various stripes. Nor can it be ruled out that the metadata indicators were intentionally generated in the file to misdirect attribution. The two APT attacks have been noted for their sophistication, and these mistakes – if that is what they are – seem amateurish. To change the language setting on a computer can be done in a matter of seconds, and that would be standard procedure for advanced cyber-warriors. On the other hand, sloppiness on the part of developers is not entirely unknown. However, one would expect a nation-state to enforce strict software and document handling procedures and implement rigorous review processes.

At any rate, the documents posted to the Guccifer 2.0 blog do not necessarily originate from the same source as those published by WikiLeaks. Certainly, none of the documents posted to WikiLeaks possess the same metadata issues. And one hacking operation does not preclude another, let alone an insider leak.

APT28 relied on XTunnel, repurposed from open source code that is available to anyone, to open network ports and siphon data. The interesting thing about the software is its failure to match the level of sophistication claimed for APT28. The strings in the code quite transparently indicate its intent, with no attempt at obfuscation. [12] It seems an odd oversight for a nation-state operation, in which plausible deniability would be essential, to overlook that glaring point during software development.

Command-and-control servers remotely issue malicious commands to infected machines. Oddly, for such a key component of the operation, the command-and-control IP address in both attacks was hard-coded in the malware. This seems like another inexplicable choice, given that the point of an advanced persistent threat is to operate for an extended period without detection. A more suitable approach would be to use a Domain Name System (DNS) address, which is a decentralized computer naming system. That would provide a more covert means of identifying the command-and-control server. [13] Moreover, one would expect that address to be encrypted. Using a DNS address would also allow the command-and-control operation to easily move to another server if its location is detected, without the need to modify and reinstall the code.

One of the IP addresses is claimed to be a “well-known APT 28” command-and-control address, while the second is said to be linked to Russian military intelligence. [14] The first address points to a server located in San Jose, California, and is operated by a server hosting service. [15] The second server is situated in Paris, France, and owned by another server hosting service. [16] Clearly, these are servers that have been compromised by hackers. It is customary for hackers to route their attacks through vulnerable computers. The IP addresses of compromised computers are widely available on the Deep Web, and typically a hacked server will be used by multiple threat actors. These two particular servers may or may not have been regularly utilized by Russian Intelligence, but they were not uniquely so used. Almost certainly, many other hackers would have used the same machines, and it cannot be said that these IP addresses uniquely identify an infiltrator. Indeed, the second IP address is associated with the common Trojan viruses Agent-APPR and Shunnael. [17]

“Everyone is focused on attribution, but we may be missing the bigger truth,” says Joshua Croman, Director of the Cyber Statecraft Initiative at the Atlantic Council. “[T]he level of sophistication required to do this hack was so low that nearly anyone could do it.” [18]

In answer to critics, the Department of Homeland Security and the FBI issued a joint analysis report, which presented “technical details regarding the tools and infrastructure used” by Russian intelligence services “to compromise and exploit networks” associated with the U.S. election, U.S. government, political, and private sector entities. The report code-named these activities “Grizzly Steppe.” [19]

For a document that purports to offer strong evidence on behalf of U.S. government allegations of Russian culpability, it is striking how weak and sloppy the content is. Included in the report is a list of every threat group ever said to be associated with the Russian government, most of which are unrelated to the DNC hack. It appears that various governmental organizations were asked to send a list of Russian threats, and then an official lacking IT background compiled that information for the report, and the result is a mishmash of threat groups, software, and techniques. “PowerShell backdoor,” for instance, is a method used by many hackers, and in no way describes a Russian operation.

Indeed, one must take the list on faith, because nowhere in the document is any evidence provided to back up the claim of a Russian connection. Indeed, as the majority of items on the list are unrelated to the DNC hack, one wonders what the point is. But it bears repeating: even where software can be traced to Russian origination, it does not necessarily indicate exclusive usage. Jeffrey Carr explains: “Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone.” Carr quotes security firm ESET in regard to the Sednit group, one of the items on the report’s list, and which is another name for APT28: “As security researchers, what we call ‘the Sednit group’ is merely a set of software and the related infrastructure, which we can hardly correlate with any specific organization.” Carr points out that X-Agent software, which is said to have been utilized in the DNC hack, was easily obtained by ESET for analysis. “If ESET could do it, so can others. It is both foolish and baseless to claim, as Crowdstrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.” [20]

The salient impression given by the government’s report is how devoid of evidence it is. For that matter, the majority of the content is taken up by what security specialist John Hinderaker describes as “pedestrian advice to IT professionals about computer security.” As for the report’s indicators of compromise (IoC), Hinderaker characterizes these as “tools that are freely available and IP addresses that are used by hackers around the world.” [21]

In conjunction with the report, the FBI and Department of Homeland Security provided a list of IP addresses it identified with Russian intelligence services. [22] Wordfence analyzed the IP addresses as well as a PHP malware script provided by the Department of Homeland Security. In analyzing the source code, Wordfence discovered that the software used was P.A.S., version 3.1.0. It then found that the website that manufactures the malware had a site country code indicating that it is Ukrainian. The current version of the P.A.S. software is 4.1.1, which is much newer than that used in the DNC hack, and the latest version has changed “quite substantially.” Wordfence notes that not only is the software “commonly available,” but also that it would be reasonable to expect “Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.” To put it plainly, Wordfence concludes that the malware sample “has no apparent relationship with Russian intelligence.” [23]

