Paris attacks show U.S. surveillance of Islamic State may be ‘going dark’

Michael Isikoff
Chief Investigative Correspondent
Paris attacks show U.S. surveillance of Islamic State may be ‘going dark’

This story was written with Yahoo News Deputy Editor Dan Klaidman.

The Islamic State’s claim of responsibility for the Paris attacks that killed 129 people — including one American college student — has the potential to dramatically alter U.S. intelligence assessments of the group’s capabilities to carry off well-orchestrated, mass casualty attacks.

At the same time, the attacks underscore the mounting difficulties U.S. and Western intelligence agencies are having in tracking the terror group, resulting in repeated warnings that their efforts to conduct surveillance of Islamic State suspects were “going dark.”  

Over the past year, current and former intelligence officials tell Yahoo News, IS terror suspects have moved to increasingly sophisticated methods of encrypted communications, using new software such as Tor, that intelligence agencies are having difficulty penetrating — a switch that some officials say was accelerated by the disclosures of former NSA contractor Edward Snowden.

The result played out in deadly fashion in Paris: At least eight terrorists, armed with heavy weaponry and suicide vests, and most likely aided by a support network, plotted and executed a highly elaborate mass casualty attack on multiple targets without the French or any other Western intelligence agency having a clue.

CLICK PHOTO FOR SLIDESHOW: A policeman patrols after gunfire in the Bataclan concert hall on Nov. 13, 2015 in Paris, France. (Antoine Antoniol/Getty Images)

“Absolutely, this was an intelligence failure,” said Ali Soufan, a former top FBI counterterrorism official who now runs an international security firm that has been warning about the dangers posed by IS, also known as ISIS, ISIL and Daesh, for over a year.

Soufan noted that the Paris attack would have required extensive planning, including support from a network of IS sympathizers who would likely have had to assist the terrorist perpetrators in obtaining weapons and explosives as well as casing the targets and conducting countersurveillance. (Police in Belgium today arrested three suspects linked to the attacks after tracing a rental car with a Belgian license plate that was seen at the Bataclan Theatre at the time of the attacks.)

For the past year and a half, Western intelligence and law enforcement officials have highlighted the threat posed by foreign fighters, including as many as 100 Americans and thousands of European passport holders, who have flocked to Syria and Iraq to fight with IS and might return undetected to conduct attacks in the West. (French officials are investigating the possibility that one of the terrorists came to France from Syria as a refugee.)

But until now, U.S. officials have tended to describe the threat as mostly coming from “lone wolves” — what one described as disgruntled “glory seekers.” They have downplayed the idea that IS had either the intention or ability to carry out the sort of spectacular attacks such as 9/11 that had been the hallmark of al-Qaida.

“They had made blustery statements in the past,” said Matthew Olsen, who until last year served as the director of the National Counterterrorism Center (NCTC), about IS.

But the group had not shown they could execute highly sophisticated attacks on Western soil. “We hadn’t seen that,” said Olsen. “They hadn’t proven they could do that.”

While he said the Paris attacks — similar in some ways to the 2008 attack on multiple targets in Mumbai, India, by an al-Qaida allied Pakistani terror group — “shouldn’t be a surprise,” Olsen said U.S. intelligence agencies will now have to reassess their judgment of what IS is capable of. “They’ll have to recalibrate the assessment,” he said. And that inevitably means the prospect of a similar mass casualty strike inside the United States.

SLIDESHOW: Attacks in Paris >>

“Here’s the deal: These radicalized types can hit anywhere,” said one former senior U.S. law enforcement official who monitored the IS threat for the Obama administration. 

U.S. officials have agonized for some time about a Mumbai-style attack on vulnerable “soft targets” — such as shopping malls and movie theaters — on the U.S. homeland. They even conducted unpublicized exercises to test responses. “It ain’t about knocking down buildings now,” said the former senior law enforcement official.

But what has alarmed U.S. intelligence and law enforcement officials is that their ability to thwart such attacks has been made increasingly difficult because of their inability to track IS communications.

Just three weeks ago, Nick Rasmussen, the current director of the NCTC, told a congressional committee that terrorist actors were displaying an increasing ability to communicate “outside our reach” and that the difficulty in tracking “particular terrorist plots is increasing over time.”

Rasmussen, echoing the view of multiple U.S. intelligence officials, blamed the problem in part on “the exposure of intelligence collection techniques” — a clear reference to the tens of thousands of internal National Security Agency documents leaked by Snowden.

CLICK PHOTO FOR SLIDESHOW: Medics stand by victims in a Paris restaurant, Friday, Nov. 13, 2015. (AP Photo/Thibault Camus)

 “There’s no doubt that the disclosures overall created a situation in which we lost coverage of terrorists,” Olsen said at a Yahoo News sponsored conference, Digital Democracy, this week, on the day before the Paris attacks. “Specifically, we saw people that we were targeting with NSA surveillance stop using communications at all. We saw them go to different service providers. We saw them go to uses of encryption — different ways they were reacting to what they were seeing. It shouldn’t be any surprise — these guys are sophisticated . ... They’re reading the newspapers and seeing what we can do.” 

In the months after the Snowden disclosures, U.S. officials tell Yahoo News, some terror suspects — including those associated with IS in Iraq and Syria — were even overheard by U.S. intelligence making comments along the lines of “let’s not use that anymore,” one former official said.

The terror suspects also increasingly began avoiding U.S. Internet providers, such as Google and Yahoo, and switching instead to foreign Internet providers, such as those in Russia.

But the problem has been compounded by the proliferation of newly available forms of communications, said the former Obama administration law enforcement official.

“WhatsApp and iMessage are big issues,” said the former official, referring to widely available instant communication apps in which messages can be instantly erased.

FBI director James Comey has tried to highlight the danger of encryption capabilities offered by the new Apple iPhone as well as others offered by U.S. companies.  “But even if we get the keys [to encryption] from Apple and the like, the dark Web can’t be controlled,” said the official.

 He added that U.S. intelligence agencies and the terrorist groups were “in an arms race,” battling over the government’s ability to crack their communications. “It’s all about the computing power,” the official said.

 VIDEO: