Intelligence: It Doesn't Work For The CIA Boss Either

Archives

November 20, 2012:  Although email is very handy, it is also a major vulnerability for organizations or individuals with secrets to keep. Case in point is the Afghan Taliban, which regularly emails information to the media. Recently a Taliban media specialist passed along an email to journalists and Taliban insiders and forgot to use the BCC (blind copy) instead of CC (copy) command. This revealed to all of the nearly 500 recipients of the message every ones email address. The BCC command was invented to spare everyone the hassle of having lots of email addresses attached to an email, and also to not let everyone on the CC list know who everyone else is. That’s the most important thing for the Taliban, because while most of the people on this BCC list were journalists, many were not. These were “friends of the Taliban” that the Islamic terrorists wanted to get information to at the same time the media got it. These people are not necessarily close allies of the Taliban but if they were not earlier known for Taliban sympathizers, they are now. Since some of the people revealed worked for the Afghan government, there’s a certain amount of discomfort to be expected.

Email has been an enormously useful intelligence gathering tool, mainly because it so damn convenient and police and intelligence agencies can easily get access to anything that is transmitted via an email network. There are techniques terrorists can use to make their communications more secure, but most don't know them or don't bother to use them. Things like leaving email as a draft, rather than sending it, or using encryption. But even techniques like these make your messages vulnerable to interception. The recently resigned head of the CIA found this out the hard way when he was reminded that the old “leaving email as a draft” dodge has long since been turned into something all intel agencies watch carefully. In the end, any use of the Internet can be intercepted. Often this is accomplished with commercial software and hardware designed for network administration, not spying.

The general public, and many journalists, are unaware of this situation. Terrorists tend to be better informed about the dangers of using the Internet because so many of their cohorts have been taken down because their Internet communications were intercepted. But because Islamic terrorists tend to be rather too cocky, or too confident because they are on a mission from God, many continue to employ the Internet despite the obvious dangers.

One of the alleged great strengths of al Qaeda, after their Afghan bases were lost in 2001, was the dispersed quality of the organization. The problem with that is that most of these "dispersed" are untrained in the need for OPSEC (Operational Security, things like not using the Internet for critical communications). The higher up the food chain you go, the less use of the Internet you encounter. At the very top they rely on human couriers, often to deliver memorized messages verbally. While the lower ranks of al Qaeda are entranced by the Internet and other communications technology, the guys at the top are terrified of it. Mostly, it's a matter of experience. See enough of your chums get caught, or killed, because of cell phone, email, or beeper use and you get a bit paranoid of this stuff.

Often, the small fry are allowed to keep emailing and using their cell phones by intelligence agencies just to monitor their "chatter" for useful bits of information. Out of many tiny pieces of data often comes a picture of what the leaders are up to and where they are. The Internet gives many terrorists the illusion that they are in touch, without realizing that the people at the other end have arrest warrants, not tickets to paradise.