Weekly Intelligence Notes #32-03
15 August 2003

WIN 32-03 dtd 15 Aug 03

Weekly Intelligence Notes (WINs) are produced and edited by Roy Jonkers for non-profit educational uses by AFIO members and WIN subscribers. RADM (ret) Don Harvey contributes articles to selected WINs



[HTML version recipients - Click title to jump to story or section, Click Article Title to return to Contents] [This feature does not work for Plaintext Edition recipients. If you wish to change to HTML format, let us know at afio@afio.com. If you0 use AOL, you would need AOL version 6.0 or higher to receive HTML messages, and have that feature turned on. The feature also does not work for those who access their mail using webmail.]



          DCI Views On Iraq NIE 2002

          Intelligence Stops Potential Airline Disaster



          Chinese Intelligence Collection

          The Badger Spy



          Identity Theft Tornado

          Department of Homeland Security (DHS) Advisory



          A Death in Washington



          Center for Cryptologic History Symposium 2003

          Employment Exchange




DCI VIEWS ON IRAQ NIE 2002 -- DCI George Tenet recently provided his current perspective on the 2002 National Intelligence Estimate (NIE) on 'Iraq's Continuing Programs for Weapons of Mass Destruction,' in a letter to the Washington Post. It is provided verbatim because it is worth reading and to assist AFIO members with forming their opinions and furthering our educational mission. The letter follows:


"A great deal has been said and written about the 2002 National Intelligence Estimate (NIE). Much of this commentary has been misinformed, misleading, and just plain wrong. It is important to set the record straight. Let me make three points.


We stand by the judgments in the NIE.


The NIE demonstrates consistency in our judgments over many years and are based on a decade's worth of work. Intelligence is an iterative process and as new evidence becomes available we constantly reevaluate.


We encourage dissent and reflect it in alternative views.


We stand behind the judgments of the NIE's well as our analyses on Iraq's programs over the past decade. Those outside the process over the past ten years and many of those commenting today do not know, or are misrepresenting, the facts. We have a solid, well-analyzed and carefully written account in the NIE and the numerous products before it.


After David Kay and others finish their efforts-after we have exploited all the documents, people and sites in Iraq-we should and will stand back to professionally review where we are-but not before.


The history of our judgments on Iraq's weapons programs is clear and consistent. On biological weapons and missiles our data got stronger in recent year. We have had a solid historical foundation and new data that have allowed us to make judgments and attribute high confidence in specific areas. And we had numerous credible sources, including many who provided information after 1998. When inspectors were pushed out in 1998, we did not sit back. Rather, we significantly increased our collection efforts throughout the Intelligence Community. In other words, despite what many read in the media that the NIE is based on nothing-no sources, no understanding of complicated procurement networks, etc.-the fact is we made significant professional progress.


The National Intelligence Estimate remains the Intelligence Community's most authoritative product. The process by which we produce NIEs -- including the one on Iraqi weapons of mass destruction -- has been honed over nearly 30 years. It is a process that is designed to provide policymakers in both the executive and the legislative branches with our best judgments on the most crucial national security issues. This process is designed to produce coordinated judgments-but not to the exclusion of differing views or without exposing uncertainties. During coordination, agencies send representatives who are actively engaged and change NIE drafts to reflect better the views of the experts in their respective agencies. It is an open and vigorous process that allows for dissent to be registered by individual agencies in the final product. Indeed, alternative views are encouraged. Finally, the NIE is reviewed by the directors of US intelligence agencies composing the DCI-chaired National Foreign Intelligence Board, including in this case, CIA, DIA, INR, NSA, DoE, and NIMA. This rigorous NIE process has served this nation well.


Building upon ten years of analysis, intelligence reporting, and inspections that had to fight through Iraq's aggressive denial and deception efforts, including phony and incomplete data declarations to the UN and programs explicitly designed with built-in cover stories, the Intelligence Community prepared the NIE on Iraq's weapons of mass destruction. In it we judged that the entire body of information over that ten years made clear that Saddam had never abandoned his pursuit of weapons of mass destruction.


Nuclear program. Shortly after the Gulf war of 1990-91 the International Atomic Energy Agency and the US Intelligence Community were surprised at how much more advanced Iraq's program was prior to the war than had been judged previously. In fact, the IAEA's 1996 report indicated that Iraq could have completed its first nuclear device by as early as late 1992 had the program not been derailed by the Gulf war. Intelligence analysts reevaluated Iraq's nuclear program in 1994 and 1997 in light of the body of inspection revelations and seized documents and concluded that Iraq could have a nuclear weapon within a year of obtaining sufficient material, if unconstrained, would take five to seven years with foreign assistance to produce enough fissile material. Those judgments, to which all agencies agreed, have remained consistent for years.


The NIE points out that by 2002, all agencies assessed that Saddam did not yet have nuclear weapons or sufficient fissile material to make any, but never abandoned his nuclear weapons ambitions. Moreover, most agencies believed that Iraq's attempts to obtain high-strength aluminum tubes for centrifuge rotors, magnets, high-speed balancing machines, and machine tools, as well as Iraq's efforts to enhance it's cadre of weapons personnel and activities at several suspect nuclear sites indicated that Iraq was reconstituting its nuclear weapons program. Saddam's person interest in some of these efforts was also considered. DOE agreed that reconstitution was underway, but assessed that the tubes probably were not part of the program. INR assessed that Baghdad was pursuing at least a limited effort to acquire nuclear weapon-related capabilities, but not an integrated and comprehensive approach to acquire nuclear weapons; INR was not persuaded that the tubes were intended for the nuclear program. All other agencies, including DOE, assessed that Iraq probably would not have a weapon until 2007 to 2009, consistent with the decade-old judgment of Iraq needing five to seven years to develop a weapons-grade uranium enrichment capability if freed from constraints. These judgments and the six elements upon which the reconstitution judgment was based were agreed to by those agencies during coordination of the NIE and at the meeting of the heads of all the intelligence agencies before publication.


We note yet again that uranium acquisition was not part of this judgment. Despite all the focus in the media, it was not one of the six elements upon which the judgment was based. Why not? Because Iraq already had significant quantities of uranium.


Also, it is noteworthy that although DOE assessed that the tubes probably were not part of Iraq's nuclear program, DOE agreed that reconstitution was underway. Obviously, the tubes were not central to DOE's view on reconstitution.


Even though the tubes constituted only one of the six elements underpinning the other agencies' judgment on reconstitution, I will discuss it briefly. We need to point out that DOE is not the only agency that has experts on the issue. CIA has centrifuge and rocket experts. The National Ground Intelligence Center (NGIC) --the US military's center for analysis of foreign conventional weaponry-- has battlefield rocket experts. These experts, along with those from DOE, were involved in the NIE process and their views were recorded. All agencies agreed that the tubes could be used to build gas centrifuges for a uranium enrichment program, so we are talking about differences in agency views about intent.


CIA, DIA, and NSA believed the tubes were intended for that purpose.


DOE believed they probably were not part of the nuclear program and that conventional military uses were more plausible


INR was not persuaded that the tubes were intended for use as centrifuge rotors and considered artillery rockets as the most likely purpose.


NGIC believed that these tubes were poor choices for rocket motor bodies.


Not surprisingly, the Iraqis went to great lengths to mask their intentions across the board, including in their efforts to acquire tubes with increasingly higher sets of specifications. Thus, the fact that we had alternative views on the issue would be expected. But the NIE went to great lengths to spell out those views. Many reading these alternative views, however, almost certainly recalled how far Iraq had come in the early 1990s toward a nuclear weapon without our knowledge, making all the factors leading us to the reconstitution judgment more important.


Biological Weapons. All agencies of the Intelligence Community since 1995 have judged that Iraq retained biological weapons and that the BW program continued. In 1999 we assessed Iraq had revitalized its program. New intelligence acquired in 2000 provided compelling information about Iraq's ongoing offensive BW activities, describing construction of mobile BW agent production plants--reportedly designed to evade detection--with the potential to turn out several hundred tons of unconcentrated BW agent per year. Thus, it was not a new story in 2002 when all agencies judged in the NIE that Iraq had biological weapons--that it had some lethal and incapacitating BW agents--and was capable of quickly producing and weaponizing a variety of such agents, including anthrax. We judged that most of the key aspects of Iraq's offensive BW program were more advanced than before the Gulf war.


Chemical Weapons. As early as 1994, all agencies assessed that Iraq could begin limited production of chemical agents almost immediately after UN sanctions, inspections and monitoring efforts were ended. By 1997, the Intelligence Community judged that Iraq was protecting a breakout capability to produce more weapons and agent quickly. We further assessed in 1997, that within months Iraq could restart full-scale production of sarin and that pre-Desert Storm agent production levels--including production of VX--could be achieved in two to three years. And so it was not a surprising story when all agencies judged in the NIE in 2002 that Baghdad possessed chemical weapons, had begun renewed production of mustard, sarin, cyclosarin, and VX and probably had at least100 metric tons (MT) and possibly as much as 500 MT of CW agents, much of it added in the last year.


Delivery Systems. The Intelligence Community's assessment on the possibility of Iraq having a few covert Scuds has been consistent since at least 1995. As Iraq continued to develop its short-range missiles, we collected more data and by 1999 were able to begin determining that both missiles were capable of flying over 150 km. Also by 1999 we had noted that according to multiple sources, Iraq was conducting a high priority program to convert jet trainer aircraft to lethal UAVs, likely intended for delivering biological agents. Again, not a new story for the NIE to judge that Iraq maintained a small missile force and several development programs, including an UAV that could deliver a biological warfare agent.


In sum, the NIE on Iraqi weapons of mass destruction was the product of years of reporting and intelligence collection, analyzed by numerous experts in several different agencies. Our judgments have been consistent on this subject because the evidence has repeatedly pointed to continued Iraqi pursuit of WMD and efforts to conceal that pursuit from international scrutiny. Modifications of our judgments have reflected new evidence, much of which was acquired because of our intensified collection efforts. Thus, noting that Saddam had continued to pursue weapons of mass destruction was not startling. That he probably was hiding weapons was not new. That he would seek means to improve his capabilities using alternative-use cover stories would have been expected. That we would have alternative views is respected as part of the process. We stand by the soundness and integrity of our process, and no one outside the Intelligence Community told us what to say or not to say in this Estimate.


