Apple vs. FBI, Try the iCloud or iTunes

Posted on February 18, 2016February 18, 2016 by Denise Simon

In all fairness, General Michael Hayden, former head of the NSA actually disagrees with FBI Director James Comey and sides with Apple. The reason is fascinating.

Apple’s formal statement is here.

Zetter – Wired:

The news this week that a magistrate ordered Apple to help the FBI hack an iPhone used by one of the San Bernardino shooter suspects has polarized the nation—and also generated some misinformation.

Those who support the government say Apple has cooperated in the past to unlock dozens of phones in other cases—so why can’t it help the FBI unlock this one?

But this isn’t about unlocking a phone; rather, it’s about ordering Apple to create a new software tool to eliminate specific security protections the company built into its phone software to protect customer data. Opponents of the court’s decision say this is no different than the controversial backdoor the FBI has been trying to force Apple and other companies to build into their software—except in this case, it’s an after-market backdoor to be used selectively on phones the government is investigating.

The stakes in the case are high because it draws a target on Apple and other companies embroiled in the ongoing encryption/backdoor debate that has been swirling in Silicon Valley and on Capitol Hill for the last two years. Briefly, the government wants a way to access data on gadgets, even when those devices use secure encryption to keep it private.

Apple specifically introduced security features in 2014 to ensure that it would not be able to unlock customer phones and decrypt the data on them; but it turns out it overlooked a loophole in those security features that the government is now trying to exploit. The loophole is not about Apple unlocking the phone but about making it easier for the FBI to attempt to unlock it on its own. If the controversy over the San Bernardino phone causes Apple to take further steps to close that loophole so that it can’t assist the FBI in this way in the future, it could be seen as excessive obstinance and obstruction by Capitol Hill. And that could be the thing that causes lawmakers to finally step in with federal legislation that prevents Apple and other companies from locking the government out of devices.

If the FBI is successful in forcing Apply to comply with its request, it would also set a precedent for other countries to follow and ask Apple to provide their authorities with the same software tool.

In the interest of clarifying the facts and correcting some misinformation, we’ve pulled together a summary of the issues at hand.

What Kind of Phone Are We Talking About?

The phone in question is an iPhone 5c running the iOS9 version of Apple’s software. The phone is owned by the San Bernardino Department of Public Health, which gave it to Syed Rizwan Farook, the shooter suspect, to use for work.

What Is the Issue?

Farook created a password to lock his phone, and due to security features built into the software on his device, the FBI can’t unlock the phone and access the data on it using the method it wants to use—a bruteforce password-guessing technique wherein they enter different passcodes repeatedly until they guess the right one—without running the risk that the device will lock them out permanently.

How Would It Do That?

Apple’s operating system uses two factors to secure and decrypt data on the phone–the password the user chooses and a unique 256-bit AES secret key that’s embedded in the phone when it’s manufactured. As cryptographer Matthew Green explains in a blog post, the user’s password gets “tangled” with the secret key to create a passcode key that both secures and unlocks data on the device. When the user enters the correct password, the phone performs a calculation that combines these two codes and if the result is the correct passcode, the device and data are unlocked.

To prevent someone from brute-forcing the password, the device has a user-enabled function that limits the number of guesses someone can try before the passcode key gets erased. Although the data remains on the device, it cannot be decrypted and therefore becomes permanently inaccessible. The number of password tries allowed before this happens is unclear. Apple says on its web site that the data becomes inaccessible after six failed password attempts. The government’s motion to the court (.pdf) says it happens after 10 failed guesses.

The government says it does not know for certain if Farook’s device has the auto-erase feature enabled, but notes in its motion that San Bernardino County gave the device to Farook with it enabled, and the most recent backup of data from his phone to iCloud “showed the function turned on.”

A reasonable person might ask why, if the phone was backing data up to iCloud the government can just get everything it needs from iCloud instead of breaking into the phone. The government did obtain some data backed up to iCloud from the phone, but authorities allege in their court document that he may have disabled iCloud backups at some point. They obtained data backed up to iCloud a month before the shootings, but none closer to the date of the shooting when they say he is most likely to have used the phone to coordinate the attack.

Is This Auto-Erase the Only Security Protection Apple Has in Place?

No. In addition to the auto-erase function, there’s another protection against brute force attacks: time delays. Each time a password is entered on the phone, it takes about 80 milliseconds for the system to process that password and determine if it’s correct. This helps prevent someone from quickly entering a new password to try again, because they can only guess a password every 80 milliseconds. This might not seem like a lot of time, but according to Dan Guido, CEO of Trail of Bits, a company that does extensive consulting on iOS security, it can be prohibitively long depending on the length of the password.