Wordfence also analyzed the government’s list of 876 IP addresses included as indicators of compromise. The sites are widely dispersed geographically, and of those with a known location, the United States has the largest number. A large number of the IP addresses belong to low-cost server hosting companies. “A common pattern that we see in the industry,” Wordfence states, “is that accounts at these hosts are compromised and those hacked sites are used to launch attacks around the web.” Fifteen percent of the IP addresses are currently Tor exit nodes. “These exit nodes are used by anyone who wants to be anonymous online, including malicious actors.” [24]

If one also takes into account the IP addresses that not only point to current Tor exits, but also those that once belonged to Tor exit nodes, then these comprise 42 percent of the government’s list. [25] “The fact that so many of the IPs are Tor addresses reveals the true sloppiness of the report,” concludes network security specialist Jerry Gamblin. [26]

Cybersecurity analyst Robert Graham was particularly blistering in his assessment of the government’s report, characterizing it as “full of garbage.” The report fails to tie the indicators of compromise to the Russian government. “It contains signatures of viruses that are publicly available, used by hackers around the world, not just Russia. It contains a long list of IP addresses from perfectly normal services, like Tor, Google, Dropbox, Yahoo, and so forth. Yes, hackers use Yahoo for phishing and maladvertising. It doesn’t mean every access of Yahoo is an ‘indicator of compromise’.” Graham compared the list of IP addresses against those accessed by his web browser, and found two matches. “No,” he continues. “This doesn’t mean I’ve been hacked. It means I just had a normal interaction with Yahoo. It means the Grizzly Steppe IoCs are garbage.” Graham goes on to point out that “what really happened” with the supposed Russian hack into the Vermont power grid “is that somebody just checked their Yahoo email, thereby accessing one of the same IP addresses I did. How they get from the facts (one person accessed Yahoo email) to the story (Russians hacked power grid)” is U.S. government “misinformation.” [27]

The indicators of compromise, in Graham’s assessment, were “published as a political tool, to prove they have evidence pointing to Russia.” As for the P.A.S. web shell, it is “used by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world.” Relying on the government’s sample for attribution is problematic: “Just because you found P.A.S. in two different places doesn’t mean it’s the same hacker.” A web shell “is one of the most common things hackers use once they’ve broken into a server,” Graham observes. [28]

Although cybersecurity analyst Robert M. Lee is inclined to accept the government’s position on the DNC hack, he feels the joint analysis report “reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.” The report’s list “detracts from the confidence because of the interweaving of unrelated data.” The information presented is not sourced, he adds. “It’s a random collection of information and in that way, is mostly useless.” Indeed, the indicators of compromise have “a high rate of false positives for defenders that use them.” [29]

Among the government’s list of Russian actors are Energetic Bear and Crouching Yeti, two names for the same threat group. In its analysis, Kaspersky Lab found that most of the group’s victims “fall into the industrial/machinery building sector,” and it is “not currently possible to determine the country of origin.” Although listed in the government’s report, it is not suggested that the group played a part in the DNC hack. But it does serve as an example of the uncertainty surrounding government claims about Russian hacking operations in general. [30]

CosmicDuke is one of the software packages listed as tied to Russia. SecureList, however, finds that unlike the software’s predecessor, CosmicDuke targets those who traffic in “controlled substances, such as steroids and hormones.” One possibility is that CosmicDuke is used by law enforcement agencies, while another possibility “is that it’s simply available in the underground and purchased by various competitors in the pharmaceutical business to spy on each other.” In either case, whether or not the software is utilized by the Russian government, there is a broader base for its use. [31]

The intent of the joint analysis report was to provide evidence of Russian state responsibility for the DNC hack. But nowhere does it do so. Mere assertions are meant to persuade. How much evidence does the government have? The Democratic Party claims that the FBI never requested access to DNC servers. [32] The FBI, for its part, says it made “multiple requests” for access to the DNC servers and was repeatedly turned down. [33] Either way, it is a remarkable admission. In a case like this, the FBI would typically conduct its own investigation. Was the DNC afraid the FBI might come to a different conclusion than the DNC-hired security firm Crowdstrike? The FBI was left to rely on whatever evidence Crowdstrike chose to supply. During its analysis of DNC servers, Crowdstrike reports that it found evidence of APT28 and APT29 intrusions within two hours. Did it stop there, satisfied with what it had found? Or did it continue to explore whether additional intrusions by other actors had taken place?

In an attempt to further inflame the hysteria generated from accusations of Russian hacking, the Office of the Director of National Intelligence published a declassified version of a document briefed to U.S. officials. The information was supplied by the CIA, FBI, and National Security Agency, and was meant to cement the government’s case. Not surprisingly, the report received a warm welcome in the mainstream media, but what is notable is that it offers not a single piece of evidence to support its claim of “high confidence” in assessing that Russia hacked the DNC and released documents to WikiLeaks. Instead, the bulk of the report is an unhinged diatribe against Russian-owned RT media. The content is rife with inaccuracies and absurdities. Among the heinous actions RT is accused of are having run “anti-fracking programming, highlighting environmental issues and the impacts on health issues,” airing a documentary on Occupy Wall Street, and hosting third-party candidates during the 2012 election.[34]

The report would be laughable, were it not for the fact that it is being played up for propaganda effect, bypassing logic and appealing directly to unexamined emotion. The 2016 election should have been a wake-up call for the Democratic Party. Instead, predictably enough, no self-examination has taken place, as the party doubles down on the neoliberal policies that have impoverished tens of millions, and backing military interventions that have sown so much death and chaos. Instead of thoughtful analysis, the party is lashing out and blaming Russia for its loss to an opponent that even a merely weak candidate would have beaten handily.

