How Emwazi, the ISIS Be-header Met his Demise

Posted on November 13, 2015November 13, 2015 by Denise Simon

Score one for the intelligence community and the drone strike…

How the US and UK tracked down and killed Jihadi John

The killing of Mohammed Emwazi, also known as Jihadi John, was the culmination of 15 months of intensive intelligence work by MI6, GCHQ and the CIA

5:46PM GMT 13 Nov 2015

For Jihadi John, death could not have been more different than that of his victims. While his hostages suffered unimaginable horror as he beheaded them, for him the end came instantaneously and without warning.

For more than a year British and US intelligence agencies had been trying to gain live information on the whereabouts of the masked man whose first victim, the American journalist James Foley, was murdered in a video posted on YouTube in August 2014.

Their efforts finally paid off shortly before midnight on Thursday, when intelligence pinpointed him to a car in the centre of Raqqa, Syria, within a short walk of the Islamic State of Iraq and the Levant’s headquarters in the old governorate building.

Mohammed Emwazi – his real name was finally confirmed by David Cameron for the first time today – is understood to have been located by either MI6 or GCHQ, either through a human source on the ground or by monitoring his communications.

Emwazi beheaded (clockwise, from top left) David Haines, James Foley, Alan Henning, Peter Kassig and Steven Sotloff

The intelligence was passed on to the Pentagon, enabling the operators of an armed Predator drone already in the sky above Raqqa to spot the car in which he was travelling.

At 11.40pm Syrian time (8.40pm GMT) the order to kill was passed to the drone operators at Creech Air Force Base in Nevada.

Controlling their drone via a satellite link, and using a second Reaper as a “spotter” plane, they selected their target and released a Hellfire missile from 10,000ft.

Experts say the Predator may have been several miles away at the time, invisible in the night sky. Its missile, travelling at Mach 1.3 (995mph) arrived at such speed that Emwazi would have known nothing before it struck. At 11.51pm the car, and its four occupants, were blown to pieces.

The result was described by one US official as a “flawless” strike, a “clean hit” that would have “evaporated” Emwazi, with no collateral damage. “We are 99 per cent sure we got him,” the official said.

Unconfirmed reports suggested another of those killed was another of the four British jihadis nicknamed “The Beatles” by their captives because of their English accents. Emwazi, 27, was given the nickname John after John Lennon.

Emwazi’s death, if confimed, was doubly symbolic for the allied forces that hunted him down. Not only was Isil’s main propaganda tool neutralised, but the location of the strike was within sight of two of the locations most strongly identified with the terrorist group.

The missile strike happened in or next to Clocktower Square, the roundabout chosen by Isil to carry out public executions.

In 2012, the roundabout was the location of the city’s first protests against Bashar al-Assad, the Syrian president, as a popular uprising spread across the country. By the summer of 2013, Isil had seized control of the city, and video footage from May of that year shows three rebel soldiers, blindfolded with a green rag reminiscent of the colours of the revolution, before being shot dead.

Emwazi is understood to have been travelling from the Isil headquarters, inside what was once the office of Raqqa’s city governor. He may also have been living in the building.

The Syrian Observatory for Human Rights said its own sources had confirmed that a British jihadi had been killed in the strike. Rami Abdulrahman, director of the British-based group, said: “All the sources there are saying that the body of an important British Jihadi is lying in the hospital of Raqqa. All the sources are saying it is of Jihadi John but I cannot confirm it personally.”

A senior U.S. official said the drone strike was the result of “persistent surveillance” and that the Pentagon knew it was Emwazi when the shot was taken.

Drones routinely fly for 16 hours or more, and the drone that killed Emwazi could have been circling overhead for several hours, waiting for an opportunity, and is likely to have stayed overhead afterwards to see if anyone got out of the car alive.

Britain and America had always maintained they were working around the clock to find Emwazi, but the apparent extent of its surveillance capabilities over Raqqa had not been clear until now.

The strike suggests he was under tight surveillance, combining human informants with sophisticated technology.

The hunt for Mohammed Emwazi began at the end of 2012, when the security services first suspected he was in Syria. He had been reported missing by his family in August of that year, having left the family home in Queen’s Park, north London and lied about where he was going.