“In terms of cracking passwords, you usually want to crack or attempt to crack hundreds or thousands of them per second. And with 80 milliseconds, you really can only crack eight or nine per second. That’s incredibly slow,” he said in a call to reporters this week.

With a four-digit passcode, he says, there are only about 10,000 different combinations a password-cracker has to try. But with a simple six-digit passcode, there are about one million different combinations a password cracker would have to try to guess the correct one—Apple says would take more than five-and-a-half-years to try all combinations of a six-character alpha-numeric password. The iOS9 software, which appears to be the software on the San Bernardino phone, asks you to create a six-digit password by default, though you can change this requirement to four digits if you want a shorter one.

Later models of phones use a different chip than the iPhone 5c and have what’s called a “secure enclave” that adds even more time delays to the password-guessing process. Guido describes the secure enclave as a “separate computer inside the iPhone that brokers access to encryption keys” increasing the security of those keys.

With the secure enclave, after each wrong password guess, the amount of time you have to wait before trying another password grows with each try; by the ninth failed password you have to wait an hour before you can enter a tenth password. The government mentioned this in its motion to the court, as if the San Bernardino phone has this added delay. But the iPhone 5c does not have secure enclave on it, so the delay would really only be the usual 80 milliseconds in this case.

Why None of This Is an Issue With Older iPhones

With older versions of Apple’s phone operating system—that is, phones using software prior to iOS8—Apple has the ability to bypass the user’s passcode to unlock the device. It has done so in dozens of cases over the years, pursuant to a court order. But beginning with iOS8, Apple changed this so that it can no longer bypass the user’s passcode.

According to the motion filed by the government in the San Bernardino case, the phone in question is using a later version of Apple’s operating system—which appears to be iOS9. We’re basing this on a statement in the motion that reads: “While Apple has publicized that it has written the software differently with respect to iPhones such as the SUBJECT DEVICE with operating system (“iOS”)9, Apple yet retains the capacity to provide the assistance sought herein that may enable the government to access the SUBJECT DEVICE pursuant to the search warrant.”

The government is referring to the changes that Apple initially made with iOS8, that exist in iOS9 as well. Apple released iOS9 in September 2015, three months before the San Bernardino attacks occurred, so it’s very possible this is indeed the version installed on the San Bernardino phone.

After today, technology vendors need to consider that they might be the adversary they’re trying to protect their customers from.

What Does the Government Want?

A lot of people have misconstrued the government’s request and believe it asked the court to order Apple to unlock the phone, as Apple has done in many cases before. But as noted, the particular operating system installed on this phone does not allow Apple to bypass the passcode and unlock the phone. So the government wants to try bruteforcing the password without having the system auto-erase the decryption key and without additional time delays. To do this, it wants Apple to create a special version of its operating system, a crippled version of the firmware that essentially eliminates the bruteforcing protections, and install it on the San Bernardino phone. It also wants Apple to make it possible to enter password guesses electronically rather than through the touchscreen so that the FBI can run a password-cracking script that races through the password guesses automatically. It wants Apple to design this crippled software to be loaded into memory instead of on disk so that the data on the phone remains forensically sound and won’t be altered.

Note that even after Apple does all of this, the phone will still be locked, unless the government’s bruteforcing operation works to guess the password. And if Farook kept the iOS9 default requirement for a six-character password, and chose a complex alpha-numeric combination for his password, the FBI might never be able to crack it even with everything it has asked Apple to do.

Apple CEO Tim Cook described the government’s request as “asking Apple to hack our own users and undermine decades of security advancements that protect our customers—including tens of millions of American citizens—from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”

What Exactly Is the Loophole You Said the Government Is Exploiting?

The loophole is the fact that Apple even has the ability to run crippled firmware on a device like this without requiring the user to approve it, the way software updates usually work. If this required user approval, Apple would not be able to do what the government is requesting.

How Doable Is All of This?

Guido says the government’s request is completely doable and reasonable.

“They have to make a couple of modifications. They have to make it so that the operating system boots inside of a RAM disk…[and] they need to delete a bunch of code—there’s a lot of code that protects the passcode that they just need to trash,” he said.

Making it possible for the government to test passwords with a script instead of typing them in would take a little more effort he says. “[T]hat would require a little bit of extra development time, but again totally possible. Apple can load a new kernel driver that allows you to plug something in over the Thunderbolt port… It wouldn’t be trivial but it wouldn’t be massive.”

Could This Same Technique Be Used to Undermine Newer, More Secure Phones?

There has been some debate online about whether Apple would be able to do this for later phones that have newer chips and the secure enclave. It’s an important question because these are the phones that most users will have in the next one or two years as they replace their old phones. Though the secure enclave has additional security features, Guido says that Apple could indeed also write crippled firmware for the secure enclave that achieves exactly what the FBI is asking for in the San Bernardino case.

