Timing of hack occurred within days of the nuclear deal overcoming opposition in Congress.
Susan Crabtree writes: State Department officials determined that Iran hacked their emails and social media accounts during a particularly sensitive week for the nuclear deal in the fall of 2015, according to multiple sources familiar with the details of the cyber attack.
The attack took place within days of the deal overcoming opposition in Congress in late September that year. That same week, Iranian officials and negotiators for the United States and other world powers were beginning the process of hashing out a series of agreements allowing Tehran to meet previously determined implementation deadlines.
Critics regard these agreements as “secret side deals” and “loopholes” initially disclosed only to Congress.
Sources familiar with the details of the attack said it sent shockwaves through the State Department and the private-contractor community working on Iran-related issues.
It is unclear whether top officials at the State Department negotiating the Iran deal knew about the hack or if their personal or professional email accounts were compromised. Sources familiar with the attack believed top officials at State were deeply concerned about the hack and that those senior leaders did not have any of their email or social media accounts compromised in this particular incident.
Wendy Sherman, who served as Under Secretary of State for Political Affairs for several years during the Obama administration and was the lead U.S. negotiator of the nuclear deal with Iran, could not be reached for comment.
A spokeswoman for Albright Stonebridge LLC, where Sherman now serves as a senior counselor, said Tuesday that Sherman is “unavailable at this time and cannot be reached for comment.”
Asked about the September 2015 cyber-attack, a State Department spokesman said, “For security reasons we cannot confirm whether any hacking incident took place.”
At least four State Department officials in the Bureau of Near East Affairs and a senior State Department adviser on digital media and cyber-security were involved in trying to contain the hack, according to an email dated September 24, 2015, and multiple interviews with sources familiar with the attack.
The Obama administration kept quiet about the cyber-attack and never publicly acknowledged concerns the attack created at State, related agencies, and within the private contractor community that supports their work.
Critics of the nuclear deal said the Obama administration did not publicly disclose the cyber-attack’s impact out of fear it could undermine support right after the pact had overcome political opposition and cleared a critical Congressional hurdle.
The hacking of email addresses belonging to the State Department officials and outside contractors began three days after the congressional review period for the deal ended Sept. 17, according to sources familiar with the details of the attack and the internal State Department email.
In the week leading up to that deadline, Senate Democrats blocked several attempts to pass a GOP-led resolution to disapprove of the nuclear deal. The resolution of disapproval needed 60 votes to pass but the most it garnered was 58.
President Trump, during his trip to the Middle East in late May, talked tough against Iran and its illicit ballistic missile program but has so far left the nuclear deal in place. A Trump State Department review of the deal is nearing completion, the Free Beaconrecently reported, and some senior Trump administration officials are pushing for the public release of the so-called “secret side deals.”
State Department alerts outside contractors of cyber-attack
State Department officials in the Office of Iranian Affairs on Sept. 24, 2015 sent an email to dozens of outside contractors. The email alerted the contractors that a cyber-attack had occurred and urged them not to open any email from a group of five State Department officials that did not come directly from their official state.gov accounts. Read the rest of this entry »
Long-withheld document provides insight into secretive system in which people can be placed on terrorism databases with astounding ease, and without any way to get off.
Spencer Ackerman reports: Placement on a terrorism watchlist is a life-changing event. Your travel is monitored and in many cases restricted. If overseas, you could be stranded, costing your employment or reunion with your family. You could be detained and, certain lawsuits allege, tortured by foreign governments.
Yet the ease with which someone can be placed on US watchlists and terrorism databases contrasts markedly with the impact placement has. A long-withheld document published on Wednesday by the Intercept detailing the guidelines for placement shows that the standards for inclusion are far lower than probable cause, and the ability for someone caught in the datasets to challenge their placement do not exist. In 2013, the government made 468,749 nominations for inclusion to the Terrorist Screening Database, up from 227,932 nominations in 2009; few are rejected.
The rise – and the low standards the Intercept documented – is partially explained by the near-miss airliner bombing in Christmas 2009, by a man connected to a Yemeni branch of al-Qaida. Partially it is explained by the overwhelming secrecy surrounding the process: attorney general Eric Holder has called it a state secret (although the guidance document itself is unclassified), preventing meaningful outside challenges that would recalibrate a balance between reasonable expectations of security and liberty.
That secrecy, as the Intercept’s publication indicates, is starting to erode – slowly. Recent court cases have given the beginnings of insight into how the US government’s apparatus of terrorism databases and watchlists works in practice. Here is a guide.
