French Government Does NOT Get a Pass

Posted on by

The world watched in horror the bloody events in Paris at the hands of militants. A great deal of work is going into investigations and research to determine names, backgrounds, connections and causes of the terror in France.

The background, cells and names rising to the surface are not new to the intelligence communities allied with the United States. What is new is that the governmental leadership(s) in Europe, North Africa and the West ignored the intelligence clarion calls for alarm.

Going back to 2005 and even earlier, mining open source information, the Buttes Chaumont information has been out there. The brothers of the Paris attacks were only the most recent members of the Buttes Chaumont terror cell. There were clearly other brothers and members that were festering a decade ago.

 

‘The first cell in this network was named the “19th arrondissement” or “Buttes Chaumont” cell, which both brothers were a part of. Farid Benyettou, a charismatic self-taught preacher who lectured outside various mosques and prayer groups, including the Addawa mosque of the 19th arrondissement, led this cell. Although Redouane died, Boubaker was in charge of a way station in Syria for French youths headed to Iraq. El-Hakim did not last long, though, since the Assad regime arrested him in 2004, imprisoned him for a year, and then extradited him to France in 2005.
El-Hakim would be sentenced in 2008 to seven years for his involvement in the recruitment ring. This would have kept him imprisoned through 2015, but he ended up only serving 2/3 of his term and was then deported to Tunisia sometime in 2012. Since then, el-Hakim’s name has popped up in reports on militants around Chaambi Mountain in western Tunisia. Again, it is hard to assess these claims since there is almost no way of independently verifying them. That said, due to his past connections within a jihadi recruitment network and al-Qaeda in Iraq, it would not be far-fetched if he indeed did have some type of connection or relationship with AQIM.
At the same time, due to the murky nature of el-Hakim’s presence in Tunisia and the dearth of solid information on the connections between AQIM and AST, it is too early to come to any real conclusions.’

The New York Times is data mining as well as has offered some current insight but the paper omits the feeble policy by the French leadership to deal with the dark yet active cell connections in France and in Northern Africa. The intelligence IS there but quite possibly passed to the side out of lack of law enforcement, lack of policy and lack of will.

It is a tragedy that France had to deploy more that 85,000 personnel to track down the killers in France while some many victims died. For the next several weeks, collaboration on intelligence and policy will occur include the United States.

PARIS — They jogged together or did calisthenics along the hilly lawns and tulip-dotted gardens of Buttes-Chaumont, the public park in northeastern Paris built more than a century ago under Emperor Napoleon III. Or they met in nearby apartments with a janitor turned self-proclaimed imam, a man deemed too radical by one local mosque because of his call for waging jihad in Iraq.

The group of young Muslim men, some still teenagers, became known to the French authorities as the Buttes-Chaumont group after the police in 2005 broke up their pipeline for sending young French Muslims from their immigrant neighborhood to fight against American troops in Iraq. The arrests seemingly shattered the group, and some officials and experts were skeptical that members ever posed a threat to France.

But the shocking terror attacks last week in Paris have now made plain that the Buttes-Chaumont network produced some of Europe’s most militant jihadists, including Chérif Kouachi, one of the three terrorists whose three-day rampage left 17 people dead and who was killed by the police.

Other alumni from the group have died in Iraq or remained committed to radical Islam, including a French-Tunisian now aligned with the Islamic State who has claimed responsibility for a handful of assassinations in Tunisia, including the July 2013 murder of a leading left-wing politician.

“They were considered the least dangerous,” Jean-Pierre Filiu, a professor of Middle East studies and specialist on French Islamic terror cells, said of the Buttes-Chaumont group. “And now you see them really at the forefront.”

Now French authorities, while still piecing together how such violent attacks could have been staged in the capital, must also be concerned by the possibility that other homegrown groups may be passing unnoticed — or may be similarly underestimated.

The attacks suggest the prospect of a potent intermingling among some members of the original Buttes-Chaumont group and other extremists. Their meeting place, apparently, was the French prison system.

There, their radicalism hardened as some members of the group came together with other prominent jihadists who were connected to more extensive and dangerous militant networks.

For decades, France has endured Islamic terror threats and attacks, from Iranian-inspired groups during the 1980s, to Algerian extremists in the 1990s, to cells linked to Al Qaeda before and after the Sept. 11, 2001, attacks in the United States.

More recently, French and other European security services have grown increasingly alarmed by thousands of young, alienated Muslim citizens who have enlisted for jihad in the conflicts in Syria and Iraq.

In each decade, a familiar pattern has emerged: a radicalized minority of European Muslims — whether they have gone abroad for jihad or not — have been angered and inspired by wars the West has waged in the Arab world, Africa and beyond, and have sought to bring the costs of those conflicts home.