“It is absolutely within the realm of possibility for Apple themselves to tamper with a lot of the functionality of the secure enclave. They can’t read the secure private keys out of it, but they can eliminate things like the passcode delay,” he said. “That means the solution that they might implement for the 5c would not port over directly to the 5s, the 6 or the 6s, but they could create a separate solution for [these] that includes basically crippled firmware for the secure enclave.”

If Apple eliminates the added time delays that the secure enclave introduces, then such phones would only have the standard 80-millisecond delay that older phones have.

“It requires more work to do so with the secure enclave. You have to develop more software; you have to test it a lot better,” he said. “There may be some other considerations that Apple has to work around. [But] as far as I can tell, if you issue a software update to the secure enclave, you can eliminate the passcode delay and you can eliminate the other device-erase [security feature]. And once both of those are gone, you can query for passcodes as fast as 80 milliseconds per request.”

What Hope Is There for Your Privacy?

You can create a strong alpha-numeric password for your device that would make bruteforcing it essentially infeasible for the FBI or anyone else. “If you have letters and numbers and it’s six, seven or eight digits long, then the potential combinations there are really too large for anyone to bruteforce,” Guido said.

And What Can Apple Do Going Forward?

Guido says Apple could and should make changes to its system so that what the FBI is asking it to do can’t be done in future models. “There are changes that Apple can make to the secure enclave to further secure their phones,” he said. “For instance, they may be able to require some kind of user confirmation, before that firmware gets updated, by entering their PIN code … or they could burn the secure enclave into the chip as read-only memory and lose the ability to update it [entirely].”

These would prevent Apple in the future from having the ability to either upload crippled firmware to the device without the phone owner’s approval or from uploading new firmware to the secure enclave at all.

“There’s a couple of different options that they have; I think all of them, though, are going to require either a new major version of iOS or new chips on the actual phones,” Guido said. “But for the moment, what you have to fall back on is that it takes 80 milliseconds to try every single password guess. And if you have a complex enough password then you’re safe.”

Is the Ability to Upload Crippled Firmware a Vulnerability Apple Should Have Foreseen?

Guido says no.

“It wasn’t until very recently that companies had to consider: What does it look like if we attack our own customers? What does it look like if we strip out and remove the security mitigations we put in specifically to protect customers?”

He adds: “Apple did all the right things to make sure the iPhone is safe from remote intruders, or people trying to break into the iPhone.… But certainly after today, technology vendors need to consider that they might be the adversary they’re trying to protect their customers from. And that’s quite a big shift.” (Great job on this Kim)

Beyond the Bluster, Obama Missed a Major Deadline

Posted on February 18, 2016February 18, 2016 by Denise Simon

But Obama did play golf last weekend and it appears he is missing the funeral of Supreme Court Justice Antoine Scalia to play golf?

Last year, the White House held a summit on the matter, any achievements? Nah.

It appears that perhaps Obama and his national security team has left the matter up the Tony Blinken at the State Department and the Brookings Institute.

The United States has mobilized countries around the world to disrupt and defeat these threats to our common security—starting with Daesh and al-Qaeda and including Boko Haram, al-Shabaab, AQAP, and a number of other groups. Now, the most visible part of this effort is the battlefield and our increasingly successful effort to destroy Daesh at its core in Iraq and Syria. Working by, with, and through local partners, we have taken back 40 percent of the territory Daesh controlled a year ago in Iraq and 10 percent in Syria—killing senior leaders, destroying thousands of pieces of equipment, all the while applying simultaneous pressure against key chock points and isolating its bases in Mosul and Raqqa. In fact, we assess Daesh’s numbers are the lowest they’ve been since we began monitoring their manpower in 2014.

We have a comprehensive strategy includes training, equipping, and advising our local partners; stabilizing and rebuilding liberated areas; stopping the flow of foreign fighters into and out of Iraq and Syria; cutting off Daesh’s financing and countering its propaganda; providing life-saving humanitarians assistance; and promoting political accommodations so that our military success is sustainable.

In each of these areas, we are making real progress. These hard-fought victories undermine more than Daesh’s fighting force. They erode the narrative it has built of its own success—the perception of which remains one of Daesh’s most effective recruiting tools. For the danger from violent extremism has slipped past war’s frontlines and into the computers and onto the phones of citizens in every corner of the world. Destined to outlive Daesh, this pernicious threat is transforming our security landscape, as individuals are inspired to violent acts from Paris to San Bernardino to Jakarta.

