A wave of coordinated terror attacks that killed at least 130 people in Paris last week have had experts grappling with how French intelligence could have missed an operation that was most likely months in the making.
In recent days, the current and former heads of the CIA have hinted that the attacks might have been prevented had efforts not been made in the past few years to undermine the national-security apparatus.
Others have cast doubt on those assertions, noting that terror groups have been working for years to avoid surveillance.
During an appearance at the Center for Strategic and Internatinal Studies on Monday, CIA Director John Brennan denounced the recent “policy and legal efforts” to reign in government survellance that have made it “much more challenging” for the intel community to uncover terrorists.
And on Wednesday, former acting head of the CIA Michael Morell placed blame for the rise of ISIS squarely on one man — Edward Snowden.
Morell told Politico that the intelligence community’s counterterrorism efforts had been undermined, specifically, by Snowden’s leak of classfied National Security Agency documents in 2013.
“The Snowden disclosures created this perception that people’s privacy was being put at significant risk,” Morell said, referring to disclosures about the NSA’s ability to request user information from private companies and tools the agency used to crack encryption and monitor Internet data.
The revelations — and the public outrage that ensued — put pressure on companies to create encrypted-communications apps without keys to fight the perception that the US government “was inside” their hardware.
“Even if the government goes to them with a warrant, they can’t give them anything because they don’t have a key,” Morell said. “That is all, at the end of the day, back in Snowden’s lap, in my view.”
Leading up to the Paris attacks, ISIS members had been known to use Telegram, an encrypted app created by the makers of Russian social network VKontakte to evade government spies.
That, plus reports that a 34-page manual instructing members how to hide online is being circulated within ISIS’ ranks, has only fuelled arguments that groups like ISIS have figured out how to avoid large-scale surveillance.
“We saw people that we were targeting with NSA surveillance stop using communications at all,” Matthew Olsen, former director of the National Counterterrorism Center (NCTC), said at the Digital Democracy conference last week. “We saw them go to uses of encryption. … It shouldn’t be any surprise — these guys are sophisticated.”
But some experts are sceptical that revelations regarding the NSA’s ability to access encrypted data and the encryption methods adopted by companies in the wake of the Snowden disclosures had any effect on the ways terrorists have chosen to communicate.
“There is no evidence at all that the Snowden leaks contributed or altered the kind of terrorist activity that ISIS and Al Qaeda do,” Dave Aitel, CEO of the cybersecurity firm Immunity, Inc., told Business Insider.
“Al Qaeda was using high-grade operational technology long before the leaks — and they knew the NSA was their prime enemy long before Snowden,” he added. “For Morell to say the intel gaps that facilitated the Paris attacks fall into Snowden’s lap is a fantastic work of intellectual fiction.”
Indeed, Al Qaeda and other terrorist groupshave been using their own encryption software since at least 2007,beginning with a program known as”Asrar al-Mujihideen” (Secrets of the Mujahideen). They extended that program to other devices, such as cell phones and text messaging, as the technology became available.
“Nothing has changed about the encryption methodologies that they use,” Evan Kohlmann, a partner at the private security firm Flashpoint Global Partners, told NBC in 2014. “It’s difficult to reconcile that with the claim that they have dramatically improved their encryption technology since Snowden.”
Moreover, evidence suggests the NSA has worried about this technology for years. And it’s arguably why they adopted the kinds of surveillance methods that Snowden later exposed.
In 1998, then-NSA Director Kenneth Minihan warned a Senate committee that “these opportunists” — referring to hackers, terrorists and nation-states — “enabled by the explosion of technology and the availability of inexpensive, secure means of communication, pose a significant threat to the interests of the United States and its allies.”
This, according to a November 2007 article written by Shane Harris in National Journal, led the NSA to ask “a major US telecommunications carrier for information about its customers and the flow of electronic traffic across its network” in February 2001 — out of fear that the emerging Internet might be used as a weapon for US adversaries.
Harris went on to quote a former senior NSA official who said the agency had been worried that hackers and terrorists already knew how to avoid detection and could predict how the NSA might be tracking them.
“There was such a nuanced understanding of how to tie us in knots and use American law against us, that there were certainly pockets of people saying, ‘We’ve got to be assertive; we’ve got to be more aggressive on this,'” the official told Harris.
This suggests that terrorists knew of the NSA, and have been adapting to the agency’s evolving technology and methods since before the year 2000 — 13 years before Snowden leaked NSA surveillance documents.
“The new encryption companies like Apple, Google, and Whatsapp implemented after the Snowden leaks likely had to do with the political environment they were operating in,” Aitel told Business Insider. “But terrorists were already taking stringent methods to avoid NSA detection.”
Others have proposed that nations like China and Russia, not terror groups, have likely benefited the most from Snowden’s disclosures. Derek Harvey, a former intelligence officer, noted to Bloomberg’s Eli Lake and Josh Rogin that some of Snowden’s leaks resulted in the revelation of Chinese IP addresses targeted by the NSA. And Snowden is currently living in Moscow under asylum.
Earlier in the week, Morell was asked if Snowden “has blood on his hands” for the Paris attacks. He conceded that ISIS “probably would have gotten there” without Snowden’s help.
“Would they have been able to conduct this attack in Paris without him? Maybe,” Morell added. “So the honest answer is, I don’t know.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.