After French authorities swept up members of the Buttes-Chaumont group in the 2005, during his time in prison Chérif Kouachi came under the sway of an influential French-Algerian jihadist who had plotted to bomb the United States Embassy in Paris in 2001.

There, he also recruited a holdup artist named Amedy Coulibaly, the man who killed four hostages at a kosher supermarket in Paris on Friday.

It is unclear if his older brother, Saïd Kouachi, who also took part in the attack on the Charlie Hebdo newspaper office, was a member of the Buttes-Chaumont group, but the authorities have confirmed that the older brother spent time in Yemen between 2009 and 2012, getting training from a branch of Al Qaeda.

 

Felony Charges Against General Petraeus?

Posted on by

Prosecutors Said to Seek Felony Charges against Petraeus

By and

To keep him from running for president?

WASHINGTON — The F.B.I. and Justice Department prosecutors have recommended bringing felony charges against retired Gen. David H. Petraeus for providing classified information to his former mistress while he was director of the C.I.A., officials said, leaving Attorney General Eric H. Holder Jr. to decide whether to seek an indictment that could send the pre-eminent military officer of his generation to prison.

The Justice Department investigation stems from an affair Mr. Petraeus had with Paula Broadwell, an Army Reserve officer who was writing his biography, and focuses on whether he gave her access to his C.I.A. email account and other highly classified information. F.B.I. agents discovered classified documents on her computer after Mr. Petraeus resigned from the C.I.A. in 2012 when the affair became public.

Mr. Petraeus, a retired four star-general who served as commander of American forces in both Iraq and Afghanistan, has said he never provided classified information to Ms. Broadwell, and has indicated to the Justice Department that he has no interest in a plea deal that would spare him an embarrassing trial. A lawyer for Mr. Petraeus, Robert B. Barnett, said Friday he had no comment.

Mr. Holder was expected to decide by the end of last year whether to bring charges against Mr. Petraeus, but he has not indicated how he plans to proceed. The delay has frustrated some Justice Department and F.B.I officials and investigators who have questioned whether Mr. Petraeus has received special treatment at a time Mr. Holder has led an unprecedented crackdown on government officials who reveal secrets to journalists.

The protracted process has also frustrated Mr. Petraeus’s friends and political allies, who say it is unfair to keep the matter hanging over his head. Senator John McCain, Republican of Arizona, wrote to Mr. Holder last month that the investigation had deprived the nation of wisdom from one of its most experienced experts.

“At this critical moment in our nation’s security,” he wrote, “Congress and the American people cannot afford to have his voice silenced or curtailed by the shadow of a long-running, unresolved investigation marked by leaks from anonymous sources.”

Since his resignation from the C.I.A. on Nov. 10, 2012, Mr. Petraeus has divided his time between teaching, making lucrative speeches and working as a partner in one of the world’s largest private-equity firms, Kohlberg Kravis Roberts.

Mr. Holder has said little publicly about the investigation. the F.B.I. director, James B. Comey, asked by reporters in December why it was taking so long, said: “I can’t say. I mean, I guess I could say, but I won’t say.”

Marc Raimondi, a Justice Department spokesman, declined to comment on the investigation. Several officials who discussed it did so on condition of anonymity because they were not authorized to speak publicly.

At a news conference shortly after Mr. Petraeus resigned, President Obama said he had no evidence that Mr. Petraeus had disclosed classified information “that in any way would have had a negative impact on our national security.”

“We are safer because of the work that Dave Petraeus has done,” Mr. Obama said, referring to his career in government. “And my main hope right now is — is that he and his family are able to move on and that this ends up being a single side note on what has otherwise been an extraordinary career.”

But investigators concluded that, whether or not the disclosure harmed national security, it amounted to a significant security breach in the office of one of the nation’s most trusted intelligence leaders. They recommended that Mr. Petraeus face charges, saying lower-ranking officials had been prosecuted for far less.

Federal agents stumbled onto the affair after Jill Kelley, a friend of Mr. Petraeus, complained to the F.B.I. that she had received anonymous threatening emails about her relationship with Mr. Petraeus. F.B.I. agents opened a cyberstalking investigation, traced the message to Ms. Broadwell and began searching her emails. That is when they discovered evidence that she and Mr. Petraeus were having an affair.

Mr. Petraeus is said to have begun the affair with Ms. Broadwell in 2011, soon after taking the job at the C.I.A. and she was interviewing him for her book, “All In: The Education of General David Petraeus.”

Mr. Petraeus resigned from the the C.I.A. three days after Mr. Obama was re-elected. In a brief statement, Mr. Petraeus admitted to the affair, saying that “after being married for over 37 years, I showed extremely poor judgment.”