Mainstream media start with the premise that the Russian government was responsible, despite a lack of convincing evidence. They then leap to the fallacious conclusion that because Russia hacked the DNC, only it could have leaked the documents.

So, did the Russian government hack the DNC and feed documents to WikiLeaks? There are really two questions here: who hacked the DNC, and who released the DNC documents? These are not necessarily the same. An earlier intrusion into German parliament servers was blamed on the Russians, yet the release of documents to WikiLeaks is thought to have originated from an insider. [35] Had the Russians hacked into the DNC, it may have been to gather intelligence, while another actor released the documents. But it is far from certain that Russian intelligence services had anything to do with the intrusions. Julian Assange says that he did not receive the DNC documents from a nation-state. It has been pointed out that Russia could have used a third party to pass along the material. Fair enough, but former UK diplomat Craig Murray asserts: “I know who the source is… It’s from a Washington insider. It’s not from Russia.” [36]

There are too many inconsistencies and holes in the official story. In all likelihood, there were multiple intrusions into DNC servers, not all of which have been identified. The public ought to be wary of quick claims of attribution. It requires a long and involved process to arrive at a plausible identification, and in many cases the source can never be determined. As Jeffrey Carr explains, “It’s important to know that the process of attributing an attack by a cybersecurity company has nothing to do with the scientific method. Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong.” [37]

Russia-bashing is in full swing, and there does not appear to be any letup in sight. We are plunging headlong into a new Cold War, riding on a wave of propaganda-induced hysteria. The self-serving claims fueling this campaign need to be challenged every step of the way. Surrendering to evidence-free emotional appeals would only serve those who arrogantly advocate confrontation and geopolitical domination.

Notes.

[1] Dmitri Alperovitch, “Bears in the Midst: Intrusion into the Democratic National Committee,” Crowdstrike blog, June 15, 2016.

[2] Josh Pitts, “Repurposing OnionDuke: A Single Case Study Around Reusing Nation-state Malware,” Black Hat, July 21, 2015.

[3] Udi Shamir, “The Case of Gyges, the Invisible Malware,” SentinelOne, July 2014.

[4] Mark McArdle, “’Whodunnit?’ Why the Attribution of Hacks like the Recent DNC Hack is so Difficult,” Esentire, July 28, 2016.

[5] “The Usual Suspects: Faith-Based Attribution and its Effects on the Security Community,” October 21, 2016.

[6] Jeffrey Carr, “The DNC Breach and the Hijacking of Common Sense,” June 20, 2016.

[7] “APT28: A Window into Russia’s Cyber Espionage Operations?” FireEye, October 27, 2014.

[8] Mark McArdle, “’Whodunnit?’ Why the Attribution of Hacks like the Recent DNC Hack is so Difficult,” Esentire, July 28, 2016.

[9] Patrick Howell O’Neill, “Obama’s Former Cybersecurity Advisor Says Only ‘Idiots’ Want to Hack Russia Back for DNC Breach,” The Daily Dot, July 29, 2016.

[10] Janes Scott, Sr., “It’s the Russians! … or is it? Cold War Rhetoric in the Digital Age,” ICIT, December 13, 2016.

[11] Sam Biddle and Gabrielle Bluestone, “This Looks like the DNC’s Hacked Trump Oppo File,” Gawker, June 15, 2016.

Dan Goodin, “’Guccifer’ Leak of DNC Trump Research Has a Russian’s Fingerprints on It,” Ars Technica, June 16, 2016.

[12] Pat Belcher, “Tunnel of Gov: DNC Hack and the Russian XTunnel,” Invincea, July 28, 2016.

[13] Seth Bromberger, “DNS as a Covert Channel within Protected Networks,” National Electric Sector Cyber Security Organization, January 25, 2011.

[14] Thomas Rid, “All Signs Point to Russia Being Behind the DNC Hack,” Motherboard, July 25, 2016.

[15] https://www.threatminer.org/host.php?q=45.32.129.185

[16] https://www.threatminer.org/host.php?q=176.31.112.10

[17] https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-APPR/detailed-analysis.aspx

https://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2015-062518-5557-99

[18] Paul, “Security Pros Pan US Government Report on Russian Hacking,” The Security Ledger, December 30, 2016.

[19] “Grizzly Steppe – Russian Malicious Cyber Activity,” JAR-16-20296, National Cybersecurity & Communications Integration Center, Federal Bureau of Investigation, December 29, 2016.

[20] Jeffrey Carr, “FBI/DHS Joint Analysis Report: A Fatally Flawed Effort,” Jeffrey Carr/Medium, December 30, 2016.

[21] John Hinderaker, “Is “Grizzly Steppe’ Really a Russian Operation?” Powerline, December 31, 2016.

[22] https://www.us-cert.gov/sites/default/files/publications/JAR-16-20296A.csv

[23] Mark Maunder, “US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware,” Wordfence, December 30, 2016.