So even as we advance our efforts to defeat Daesh on the frontlines, we know that to be fully effective, we must work to prevent the spread of violent extremism in the first place—to stop the recruitment, radicalization, and mobilization of people, especially young people, to engage in terrorist activities. Read all the comments and remarks here.

White House Misses Deadline to Deliver ISIS Strategy to Congress

Brown: (CNSNews.com) – The House Armed Services Committee noted Tuesday that the Obama administration missed their February 15 deadline to deliver a strategy to counter violent extremist groups in the Middle East, such as ISIS and al Qaeda, as required by the National Defense Authorization Act.

Rep. Mac Thornberry (R-Texas), chairman of the House Armed Services Committee, harshly criticized President Obama’s failure to meet the deadline.

“I fear the President’s failure to deliver this report says far more about the state of his strategy to defeat terrorists than any empty reassurance he may offer from the podium,” Thornberry said in a statement.

“Unsurprisingly, the Administration cannot articulate a strategy for countering violent extremists in the Middle East. Time and again, the President has told us his strategy to defeat extremist groups like ISIS and al Qaeda is well underway,” Thornberry said, “yet, months after the legal requirement was established, his Administration cannot deliver that strategy to Congress.”

Thornberry also outlined the consequences of the administration’s failure, calling it “a lost opportunity” for Congress and the administration to come together for a common approach to respond to the threat.

“The Committee is working now to shape the FY17 National Defense Authorization Act and the Pentagon has already begun requesting authorities our troops need to defeat this enemy. Without a strategy, this amounts to leaving our troops in the wilderness with a compass, but no map,” he wrote.

“Failing to comply with the report deadline represents more than a failure of strategic vision for the White House,” Thornberry emphasized. “It is a lost opportunity for the Administration and Congress to work together on a common approach to face this threat.”

Section 1222 of the National Defense Authorization Act for FY16, signed by President Obama in November, “requires the Secretaries of State and Defense to deliver a strategy for the Middle East and countering violent extremism no later than February 15, 2016” according to Thornberry’s statement.

It also requires the Administration to “lay out a number of elements needed to defeat terrorist groups like ISIS and al Qaeda, including a description of the role the U.S. military will play in such a strategy, a description of the coalition needed to carry out the strategy, and an assessment of efforts to disrupt foreign fighters traveling to Syria and Iraq.”

House Speaker Paul Ryan (R-Wisc.) sent the White House a reminder of the deadline on February 10^,citing a recent testimony by Lt. Gen. Vincent Stewart, director of the Defense Intelligence Agency, that ISIS “will probably attempt to conduct additional attacks in Europe, and attempt to direct attacks on the U.S. homeland in 2016.”

“We are aware of the report and are actively working with multiple interagency offices to complete this legal requirement per the NDAA and look forward to submitting the completed report to Congress in the near-term,” Army Lt. Col. Joe Sowers, a Department of Defense spokesman, told The Hill on Friday.

*** Just one reason why Obama being tardy is an issue:

The intercontinental nuclear missile threat arrives in America.

Americans have been focused on New Hampshire and Iowa, but spare a thought for Los Angeles, Denver and Chicago. Those are among the cities within range of the intercontinental ballistic missile tested Sunday by North Korea. Toledo and Pittsburgh are still slightly out of range, but at least 120 million Americans with the wrong zip codes could soon be targets of Kim Jong Un…

***

“We assess that they have the capability to reach the [U.S.] homeland with a nuclear weapon from a rocket,” U.S. Admiral Bill Gortney of the North American Aerospace Defense Command said in October, echoing warnings from the Defense Intelligence Agency and the U.S. commander in South Korea…

All of this vindicates the long campaign for missile defense. Ronald Reagan’s Strategic Defense Initiative helped win the Cold War, and North Korea is precisely the threat that continued to justify the cause after the Soviet Union’s collapse…

You can thank the George W. Bush Administration for the defenses that exist, including long-range missile interceptors in Alaska and California, Aegis systems aboard U.S. Navy warships and a diverse network of radar and satellite sensors. The U.S. was due to place interceptors in Poland and X-Band radar in the Czech Republic, but in 2009 President Obama and Hillary Clinton scrapped those plans as a “reset” gift to Vladimir Putin.

Team Obama also cut 14 of the 44 interceptors planned for Alaska and Hawaii, ceased development of the Multiple Kill Vehicle… and defunded the two systems focused on destroying missiles in their early “boost” phase… By 2013 even Mr. Obama partially realized his error, so the Administration expanded radar and short-range interceptors in Asia and recommitted to the 14 interceptors for the U.S. West Coast. It now appears poised to install sophisticated Thaad antimissile batteries in South Korea.

ISIS is losing territory, hardly….