“Such behavior is unacceptable, both as a husband and as the leader of an organization such as ours,” Mr. Petraeus said, referring to the C.I.A. “This afternoon, the president graciously accepted my resignation.”

Mr. Petraeus, a graduate of the United States Military Academy at West Point, took command of American forces in Iraq in 2007, one of the lowest points in the war. Al Qaeda controlled large parts of the country, and dozens of American soldiers were dying each month. Mr. Petraeus directed the so-called “surge” of American forces that helped stablize Iraq enough so that the United States could withdraw its troops under Mr. Obama. In 2010, Mr. Obama chose him to lead American forces in Afghanistan, where the Taliban was gaining territory. Mr. Petraeus had some success — although not nearly as much as he had in Iraq.

Along with his acumen on the battlefield, Mr. Petraeus was considered a natural political operator in Washington, where he easily navigated the politics of Congress, the White House and the Pentagon. He fielded calls to run for president and cultivating a larger-than-life media image. All the while, he remained a trusted adviser to Mr. Obama, who appointed him to lead the C.I.A. in 2011.

Threat to NATO via Russian Aggression

Posted on by

Poland to Seek NATO Response to Russia’s Military Exercises

(Reuters) – Poland expects the NATO alliance to step up its military exercises around the Baltic Sea after a flurry of activity by Russian warships and jet fighters in the area last month, Defence Minister Tomasz Siemoniak told Reuters in an interview.

Polish Defense Minister Tomasz Siemoniak, Oct. 14, 2014

“What happened in December was indeed rather unprecedented,” Siemoniak said. “We will definitely want the Baltic Sea to be taken into account to a greater extent, and I think that in terms of military exercises planned by NATO, there will be such a reaction,” he said. The interview was conducted on Monday but authorised for release by the ministry on Thursday.

The Atlantic alliance has already increased the frequency of air patrols in the region, part of a revival of Cold War tensions sparked by Russia’s annexation of Crimea from Ukraine and its support for Ukraine’s pro-Russian rebels.

Russian President Vladimir Putin visits anti-submarine ship Vice Admiral Kulakov, Sept. 23, 2014

Siemoniak said Moscow did not have an exit strategy, and that NATO and the European Union, which has imposed sanctions on Russia together with the United States, should brace themselves for years of conflict.

“We shouldn’t talk about lifting the sanctions too soon,” he said, adding that they were the most effective tool at the West’s disposal.

The French government in November put on hold a contract to supply Mistral warships to Russia after coming under pressure from NATO allies.

Asked if French-based companies such as Airbus and the Thales could suffer as they bid for contracts in Poland’s $41 billion army modernisation programme, Siemoniak said: “I’m counting on France‘s decision (not to deliver) being permanent, so the problem has been solved. It seems that Russia has also accepted that.”

Siemoniak also denied that a U.S. Senate report, which in December made clear by implication that Poland had allowed the CIA to run secret detention facilities on its soil, had damaged the relationship between the two allies.

Polish officials have expressed disappointment that the published version of the report contained enough detail to implicate Poland, putting it at risk of reprisal attacks.

“I think that, at the moment, the cooperation between our intelligence agencies is the best in history,” Siemoniak said, “so the publication of the report has not made it more difficult.”

CyberWar Vulnerabilities

Posted on by

A Hacker’s Hit List of American Infrastructure

In an 800-page document dump, the U.S. government revealed critical vulnerabilities.

On Friday, December 19, the FBI officially named North Korea as the party responsible for a cyber attack and email theft against Sony Pictures. The Sony hack saw many studio executives’s sensitive and embarrassing emails leaked online. The hackers threatened to attack theaters on the opening day of the offending film, The Interview, and Sony pulled the plug on the movie, effectively censoring a major Hollywood studio. (Sony partially reversed course, allowing the movie to show in 331 independent theaters on Christmas Day, and to be streamed online.)

Technology journalists were quick to point out that, even though the cyber attack could be attributable to a nation-state actor, it wasn’t particularly sophisticated. Ars Technica’s Sean Gallagher likened it to a “software pipe bomb.”

But according to cybersecurity professionals, the Sony hack may be a prelude to a cyber attack on United States infrastructure that could occur in 2015, as a result of a very different, self-inflicted document dump from the Department of Homeland Security in July.

Here’s the background: On July 3, DHS, which plays “key role” in responding to cyber attacks on the nation, replied to a Freedom of Information Act (FOIA) request on a malware attack on Google called “Operation Aurora.”

Unfortunately, as Threatpost writer Dennis Fisher reports, DHS officials made a grave error in their response. DHS released more than 800 pages of documents related not to Operation Aurora but rather the Aurora Project, a 2007 research effort led by Idaho National Laboratory demonstrating how easy it was to hack elements in power and water systems.

Oops.

