Dec 31 2009

A Smoking Gun Dot In President’s Report On Flight 253 Intel Failures

Smoking Gun II Update At End!

Very Important Updates Below!

Today we are gaining more and more clarity on the missteps that led up to a Nigerian Jihadist, who was armed with a powerful and sophisticated stealth bomb and trained by al Qaeda in Yemen, coming seconds away from inflicting a Christmas Day Massacre on Flight 253 over Detroit. And two things are becoming quickly apparent.

First is the glaring fact that news media is clueless about how things like intelligence gathering and the federal bureaucracy work. The root cause of this ignorance is because news reporters are inexperienced and unskilled spectators trying to grasp and convey these complex issues and actions to the public – and they do a terrible job of it. It is also due to the fact many of them are very much emotionally tied to this President as doe-eyed supporters (which is why you need political diversity on stories – not just in news rooms – to generate fair and balanced reporting). Biased and naive reporting seems to be the rule of thumb on this event.

The second aspect of this fiasco coming into focus is how the Obama administration changed the tone and pace of the war on terror. Toning down the ‘war on terror’ to a criminal investigation of ‘man-made-disasters’ has major impacts on our defenses. It fundamentally changes to nature of ‘the system’ which Homeland Security Secretary Napolitano infamously claimed had ‘worked’. Maybe it ‘worked’ as designed in its newer, lower key form. But it did not work in protecting this nation from attack.

It is not the tools, rules or processes that are at fault. It is the leadership and its tone about the task at hand. An easy analogy can be seen in sports. You can have the same team playing under the same rules but under different coaches and in one case they are mediocre – winning 50% of the time – but under another coach they can be undefeated. In the game of national defense you need to be undefeated.

History is also replete with examples where the attitude at the top initiated a pivotal individual effort on the front lines to save the day (recall the how the millennium bomber was discovered at our border). History is also replete with examples of horrible failures by leaders with good intentions but no common sense (Neville Chamberlain’s denial of Hitler as a world class danger comes to mind).

What we have seen in the Flight 253 bombing incident and in the Ft Hood massacre is how the Obama Team changed the system, and the repercussions of those changes. Those who blame Bush are only confirming this fact by their lame excuses and attempt at misdirection. Those claims are only valid IF team Obama did not make changes – and we know they did.

In a Washington Post story covering the details of the report President Obama is going to receive today (from the very people who have the answers to what went wrong, but will be covering their butts and unwilling to point fingers upward due to the career ending nature of such acts) we see more indications of how the same system under the leadership of President Bush was able to thwart attacks while it has now failed multiple times under President Obama.

As we shall see, dots were being collected but  were not being connected because the team (the system) was not working as a unit under inspiring leadership.

But first what we know from prior reporting, to set the stage:

  • There were intelligence reports from Yemen intercepts regarding the training of an unidentified Nigerian for a special mission.
  • Young Abdulmutallab was already flagged by the intel community when the UK revoked his visa for there.
  • Yemen knew Abdulmutallab was in their country as early as August
  • Abdulmutallab’s father was so worried about his son that he contacted the US embassy by phone initially, leading up to a face-to-face meeting in November with State Department officials (possibly CIA as well). This initiated reports down both chains to the National Counter Terrorism Center (NCTC) here in the DC area. Reports come into NCTC as they are built up, not just when they are completed as some reporting has alluded.

Which leads us to the new and disturbing details out today:

Intelligence intercepts from Yemen beginning in early August, when Abdulmutallab arrived in that country, contained “bits and pieces about where he was, what his plans were, what he was telling people his plans were,” …

He was being monitored early on – apparently by Yemen at the direction of the US or UK.

… as well as information about planning by the al-Qaeda branch in Yemen, a senior administration official said.

This is the unidentified Nigerian – who could be anyone to be fair. Who was watching these events unfold in Yemen? Apparently quite a few:

Agencies under particular scrutiny include the CIA, the National Security Agency — in charge of electronic intercepts — and the State Department.

Missing from this list is the NCTC, the Director of National Intelligence (DNI) and the National Security Council which briefs the President. More on that later.