Jihadi John, the then unidentified Isil executioner, became a top priority for MI6 after his video of Foley’s beheading, titled A Message to America, was posted last year.

The first step was to identify the masked, black-clad figure in the footage. With only his eyes visible, intelligence officers on both sides of the Atlantic examined other clues, primarily his voice and accent, but also his skin colour, height, physique and vein patterns on his hands. By September 14 last year his name was known to the UK and US governments.

British and American special forces operating in Syria for the past year have been gathering human intelligence on senior jihadists, paying informers and carrying out snatch raids on low-level commanders who can then be interrogated.

Raqqa, however, has proved impossible for them to infiltrate, so instead an RAF Rivet Joint spy plane, based at Al Udeid Air Base in Qatar, has been crisscrossing Syria for more than a year, “hoovering up” calls and messages for analysis by spies.

Much of the communications chatter was analysed at Ayios Nikolaos, a top secret listening station in Cyprus and the largest UK overseas spy base.

Manned by UK military intelligence officers working for GCHQ, its highly sensitive dome shaped radars have the capability to “look out” over the horizon for up to 400 miles and pull in information from UK warships and submarines deployed in the region.

Despite reports that he had fled to Libya or had been expelled from Isil, the intelligence agencies remained confident he was still in Raqqa, even though he went quiet after his last beheadings, of two Japanese hostages in January.

An air strike targeting a German colleague of Emwazi last month may have been the first sign that Britain and America were hot on his trail, according to security expert Neil Doyle.

An air strike last month targeting a Denis Cuspert, a German associate of Emwazi who mixed in the same circles as him, may have been the first sign that Britain and America were hot on his trail.

David Cameron said Britain and the US had been working “literally around the clock to track him down”. He added: “This was a combined effort. And the contribution of both our countries was essential.”

Col Steve Warren, a spokesman for the US-led military coalition fighting Isil, said: “This is significant. He was somewhat of an Isil celebrity, somewhat the face of the organisation…he was a prime recruitment tool for the organisation. This guy was a human animal and killing him does probably make the world a little bit of a better place.”

He said coalition forces had been following Emwazi “for some time” and commanders had “great confidence” it was him before they gave the order to kill. The strike had been captured on video and there was no reason to believe any civilian casualties had been caught in the blast, Col Warren said.

Drills on Homeland Have a Reason

Posted on November 12, 2015November 12, 2015 by Denise Simon

We are always suspicious and question what law enforcement is doing and why. We ask the same when it comes to the Department of Homeland Security and we do the same regarding the military. There were huge questions and theories when Operation Jade Helm was held in 5 Southern states this past summer.

Okay, it is good we question government, it is a duty yet there are reasons why events and activities do occur. Here are two reasons why which may help us come to understand motivations for exercises and training even in either rural or urban areas.

The fuel for a nuclear bomb is in the hands of an unknown black marketeer from Russia, U.S. officials say

The presence of identical fissile materials in three smuggling incidents indicates someone has a larger cache and is hunting for a buyer

With so many nuclear explosives held by governments around the world, US officials have long worried about the possibility of a terrorist-engineered nuclear or radiological blast within the United States. Multiple federal agencies have held almost 1,400 drills in cities around the country over the last decade to train local police and emergency personnel in how to behave after such a nightmare unfolds, according to a spokeswoman for the National Nuclear Security Administration.

CHISINAU, Moldova – The sample of highly-enriched uranium, of a type that could be used in a nuclear bomb, arrived here on a rainy summer day four years ago, in a blue shopping bag carried by a former policeman.

According to court documents, the bag quickly passed through the hands of three others on its way to a prospective buyer. It was not the first time such material had passed through this city, raising international alarms: It had happened twice before. And mysteriously, in all three cases, spanning more than a decade, the nuclear material appeared to have the same origin – a restricted military installation in Russia.

This news would quickly reach Washington. But that day, the first to pick up the blue bag was the wife of a former Russian military officer, who handed it off to a friend while she went shopping in this former Soviet city’s ragged downtown.

Not long afterward, a 57-year old lawyer named Teodor Chetrus, from a provincial town near the Ukrainian border, retrieved it and brought it to a meeting with a man named Ruslan Andropov. According to an account by Moldovan police, the two men had, earlier in the day, visited a local bank, where Chetrus confirmed that Andropov had deposited more than $330,000 as an initial payment.

Andropov next examined the contents of the bag: a lead-lined cylinder, shaped like a thermos. It was meant to be the first of several shipments of highly-enriched uranium totaling 10 kilograms (22 lbs), a senior investigator here said. That’s about a fifth of what might be needed to fuel a Hiroshima-sized nuclear explosion — but almost enough to power a more technically-advanced “implosion-style” nuclear bomb. The full story is a MUST read in its entirety and exceptional work from Public Integrity.

*** Then last week, there was yet another event off the coast of California that forced air traffic to be halted and re-routed as well as some automobile traffic. A peculiar set of beams of light were noted in the sky. Bigger questions were asked. Some thought the U.S. military was training to bomb the homeland. Ah….not so much.

There Is a Secret U.S. Spy Plane Flying Over the Pacific

Here’s what we know … and what we don’t

In 2013, the U.S. Air Force sent a secret spy plane out over the Pacific region. The unknown aircraft – possibly a drone – flew “national collection missions” – a euphemism for strategic intelligence against states like North Korea or China.

It was one of five different types of aircraft flying these missions. The Pentagon’s top headquarters asked the flying branch to use its U-2 Dragon Ladies and RC-135V/W Rivet Joints to take high resolution pictures and scoop up radio chatter, according to an official history of the Air Force’s Intelligence, Surveillance and Reconnaissance Agency – a.k.a. AFISRA – for that year.

“Other USAF aircraft flying national collection missions included the RC-135U Combat Sent, the RC-135S Cobra Ball and the aforementioned [redacted],” the history stated.

So what is the mystery aircraft? The blacked-out portion of the document suggests the missing portion is five to seven characters long. With that in mind, the super secret RQ-170 Sentinel – a six character designation that would fit in the redacted segment – is one possibility.

Lockheed built an estimated 20 to 30 RQ-170s – also known as Wraiths– for the Air Force sometime in the early 2000s. The 30th Reconnaissance Squadron at Creech Air Force Base in Nevada owns all of these bat-winged pilotless spies.

In 2007, journalists first spotted the Wraith at Kandahar Air Field in Afghanistan, earning the nickname “the Beast of Kandahar.” On Dec. 4, 2009, the Air Force formally announced the Sentinel to the world … and little else.

That same year, the drones were flying missions in the Pacific from Andersen Air Force Base on Guam and Kunsan Air Base in South Korea, according to previous Air Force histories we obtained through FOIA. During the latter deployment, the Wraiths likely gathered information about North Korea’s nuclear, ballistic missile and space programs.

In December 2011, one RQ-170 crashed in Iran.

And as of April 2014, at least one of these stealthy flying wings was still on duty, according to an accident report in Combat Edge, Air Combat Command’s official safety magazine. ACC owns the bulk of the Air Force’s combat aircraft, including its spy planes and the RQ-170s.

If the RQ-170s are still in service, the flying branch would have every incentive to keep using them. And the Sentinels and their crews already had experience in the Asia-Pacific theater.

Of course, the censored plane could be something entirely new. For decades, the Pentagon and the CIA have repeatedly acknowledged advanced aircraft projects — after the fact — only to decline to release any significant information about them. Hat tip to War is Boring for doing the investigative work, the rest of the work is found here.

FBI: Hillary and Gross Negligence

Posted on November 12, 2015November 12, 2015 by Denise Simon

We cant officially know at the point who on Hillary’s team has met with the FBI and made statements or answered questions, Conversations with the FBI are not under oath, but still making false statements or responses is a felony. It must also be noted that even Barack Obama said he was NOT aware of a private server but did know and in fact the White House did communicate with Hillary and her team via private, non-governmental email addresses.