The Aurora Project exposed a vulnerability common to many electrical generators, water pumps, and other pieces of infrastructure, wherein an attacker remotely opens and closes key circuit breakers, throwing the machine’s rotating parts out of synchronization causing parts of the system to break down.

In 2007, in an effort to cast light on the vulnerability that was common to many electrical components, researchers from Idaho National Lab staged an Aurora attack live on CNN. The video is below.

How widespread is the Aurora vulnerability? In this 2013 article for Power Magazine:

The Aurora vulnerability affects much more than rotating equipment inside power plants. It affects nearly every electricity system worldwide and potentially any rotating equipment—whether it generates power or is essential to an industrial or commercial facility.

The article was written by Michael Swearingen, then manager for regulatory policy for Tri-County Electric Cooperative (now retired), Steven Brunasso, a technology operations manager for a municipal electric utility, Booz Allen Hamilton critical infrastructure specialist Dennis Huber, and Joe Weiss, a managing partner for Applied Control Solutions.

Weiss today is a Defense Department subcontractor working with the Navy’s Mission Assurance Division. His specific focus is fixing Aurora vulnerabilities. He calls DHS’s error “breathtaking.”

The vast majority of the 800 or so pages are of no consequence, says Weiss, but a small number contain information that could be extremely useful to someone looking to perpetrate an attack. “Three of their slides constitute a hit list of critical infrastructure. They tell you by name which [Pacific Gas and Electric] substations you could use to destroy parts of grid. They give the name of all the large pumping stations in California.”

The publicly available documents that DHS released do indeed contain the names and physical locations of specific Pacific Gas and Electric Substations that may be vulnerable to attack.

Defense One shared the documents with Jeffrey Carr, CEO of the cybersecurity firm Taia Global and the author of Inside Cyber Warfare: Mapping the Cyber Underworld. “I’d agree…This release certainly didn’t help make our critical infrastructure any safer and for certain types of attackers, this information could save them some time in their pre-attack planning,” he said.

Perpetrating an Aurora attack is not easy, but it becomes much easier the more knowledge a would-be attacker has on the specific equipment they may want to target.

* * *

In a 2011 paper for the Protective Relay Engineers’ 64th Annual Conference, Mark Zeller, a service provider with Schweitzer Engineering Laborites lays out—broadly—the information an attacker would have to have to execute a successful Aurora attack. “The perpetrator must have knowledge of the local power system, know and understand the power system interconnections, initiate the attack under vulnerable system load and impedance conditions and select a breaker capable of opening and closing quickly enough to operate within the vulnerability window.”

“Assuming the attack is initiated via remote electronic access, the perpetrator needs to understand and violate the electronic media, find a communications link that is not encrypted or is unknown to the operator, ensure no access alarm is sent to the operators, know all passwords, or enter a system that has no authentication.”

That sounds like a lot of hurdles to jump over. But utilities commonly rely on publicly available equipment and common communication protocols (DNP, Modbus, IEC 60870-5-103,IEC 61850, Telnet, QUIC4/QUIN, and Cooper 2179) to handle links between different parts their systems. It makes equipment easier to run, maintain, repair and replace. But in that convenience lies vulnerability.

In their Power Magazine article, the authors point out that “compromising any of these protocols would allow the malicious party to control these systems outside utility operations.”

Defense One reached out to DHS to ask them if they saw any risk in the accidental document dump. A DHS official wrote back with this response: “As part of a recent Freedom of Information Act (FOIA) request related to Operation Aurora, the Department of Homeland Security (DHS) National Programs and Protection Directorate provided several previously released documents to the requestor. It appears that those documents may not have been specifically what the requestor was seeking; however, the documents were thoroughly reviewed for sensitive or classified information prior to their release to ensure that critical infrastructure security would not be compromised.”

Weiss calls the response “nonsense.”

The risk posed by DHS accidental document release may be large, as Weiss argues, or nonexistent, as DHS would have you believe. But even if it’s the latter, Aurora vulnerabilities remain a key concern.

Perry Pederson, who was the director of Control Systems Security Program at DHS in 2007 when the Aurora vulnerability was first exposed, said as much in a blog post in July after the vulnerability was discovered. He doesn’t lay blame at the feet of DHS. But his words echo those of Weiss in their urgency.

“Fast forward to 2014. What have we learned about the protection of critical cyber-physical assets? Based on various open source media reports in just the first half of 2014, we don’t seem to be learning how to defend at the same rate as others are learning to breach.”

* * *

In many ways the Aurora vulnerability is a much harder problem to defend against than the Sony hack, simply because there is no obvious incentive for any utility operator to take any of the relatively simple costs necessary to defend against it. And they are simple. Weiss says that a commonly available device installed on vulnerable equipment could effectively solve the problem, making it impossible to make the moving parts spin out of synchronization. There are two devices on the market iGR-933 rotating equipment isolation device (REID) and an SEL 751A, that purport to shield equipment from “out-of-phase” states.

