Elite U.S. military computer specialists, over the objections of the CIA, mounted a cyberattack that dismantled the online forum. Although some Saudi officials had been informed in advance about the Pentagon’s plan, several key princes were “absolutely furious” at the loss of an intelligence-gathering tool, according to another former U.S. official.
Four former senior U.S. officials, speaking on the condition of anonymity to discuss classified operations, said the creation and shutting down of the site illustrate the need for clearer policies governing cyberwar. The use of computers to gather intelligence or to disrupt the enemy presents complex questions: When is a cyberattack outside the theater of war allowed? Is taking out an extremist Web site a covert operation or a traditional military activity? Should Congress be informed?
“The point of the story is it hasn’t been sorted out yet in a way that all the persons involved in cyber-operations have a clear understanding of doctrine, legal authorities and policy, and a clear understanding of the distinction between what is considered intelligence activity and wartime [Defense Department] authority,” said one former senior national security official.
Precedent before policy
The absence of clear guidelines for cyberwarfare is not new. Lawyers at the Justice Department’s Office of Legal Counsel are struggling to define the legal rules of the road for cyberwarriors, according to current and former officials.
The Saudi-CIA Web site was set up several years ago as a “honey pot,” an online forum covertly monitored by intelligence agencies to identify attackers and gain information, according to three of the former officials. The site was a boon to Saudi intelligence operatives, who were able to round up some extremists before they could strike, the former officials said.
At the time, however, dozens of Saudi jihadists were entering Iraq each month to carry out attacks. U.S. military officials grew concerned that the site “was being used to pass operational information” among extremists, one former official said. The threat was so serious, former officials said, that Gen. Ray Odierno, the top U.S. military commander in Iraq, requested that the site be shut down.
The operation was debated by a task force on cyber-operations made up of representatives from the Defense and Justice departments, the CIA, the Office of the Director of National Intelligence, and the National Security.
The CIA argued that dismantling the site would lead to a significant loss of intelligence. The NSA countered that taking it down was a legitimate operation in defense of U.S. troops. Although one Pentagon official asserted that the military did not have the authority to conduct such operations, the top military commanders made a persuasive case that extremists were using the site to plan attacks.
The task force debated whether to go forward and, if so, under what authority. If the operation was deemed a traditional military activity, no congressional committee needed to be briefed. If it was a covert action, members of the intelligence committees would have to be notified.
The task force weighed possible collateral damage, such as disruption of other computer networks, against the risk of taking no action. Most thought that the damage would be limited but that the gain would be substantial.
The matter appeared settled, ex-officials said. The military would dismantle the site, eliminating the need to inform Congress.
A group of cyber-operators at the Pentagon’s Joint Functional Component Command-Network Warfare at Fort Meade seemed ideally suited to the task. The unit carries out operations under a program called Countering Adversary Use of the Internet, established to blunt Islamist militants’ use of online forums and chat groups to recruit and mobilize members and to spread their beliefs.
Unintended outcomes
A central challenge of cyberwarfare is that an attacker can never be sure that an action will affect only the intended target. The dismantling of the CIA-Saudi site inadvertently disrupted more than 300 servers in Saudi Arabia, Germany and Texas, a former official said.
After the operation, Saudi officials vented their frustration about the loss of intelligence to the CIA. Agency officials said the U.S. military had upset an ally and acted outside its authority in conducting a covert operation, former officials said.
But some experts counter that dismantling Web sites is ineffective — no sooner does a site come down than a mirror site pops up somewhere else, because extremist groups store backup copies of forum information in servers around the world.
Filed under: Freedom of speech - incitement, Intelligence, Intelligence sharing, Iraq, Privacy, Profiling, Saudi Arabia, Surveillance, Technology, Threat, United States, Use of internet
