* JULY 13, 2009
CIA Had Secret Al Qaeda Plan
Initiative at Heart of Spat With Congress Examined Ways to Seize, Kill Terror Chiefs
By SIOBHAN GORMAN
WASHINGTON -- A secret Central Intelligence Agency initiative terminated by Director Leon Panetta was an attempt to carry out a 2001 presidential authorization to capture or kill al Qaeda operatives, according to former intelligence officials familiar with the matter.
Sen. Dianne Feinstein said CIA Director Panetta, above, told lawmakers Vice President Cheney ordered information be withheld from Congress.
The precise nature of the highly classified effort isn't clear, and the CIA won't comment on its substance.
According to current and former government officials, the agency spent money on planning and possibly some training. It was acting on a 2001 presidential legal pronouncement, known as a finding, which authorized the CIA to pursue such efforts. The initiative hadn't become fully operational at the time Mr. Panetta ended it.
In 2001, the CIA also examined the subject of targeted assassinations of al Qaeda leaders, according to three former intelligence officials. It appears that those discussions tapered off within six months. It isn't clear whether they were an early part of the CIA initiative that Mr. Panetta stopped.
The revelations about the CIA and its post-9/11 activities have emerged amid a renewed fight between the agency and congressional Democrats. Last week, seven Democratic lawmakers on the House Intelligence Committee released a letter that talked about the CIA effort, which they said Mr. Panetta acknowledged hadn't been properly vetted with Congress. CIA officials had brought the matter to Mr. Panetta's attention and had recommended he inform Congress.
Neither Mr. Panetta nor the lawmakers provided details. Mr. Panetta quashed the CIA effort after learning about it June 23.
The battle is part of a long-running tug of war between the executive branch and the legislature about how to oversee the activities of the country's intelligence services and how extensively the CIA should brief Congress. In recent years, in the light of revelations over CIA secret prisons and harsh interrogation techniques, Congress has pushed for greater oversight. The Obama administration, much like its predecessor, is resisting any moves in that direction.
Most recently, House Speaker Nancy Pelosi, in a dispute over what she knew about the use of waterboarding in interrogating terror suspects, has accused the agency of lying to lawmakers about its operations.
Republicans on the panel say that the CIA effort didn't advance to a point where Congress clearly should have been notified.
CIA spokesman Paul Gimigliano said the agency "has not commented on the substance of the effort." He added that "a candid dialogue with Congress is very important to this director and this agency."
One former senior intelligence official said the program was an attempt "to achieve a capacity to carry out something that was directed in the finding," meaning it was looking for ways to capture or kill al Qaeda chieftains.
The official noted that Congress had long been briefed on the finding, and that the CIA effort wasn't so much a program as "many ideas suggested over the course of years." It hadn't come close to fruition, he added.
Michigan Rep. Pete Hoekstra, the top Republican on the House Intelligence Committee, said little had been spent on the efforts -- closer to $1 million than $50 million. "The idea for this kind of program was tossed around in fits and starts," he said.
Senior CIA leaders were briefed two or three times on the most recent iteration of the initiative, the last time in the spring of 2008. At that time, CIA brass said that the effort should be narrowed and that Congress should be briefed if the preparations reached a critical stage, a former senior intelligence official said.
Amid the high alert following the Sept. 11 terrorist attacks, a small CIA unit examined the potential for targeted assassinations of al Qaeda operatives, according to the three former officials. The Ford administration had banned assassinations in the response to investigations into intelligence abuses in the 1970s. Some officials who advocated the approach were seeking to build teams of CIA and military Special Forces commandos to emulate what the Israelis did after the Munich Olympics terrorist attacks, said another former intelligence official.
"It was straight out of the movies," one of the former intelligence officials said. "It was like: Let's kill them all."
The former official said he had been told that President George W. Bush and Vice President Dick Cheney didn't support such an operation. The effort appeared to die out after about six months, he said.
Former CIA Director George Tenet, who led the agency in the aftermath of the 2001 attacks, declined through a spokesman to comment.
Also in September 2001, as CIA operatives were preparing for an offensive in Afghanistan, officials drafted cables that would have authorized assassinations of specified targets on the spot.
One draft cable, later scrapped, authorized officers on the ground to "kill on sight" certain al Qaeda targets, according to one person who saw it. The context of the memo suggested it was designed for the most senior leaders in al Qaeda, this person said.
Eventually Mr. Bush issued the finding that authorized the capturing of several top al Qaeda leaders, and allowed officers to kill the targets if capturing proved too dangerous or risky.