To his knowledge, Weiss says, Pacific Gas and Electric has not installed any of them anywhere, even though the Defense Department will actually give them away to utility companies that want them, simply because DOD has an interest in making sure that bases don’t have to rely on backup power and water in the event of a blackout. “DOD bought several of the iGR-933, they bought them to give them away to utilities with critical substations,” Weiss said. “Even though DOD was trying to give them away, they couldn’t give them to any of the utilities because any facility they put them in would become a ‘critical facility’ and the facility would be open to NERCCIP audits.”

Aurora is not a zero-day vulnerability, an attack that exploits an entirely new vector giving the victim “zero days” to figure out a patch. The problem is that there is no way to know that they are being implemented until someone, North Korea or someone else, chooses to exploit them.

Can North Korea pull of an Aurora vulnerability? Weiss says yes. “North Korea and Iran and are capable of doing things like this.”

Would such an attack constitute an act of cyber war? The answer is maybe. Speaking to reporters at the Pentagon on Friday, Pentagon Press Secretary Rear Adm. John Kirby said “I’m also not able to lay out in any specificity for you what would be or wouldn’t be an act of war in the cyber domain. It’s not like there’s a demarcation line that exists in some sort of fixed space on what is or isn’t. The cyber domain remains challenging, it remains very fluid. Part of the reason why it’s such a challenging domain for us is because there aren’t internationally accepted norms and protocols. And that’s something that we here in the Defense Department have been arguing for.”

Peter Singer, in conversation with Jason Koebler at Motherboard, says that the bar for actual military engagement against North Korea is a lot higher than hacking a major Hollywood movie studio.

“We didn’t go to war with North Korea when they murdered American soldiers in the 1970s with axes. We didn’t go to war with North Korea when they fired missiles over our allies. We didn’t go to war with North Korea when one of their ships torpedoed an alliance partner and killed some of their sailors. You’re going to tell me we’re now going to go to war because a Sony exec described Angelina Jolie as a diva? It’s not happening.”

Obama said Friday that there would be some sort of response to the hack, but declined to say what. “We have been working up a range of options. They will be presented to me. I will make a decision on those based on what I believe is proportional and appropriate to the nature of this crime,” he said.

Would infrastructure vandalism causing blackouts and water shutdowns constitute an act of war? The question may be moot. Before the United States can consider what sort of response is appropriate to cyber attacks, it must first be able to attribute them.

The FBI was able to finger North Korea for the hack after looking at the malware in the same way a forensics team looks for signs of a perpetrator at the scene of the crime. “Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” according to the FBI statement. (Attribution has emerged as a point of contention in technology circles, with many experts suggesting that an inside hack job was more likely.)

An Aurora vulnerability attack, conversely, leaves no fingerprints except perhaps a single IP address. Unlike the Sony hack, it doesn’t require specially written malware to be uploaded into a system—malware that could indicate the identity of the attacker, or at least his or her affiliation. Exploiting an Aurora attack is simply a matter of gaining access, remotely, possibly because equipment is still running on factory-installed passwords, and then turning off and on a switch.

“You’re using the substations against whatever’s connected to them. Aurora uses the substations as the attack vector. This is the electric grid being the attack vector,” said Weiss, who calls it “a very, very insidious” attack.

The degree to which we are safe from that eventuality depends entirely on how well utility companies have put in place safeguards. We may know the answer to that question in 2015.

AQAP Claims Responsibility for Paris Attack

Posted on by

Charlie Hebdo’s Jihadi Attackers Tied to AQAP; More Attacks May be Planned
By: Anthony Kimery, Editor-in-Chief

Al Qaeda in the Arabian Peninsula (AQAP) members and supporters swarmed social media sites immediately after the Wednesday jihadi attack on the Paris offices of the “blasphemous” newspaper Charlie Hebdo with messages implying the jihadists who attacked the newspaper were AQAP operatives.

While AQAP, a core Al Qaeda affiliate that has taken the lead in attacking the West, didn’t immediately officially take credit for the attack, its members and supporters implied as much on social media sites. Now, an AQAP leader has claimed that AQAP did, in fact, direct the attack, which isn’t surprising, since AQAP had placed Charlie Hebdo’s editor, Stephane “Charb” Charbonnier, on a “Wanted” poster for crimes against Islam for repeatedly satirizing the Prophet Mohamed in cartoons, a blasphemous act under radical Islamic law that’s punishable by death. Eight other persons AQAP considers to have blasphemed Prophet Mohamed also appear on the wanted poster.