Now here is where the naive reporter comes in and fails to connect the bureaucracy dots. Here are very interesting statements in the reporting presumably reviewed/modified by some administration sources (emphasis mine):

Each [agency] possessed pieces of the puzzle, none of which was considered overly worrisome or immediately actionable — absent the other piecesunder existing procedures. The National Counterterrorism Center, established after the attacks of Sept. 11, 2001, to connect the dots government-wide, did not do so.

Although electronic intercepts from Yemen indicated that an unnamed Nigerian was being groomed for an al-Qaeda mission, and other communications spoke of plans for a terrorist attack during Christmas, none of this information was flagged in a way that would have linked it to the father’s report.

This is completely ignorant. Of course none of the dots in isolation were a smoking gun – that is why we call it ‘connecting the dots’. This is what intelligence is all about, taking bits of incomplete data and pulling it together to see what is heading our way! Whoever this source is they clearly missed the whole point of intelligence gathering for national security. And this reporter just regurgitated the nonsense without a second thought. But as we shall see, there was a smoking gun dot.

The story unfolds some more:

Among the failures officials initially cited, no agency checked to find out whether Abdulmutallab had a valid visa to enter the United States after his father appeared at the U.S. Embassy in Nigeria last month expressing concerns about his disappearance and associations in Yemen. Although electronic intercepts from Yemen indicated that an unnamed Nigerian was being groomed for an al-Qaeda mission, and other communications spoke of plans for a terrorist attack during Christmas, none of this information was flagged in a way that would have linked it to the father’s report.

The State Department noted that its consular database listing all visa holders is available to all intelligence and federal law enforcement agencies.

“The presumption is that within the NCTC process, all information that is relevant to a case will be looked at, including the presence of a visa,” a State Department official said. In preliminary reports due for delivery to the president Thursday, the official said, State Department will now take responsibility for checking for visas under all names included in every terrorism-connected report it submits through interagency channels.

The presumption was that all available information would be looked at. That is how the system used to work. One member of the team relied on the other member to do their job the way they always have been. So what changed at NCTC that stopped a full background check of Abdulmutallab? Was it as this State Department source said – orders form the new Obama team to not profile Muslims:

This employee says that despite statements from the Obama Administration, such information was flagged and given higher priority during the Bush Administration, but that since the changeover “we are encouraged to not create the appearance that we are profiling or targeting Muslims.

Seems eerily similar to how the Major Hasan Counter Terrorism Task Force investigations were summarily shut down, allowing him to proceed with his jihadist massacre at Ft Hood. Did President Obama allow his liberal underlings like Attorney General Holder to begin dismantling the Bush safe guards under the cover of the secrecy veils that these efforts exist?

Is it a surprise both Hasan and Abdulmutallab were being monitored under the dreaded NSA-FISA fixes instituted by President Bush, leaked by the New York Times and despised by all rabid liberals? Just coincidence?

And yet there is more. Note again those NSA intercepts “from Yemen indicated that an unnamed Nigerian was being groomed for an al-Qaeda mission, and other communications spoke of plans for a terrorist attack during Christmas” that were not yet linked to Abdulmutallab. Well, that was the story yesterday:

One government source described intercepted “voice-to-voice communication” at some point during the fall between Abdulmutallab and extremist Yemeni American cleric Anwar al-Aulaqi indicating that Aulaqi “was in some way involved in facilitating this guy’s transportation or trip through Yemen. It could be training, a host of things. I don’t think we know for sure,” said the source, who like others who discussed the ongoing investigation did so on the condition of anonymity.

The smoking gun dot. Does not need a lot of connecting – even for a lay person. This reporter was given crystal clear evidence that someone was ignoring the dots and just regurgitates it like it is nothing. Yemeni American cleric Anwar al-Aulaqi is right up there with other top al Qaeda’s most wanted. He is the same cleric who was communicating with Major Hasan before he went jidahi at Ft Hood. He is a recruiter for the guys planning the Christmas attack in the other intercepts!