Posted on February 17, 2016February 17, 2016 by Denise Simon

We keep hearing that Islamic State is losing territory. But where exactly? Iraq? Perhaps but ISIS has 7000 fighters in Libya where some are leaving for countries deeper into Africa.

Groups of Islamic State fighters are quitting their bases in Libya fearing Western air strikes and heading south, posing a new threat to countries in Africa’s Sahel region including Nigeria, Niger and Chad, officials and intelligence sources said.

The ultra-hardline movement that has seized large areas of Syria and neighbouring Iraq has also amassed thousands of fighters along a coastal strip in Libya, where it has taken the city of Sirte and attacked oil infrastructure.

African and Western governments fear that the vast, lawless Sahel band to the south will become its next target, and say any large regional presence could be used as a springboard for wider attacks.

“ISIS (Islamic State) are moving towards southern Libya to avoid the likely air strikes from the European coalition,” said Colonel Mahamane Laminou Sani, director of documentation and military intelligence for Niger’s armed forces. More here.

Then there is Indonesia…..

February 15, 2016: Indonesia is the latest nation to learn that sending Islamic terrorists to regular prisons and allowing them to mix with non-terrorist criminals simply results in many of common criminals being radicalized and turned into Islamic terrorists. This was discovered as information Indonesian counter-terrorism forces obtained from captured Islamic terrorists was added to what was discovered then the backgrounds of dead Islamic terrorists were investigated and added to a database. It was found that a growing number of new recruits were coming from prisons where men with obvious criminal tendencies were often easily influenced by imprisoned Islamic terrorists and radicalized by that experience. Since 2001 most Islamic terrorist organizations have not only recognized this form of recruiting but encouraged it.

For a long time it was thought that this was mainly a phenomenon in Western nations where Moslems were a minority. But now Moslem majority nations are also finding prisons are increasingly effective for radicalizing Moslem criminals and turning them into Islamic terrorists. Prison officials in Moslem nations tend to be more corrupt than elsewhere and Islamic terror groups found that it paid to bribe prison guards to get recruiting materials into prisons.

Another problem is the growing number of new converts to Islam who encountered Islam while in prison and were radicalized there as well but when released did not become Islamic terrorists. Instead these Western recruits were employed to radicalize civilians and passing them on to Islamic terrorist organizations for further training. The best tactic here was detecting and monitoring radicalized prisoners after release and going after those found to have turned into Islamic terrorist recruiters.

Meanwhile all nations with Moslem inmates are seeking a fix for this problem. One solution that works is to isolate imprisoned Islamic terrorists from non-radicalized prisoners and each other. This is expensive in the short term but pays off in fewer Islamic terrorists in the long term.

Prisons have become a major source of new Islamic terrorist recruits and this method, along with greater use of the Islamic terrorists to recruit is replacing more traditional sources. For long time the Islamic boarding schools were the prime training ground for potential terrorists. It was difficult to deal with this problem in Moslem countries because most students of these schools do not become radicalized. The police found that an effective technique was to monitor these schools more carefully and then only raiding the ones where there was clear evidence of Islamic terrorist recruiting and training. In colleges Islamic radicals were succeeding in radicalizing college students and this was handled by infiltrating Islamic radical college student organizations and then going after the leaders and the advanced radicalized students who were heading for active Islamic terror activities.

Whatever solutions are developed to cripple efforts to radicalize Moslems the Islamic terror organizations have, so far, proved effective at coming up with new recruiting methods.

****

Indonesian military are on high alert after reports emerged of ISIS attempts to acquire cyanide in the country

ISIS are threatening a mass murder using cyanide to poison food supplies, warns Indonesia’s security minister

Minister Luhut Pandjaitan claimed ISIS was seeking stocks of cyanide
He suggested police and military were at particular risk of ISIS attack
Indonesia has arrested some 20 suspected ISIS terrorists in recent weeks
ISIS is attempting to recruit new Jihadis from Indonesia’s prison population

DailyMail: ISIS terrorists in Indonesia are planning to target the nation’s food and water supplies with cyanide according to the country’s security chief.

Minster Luhut Pandjaitan warned that Islamic terrorists were especially keen on targeting the supplies of the police and army in an effort to destabilise the state.

Speaking to reporters, Pandjaitan claimed: ‘IS is now using cyanide to terrorise. They are using cyanide to poison food.’

He continued: ‘We have considered various forms of threats and we are prepared to face such a possibility (of cyanide poisoning).’

Indonesia is trying to crackdown on Islamic fanatics, including terrorists who have aligned themselves with ISIS. According to IBT.com, Indonesia’s police chief General Badrodin Haiti claimed ISIS had taken the idea from a recent murder in Jakarta where the victim drank coffee laced with cyanide.