Counterterrorism officials told Homeland Security Today Wednesday there’d been what they described as “pretty actionable” intelligence in various forms that had been connected to indicate the Charlie Hebdo attack was well-planned and “very likely” carried out by well-trained jihadists who likely received their training on the battlefields of Syria and Iraq fighting Al Qaeda or the Islamic State.

Former CIA counterterrorism analyst Aki Peritz told BBC World News the attacks were “very professional, well thought out, well researched and well executed.”

Following the killing of Charbonnier Wednesday, AQAP operative known as Mawlawi Abdallah tweeted that, “One of the men wanted by Al Qaeda has been eliminated – praise Allah, and the other wanted men are soon to come, Allah willing.”

The tweet included the “Wanted Dead or Alive for Crimes Against Islam” poster published in AQAP’s Inspire magazine in March 2013 with Charbonnier’s picture marked with a red X. The image includes the text, “Appreciation, greetings, and thanks from the ummah of Islam, to those who have avenged Prophet Muhammad.”

AQAP supporters also posted an image of AQAP leader Nasir Al Wuhayshi superimposed on a photo from the attack, with a quote from a female survivor who said that the attackers claimed to belong to Al Qaeda in Yemen.

Two of the attackers on the Charlie Hebdo offices were known jihadi brothers Said Kouachi and Cherif Kouachi, who were killed Friday afternoon in a violent shootout with French counterterrorism forces at a printing plant in Dammartin-en-Goele northeast of Paris.

In their attack on the Charlie Hebdo offices, the brothers killed 12 people, including Charbonnier, four cartoonists and two police officers in the deadliest terrorist attack in France in four decades.

Intelligence sources say Said trained with AQAP and met with AQAP recruiter and operations planner, American-born Anwar Al Awlaki when Said spent time training with AQAP in Yemen. Intelligence sources said Awlaki provided funds to the brothers. Awlaki had called for the death of Charlie Hebdo’s editor and cartoonists, and was involved in developing the terror group’s Inspire magazine, which published the wanted poster of individuals jihadis should kill, including Charlie Hebdo’s editor.

Homeland Security Today first reported Wednesday that counterterrorism sources said on background that the Kouachi brothers likely were tied to AQAP, and that intelligence indicated the attack on Charlie Hebdo may be the beginning of a larger coordinated plan of action against individuals whom jihadists have been identifying for assassination going back to at least 2010, including individuals in the United States, although previous jihadi hit lists against Western individuals in 2011 drew mostly yawns from many intelligence officials and authorities.

Britain’s director of MI5, Andrew Parker, said in a rare public speech at MI5 headquarters Thursday that, “A group of core Al Qaeda terrorists in Syria is planning mass casualty attacks against the West” designed to “cause large-scale loss of life, often by attacking transport systems or iconic targets” in the West.

When they attacked the Charlie Hebdo’s offices, the heavily armed Kouachi brothers and an 18-year-old accomplice who quickly surrendered to police, was clearly professional and well-coordinated. The brothers shouted “we have avenged the prophet” and “Al lahu Akbar” (God is great), as they stormed the offices of the satirical newspaper.

Charlie Hebdo has been on jihadists’ hit list for years for its numerous satirical portrayals of Prophet Mohamed, including a cartoon of a turbaned Muslim in a wheelchair pushed by a man dressed as an orthodox Jew with the caption, “Intouchables 2.” Another cartoon on the back page depicted a naked Mohammed exposing his butt to a film director, which was apparently inspired by a 1963 film starring French film star Brigitte Bardot.

In 2011, Charlie Hebdo made headlines when it named the Prophet Muhammad as editor-in-chief of an edition of the newspaper titled, “Sharia Hebdo,” and featured Prophet Mohammed as guest editor. Not surprisingly, the edition of the publication incited outrage and its offices firebombed.

The attack and further threats of violence didn’t deter Charlie Hebdo, which continued to publish more Muhammad illustrations the following year.

In November, French Islamic State members released a video through the Al Hayat Media Center calling on Muslims to carry out jihadi attacks on French soil and offering operational support.

The killers

The Kouachi brothers were both French-Algerian in their early 30s. Cherif was convicted in 2008 on terrorism charges for recruiting jihadists to join Islamists in Iraq and sentenced to three years in prison. Eighteen months of the sentence were suspended, however.

Cherif, who called himself Abu Issen, was part of the “Buttes-Chaumont network” that sent jihadists to fight for Al Qaeda in Iraq. He also had been detained by French police in 2005 while on his way to board a plane for Syria.

Boubaker Al Hakim, a jihadist tied to Al Qaeda was a central member of the Buttes-Chaumont network, according to authorities.

Both men had been in US terrorist databases and the “No-Fly” list for years, although authorities wouldn’t say when they were put in the databases. Presumably it would have been after Cherif’s initial arrest.