What happened here? What caused this failure to connect a Young Nigerian picked up on NSA taps talking to al-Aulaqi with the NSA intercepts talking about a Nigerian being trained for a Christmas attack in the US? If we had these kinds of dots prior to 9-11 we could have avoided the entire war on terror! What changed under the Obama administration that would stop these two dots from slamming together?

From the evidence I am seeing the trail leads to DC. Something changed in the NCTC which failed to check Abdulmutallab’s visa status once it started getting the State Department reports. Something also changed in NCTC that kept two very obvious dots from being connected – that being the intercepts of al Qaeda grooming a Nigerian for a Christmas Day attack and the intercept of Abdulmutallab talking directly to al Qaeda’s Yemen cleric al-Aulaqi.

I doubt the NCTC staff failed to make connections. Just like with Major Hasan, someone shut this down. Someone had to squelch the instincts and practice put in place during the Bush years. The State Department had no idea the NCTC was no longer being proactive and diligent with their leads. The NSA was probably in the same boat, assuming the obvious steps that had always been taken were still active.

And the NCTC is the pivot point for a new administration to begin making the liberal sea changes they wanted.

The Major Hasan case had some interesting timing. About the time a renewal for FIS court warrants would be required from the Department of Justice (assuming a December initial warrant based on NSA intercepts between Hasan and al-Aulaqi) the investigations were shut down on some lame excuse. This would be the first chance of AG Holder to implement his new vision of National Security.

It would be about 6-9 months after taking office that you would start to see major changes in policy in something like NCTC. It takes about that long to get everyone on board, squelch the resistance, etc. It is not inconceivable that changes made at NCTC (or above) could easily have set the stage for this disaster.

Investigations are warranted, and not by the politicians or the bureaucrats who need their butts covered. As the article notes, those filing these reports are the very ones whose jobs are now on the chopping block:

Speculation swirled through Congress and the administration Wednesday that Director of National Intelligence Dennis C. Blair might be forced to resign as a result of the Abdulmutallab case, along with Homeland Security Secretary Janet Napolitano.

The history of changes made to the system exists throughout the government records. We need a Flight 253 panel, just like the 9-11 Panel before it. Hundreds of Americans do not need to perish before we demand action and find out what happened here. We can do this proactively. If there is nothing to hide, then there should be no resistance to discovering this was not due to a change in leadership and focus of the system from a war on terror to investigating ‘man made disasters’ (like Global Warming).

Update: Here is the NY Times on the same story. To give them credit they lead with the bottom line:

The National Security Agency four months ago intercepted conversations among leaders of Al Qaeda in Yemen discussing a plot to use a Nigerian man for a coming terrorist attack, but American spy agencies later failed to combine the intercepts with other information that might have disrupted last week’s attempted airline bombing.

So, what changed in the dot combining efforts inside the NCTC? More journalistic ignorance:

The electronic intercepts were translated and disseminated across classified computer networks, government officials said on Wednesday, but analysts at the National Counterterrorism Center in Washington did not synthesize the eavesdropping intelligence with information gathered in November when the father of Umar Farouk Abdulmutallab, now accused of the attempted bombing, visited the United States Embassy in Nigeria to express concerns about his son’s radicalization.

Impossible. I am a command, control, communications and information (C3I) specialist and I can tell you analysts cannot ignore these dots. I do not have first hand experience with these systems, but it is not a challenge to extrapolate from other like systems in the government – at a minimum level.

That is because computers are doing the cross checking, connecting and retrieval of relevant data. The computer systen will key in on “Abdulmutallab”, “Niger”, “Yemen” and many other pieces of meta data associated with each intel ‘dot’. The only way to not connect the  dots is to override ‘the system’ and declare the system has produced results out of bounds.

There is a slight chance data entry missed some key data fields, but I seriously doubt it could miss all of them. When these flags came in they should have activated connections to previous reports and evidence automatically. Why do people think these command and control centers have all that CPU horsepower and displays? Just for email and solitaire?

The analysts probably confirms the system’s results and raises the importance of the result to higher ups. The human analyst works after the dot connecting stage has been done automatically.