They’re reading your tweets
The watchlisting guidance says that “first amendment protected activity alone shall not be the basis” for nominating someone to the lists. The key word: alone. What you say, write and publish can and will be used against you. Particularly if you tweet it, pin it or share it.
The guidelines recognize that looking at “postings on social media sites” is constitutionally problematic. But those posts “should not automatically be discounted”, the guidelines state. Instead, the agency seeking to watchlist someone should evaluate the “credibility of the source, as well as the nature and specificity of the information”. If they’re concerned about a tweet, in other words, they’re likely to go through a user’s timeline. That joke about that band blowing up could come back to haunt you at the airport.
Where you go might get you placed on the list – and then stranded
Contained within the guidance is a potential reason why many US Muslims find themselves abruptly unable to return from trips abroad without explanation. An example given of “potential behavioral indicators” of terrorism is “travel for no known lawful or legitimate purpose to a locus of TERRORISM ACTIVITY”. Not defined: “lawful”, “legitimate” or “locus”. That could mean specific training camps, travel to which few would dispute the merits of watchlisting. Or it could mean entire countries where terrorists are known or suspected of operating – and where millions of Americans travel every year.
The guidelines themselves, in that very section, warn that such behavioral indicators include “activity that may have innocent explanations wholly unrelated to terrorism”. It warns analysts not to judge any circumstance “in isolation”.
What happens on the no-fly list does not stay on the no-fly list. A federal judge, writing in June, noted that the FBI’s Terrorist Screening Center shares information on banned passengers with 22 foreign governments as well as “ship captains”, resulting in potential “interference with an individual’s ability to travel by means other than commercial airlines”.
Many people who have sued the US government over the watchlists have reported being unable to return from travel abroad. Ali Ahmed, a US citizen in San Diego, attempted in 2012 to fly to Kenya to meet his fiancee for their arranged marriage. But first he flew to Saudi Arabia to make the religiously encouraged pilgrimage to Mecca; he found himself stranded in Bahrain after he was unable to enter Kenya. Ayman Latif, a disabled US marine originally from Miami who now lives in Egypt, was prevented from flying to the US for a disability evaluation from the Department of Veterans Affairs.
There’s room for the family (and perhaps your friends)
A precursor data set that feeds the Terrorist Screening Database (TSDB or, “the watchlist”) is the Terrorist Identities Datamart Environment, or TIDE, maintained by the National Counterterrorism Center. TIDE contains records of known or suspected international terrorists. It also contains information on their families and perhaps their friends.
“Alien spouses and children” of people NCTC labels terrorists get put into TIDE. They “may be inadmissible to the United States”, presumed to be dangerous. TIDE also contains “non-terrorist” records of people who have a “close relationship with KNOWN or SUSPECTED terrorists”, the guidance reads. Examples listed are fathers or brothers, although the guidance does not specify a blood or marital relationship as necessary for inclusion. Those people can be American citizens or noncitizens inside the United States. While those “close relation[s]” are not supposed to be passed on for watchlisting absent other “derogatory information”, their data may be retained within TIDE for unspecified “analytic purposes”.
Just because a jury finds you innocent doesn’t mean watchlists agree
The guidelines explicitly state that someone “acquitted or against whom charges are dismissed for a crime related to terrorism” can still be watchlisted. A federal official nominating such a person for inclusion on the list just needs “reasonable suspicion” of a danger – something defined as more than “mere guesses or hunches”, based on articulable information or “rational inferences” from it, but far less than probable cause. A judge or jury’s decision is not controlling.
Watch how you walk
In keeping with a general enthusiasm exhibited by law enforcement and the military for identifying someone based on their seemingly unique physical attributes, biometric information is eligible as a criteria to watchlist someone. Several of those biometric identifiers are traditional law enforcement ones, like fingerprints; others are exceptionally targeted, like DNA. Then there are others that reflect emerging or immature analytic subjects: “digital images”, iris scans, and “gait” – that is, the way you walk.
Gait and other biometric identifiers do not appear sufficient to watchlist someone. But they are sufficient to nominate someone to the watchlist or TIDE, provided they rise to the “minimum substantive derogatory standards” – articulable reasons for suspecting someone of involvement of terrorism, a far lower standard than probable cause – unless they come accompanied with evidence that the manner of walk in question includes “an individual with a defined relationship with the KNOWN or SUSPECTED terrorist”. It does not appear that a particular swagger by itself can be watchlisted.
Lisa says …
Lisa Monaco is a former US attorney who holds one of the most powerful and least accountable positions in the US security apparatus: assistant to the president for homeland security and counter-terrorism. She has enormous influence over the watchlisting system. Read the rest of this entry »