Page 2 of 2   <      

Dismantling of Saudi-CIA Web site illustrates need for clearer cyberwar policies

The CIA argued that dismantling the site would lead to a significant loss of intelligence. The NSA countered that taking it down was a legitimate operation in defense of U.S. troops. Although one Pentagon official asserted that the military did not have the authority to conduct such operations, the top military commanders made a persuasive case that extremists were using the site to plan attacks.

The task force debated whether to go forward and, if so, under what authority. If the operation was deemed a traditional military activity, no congressional committee needed to be briefed. If it was a covert action, members of the intelligence committees would have to be notified.

The task force weighed possible collateral damage, such as disruption of other computer networks, against the risk of taking no action. Most thought that the damage would be limited but that the gain would be substantial.

"The CIA didn't endorse the idea of crippling Web sites," said a U.S. counterterrorism official. The agency "understood that intelligence would be lost, and it was; that relationships with cooperating intelligence services would be damaged, and they were; and that the terrorists would migrate to other sites, and they did."

Moreover, the official said, "the site wasn't a pipeline for foreign fighters, it was a broad forum for extremists."

But the concerns of U.S. Central Command and other defense officials prevailed. "Once DoD went to the extent of saying, 'Soldiers are dying,' because that's ultimately what the command in Iraq, what Centcom did, it's hard for anyone to push back," one former official said.

The matter appeared settled, ex-officials said. The military would dismantle the site, eliminating the need to inform Congress.

A group of cyber-operators at the Pentagon's Joint Functional Component Command-Network Warfare at Fort Meade seemed ideally suited to the task. The unit carries out operations under a program called Countering Adversary Use of the Internet, established to blunt Islamist militants' use of online forums and chat groups to recruit and mobilize members and to spread their beliefs.

"We were very clear in the meetings" that the goal was to upend the site, one participant said. "The only thing that caught us by surprise was the effect."

Unintended outcomes

A central challenge of cyberwarfare is that an attacker can never be sure that an action will affect only the intended target. The dismantling of the CIA-Saudi site inadvertently disrupted more than 300 servers in Saudi Arabia, Germany and Texas, a former official said. "In order to take down a Web site that is up in Country X, because the cyber-world knows no boundaries, you may end up taking out a server that is located in Country Y," the task force participant explained.

After the operation, Saudi officials vented their frustration about the loss of intelligence to the CIA. Agency officials said the U.S. military had upset an ally and acted outside its authority in conducting a covert operation, former officials said.

Efforts were made to mollify the Saudis and the Germans, they said. "There was a lot of bowing and scraping," one official said.

One early advocate for using cyber-operations against extremists was Gen. John P. Abizaid, former Central Command chief. He told a Senate committee in 2006, "We must recognize that failing to contest these virtual safe havens entails significant risk to our nation's security and the security of our troops in the field."

But some experts counter that dismantling Web sites is ineffective -- no sooner does a site come down than a mirror site pops up somewhere else. Because extremist groups store backup copies of forum information in servers around the world, "you can't really shut down this process for more than 24 or 48 hours," said Evan F. Kohlmann, a terrorism researcher and a consultant to the Nine/Eleven Finding Answers Foundation.

"It seems difficult to understand," he added, "why governments would interrupt what everyone acknowledges now to be a lucrative intelligence-gathering tool."

Staff writers Dana Priest and Karen DeYoung contributed to this report.

<       2

© 2010 The Washington Post Company