In recent weeks, Indonesian police have arrested 20 suspected terrorists linked to ISIS. Many of those who were detained had close links to three leading Indonesian members of the terror group who are currently in Syria.

Authorities also believe ISIS sympathisers have infiltrated the nation’s prison system where they are seeking to recruit hardened criminals to their cause.

One cell busted south of Jakarta had recruited an inmate trusted by jail wardens to steal guns and ammunition from the police armoury behind bars. A police source said his girlfriend hid the weapons in an insulated lunchbox and smuggled them to militants on the outside.

Russian Spy Plane and Chechens in Syria

Posted on February 17, 2016February 17, 2016 by Denise Simon

Chechen Special Forces On The Ground In Syria

iHLS: Chechen leader Ramzan Kadyrov said that Chechen Special Forces loyal to Vladimir Putin are on the ground in Syria, operating in ISIS-controlled territory. He claimed that the operation is part of a Russian-led intelligence-gathering mission. International Business Times reports that in a preview of a documentary which is scheduled to be aired on Russia’s state-controlled TV channel, Russia One, later this week, Kadyrov is filmed at a training camp for special units in Chechnya. Kadyrov tells the camera that his “best fighters” were sent undercover to Syria to train alongside – and among — ISIS fighters, while Chechen intelligence agents had infiltrated ISIS cells “to gather information about the terrorist group.” A Russia One’s reporter says in the preview that the time had come to talk about those “who have safeguarded the success of Russian air strikes on the ground at the cost of their own lives.”

According to a report by Homeland Security News Wire, Kadyrov’s claims appeared to have irritated the Kremlin. In a rare public dispute between the Kremlin’s official line about Syria and the information broadcast on state TV, Putin’s spokesperson, Dmitry Peskov, refused to confirm Kadyrov’s claims. Peskov told reporters that Russia’s defense ministry has already provided “exhaustive information [about] who has been deployed to Syria and for how long and what they’re doing there … and one should not speak about the Chechen special task force but about relevant federal units.” The Russia One’s report, and the refusal of the Kremlin to confirm it, offers an indication of disagreements in the Russian leadership about what strategy Russia should be pursuing in Syria.

The Kremlin has insisted that there are no Russian troops on the ground, and has been tight-lipped about whether Russian special forces are operating in the country. The Russia One report also offers evidence that Kadyrov, considered among Putin’s closest allies, may be distancing himself from Moscow in effort to play a bigger role in the region. Kadyrov, who describes himself as a “foot soldier for Putin,” has taken power in Chechnya in 2007, when he was still in his early 30s, and has ruled the province with an iron fist since then. International organizations have harshly criticized his rule for systemic human rights violations. He also has at his disposal thousands of paramilitary fighters known in the region as “Kadyrovtsky” (Kadyrov’s men). The force was originally put together to serve the Kremlin, but over time they have become much more loyal to the Chechen leader.

Russia has just deployed its most advanced spy plane to Syria

A Russian Air Force Tu-214R is about to land at Latakia, Syria.

Aviationist: The Tu-214R is a Russian ISR (Intelligence Surveillance Reconnaissance) aircraft. In other words, a quite advanced spyplane.

As we have already explained here in the past, it is a special mission aircraft equipped with all-weather radar systems and electro optical sensors that produce photo-like imagery of a large parts of the ground: these images are then used to identify and map the position of the enemy forces, even if these are camouflaged or hidden.

The aircraft is known to carry sensor packages to perform ELINT (Electronic Intelligence) and SIGINT (Signal Intelligence) missions: the antennae of the Tu-214R can intercept the signals emitted by the enemy systems (radars, aircraft, radios, combat vehicles, mobile phones etc) so as it can build the EOB (Electronic Order of Battle) of the enemy forces: where the enemy forces are operating, what kind of equipment they are using and, by eavesdropping into their radio/phone communications, what they are doing and what will be their next move.

The aircraft is built by KAPO (Kazan Aircraft Production Association) and flown from the company’s airfield in Kazan.

On Feb. 15, the Tu-214R registered RA-64514, serial number 42305014, the second of the two examples of this kind of aircraft built under contract with Russia’s Ministry of Defense, flew from Kazan to Latakia airbase, Syria.

Image credit: Flightradar24.com

With its ADS-B transponder signals broadcast in the clear and detected by Flightradar24 collecting stations, the aircraft could be tracked as it followed the eastern corridor from Russia, to the Caspian Sea and then to Syria via the Iranian and Iraqi airspaces. It’s not clear whether the aircraft has already been delivered to the Russian Air Force, even though it is quite weird that a developmental aircraft is deployed abroad (unless the reason is testing it at war in a real scenario…).