[24] Mark Maunder, “US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware,” Wordfence, December 30, 2016.

[25] Micah Lee, “The U.S. Government Thinks Thousands of Russian Hackers May be Reading my Blog. They Aren’t,” The Intercept, January 4, 2017.

[26] Jerry Gamblin, “Grizzly Steppe: Here’s My IP and Hash Analysis,” A New Domain, January 2, 2017.

[27] Robert Graham, “Dear Obama, from Infosec,” Errata Security, January 3, 2017.

[28] Robert Graham, “Some Notes on IoCs,” Errata Security, December 29, 2016.

[29] Robert M. Lee, “Critiques of the DHS/FBI’s Grizzly Steppe Report,” Robert M. Lee blog, December 30, 2016.

[30] “Energetic Bear – Crouching Yeti,” Kaspersky Lab Global Research and Analysis Team, July 31, 2014.

[31] “Miniduke is back: Nemesis Gemina and the Botgen Studio,” Securelist, July 3, 2014.

[32] Ali Watkins, “The FBI Never Asked for Access to Hacked Computer Servers,” Buzzfeed, January 4, 2017.

[33] “James Comey: DNC Denied FBI Direct Access to Servers During Russia Hacking Probe,” Washington Times, January 10, 2017.

[34] “Assessing Russian Activities and Intentions in Recent Activities and Intentions in Recent US Elections,” Office of the Director of National Intelligence, January 6, 2017.

[35] “Quelle für Enthüllungen im Bundestag Vermutet,” Frankfurter Allgemeine Zeitung, December 17, 2016.

[36] RT broadcast, January 7, 2017. https://www.youtube.com/watch?v=w3DvaVrRweY

[37] Jeffrey Carr, “Faith-based Attribution,” Jeffrey Carr/Medium, July 10, 2016.

Join the debate on Facebook
Gregory Elich is on the Board of Directors of the Jasenovac Research Institute and the Advisory Board of the Korea Policy Institute. He a member of the Solidarity Committee for Democracy and Peace in Korea, a columnist for Voice of the People, and one of the co-authors of Killing Democracy: CIA and Pentagon Operations in the Post-Soviet Period, published in the Russian language. He is also a member of the Task Force to Stop THAAD in Korea and Militarism in Asia and the Pacific. His website is https://gregoryelich.org

JANUARY 13, 2017
by GREGORY ELICH

Find this story at 13 January 2017
Copyright © CounterPunch

HERE’S THE PUBLIC EVIDENCE RUSSIA HACKED THE DNC — IT’S NOT ENOUGH

THERE ARE SOME good reasons to believe Russians had something to do with the breaches into email accounts belonging to members of the Democratic party, which proved varyingly embarrassing or disruptive for Hillary Clinton’s presidential campaign. But “good” doesn’t necessarily mean good enough to indict Russia’s head of state for sabotaging our democracy.

There’s a lot of evidence from the attack on the table, mostly detailing how the hack was perpetrated, and possibly the language of the perpetrators. It certainly remains plausible that Russians hacked the DNC, and remains possible that Russia itself ordered it. But the refrain of Russian attribution has been repeated so regularly and so emphatically that it’s become easy to forget that no one has ever truly proven the claim. There is strong evidence indicating that Democratic email accounts were breached via phishing messages, and that specific malware was spread across DNC computers. There’s even evidence that the attackers are the same group that’s been spotted attacking other targets in the past. But again: No one has actually proven that group is the Russian government (or works for it). This remains the enormous inductive leap that’s not been reckoned with, and Americans deserve better.

We should also bear in mind that private security firm CrowdStrike’s frequently cited findings of Russian responsibility were essentially paid for by the DNC, which contracted its services in June. It’s highly unusual for evidence of a crime to be assembled on the victim’s dime. If we’re going to blame the Russian government for disrupting our presidential election — easily construed as an act of war — we need to be damn sure of every single shred of evidence. Guesswork and assumption could be disastrous.

The gist of the Case Against Russia goes like this: The person or people who infiltrated the DNC’s email system and the account of John Podesta left behind clues of varying technical specificity indicating they have some connection to Russia, or at least speak Russian. Guccifer 2.0, the entity that originally distributed hacked materials from the Democratic party, is a deeply suspicious figure who has made statements and decisions that indicate some Russian connection. The website DCLeaks, which began publishing a great number of DNC emails, has some apparent ties to Guccifer and possibly Russia. And then there’s WikiLeaks, which after a long, sad slide into paranoia, conspiracy theorizing, and general internet toxicity has made no attempt to mask its affection for Vladimir Putin and its crazed contempt for Hillary Clinton. (Julian Assange has been stuck indoors for a very, very long time.) If you look at all of this and sort of squint, it looks quite strong indeed, an insurmountable heap of circumstantial evidence too great in volume to dismiss as just circumstantial or mere coincidence.

But look more closely at the above and you can’t help but notice all of the qualifying words: Possibly, appears, connects, indicates. It’s impossible (or at least dishonest) to present the evidence for Russian responsibility for hacking the Democrats without using language like this. The question, then, is this: Do we want to make major foreign policy decisions with a belligerent nuclear power based on suggestions alone, no matter how strong?