Following the 2005 incident, French Interior Minister Dominique de Villepin warned that foreign-trained jihadists from his nation would eventually “come back to France, armed with their experience, to carry out attacks.”

Consequently, questions are being raised about why Cherif in particular was not more closely monitored given the intelligence the French police had on him.

A third accomplice, 18-year-old Hamyd Mourad, is believed to have been captured during a raid by police and a French counterterror unit in Reims in north-eastern France.

Authorities said all three men are believed to have recently returned from Syria where they were trained by jihadis fighting with Al Qaeda and the Islamic State, but it hasn’t been confirmed.

AQAP praises the attack

“The day after the deadly shooting at the headquarters of the Charlie Hebdo weekly in Paris, jihad supporters on social media continued to glorify the perpetrators of the attack. In particular, activists of Al Qaeda in the Arabian Peninsula boasted that the shooters were members of their organization and distributed images, banners and videos in praise of the shooting,” said the Middle East Media Research Institute (MEMRI), which monitors jihadi social media. “They emphasized the role of AQAP and of its English-language magazine Inspire in encouraging lone wolf attackers, mentioning that Inspire had published a ‘wanted poster’ featuring the editor of Charlie Hebdo, Stéphane Charbonnier, who was killed in yesterday’s shooting. Others posted quotes by Osama bin Laden, calling for acting against those who insult the Prophet, and also referred to various ‘crimes’ committed by France, such as its invasion of Mali.”

According to MEMRI, “Islamic State (ISIS) activists and supporters also praised the attack, while emphasizing their organization’s role in inciting attacks against Western targets. They also stressed that the perpetrators were motivated to take vengeance on France for its role in the international campaign against ISIS. ISIS supporters are for now avoiding directly addressing reports that the perpetrators had claimed responsibility in the name of AQAP.”

“French-speaking Jihadi fighters reacted joyously at the news of the attack and its revenge for the blasphemous acts of the cartoonists, and called for more attacks against the West,” MEMRI said jihadi social media revealed. “They also criticized and leveled accusations against Muslims in the West for their reactions of support for the victims of the attack. Few tweets mentioned the doubt about whether Al Qaeda or ISIS was behind the attack; the focus was on praising the attack as revenge for Islam in general” and calling for more attacks.

MEMRI reported, “jihadi supporters on social media continued to promise that there would be a follow-up to this attack, and that the West should expect additional attacks.”

Homeland Security Today reported Wednesday following the attack that US counterterrorism intelligence sources told Homeland Security Today on condition of anonymity that intelligence indicates the attack may be the beginning of a larger coordinated plan of action against numerous individuals whom jihadists have been identifying for assassination going back to at least 2010, including individuals in the United States, although previous jihadi hit lists against Western individuals in 2011 drew mostly yawns from many intelligence officials and authorities.”

Mawlawi Abdallah posted a picture of American born jihadi convert Anwar Al Awlaki — who joined AQAP and become a prominent recruiter before being killed in US drone strike — and wrote: “Glad tidings, O martyr of da’wa … The lone wolves continue to rip the West to shreds.”

The picture of Al Awalki is superimposed on a picture from the Paris attack and includes a quote from Al Awlaki in English: “It is not enough to have the intention of doing good. One must do good in the proper way. So what is the proper solution to this growing campaign of defamation [of the Prophet Muhammad?] … The medicine prescribed by the Messenger of Allah is the execution of those involved.”

Another AQAP operative known as Danyal tweeted: “They [unclear whether referring to the West or Muslims who condemned the attack] did not condemn and were not outraged when French forces made the oppressed Muslims of Mali drink from the chalice of their animosity, but were furious over the victims of the Charlie Hebdo operation! … Bless you and bless your efforts. May Allah’s blessing be upon you, oh heroes of the Charlie Hebdo operation!”

Yemeni preacher Mamoon Hatem, who officially belongs to AQAP but supports joining the Islamic state, attempted to attribute the attack to ISIS, saying, “The Islamic State is the West’s new nightmare and its biggest enemy today. The head of the snake and its arms will be cut off, ground up, kneaded, and baked, with Allah’s help.”

“While Hatem did not directly refer to the attack, his tweet came shortly after it,” MEMRI said.

AQAP media activist Muhannad Ghallab tweeted a picture from a solidarity rally in Boston with a sign that reads “Boston is Charlie,” adding, “From Boston to Paris … The message has been delivered.” In another tweet he wrote: “#LoneJihad strategy proved today it’s the best way to exhaust, hurt, & terrorize the west, especially [since] it can’t be detected. #CharlieHebdo.”

 

An AQAP militant calling himself Jabal, MEMRI discovered, praised the group’s magazine Inspire for motivating the attackers: “Oh you who are responsible for the magazine Inspire, this is the fruit of your efforts to prepare the lone wolves – the individual jihad. May Allah bless you and increase your good reward.”