Lawmakers first learned specifics of the CIA initiative the day after Mr. Panetta did, when he briefed them on it for 45 minutes.
House lawmakers are now making preparations for an investigation into "an important program" and why Congress wasn't told about it, said Rep. Jan Schakowsky, an Illinois Democrat, in an interview.
On Sunday, lawmakers criticized the Bush administration's decision not to tell Congress. Senate Intelligence Committee Chairman Dianne Feinstein, a Democrat from California, hinted that the Bush administration may have broken the law by not telling Congress.
"We were kept in the dark. That's something that should never, ever happen again," she said. Withholding such information from Congress, she said, "is a big problem, because the law is very clear."
Ms. Feinstein said Mr. Panetta told the lawmakers that Mr. Cheney had ordered that the information be withheld from Congress. Mr. Cheney on Sunday couldn't be reached for comment through former White House aides.
The Senate's second-ranking official, Democratic Sen. Dick Durbin of Illinois, and Vermont Democratic Sen. Patrick Leahy, chairman of the Senate Judiciary Committee, echoed those concerns and called for an investigation, an indication of how the politics of intelligence continues to bedevil the CIA.
Separately, Attorney General Eric Holder is considering whether to order a criminal probe into whether treatment of terrorism detainees exceeded guidelines set by the Justice Department, administration officials said.
President Barack Obama and Mr. Holder have said they don't favor prosecuting lawyers who wrote legal justifications for interrogation methods that the president and his attorney general have declared to be torture. They have sought to protect CIA officers who followed the legal guidelines.
"The Department of Justice will follow the facts and the law with respect to any matter," said Matthew Miller, a department spokesman. "We have made no decisions on investigations or prosecutions, including whether to appoint a prosecutor to conduct further inquiry."
Sunday, July 12, 2009
Wednesday, July 8, 2009
Your SSN Can Now Be Accurately Guessed Using Date and Place of Birth
It seems that nothing is safe any more. And now your Social Security Number, the lynchpin to you credit score, taxes, government benefits and more, is under attack. It can be guessed, with a staggering degree of accuracy, using simple information you probably have on sites like Facebook and MySpace.
We have all heard the stories about Identity Theft and we all take precautions to be careful with our SSN. In fact, these days I’ll only put it down on a form if I absolutely have to; that includes medical forms that you often have to fill out when you visit a GP or specialist. But that may now be a moot point, because two Carnegie Mellon researchers have basically reverse-engineered the SSN formula to gain access to that most precious and private number.
John Timmer of Arstechnica.com reported yesterday that these two bright sparks used two practices that had been designed to protect the number, and make it fraud-proof, as a way to discover the code from those two simple facts – date of birth, and place of birth; two facts that are on most public profiles.
To know how they did it, you need to know the basic structure of the SSN. As John describes it, it splits into three zones:
The first three digits are based on the state where the SSN was originally assigned, and the next two are what's termed a group number. The last four digits are ostensibly assigned at random. Since the late 1980s, the government has promoted an initiative termed "Enumeration at Birth" that seeks to ensure that SSNs are assigned shortly after birth, which should limit the circumstances under which individuals apply for them later in life (and hence, make fraudulent applications easier to detect).
From there, the article gets pretty heavily into some technical data and statistics that I won’t bore you with here. If you’re interested, read all the details of the algorithm that reconstructs your Social Security Number. But all you really need to know is that if the SSN code has been cracked, or hacked, then it won’t be long before that information gets into the wrong hands.
So, should you be worried, and what can you do?
Well, as John Timmer explains, although some of the SSN digits are relatively easy to obtain, others are more tricky:
Getting the last four digits right was substantially harder. The authors used a standard of getting the whole SSN right within 10 tries, and could only manage that about 0.1 percent of the time even in the later period. Still, small states were somewhat easier—for Delaware in 1996, they had a five percent success rate.
BUT, and this is a big but, it seems as though modern security systems and automated forms DO NOT REQUIRE the whole SSN. As long as it is cross-referenced with the date and place of birth, up to two numbers can be incorrect. John continues:
They often allow several failed verification attempts per IP address before blacklisting it. Given these numbers, the authors estimate that even a moderate-sized botnet of 10,000 machines could successfully obtain identity verifications for younger residents of West Virginia at a rate of 47 a minute.
Think about it: 47 a minute! Considering how prevalent ID theft is around the world, and how sophisticated thieves are becoming, I think this is enough to cause concern for the average US citizen. And as such, it may be time to start taking precautions.