What We Know

So far, all of the evidence pointing to Russia’s involvement in the Democratic hacks (DNC, DCCC, Podesta, et al.) comes from either private security firms (like CrowdStrike or FireEye) who sell cyber-defense services to other companies, or independent researchers, some with university affiliations and serious credentials, and some who are basically just Guys on Twitter. Although some of these private firms groups had proprietary access to DNC computers or files from them, much of the evidence has been drawn from publicly available data like the hacked emails and documents.

Some of the malware found on DNC computers is believed to be the same as that used by two hacking groups believed to be Russian intelligence units, codenamed APT (Advanced Persistent Threat) 28/Fancy Bear and APT 29/Cozy Bear by industry researchers who track them.

The attacker or attackers registered a deliberately misspelled domain name used for email phishing attacks against DNC employees, connected to an IP address associated with APT 28/Fancy Bear.
Malware found on the DNC computers was programmed to communicate with an IP address associated with APT 28/Fancy Bear.
Metadata in a file leaked by “Guccifer 2.0″ shows it was modified by a user called, in cyrillic, “Felix Edmundovich,” a reference to the founder of a Soviet-era secret police force. Another document contained cyrillic metadata indicating it had been edited on a document with Russian language settings.
Peculiarities in a conversation with “Guccifer 2.0″ that Motherboard published in June suggests he is not Romanian, as he originally claimed.
The DCLeaks.com domain was registered by a person using the same email service as the person who registered a misspelled domain used to send phishing emails to DNC employees.
Some of the phishing emails were sent using Yandex, a Moscow-based webmail provider.
A bit.ly link believed to have been used by APT 28/Fancy Bear in the past was also used against Podesta.
Why That Isn’t Enough

Viewed as a whole, the above evidence looks strong, and maybe even damning. But view each piece on its own, and it’s hard to feel impressed.

For one, a lot of the so-called evidence above is no such thing. CrowdStrike, whose claims of Russian responsibility are perhaps most influential throughout the media, says APT 28/Fancy Bear “is known for its technique of registering domains that closely resemble domains of legitimate organizations they plan to target.” But this isn’t a Russian technique any more than using a computer is a Russian technique — misspelled domains are a cornerstone of phishing attacks all over the world. Is Yandex — the Russian equivalent of Google — some sort of giveaway? Anyone who claimed a hacker must be a CIA agent because they used a Gmail account would be laughed off the internet. We must also acknowledge that just because Guccifer 2.0 pretended to be Romanian, we can’t conclude he works for the Russian government — it just makes him a liar.

Next, consider the fact that CrowdStrike describes APT 28 and 29 like this:

Their tradecraft is superb, operational security second to none and the extensive usage of “living-off-the-land” techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and “access management” tradecraft — both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected.

Compare that description to CrowdStrike’s claim it was able to finger APT 28 and 29, described above as digital spies par excellence, because they were so incredibly sloppy. Would a group whose “tradecraft is superb” with “operational security second to none” really leave behind the name of a Soviet spy chief imprinted on a document it sent to American journalists? Would these groups really be dumb enough to leave cyrillic comments on these documents? Would these groups that “constantly [go] back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels” get caught because they precisely didn’t make sure not to use IP addresses they’d been associated before? It’s very hard to buy the argument that the Democrats were hacked by one of the most sophisticated, diabolical foreign intelligence services in history, and that we know this because they screwed up over and over again.

But how do we even know these oddly named groups are Russian? CrowdStrike co-founder Dmitri Alperovitch himself describes APT 28 as a “Russian-based threat actor” whose modus operandi “closely mirrors the strategic interests of the Russian government” and “may indicate affiliation [Russia’s] Main Intelligence Department or GRU, Russia’s premier military intelligence service.” Security firm SecureWorks issued a report blaming Russia with “moderate confidence.” What constitutes moderate confidence? SecureWorks said it adopted the “grading system published by the U.S. Office of the Director of National Intelligence to indicate confidence in their assessments. … Moderate confidence generally means that the information is credibly sourced and plausible but not of sufficient quality or corroborated sufficiently to warrant a higher level of confidence.” All of this amounts to a very educated guess, at best.

Even the claim that APT 28/Fancy Bear itself is a group working for the Kremlin is speculative, a fact that’s been completely erased from this year’s discourse. In its 2014 reveal of the group, the high-profile security firm FireEye couldn’t even blame Russia without a question mark in the headline: “APT28: A Window into Russia’s Cyber Espionage Operations?” The blog post itself is remarkably similar to arguments about the DNC hack: technical but still largely speculative, presenting evidence the company “[believes] indicate a government sponsor based in Moscow.” Believe! Indicate! We should know already this is no smoking gun. FireEye’s argument that the malware used by APT 28 is connected to the Russian government is based on the belief that its “developers are Russian language speakers operating during business hours that are consistent with the time zone of Russia’s major cities.”

As security researcher Jeffrey Carr pointed out in June, FireEye’s 2014 report on APT 28 is questionable from the start:

To my surprise, the report’s authors declared that they deliberately excluded evidence that didn’t support their judgment that the Russian government was responsible for APT28’s activities:

“APT28 has targeted a variety of organizations that fall outside of the three themes we highlighted above. However, we are not profiling all of APT28’s targets with the same detail because they are not particularly indicative of a specific sponsor’s interests.” (emphasis added)

That is the very definition of confirmation bias. Had FireEye published a detailed picture of APT28’s activities including all of their known targets, other theories regarding this group could have emerged; for example, that the malware developers and the operators of that malware were not the same or even necessarily affiliated.