Update: Here is a telling CYA statement in the NY Times article:

A White House review into the episode is finding that agencies were looking at information without adequately checking other available databases — not because they were reluctant to share, as was the case before Sept. 11, but out of oversight or human error, said a senior administration official familiar with the review.

Hmm. Wonder what this “oversight error” was that stopped the dots from connecting? And only humans perform ‘oversight’ in ‘the system’ – when it works or doesn’t work.

Update: There is no excuse for not pursuing this

The first sign of a threat came in August, when the National Security Agency, responsible for electronic eavesdropping around the world, intercepted the Qaeda conversations about the mysterious, unidentified Nigerian. That same month, Mr. Abdulmutallab arrived in Yemen and apparently soon began preparing for the Christmas Day attack.

If we missed this, then we are in serious danger. Start the investigations immediately.

Update: Who are these reporters and sources kidding? Check out these two paragraphs and tell me if they are coherent. First:

At the counterterrorism center, analysts looked at the cable from the embassy in Nigeria and deliberated over just how severe a threat Mr. Abdulmutallab presented. Sometime during that period, other information began flowing in that terrorist groups might be planning an attack around Christmas. But the intelligence analysts did not connect this to the story of Mr. Abdulmutallab.


Before a plane can take off for the United States, details on every passenger are forwarded electronically to the Department of Homeland Security. There is also an electronic summary of each passenger’s airline reservation — which in Mr. Abdulmutallab’s case would most likely have included the fact that his ticket had been bought with cash and that he had not checked any bags.

The Homeland Security Department, with this information, can request that a passenger like Mr. Abdulmutallab get extra scrutiny by airport officials before the plane takes off.

So if NCTC is provided a passenger’s name (or nationality, etc) their computers will disgorge all the data they have. But those same computers (not analysts) cannot connect a Nigerian in Yemen who talked to a Jihadist Cleric to a Nigerian in Yemen planning a Christmas attack?

This is not how it happened.

Smoking Gun II Update: CNN has provided two more pieces to the puzzle which prove my suspicions are dead on. First, the fact all these dots are actually connected via computer:

The information the father provided was just one of hundreds of reports, and often vague tips, coming in each day. Analysts from the CIA, FBI, Justice Department and other agencies are supposed to evaluate such tips side by side, running them through databases, comparing them with other clues agencies have gathered, and those still coming in. The purpose is to make sure the even seemingly insignificant dots get connected.

The NCTC has computer connections to State, CIA, FBI etc. They see their reports almost as they are being entered. Their databases are being updated constantly.

The other detail is devastating. Now we add to all the connections I noted above that would have easily been caught by 1990’s computer (Abdulmutallab, Yemen, Nigeria, al-Aulaqi) one more data item that clearly makes it impossible that the dots were never connected:

The U.S. also had intelligence that between August and October of this year, extremists in Yemen were talking about operations. Someone known as “the Nigerian” was mentioned, and they had a partial name — Umar Farouk.

As in Umar Farouk Abdulmutallab. No computer is going to miss that one. These dots had to be ignored by a human generated policy that overrides the output of the computer. Someone had to actively dismiss the evidence – no way that it was never connected. The computers could not miss connecting this data – unless they have been faulty for nearly 10 years now and never connected a single dot in all their years of operation and testing.

Not likely.

42 responses so far

42 Responses to “A Smoking Gun Dot In President’s Report On Flight 253 Intel Failures”

  1. thromnewton says:

    AJ: Great post. In the counterterrorism business, if there’s a smoking gun; you’ve failed. Happy New Year.

  2. AJStrata says:

    thanks Throm.

    In fact, if there is this much smoke you have to work hard to not let it set people’s hair on fire!

  3. kathie says:

    If the mission given to me by the President of the United States is that no more Americans will needlessly die on my watch I enter information and follow that information with a specific mindset. It must have been a tough 8 years for many in the intelligence community, all the way down the chain, to the lowest levels. My hunch is that Obama changed the mind set from the top down, now we have the consequences, it took only one year for that mind set to hit the lowest ranks. The system is only as good as those who enter data and pass it along the dots.

