WASHINGTON -- U.S. intelligence agencies are scrambling to salvage their surveillance of al-Qaida and other terrorists who are working frantically to change how they communicate after a National Security Agency contractor leaked details of two NSA spying programs. It's an electronic game of cat-and-mouse that could have deadly consequences if a plot is missed or a terrorist operative manages to drop out of sight.
Two U.S. intelligence officials say members of virtually every terrorist group, including core al-Qaida, are attempting to change how they communicate, based on what they are reading in the media, to hide from U.S. surveillance -- the first time intelligence officials have described which groups are reacting to the leaks. The officials spoke anonymously because they were not authorized to speak about the intelligence matters publicly.
Contact information ( * required )
The officials wouldn't go into details on how they know this, whether it's terrorists switching email accounts or cellphone providers or adopting new encryption techniques, but a lawmaker briefed on the matter said al-Qaida's Yemeni offshoot, al-Qaida in the Arabian Peninsula, has been among the first to alter how it reaches out to its operatives.
The lawmaker spoke anonymously because he would not discuss the confidential briefing by name.
Shortly after Edward Snowden leaked documents about the secret NSA surveillance programs, chat rooms and websites used by like-minded extremists and would-be recruits advised users how to avoid NSA detection, from telling them not to use their real phone numbers to recommending specific online software programs to keep spies from tracking their computers' physical locations.
House Intelligence Committee Chairman Mike Rogers, R-Mich., said there are "changes we can already see being made by the folks who wish to do us harm, and our allies harm."
Sen. Angus King, I-Maine, said Tuesday that Snowden "has basically alerted people who are enemies of this country ... (like) al-Qaida, about what techniques we have been using to monitor their activities and foil plots, and compromised those efforts, and it's very conceivable that people will die as a result."
At the same time, NSA and other counterterrorist analysts have been focusing their attention on the terrorists, watching their electronic communications and logging all changes, including following which Internet sites the terrorist suspects visit, trying to determine what system they might choose to avoid future detection, according to a former senior intelligence official speaking anonymously as a condition of discussing the intelligence operations.
"It's frustrating. You have to start all over again to track the target," said M.E. "Spike" Bowman, a former intelligence officer and deputy general counsel of the FBI, now a fellow at the University of Virginia's Center for National Security Law. But the NSA will catch up eventually, he predicted, because there are only so many ways a terrorist can communicate. "I have every confidence in their ability to regain access."
Terror groups switching to encrypted communication may slow the NSA, but encryption also flags the communication as something the U.S. agency considers worth listening to, according to a new batch of secret and top-secret NSA documents published last week by The Guardian, a British newspaper. They show that the NSA considers any encrypted communication between a foreigner they are watching and a U.S.-based person as fair game to gather and keep, for as long as it takes to break the code and examine it.
Documents released last week also show measures the NSA takes to gather foreign intelligence overseas, highlighting the possible fallout of the disclosures on more traditional spying. Many foreign diplomats use email systems like Hotmail for their personal correspondence. Two foreign diplomats reached this week who use U.S. email systems that the NSA monitors overseas say they plan no changes, because both diplomats said they already assumed the U.S. was able to read that type of correspondence. They spoke on condition of anonymity because they were not authorized to discuss their methods of communication publicly.
The changing terrorist behavior is part of the fallout of the release of dozens of top-secret documents to the news media by Snowden, 30, a former systems analyst on contract to the NSA.
The Office of the Director for National Intelligence and the NSA declined to comment on the fallout, but the NSA's director, Gen. Keith Alexander, told lawmakers that the leaks have caused "irreversible and significant damage to this nation."
"I believe it will hurt us and our allies," Alexander said.
The leaks revealed that the NSA was scanning the worldwide use of nine U.S.-based Internet service providers, including Google, Yahoo, Skype and YouTube.
"After the leak, jihadists posted Arabic news articles about it ... and recommended fellow jihadists to be very cautious, not to give their real phone number and other such information when registering for a website," said Adam Raisman of the SITE Intelligence Group, a private analysis firm. They also gave out specific advice, recommending jihadists use privacy-protecting email systems like TOR, also called The Onion Router, to hide their computer's IP address, and to use encrypted links to access jihadi forums, Raisman said. While TOR originally was designed to help dissidents communicate in countries where the Internet is censored, it is facing legal difficulties because criminals allegedly have used it as well.
"Criminals are doing well without things like TOR," said Karen Reilly, a spokeswoman for TOR. "If TOR disappeared tomorrow they would still have secure, anonymous access to the Internet. ... Their victims would not."
Other analysts predicted a two-track evolution away from the now-exposed methods of communication: A terrorist who was using Skype to plan an attack might stop using that immediately so as not to expose the imminent operation, said Ben Venzke of the private analysis firm IntelCenter.
But if the jihadi group uses a now-exposed system like YouTube to disseminate information and recruit more followers, they'll make a gradual switch to something else that wasn't revealed by Snowden's leaks -- moving slowly in part because they'll be trying to determine whether new systems they are considering aren't also compromised, and they'll have to reach their followers and signal the change. That will take time.
"Overall, for terrorist organizations and other hostile actors, leaks of this nature serve as a wake-up call to look more closely at how they're operating and improve their security," Venzke said. "If the CIA or the FBI was to learn tomorrow that its communications are being monitored, do you think it would be business as usual or do you think they would implement a series of changes over time?"
The disclosure that intelligence agencies were listening to Osama bin Laden drove him to drop the use of all electronic communications.
"When it leaked that bin Laden was using a Thuraya cellphone, he switched to couriers," said Jane Harman, former member of the House Intelligence Committee and now director of the Woodrow Wilson International Center. "The more they know, the clearer the road map is for them."
It took more than a decade to track bin Laden down to his hiding place in Abbottabad, Pakistan, by following one of those couriers.