The notion that APT 28 has a narrow focus on American political targets is undermined in another SecureWorks paper, which shows that the hackers have a wide variety of interests: 10 percent of their targets are NGOs, 22 percent are journalists, 4 percent are aerospace researchers, and 8 percent are “government supply chain.” SecureWorks says that only 8 percent of APT 28/Fancy Bear’s targets are “government personnel” of any nationality — hardly the focused agenda described by CrowdStrike.

Truly, the argument that “Guccifer 2.0″ is a Kremlin agent or that GRU breached John Podesta’s email only works if you presume that APT 28/Fancy Bear is a unit of the Russian government, a fact that has never been proven beyond any reasonable doubt. According to Carr, “it’s an old assumption going back years to when any attack against a non-financial target was attributed to a state actor.” Without that premise, all we can truly conclude is that some email accounts at the DNC et al. appear to have been broken into by someone, and perhaps they speak Russian. Left ignored is the mammoth difference between Russians and Russia.

Security researcher Claudio Guarnieri put it this way:

[Private security firms] can’t produce anything conclusive. What they produce is speculative attribution that is pretty common to make in the threat research field. I do that same speculative attribution myself, but it is just circumstantial. At the very best it can only prove that the actor that perpetrated the attack is very likely located in Russia. As for government involvement, it can only speculate that it is plausible because of context and political motivations, as well as technical connections with previous (or following attacks) that appear to be perpetrated by the same group and that corroborate the analysis that it is a Russian state-sponsored actor (for example, hacking of institutions of other countries Russia has some geopolitical interests in).

Finally, one can’t be reminded enough that all of this evidence comes from private companies with a direct financial interest in making the internet seem as scary as possible, just as Lysol depends on making you believe your kitchen is crawling with E. Coli.

What Does the Government Know?

In October, the Department of Homeland Security and the Office of the Director of National Intelligence released a joint statement blaming the Russian government for hacking the DNC. In it, they state their attribution plainly:

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process.

What’s missing is any evidence at all. If this federal confidence is based on evidence that’s being withheld from the public for any reason, that’s one thing — secrecy is their game. But if the U.S. Intelligence Community is asking the American electorate to believe them, to accept as true their claim that our most important civic institution was compromised by a longtime geopolitical nemesis, we need them to show us why.

The same goes for the CIA, which is now squaring off directly against Trump, claiming (through leaks to the Washington Post and New York Times) that the Russian government conducted the hacks for the express purpose of helping defeat Clinton. Days later, Senator John McCain agreed with the assessment, deeming it “another form of warfare.” Again, it’s completely possible (and probable, really) that the CIA possesses hard evidence that could establish Russian attribution — it’s their job to have such evidence, and often to keep it secret.

But what we’re presented with isn’t just the idea that these hacks happened, and that someone is responsible, and, well, I guess it’s just a shame. Our lawmakers and intelligence agencies are asking us to react to an attack that is almost military in nature — this is, we’re being told, “warfare.” When a foreign government conducts (or supports) an act of warfare against another country, it’s entirely possible that there will be an equal response. What we’re looking at now is the distinct possibility that the United States will consider military retaliation (digital or otherwise) against Russia, based on nothing but private sector consultants and secret intelligence agency notes. If you care about the country enough to be angry at the prospect of election-meddling, you should be terrified of the prospect of military tensions with Russia based on hidden evidence. You need not look too far back in recent history to find an example of when wrongly blaming a foreign government for sponsoring an attack on the U.S. has tremendously backfired.

We Need the Real Evidence, Right Now

It must be stated plainly: The U.S. intelligence community must make its evidence against Russia public if they want us to believe their claims. The integrity of our presidential elections is vital to the country’s survival; blind trust in the CIA is not. A governmental disclosure like this is also not entirely without precedent: In 2014, the Department of Justice produced a 56-page indictment detailing their exact evidence against a team of Chinese hackers working for the People’s Liberation Army, accused of stealing American trade secrets; each member was accused by name. The 2014 trade secret theft was a crime of much lower magnitude than election meddling, but what the DOJ furnished is what we should demand today from our country’s spies.

If the CIA does show its hand, we should demand to see the evidence that matters (which, according to Edward Snowden, the government probably has, if it exists). I asked Jeffrey Carr what he would consider undeniable evidence of Russian governmental involvement: “Captured communications between a Russian government employee and the hackers,” adding that attribution “should solely be handled by government agencies because they have the legal authorization to do what it takes to get hard evidence.”

Claudio Guarnieri concurred:

All in all, technical circumstantial attribution is acceptable only so far as it is to explain an attack. It most definitely isn’t for the political repercussions that we’re observing now. For that, only documental evidence that is verifiable or intercepts of Russian officials would be convincing enough, I suspect.

Given that the U.S. routinely attempts to intercept the communications of heads of state around the world, it’s not impossible that the CIA or the NSA has exactly this kind of proof. Granted, these intelligence agencies will be loath to reveal any evidence that could compromise the method they used to gather it. But in times of extraordinary risk, with two enormous military powers placed in direct conflict over national sovereignty, we need an extraordinary disclosure. The stakes are simply too high to take anyone’s word for it.

Sam Biddle
December 14 2016, 5:30 p.m.