It is noteworthy that this snippet of news of the FBI widening their investigation is even in the public domain. The FBI is reviewing all emails to determine themselves which should be classified and those that are not deemed so. If Hillary never revealed to Obama himself that she was using a private server and providing him notice is itself a standard to prosecute her.

Documents and information includes: any material in written form, books, sketches, photographs, blueprints, maps, notes documents, plans or comments.

FBI expands probe of Clinton emails, launches independent classification review

FNC: The FBI has expanded its probe of Hillary Clinton’s emails, with agents exploring whether multiple statements violate a federal false statements statute, according to intelligence sources familiar with the ongoing case.

Fox News is told agents are looking at U.S. Code 18, Section 1001, which pertains to “materially false” statements given either in writing, orally or through a third party. Violations also include pressuring a third party to conspire in a cover-up. Each felony violation is subject to five years in prison.

This phase represents an expansion of the FBI probe, which is also exploring potential violations of an Espionage Act provision relating to “gross negligence” in the handling of national defense information.

“The agents involved are under a lot of pressure and are busting a–,” an intelligence source, who was not authorized to speak on the record, told Fox News.

The section of the criminal code being explored is known as “statements or entries generally,” and can be applied when an individual makes misleading or false statements causing federal agents to expend additional resources and time. In this case, legal experts as well as a former FBI agent said, Section 1001 could apply if Clinton, her aides or attorney were not forthcoming with FBI agents about her emails, classification and whether only non-government records were destroyed. It is not publicly known who may have been interviewed.

Fox News judicial analyst Judge Andrew Napolitano said the same section got Martha Stewart in trouble with the FBI. To be a violation, the statements do not need to be given under oath.

“This is a broad, brush statute that punishes individuals who are not direct and fulsome in their answers,” former FBI intelligence officer Timothy Gill told Fox News. Gill is not connected to the email investigation, but spent 16 years as part of the bureau’s national security branch, and worked the post 9/11 anthrax case where considerable time was spent resolving discrepancies in Bruce Ivins’ statements and his unusual work activities at Fort Detrick, Md.

“It is a cover-all. The problem for a defendant is when their statements cause the bureau to expend more time, energy, resources to de-conflict their statements with the evidence,” he said.

Separately, two U.S. government officials told Fox News that the FBI is doing its own classification review of the Clinton emails, effectively cutting out what has become a grinding process at the State Department. Under Secretary for Management Patrick Kennedy has argued to both Director of National Intelligence James Clapper and Congress that the “Top Secret” emails on Clinton’s server could have been pulled from unclassified sources including news reports.

“You want to go right to the source,” Gill said. “Go to the originating, not the collateral, authority. Investigative protocol would demand that.”

On Friday, Clapper spokesman Brian Hale confirmed that no change has been made to the two “Top Secrets” emails after a Politico report said the intelligence community was retreating from the finding.

“ODNI has made no such determination and the review is ongoing,” Hale said. Andrea G. Williams, spokeswoman for the intelligence community inspector general, said she had the same information. Kennedy is seeking an appeal, but no one can explain what statute or executive order would give Clapper that authority.

A U.S. government official who was not authorized to speak on the record said the FBI is identifying suspect emails, and then going directly to the agencies who originated them and therefore own the intelligence — and who, under the regulations, have final say on the classification.

As Fox News previously reported, at least four classified Clinton emails had their markings changed to a category that shields the content from Congress and the public, in what State Department whistleblowers believed to be an effort to hide the true extent of classified information on the former secretary of state’s server.

One State Department lawyer involved in the alleged re-categorization was Kate Duval. Duval once worked in the same law firm as Clinton’s current and long-time lawyer David Kendall and at the IRS during the Lois Lerner email controversy. Duval left government service for private practice in mid-September.

Why is Rocket Kitten Important?

Posted on November 10, 2015November 10, 2015 by Denise Simon

Security firm says it shut down extensive Iranian cyber spy program

A security firm with headquarters in Israel and the United States says it detected and neutralized an extensive cyber espionage program with direct ties to the government of Iran. The firm, called Check Point Software, which has offices in Tel Aviv and California, says it dubbed the cyber espionage program ROCKET KITTEN. In a media statement published on its website on Monday, Check Point claims that the hacker group maintained a high-profile target list of 1,600 individuals. The list reportedly includes members of the Saudi royal family and government, American and European officials, North Atlantic Treaty Organization officers and nuclear scientists working for the government of Israel. The list is said to include even the names of spouses of senior military officials from numerous nations.