  4. dhunter says:

    “The root cause of this ignorance is because news reporters are inexperienced and unskilled spectators trying to grasp and convey these complex issues and actions to the public – and they do a terrible job of it. ”

    With all due repsect AJ,
    some of the false reporting or lack of reporting may be attributable to ignorance or laziness, but a far greater part is attributable to like idiology.
    The media who ignored Obamas past associations, showed no interest in his college grades, transcripts, publications or how he financed a high priced education, who ignore his 40+ ultra leftwing czars and incompetent political appointmernts, Holder, Nepolitano, are complicit and are “standing by their man” in not reporting the bad news to We The People.

    When the public is finally fed up and the liberal media blinders are finally no longer able to cover for this Lying Pinnochio and his corrupt Party , the media whores should swing by their necks from the corner lampposts right alongside their Political Pimps.

    If We Survive That Long!

    Happy New Year to You and Yours,
    may you all stay safe, secure and healthy! ‘

  5. AJStrata says:

    Dhunter, that was my second point!

  6. […] This post was mentioned on Twitter by Suhr Mesa, AJ Strata. AJ Strata said: new: A Smoking Gun Dot In President's Report On Flight 253 Intel Failures […]

  7. Mike M. says:

    I will mention that data fusion is always hard. Not only are you correlating data of different types from different sources, you usually cross bureaucratic lines. Which increases friction dramatically.

    Not that it’s an excuse…merely an argument for greater consolidation.

  8. […] Strata: Ever vigilant, has an extensive post up suggesting that the Christmas terror attack succeeded for reasons other than pure […]

  9. dhunter says:

    Yep we’re in trouble! Immanuel and Axeholerod are runnin the show while Pinnochio golfs and its’ all OK because Bush did it too. Well wait Bush didn’t do it but we’re still screwed. Stay away from crowds, tall buildings, airplanes and pray!

  10. Boghie says:


    A bureaucracy that ran fairly efficiently for a number of years is becoming less efficient.

    That is usually accomplished during mission adjustment, mission insignificance, and/or adding layers to the bureaucracy.

    It takes a while for a unit to fail. This one has failed.

    It takes strong leadership and time to grow a team. We will have to pray for strong leadership and hope for the best for quite some time.

  11. Paul from Boston says:

    But, but, but it’s just a matter of law enforcement and we’ll avoid these “man-caused-disasters.” Well, we’re seeing the results of law enforcement. Actually a particular brand of law enforcement that was epitomized by the liberal Democrats running the show in NYC in the 1980s. A woman could be gang-raped in broad daylight in Central Park and all we got were rationalizations and sympathy for the perps. It’s going to be tough to find a sympathetic angle for rich boy Abdulmutallab, but it’s only a matter of time before we find out his sister took his candy away when he was six.

    Law enforcement, a la, Rudy Guilianni I can accept.

  12. bobsunshine says:

    AJ; Great Post – I was looking over at Freerepublic and found an article from someone on the plane. He states that there was a Second guy taken away. Any thoughts on this??

  13. […] First, the government failed miserably as A.J. Strata demonstrates in a must-read piece. Here’s his conclusion: The NCTC has computer connections to State, CIA, FBI etc. They see their reports almost as they […]

  14. […] AJ at The StrataSphere provides another piece of the terrorism puzzle. Think about […]

  15. crosspatch says:

    One problem with information sharing is the problem we recently saw when the police in NYC were let in on the information concerning that Afghan guy from Colorado. Pretty soon there was a circus, it was in all the media, and they never did round everyone up that they were watching.

    The problem is that the more people you have “in the know” the more likely the information is going to leak.

    So there are two drivers of a reluctance to share too much. The first is that doing so might blow your investigation and you end up with nothing to show for it. Second is that there is a general fear of a “big brother” state and the notion that all of the resources of all of the agencies can be integrated leads to a fear that the government will know too much about us.

    And there is yet another problem when you have lots of “dots” that in hindsight can be connected because now you have the missing information that connects them all. So you hear that “a Nigerian” is being prepared for an attack. Do you know how many Nigerians come to America every day? Which one is it?