Find this story at 14 December 2016

Copyright https://theintercept.com/

Al Arabiya investigates: Who really killed Hezbollah’s Mustafa Badreddine?

On the May 13, 2016, Lebanese people were surprised when the Hezbollah’s leading man Hassan Nasrallah was seen mourning the death of his most senior militia commander Mustafa Badreddine.

No sooner did the news of Badreddine demise in Syria broke out, the Lebanese media adopted the story perpetuated by Hezbollah on the circumstances surrounding his death. Still, a few days later, questions began to rise about the credibility of Hezbollah’s version of events.

After investigations into the story, evidence proved that Badreddine did not die fighting in the battlefields of Syria as claimed, but rather, the Hezbollah militia commander was assassinated. And the person responsible for his assassination was none other but his revered leader and friend, Hassan Nasrallah.

Events leading up to May 12
In 2013, Hezbollah was summoned to fight in Syria and Nasrallah commissioned Badreddine to lead the factions there alongside Iran’s Qassem Soleimani who led Quds Force, a branch of Iran’s Revolutionary Guard Corps (IRGC).

Soleimani ignored Badreddine’s great experience and aspired to lead the entire battle all by himself. While Badreddine took one risk after the other in the battlefields, leading his soldiers to victories and assuming full responsibility for the losses, he discovered that Soleimani was favoring the lives of the revolutionary guards over those of Hezbollah. The former asked the latter to lead his soldiers himself and take full responsibility over his army.

Both Hassan Nasrallah and Qassem Soleimani are said to have a hand behind Mustafa Badreddine mysterious death.

While Badreddine was fighting with his army in Syria, he was tried in absentia at the International Tribunal in the case of the assassination Rafiq Hariri, former Prime Minister of Lebanon in 2005. Nasrallah has been under a huge pressure from Soleimani, who requested the removal of Badreddine from the battlefield. Consequently, it appears that he had schemed to get rid of the commander.

The question then begs: What really happened on the evening of May 12, 2016? How did Soleimani and Nasrallah arrange the assassination of Mustafa Badreddine? And what really happened near the Damascus International Airport on the night between the May 12-13, 2016?

Aftermath
On May 14, 2016, less than two days after the operation, Al-Akhbar newspaper published the results of the investigation. Badreddine was reported to have arrived to the international airport was reportedly accompanied to the meeting with three other people but was the only one who was killed.

Initial reporting by Al-Mayadeen blamed Israel for the fatal attack, claiming that an Israeli Air Force (IAF) strike successfully targeted Badreddine’s position. But that article was later erased.

The cause of his death was assumed to be a vacuum bomb, while the nearest fighter group was 12 km away from the Damascus airport, which places it in the range of the artillery. Yet, these groups usually used unguided shells for their operations.

However, no gun powder residue found at the scene.

Infographic: Who was Hezbollah’s Mustafa Badreddine?

(Design by: Craig Willers)

Nicholas Blanford, a nonresident senior fellow with the Middle East Peace and Security Initiative, recently wrote an analysis on that point.

“The one claim of responsibility from the rebels came from the Jaysh al-Sunna group which said it had killed Badreddine in Khan Touman in southern Aleppo province. If that were true, why would Hezbollah hide it and make up a story about “takfiris” killing Badreddine much further south in the Damascus airport area?” Blanford asked.

“Also it is unclear what weapon system would be in the hands of rebel groups in the vicinity of Damascus airport that could account for the “large explosion” that Hezbollah said on Friday killed Badreddine. Diplomatic sources in Beirut confirmed that there really was a powerful blast near Damascus airport on Thursday (May 12) even if its origin remains unknown,” Blanford added.

One airport employee recounted the events of the night, saying airport employees were being barred from entering their workplace as the operation was taking place.

“As I was approaching to go to work, I saw a lot of people crowding near the airport. At approximately 10 PM that night we suddenly heard a loud bang and what sounded like fire from three rifles,” the airport employee told Al Arabiya.

“We tried approaching the scene to see what was going on but we were stopped by Hezbollah fighters telling us we weren’t allowed to enter. They did not even allow Syrian senior army officer or the Syrian police from entering the airport,” he said.

Images show the reported site hours before Mustafa Badreddine was killed compared to the same site pictured a day later. (Al Arabiya)

Al Arabiya also obtained images of the site where Mustafa Badreddine was killed which revealed aerial views of the exact scene on May 12 and May 14, both photos showing the site unscathed.

On the same say, the Shiite cleric Abbas Hoteit declared to the south Lebanon website Janoubia that “Badreddine was killed by two treacherous bullets”.

Evidence and eyewitness accounts suggested that four people met at the security building near the Damascus airport that night, one of them being Badreddine himself. The identity of the second person was discovered immediately after the operation on Twitter when a number of people reported they saw Soleimani leaving the site minutes before the operation. The third person was Badreddine’s bodyguard, who could not save his commander’s life.

According to eyewitnesses, the fourth person identified was Ibrahim Hussein Jezzini, a person who Badreddine reportedly trusted the most.

Badreddine’s death was seen as a victory for those affected by his involvement in attacks dating back to the 1980s, reportedly including the deadly suicide truck bombing attack that left over 200 US soldiers dead in Beirut in 1983 as well as the bombings targeting the French and US embassies in Kuwait the same year.