While it was still under development, the same Tu-214R aircraft flew what appeared to be an operative mission on Jun. 18, 2015, when it flew from Kazan to Crimea and back, closely following the border between Russia and Ukraine, most probably testing some of its sensors against real targets.

Previously, the aircraft was spotted flying near Crimea.Interestingly, while over the Caspian Sea, approaching the Iranian airspace, the Tu-214R performed a couple of 360° turns at 33.000 feet (weird, while enroute): maybe it was working on the diplomatic clearence to enter Iran?

Continuing south, approaching Iran…
Russian Air Force SIGINT a/c #RA64514

Russian Su-35s often shadow German Tornados over Syria but “they do it professionally” http://wp.me/p2TYIs-9AO pic.twitter.com/vNZ2n4hQsm

Meet ISIS’ Special Operations Unit, Katibat al-Battar

Posted on February 17, 2016February 17, 2016 by Denise Simon

Tip of the Spear? Meet ISIS’ Special Operations Unit, Katibat al-Battar

Bellingcat: On a mild November night last year, nine EU citizens roamed the streets of Paris with guns and explosives, murdering and injuring hundreds of civilians. In the days and weeks afterward, France declared emergency laws, Britain voted to expand the bombing of ISIS in Syria and ISIS supporters launched their own social media response on Twitter with #PrayforRaqqah.

But many of the most important questions around Paris remain unanswered. Where did these men come from? Were they part of a group? Who instructed them to commit these acts?

The following investigation reveals that a little-known group of battle-hardened and highly capable Libyans are the common factor behind many of the major terrorist attacks in Europe and North Africa since 2014.

Meet Katibat Al-Battar Al-Libi

When groups of Libyans involve themselves in foreign jihads, the West normally suffers. From the jihad in 1980s Afghanistan, through to running al-Qa’ida in Pakistan in the 2000s, Libyans fighters have played a significant role in most recent jihadist conflicts. As recently as 2007, the US Naval Academy at West Point released a study of seized Islamic State personnel files, which were found in a US Army raid in Iraq. To the author’s surprise, a disproportionate number of fighters were Libyan, and specifically from the town of Dernah, in the northeast Libya. Almost 20% of the Islamic State’s fighters in Iraq were Libyan, and of that figure, over 60% of them were from Dernah. According to the study, the city and its surrounds contained ‘the greatest concentration of jihadi terrorists anywhere on the planet’.

Unsurprisingly then, in 2012 as the Arab Spring caught fire, entire brigades of fighters from Dernah were among the first foreign fighters to arrive in Syria. Rather than immersing themselves with ISIS or Jabat al-Nusra, the Libyans created their own unit, Katibat al-Battar al-Libi, with the catching slogan ‘بالذبح جئناكم’ or; ‘We came to slaughter you’. Battar is a reference to one of the Prophet’s swords – known for its impact on the neck of his enemies. The group’s inaugural 2012 video is available here. Many of the Libyan members of KBL were seasoned veterans of Iraq and Afghanistan; battle-hardened fighters.

Over time, as ISIS’ power grew in Syria, KBL sensibly pledged allegiance to ISIS leader Abu Bakr Al-Baghdadi. With its cadre of experienced fighters, KBL began fighting for the ISIS cause in Syria and Iraq. In January 2015, KBL captured and brutally killed dozens of Peshmerga. Arabic media reports in July 2015 that 350 KBL fighters supported the ISIS presence in Baiji, Iraq, where a prominent leader, Abu Dujana Al-Libi was killed.

Blogs holding ISIS content indicate that KBL was one of the first groups in Syria to participate effectively in both fighting and relief work, playing a fundamental role in ISIS’ capture of Taftanaz airport and Khan Tuman. Various reports estimate KBL’s strength in Syria from the low hundreds to over 1400. The group began life as a semi-autonomous commando unit fighting under the overall ISIS banner, but has clearly since expanded its role to include relief work in Syria and mass training camps in Libya (see below).

The group’s role as an elite unit of ISIS would have huge consequences for the Syrian war, but also for Europe, Libya and North Africa.

Europeans mix with KBL

In 2013 and 2014, European fighters began travelling to Syria in larger numbers. With its sterling reputation in Syria growing, KBL became an attractive group for Francophone fighters, specifically Belgians, French and Tunisians. Although the exact reason is unknown, one explanation for Belgians joining KBL is language; many Belgian-Moroccans are from eastern Morocco, whose Maghrebi dialect is very similar to Libyan Arabic.

During 2014, KBL records indicate a considerable number of Belgians died fighting for KBL in Syria. In addition to the domestic campaign, it appears that during 2014, KBL decided to expand its operations to Europe. One of the most prominent Belgians within KBL at the time was Abdelhamid Abaaoud. In order to evade the authorities, Abaaoud faked his own death in a published list of KBL martyrs, and he appears in social media with a number of KBL individuals during 2014.