“The pro-Al Qaeda Twitter account Marsad Al Jihad Al Alami uploaded a YouTube clip edited by a supporter … accompanied by songs praising jihad, photos of the attack, photos of those wanted for execution by Al-Qaeda, and more,” MEMRI reported.

In addition, “the Twitter account for Al Qaeda in the Islamic Maghreb (AQIM) published a banner supporting the attack,” MEMRI said. “The banner cites the verse from the Koran which stipulates that anyone who harms Allah or the Prophet will be punished in this world and the next world.”

The Al Qaeda-linked Syrian-based Saudi preacher Abdallah Al Mheissni wrote, “The lone wolves will not ignore/keep silent over those who defame the Prophet’s dignity. I cannot find a more fitting way of killing than the one that seeks to kill in order to defend the Prophet.”

He added, “Whoever curses the Prophet should be killed,” and that, “A general consensus exists amongst religious jurists that a person who curses the Prophet is punished by death.”

Growing jihadism and ‘hit lists’

The attack on Charlie Hebdo’s offices occurred during a time of intensified worries in France and other Western European nations over the hundreds of radicalized Muslims and self-radicalized jihadist European citizens who went to fight with both Al Qaeda and the Islamic State, and feared they would return to carry out jihadi attacks in their own countries – a uneasiness that has had Western counterterrorism authorities on edge.

Homeland Security Today Contributing Writer Dave Sloggett wrote in August that, “All across Europe, security services have become increasing candid about the threat their nations face from terrorism linked to Syria and Iraq by the establishment of the Islamic State. Their openness about the scale of the problem they face is clear. They are trying to prepare Europeans that another terrorist atrocity cannot be prevented in the West. The problems with preventing people from traveling overseas and potentially returning ready to conduct acts of extreme violence — as leaders of the Islamic State have claimed they will do — are simply too huge.”

Sloggett conducted a study of data released by the various security agencies of thirteen European countries that revealed a mixed picture of radicalization when analyzed in the context of the local demographics.

“Aside from Turkey,” he said, “whose population is nearly all classified as Muslims, France is the country with the next highest Muslim population at around 5.5 million out of a total of 63 million people. This represents around 9 percent of the total population. French authorities have been very clear that they believe around 700 people have traveled to Syria, a rate of 1 in 8,000 of the Muslim population. Despite having a similar overall population, Turkish authorities believe that, like France, only 700 have crossed the border into Syria.”

In June 2011, Homeland Security Today first reported that 11 of the nation’s top military leaders at the time were among 58 past and present military, corporate and civilian officials who were identified by members of the Al Qaeda-linked Ansar Al Mujahedeen jihadist forum as infidels who should be murdered, according to a jihadist “hit list” that accompanied a June 6 Florida fusion center bulletin.

The bulletin coincided with an unusual flurry of similar alerts that were issued at about the same time by the FBI, Department of Defense and Department of Homeland Security, and which came on the heels of then FBI Director Robert Mueller having told the Senate Committee on the Judiciary that one of the early assessments from intelligence seized at Osama Bin Laden’s compound in Pakistan is that Al Qaeda is committed to continuing attacks against the United States.

While some officials downplayed the “hit list” as wishful thinking by Al Qaeda-sympathetic jihadists, other counterterrorism authorities went on high alert in response to the jihadi forums’ members’ disturbing talk of assassinating top US military and corporate leaders.

In light of the attack on Charlie Hebdo, perhaps there is a “lone-wolf” central committee that’s not just proffering idle chatter in cyberspace, but is indeed secretly laboring away plotting additional attacks like this one. Both US and western counterterrorism officials said Thursday “there’s increased chatter” among AQAP and other Al Qaeda affiliated groups.

Congressional intelligence committee members were briefed on what US intelligence agencies know, and are said to have been told that not only was the French attack likely directly supported by a jihadist group, but that there will likely be more attacks in the very near future.

Over the past year, threatened attacks on the US and the West by Al Qaeda and the Islamic State through media services and social media platforms have exploded.

In recent months, the Department of Homeland Security, FBI and Pentagon have issued multiple alerts about the possibility of a range of attacks, including cyberterrorism, lone wolf attacks and attacks specifically targeting military and law enforcement.

In November, calling on his Islamic State soldiers “to continue their fight” and, “O soldiers of the Islamic State, continue to harvest the soldiers,” Islamic State demigod Abu Bakr Al Baghdadi (Caliph Ibrahim) vowed an “Erupt[ion] [of] volcanoes of jihad everywhere” in a 16 minute recorded audio message released by the Al Furqan media company on the Shumoukh Al Islam forum.