Al Arabiya News ChannelWednesday, 8 March 2017
Find this story at 8 March 2017

Copyright http://english.alarabiya.net

Israel’s Army Chief: Hezbollah Commander Mustafa Badreddine Killed by His Own Men

Killing of Mustafa Amine Badreddine last year shows the ‘depth of the internal crisis within Hezbollah,’ Gadi Eisenkot says.

Lt. Gen. Gadi Eisenkot said reports that Mustafa Amine Badreddine was killed by Hezbollah officers are in accordance to “intelligence we have.” The incident “indicates the depth of the internal crisis within Hezbollah,” and “the extent of the cruelty, complexity and tension between Hezbollah and its patron Iran.”
He added that despite Hezbollah’s fighting in Syria providing it with cumulative operational experience, it remains in crisis. “It is an internal crisis over what they are fighting fore, an economic crisis and a leadership crisis,” he asserted. Eisenkot was speaking at an academic conference in Netanya.
Badreddine, one of Hezbollah’s highest ranking military commanders, was killed in Syria in May last year. Initial reports attributed the attack to a covert Israeli operation, but signs suggested otherwise.
Badreddine was said to have assumed the position of his brother-in-law, Hezbollah commander Imad Moughniyeh, who died in a 2008 assassination in Damascus also attributed to Israel. However, some dispute his official status as the group’s military leader, saying he was only in charge of its operations in Syria, as Hezbollah has never publicly named a successor for Moughniyeh, whose son Jihad was also killed in Syria in an attack said to be Israel’s doing.

A U.S. Department of the Treasury statement detailing sanctions against Badreddine had said he was assessed to be responsible for the group’s military operations in Syria since 2011, and he had accompanied Hezbollah leader Sayyed Hassan Nasrallah during strategic coordination meetings with Assad in Damascus.

Eisenkot also hinted at the Israeli army’s recent operational activity, which has generated tension with the Russian regime. He said, “Despite six years of war in Syria, we are managing to maintain a quiet border, and to prevent the growth in power of those who need not be strengthened with advanced weaponry.” He added that the civil war in Syria involves not only risks but also “many opportunities for regional and international cooperation.”
In his remarks, Eisenkot also stressed Iran’s influence on Hezbollah and Hamas. “Iran is waging before us another campaign, a proxy war, and it is present both in Lebanon and in Syria with thousands of Shi’ite militiamen, as well as in Gaza,” he said. The chief of staff contended that the “primary challenge” for the Israel Defense Forces is Hezbollah, which operates both in Lebanon and in Syria.
Mossad chief Yossi Cohen, however, said Iran poses Israel’s foremost threat. Iran did not give up its nuclear ambitions, and it is trying to influence and shape the Middle East, said Cohen, also at the conference.
“As long as the Ayatollah regime exists, Iran will be the primary challenge for the security establishment, with or without the nuclear deal,” he asserted.

Gili Cohen Mar 22, 2017 12:44 PM

Find this story at 22 March 2017
© Haaretz Daily Newspaper Ltd

TOP HEZBOLLAH COMMANDER MUSTAFA BADREDDINE ASSASSINATED BY OWN GROUP: ISRAELI MILITARY

Israel’s military chief said Tuesday that a top Hezbollah commander who died last year was assassinated by members of his own group, the Iran-backed Lebanese Shiite militia.

Mustafa Badreddine died near the Syrian capital, Damascus, in May 2016, and Hezbollah said that Syrian rebel shelling caused his death.

But recent Arab media reports have alleged that Hezbollah wanted rid of Badreddine because of a difference in opinion on how to wage the military campaign in support of President Bashar al-Assad in Syria. Hezbollah has deployed thousands of troops to the war-torn country to boost the Syrian dictator’s ranks.

Lieutenant-General Gadi Eisenkot, chief of the Israeli armed forces, said that Israeli intelligence had corroborated reports of Hezbollah assassinating one of its own commanders, but did not elaborate on the circumstances.

“According to [media] reports, he was killed by his superiors, which points to the extent of the cruelty, complexity and tension between Hezbollah and its patron, Iran,” he said during a conference speech in the central Israeli city of Netanya, Israeli newspaper Haaretz reported. “These reports corresponded with the information we have and with our assessment.”

Read more: Another war between Israel and Hezbollah is inevitable

He continued: “It is an internal crisis over what they are fighting for, an economic crisis and a leadership crisis.”

Hezbollah spokesman Mohammed Afif told Reuters the Israeli remarks were “lies that do not deserve comment.”

Both the U.S. and Israel believed 55-year-old Badreddine to be Hezbollah’s military commander in Syria. His brother-in-law Imad Mughniyeh was Hezbollah’s military commander until he was assassinated in a 2008 bomb blast in Damascus, which reports suggested was the work of both Israel’s Mossad and America’s CIA agencies. Israel as a rule does comment on its foreign operations.

The Lebanese militia fought a one-month war with Israel, its primary enemy, in 2006. It centered on the southern Lebanese border with northern Israel, and the Golan Heights, a contested territory that Israel captured from Syria in the 1967 Six-Day War.

Iran, whose leadership routinely calls for Israel’s destruction, continues to support Hezbollah financially and militarily. Israel continues to conduct strikes against Hezbollah in Syria and Lebanon to prevent Iranian arms transfers to the group.

BY JACK MOORE ON 3/21/17 AT 1:51 PM

Find this story at 21 March 2017

Copyright http://www.newsweek.com/