First, see if you can remove your private information, or replace your place and date of birth with something more vague on your social networking sites and other public profiles. That one should be relatively easy, if a little time consuming.
Second, continue to practice good personal security. Shred any important documents that you are throwing out, and don’t leave sensitive data in a place where thieves could easily find it. I know a lot of people throw things in the car and forget about it, but if the car were stolen or broken into, it could be the start of much bigger problems.
Third, keep on top of your credit reports. You are allowed one free each year from each of the three major credit bureaus. DO NOT use freecreditreport.com, they charge. Instead, go to Annual Credit Report here. If you see anything suspicious or just plain wrong, contact the bureau immediately.
Finally, consider some ID theft protection. I use LifeLock because I got a great deal on it, and although not 100% effective, it does cover me if anything should happen. But LifeLock is basically just a method of putting 90-day fraud alerts on your credit reports, which you can do yourself for free. You can find the information for each bureau here:
EXPERIAN
EQUIFAX
TRANSUNION
For further reading, visit the FTC’s site. It has some great information. Stay safe folks.
We have all heard the stories about Identity Theft and we all take precautions to be careful with our SSN. In fact, these days I’ll only put it down on a form if I absolutely have to; that includes medical forms that you often have to fill out when you visit a GP or specialist. But that may now be a moot point, because two Carnegie Mellon researchers have basically reverse-engineered the SSN formula to gain access to that most precious and private number.
John Timmer of Arstechnica.com reported yesterday that these two bright sparks used two practices that had been designed to protect the number, and make it fraud-proof, as a way to discover the code from those two simple facts – date of birth, and place of birth; two facts that are on most public profiles.
To know how they did it, you need to know the basic structure of the SSN. As John describes it, it splits into three zones:
The first three digits are based on the state where the SSN was originally assigned, and the next two are what's termed a group number. The last four digits are ostensibly assigned at random. Since the late 1980s, the government has promoted an initiative termed "Enumeration at Birth" that seeks to ensure that SSNs are assigned shortly after birth, which should limit the circumstances under which individuals apply for them later in life (and hence, make fraudulent applications easier to detect).
From there, the article gets pretty heavily into some technical data and statistics that I won’t bore you with here. If you’re interested, read all the details of the algorithm that reconstructs your Social Security Number. But all you really need to know is that if the SSN code has been cracked, or hacked, then it won’t be long before that information gets into the wrong hands.
So, should you be worried, and what can you do?
Well, as John Timmer explains, although some of the SSN digits are relatively easy to obtain, others are more tricky:
Getting the last four digits right was substantially harder. The authors used a standard of getting the whole SSN right within 10 tries, and could only manage that about 0.1 percent of the time even in the later period. Still, small states were somewhat easier—for Delaware in 1996, they had a five percent success rate.
BUT, and this is a big but, it seems as though modern security systems and automated forms DO NOT REQUIRE the whole SSN. As long as it is cross-referenced with the date and place of birth, up to two numbers can be incorrect. John continues:
They often allow several failed verification attempts per IP address before blacklisting it. Given these numbers, the authors estimate that even a moderate-sized botnet of 10,000 machines could successfully obtain identity verifications for younger residents of West Virginia at a rate of 47 a minute.
Think about it: 47 a minute! Considering how prevalent ID theft is around the world, and how sophisticated thieves are becoming, I think this is enough to cause concern for the average US citizen. And as such, it may be time to start taking precautions.
First, see if you can remove your private information, or replace your place and date of birth with something more vague on your social networking sites and other public profiles. That one should be relatively easy, if a little time consuming.
Second, continue to practice good personal security. Shred any important documents that you are throwing out, and don’t leave sensitive data in a place where thieves could easily find it. I know a lot of people throw things in the car and forget about it, but if the car were stolen or broken into, it could be the start of much bigger problems.
Third, keep on top of your credit reports. You are allowed one free each year from each of the three major credit bureaus. DO NOT use freecreditreport.com, they charge. Instead, go to Annual Credit Report here. If you see anything suspicious or just plain wrong, contact the bureau immediately.
Finally, consider some ID theft protection. I use LifeLock because I got a great deal on it, and although not 100% effective, it does cover me if anything should happen. But LifeLock is basically just a method of putting 90-day fraud alerts on your credit reports, which you can do yourself for free. You can find the information for each bureau here:
EXPERIAN
EQUIFAX
TRANSUNION
For further reading, visit the FTC’s site. It has some great information. Stay safe folks.
Subscribe to:
Posts (Atom)