Abaaoud was at the centre of a string of terrorist plots in Europe, before the Paris attacks in November 2015. It is likely that KBL introduced the concept of ‘Inghimasi’ operations to Abaaoud, and it is possible, if not probable that KBL – via Abaaoud – assisted, sponsored or directed at least four terrorist attacks in Europe in 2014-2015;

The January 2014 Brussels Jewish Museum attack

The January 2015 Failed Verviers plot (two of the attackers were pictured with the group before the cell was disrupted in early 2015).

The Thalys Train attack

Three other planned attacks in France since Spring 2015

The Paris attacks of November 2015

What is clear is that a considerable number of Europeans, Tunisians and Moroccans joined Katibat al-Battar as the group’s legend in Syria grew. Many of these fighters died in Syria or Iraq, fighting for Islamic State. However, in hindsight, the mixing of EU passport holders with perhaps the most violent, ruthless and capable group of Libyans in Syria dramatically escalated the terrorist threat to Europeans, both at home and abroad.

From Libya to Syria, and back again

Whilst KBL’s Belgians were busy in Syria plotting internal and external attacks, dozens of experienced KBL fighters returned to Dernah in Libya, creating the first ISIS province outside of Syria and Iraq – Wilayat Barqa. Some KBL fighters reorganised themselves under the Islamic Youth Shura Council. An ISIS delegation from Raqqah, including the Yemeni Abu Bara al-Azdi and the Saudi Abu Habib Al-Jazrawi visited IYSC in September 2014 and collected allegiances from IYSC aligned fighters.

KBL’s headquarters are now believed to be in Dernah, with secondary branches in Syria and Iraq. Online videos of KBL fighters generally indicate possession of small arms, mortars and vehicle mounted anti-aircraft. A KBL affiliated Facebook group has also been identified; the group’s icon is Jihadi John.

Reports indicate that the group runs training camps in Libya focused on assassinations, mass murder, weapons training and bomb-making. KBL’s is also reported to have an operations room in Dernah for terrorist activities in Tunisia.

According to several sources, the activities of KB are distributed across three teams:

Guarding IS leaders; this is mostly made up of Tunisian nationals and elements from the dissolved Iraqi Baath regime;

Liquidation Teams: in charge of assassinating those who refuse to pledge allegiance to Al-Baghdadi; unverified reports point to KBL’s involvement in the killing of Ansar Al-Sharia’s former leader, Mohamed Zahawi;

Mass Casualty ‘Inghimasi’ Operations: Inghimasi are well-trained terrorists who carries both light arms and explosives and fights until he runs out of ammunition. Though this information cannot be entirely verified, KBL affiliated fighters are thought to have played a role in the Tunisian attacks at the Bardo Museum and in Sousse

(Source: akherkhabaronline.com)

KBL are reportedly actively working in attracting young Tunisians to take part in fighting, following an initial training phase in its Libyan training camps. Nevertheless, the group’s strategies aimed at recruiting Western/European nationals remain ambiguous, particularly following the suspension of its official social media accounts.

The Age of the “Inghimasiyun”

Since joining ISIS, KBL have fostered and grown the concept of the Inghimasi; which is the jihadi equivalent of the kamikaze or the Nazi einsatzgruppen. The concept has gripped ISIS, who now broadcast their Inghimasi as heroes. Whilst there is no smoking gun pointing to KBL’s specific role in ‘Inghimasi’ style attacks at the Brussels museum, Paris, Sousse, the Corinthia hotel or the Bardo Museum in Tunis, it is important to note a) the modus operandi is entirely consistent with KBL’s Inghimasi operations b) many of the operatives were Tunisians and Belgians and c) All of these attacks came after KBL’s arrival in Dernah, in March 2014.

Going forward

One of the most important questions remains unanswered; to what extent are KBL subservient to ISIS, and do they retain a degree of operational autonomy? The evidence suggests KBL, moreso than ISIS, assisted or directed many of the major terrorist attacks in the past few years. Logically, then, from a Western perspective, Katibat al-Battar are the most dangerous unit within ISIS.

Perhaps of most concern to the West is KBL’s freedom to operate in Libya, with its Wilayat Barqa ISIS enclave. Whilst fighting other militias and subject to occasional airstrikes, the group is under far less pressure in Libya than its colleagues in Syria and Iraq. It could be argued ISIS’ Libya branch presents a greater terrorist threat to Europe than its Syrian counterpart: mass training camps, proximity to Europe and the tourist beaches of Africa, and most importantly, operational pedigree – honed during years of conflict in Syria, Iraq and Afghanistan.