    Abdulmutallab’s visa had been flagged by the Brits, but is he just one of many people whose visa had been flagged? And that does still not indicate that he was “the one” being trained to take down a plane. So here you don’t have two dots. You have two GROUPS of dots; the set of people who are Nigerians attempting to come to the US over the course of an unknown period of time and the set of people whose visa’s had been flagged by the UK, and there is no guarantee that the person being trained is a person whose visa was flagged. So you don’t even know if those two sets intersect.

    Now enter a third set of people, people who have been or are in Yemen. So Yemen knew the guy was in the country. Are they required to report to the US every time someone crosses their border no matter what nationality they are? That is a dot that likely wasn’t even known about by us until after the event when we had a name and could make some inquiries.

    I am trying to point out that “connecting the dots” can be extremely difficult before hand yet they all fall into place afterward and seems so amazingly obvious. It is like a “dot to dot” picture with no numbers. After the event, the numbers suddenly appear as you then have a name and an end dot and can then trace them backwards. Then clues that might have made no sense before suddenly do make sense.

    One of the things I do in the course of my work is troubleshoot incredibly complex networks that are interconnections across continents. I often deal with problems that are similar in that a problem often starts with an intermittent problem report and the report might not be originating where the problem is. So someone in the UK reports a problem communicating with something in China but the problem goes away by the time I start looking into it. Then someone in Spain has a problem talking to something somewhere in the US and again the problem clears. Eventually it turns out that there is a router with a bad fan in Finland that is causing the problem. It would overheat and reboot. When it rebooted, it would cause other traffic to take different paths which caused them to become congested and result in problems but as soon as that other router finished rebooting, the problem would go away. And it only caused a problem when the traffic on the other circuits was a little higher than normal and the extra bit of traffic caused the links to become congested. In hindsight it all makes perfect sense but at the time there was indication that something was wrong but nothing that pointed to the Finland router until the problem became much worse. At that point is was possible to explain exactly why people in the UK were having a problem talking to China sometimes.

    Dots that appear very obvious in retrospect are not so obvious at the time, particularly when there isn’t one dot in each set but there are several sets of many dots that might or might not overlap.

    That said, there were some apparent screwups, such as not agreeing to install body scanners at Amsterdam airport. The problem gets worse when different agencies have different sets of dots. The extent to which you can share is often a matter of what their jurisdictions are.

    FBI can’t operate outside the US. CIA can’t operate inside the US. If they share information, Can CIA tell FBI about the guy BEFORE he enters the US? Even then, would it do any good? In the case of the 9/11 pilots, CIA informed FBI about their arrival in the US but the FBI did nothing with the information.

    Just saying that it is a lot more difficult than it looks before something happens and after the fact a lot of things that seem like they should have been obvious, aren’t.

  16. ivehadit says:

    Happy New Year to all! AJ, thanks again for this site and all your hard work.

    On to 2010!

  17. crosspatch says:

    More dots.

    Fruit of the Boom bomber attended Houston event of same group that the Ft. Hood shooter attended. Or something.

  18. sjreidhead says:

    Great job AJ!

    I still keep thinking, and have mentioned it in my father snarky and flippant posts at The Pink Flamingo (shameless plug) that I still think HotPants had help getting on those planes. To me none of this makes sense unless someone in Nigeria and Amsterdam helped him make it through security and get on board. I am probably way off base, but is anyone asking about the security personnel who are working at those locations?

    I think it is an old Sherlock Holmes thing – after you eliminate the possible, start thinking about the impossible.

    Keep up the good work.

    The Pink Flamingo

  19. Frogg1 says:

    DHS Subpoenas Two Journalists Who Published Leaked Airline Security Changes

    The Department of Homeland Security, which oversees the Transportation Security Administration, sent federal agents to the homes of two journalists and served them with subpoenas on Tuesday night to try to identify the source of a leak about aviation security changes imposed after the failed attempt on Christmas Day to blow up Northwest Flight 253.

    In separate visits, the DHS employees told Chris Elliott and Steve Frischling that their computers and all e-mail correspondence related to the leak of the security directive were being subpoenaed as part of an investigation into who leaked the document to them, which both journalists published on their Web sites.