News agency Reuters quoted Check Point Software’s research group manager Shahar Tal, who said that his team was able to compromise the ROCKET KITTEN databases and acquire the list of espionage targets maintained by the group. Most targets were from Saudi Arabia, Israel, and the United States, he said, although countries like Turkey and Venezuela were also on the list. Tal told Reuters that the hackers had compromised servers in the United Kingdom, Germany and the Netherlands, and that they were using these and other facilities in Europe to launch attacks on their unsuspecting targets. According to Check Point, the hacker group was under the command of Iran’s Revolutionary Guards Corps, a branch of the Iranian military that is ideologically committed to the defense of the 1979 Islamic Revolution.

Reuters said it contacted the US Federal Bureau of Investigation and Europol, but that both agencies refused comment, as did the Iranian Ministry of Foreign Affairs. However, an unnamed official representing the Shin Bet, Israel’s domestic security agency, said that ROCKET KITTEN “is familiar to us and is being attended to”. The official declined to provide further details. Meanwhile, Check Point said it would issue a detailed report on the subject late on Monday.

*** In part from SCMagazine:

The researchers uncovered more thorough indicators of compromise, along with new malware strains, including a Remote Access Trojan (RAT) the group apparently favored.

Further down the Rocket Kitten rabbit hole, the researchers appeared to identify the mastermind behind the operation, who goes by “Wool3n.H4t,” as Yaser Balaghi.

The company found references to his alias and real name on various developer forums, within the server itself, and eventually, in an online tutorial he posted on SQL injection.

Additionally, a reported resume for Balaghi has listed “designing a phishing system” as ordered by a “cyber-organization.”

Saying technical evidence can be forged, or information be planted, Tal said he backs his company’s findings because of “overwhelming evidence.”

“All evidence fits the same story and same narrative,” he said. “The probability that this is a false lead is extremely nonexistent in my opinion.”

Given that Balaghi resides in Iran, there will likely not be any repercussions or extradition. However, Tal said the findings have been passed along to European and U.S. search bodies, as well as service providers who hosted the malicious servers.

Most infrastructure has been taken down since then, Tal said, and continued, “don’t expect to see them attacking any time soon.”

Crackas With Attitude Hit FBI Director

Posted on November 7, 2015November 7, 2015 by Denise Simon

A few days ago, it was the Director of the CIA, John Brennan, now it is the Director of the FBI. The hacking group boasted their success on Twitter, but that account has since been terminated.

CIA email hackers breach FBI-run site, deputy director’s private email

The same hackers who breached the email account of CIA Director John Brennan last month are now believed to be behind another set of intrusions, including accessing a FBI-run law enforcement portal and a private email account of a top bureau official.

The hackers, who call themselves Crackas With Attitude, posted Friday personal data of law enforcement officials that appears to have been stolen from the Law Enforcement Enterprise Portal, CNN reported.

The FBI-run site, also known as LEO.gov, connects local and federal law enforcement officials and allows local, state and federal agencies to share information, including details of ongoing investigations.

Three U.S. law enforcement officials confirmed the breach. Users of the portal received notices that their data may have been compromised.

In addition, a Twitter account that investigators believe is operated by the hackers posted screenshotsThursday that appear to have come from a private email account belonging to FBI Deputy Director Mark Giuliano and his wife.

The same Twitter account also posted data that appeared to come from the LEO.gov site, including names and contact information for law enforcement employees.

The three officials told CNN that the same hackers who accessed Mr. Brennan’s email account are believed to be behind the latest breaches.

An FBI spokeswoman declined to comment on the alleged breaches.

“We have no comment on specific claims of hacktivism, but those who engage in such activities are breaking the law,” FBI spokeswoman Carol Cratty told CNN. “The FBI takes these matters very seriously. We will work with our public and private sector partners to identify and hold accountable those who engage in illegal activities in cyberspace.”