As with any other topic addressed in an NIE, the acquisition of further evidence may confirm some of our judgments while calling others into question. Operation Iraqi Freedom obviously has opened a major new opportunity for learning about the WMD activities of Saddam Hussayn's regime. We have no doubt, however, that the NIE was the most reasonable, well-grounded, and objective assessment of Iraq's WMD programs that was possible at the time it was produced." (George Tenet) (www.washingtonpost.com)


INTELLIGENCE STOPS POTENTIAL AIRLINE DISASTER -- In the ongoing unending war against the al-Qaeda terrorist threat, the intelligence community has scored a great many successes, including the capture or killing of 65% of the al-Qaeda leadership. The latest event of note is the arrest of a British national, a reputed arms dealer (albeit seemingly small-time and stupid), alleged to have planned to smuggle Russian IGLA-18 man-portable shoulder-fired anti-aircraft missiles, with a 4 to 5 lbs explosive warhead and infra-red homing capability, into the continental US. The man was caught in a Russian-British-US sting operation, in which the agents mentioned that they were interested in buying the missiles for shooting down an airliner 'as part of the Jihad,' and to inflict economic damage on the US. The sting began five months ago in Moscow, where Russian operatives provided the man with a dummy sample missile.

          Attempts to smuggle surface-to-air missiles into the US have been anticipated and feared since the Sept. 11, 2001, attacks. Testifying before Congress in February, DCI George Tenet said "Al Qaeda is also developing or refining new means of attack, including use of surface-to-air missiles…" They have indeed already done so abroad. In June 2002, a captured terrorist, Abu Huzifa, who led an al Qaeda cell in Saudi Arabia, told investigators he slipped through Saudi security around Prince Sultan Air Force Base with two shoulder-fired SA-7 anti-aircraft missiles. He fired at an American plane that was taking off, but his missile failed to "lock on." Frightened, he buried the second missile in the sand and ran away.

          In November 2002, two shoulder-fired antiaircraft missiles were fired at an Arkia Israeli Airlines passenger jet at Moi International Airport in Kenya. Investigators found a launcher for an SA-7 Strela, a Soviet-designed shoulder-fired antiaircraft missile and two missile casings in the Changamwe area of Mombasa, about a mile from the airport. The serial number on the launcher was from the same series as the launcher tube found in May 2002 near Prince Sultan Air Force base in Saudi Arabia.

          Such missiles are relatively easy to use, but without some training on the weapon, the hit/kill probability is greatly decreased. The IGLA warheads are small, but if the hit is made on an engine, could be lethal. Military aircraft undoubtedly possess countermeasures. Civil aircraft protection devices are probably under discussion. Meanwhile, make your airline reservation and chalk one up for the FBI, the Intelligence Community, and international anti-terrorist collaboration. (Jonkers) ABC 12 Aug 03 //B. Ross) (http://abcnews.go.com/sections/wnt/World/missile_arrest030812.html)





CHINESE INTELLIGENCE COLLECTION -- Chinese intelligence collection continues at a steady pace, as does US collection in China. The Defense Department's annual report to Congress on Chinese military power this year includes a relatively detailed account of one of Beijing's most recent acquisitions of American defense technology. The espionage allowed China's military to develop a version of the substance known as Terfenol-D, created by the Navy at the cost of millions of research dollars.  Terfenol-D is a high-tech material that changes shape in response to magnetic energy, and can be used in both sensors and mechanical devices.  Used by the Navy in an advanced sonar system, the material has applications for advanced aircraft and spacecraft.  Although unclassified, any sale of the technology is strictly controlled and requires an export license.

          Two Chinese students, one of whom attended Iowa State University where he worked closely with the DOE's Ames Lab and a second who studied at Penn State University, were apparently used by China's Defense Science and Technology Information Center to acquire the information.  One of the students has admitted sending the Terfenol-D data to the PRC.  US officials say "a small percentage" of the 50,000 Chinese students in the United States are involved in technology-gathering work for the PRC

          It is not known whether US counter-intelligence authorities have instituted a coherent program to ensure that US academic institutions engaged in advanced technology research, likely to be targeted by PRC Intelligence, are cautioned about, or discouraged, or forbidden, to allow Chinese students close association with sensitive technological innovations at the institution. (Harvey) (Washington Times 5 Aug '03, pg. 1 //B.  Gertz)


THE BADGER SPY -- Brian P. Regan, a former Air Force intelligence analyst and father of four from Bowie, MD, was convicted of attempted espionage and sentenced to life imprisonment last February.  He had been arrested in 2001 at Dulles Airport on his way to Switzerland with the addresses of European embassies for Iraq, Libya and other nations. He had earlier written to Hussein and Gaddafi offering to sell top-secret documents for $13 million in Swiss francs. Writing of his job at the NRO where he administered the Intelink Web site, he said, "I feel I deserve more than the pension I will receive for all the years of service."

          The remarkable aspect of attempted treason was the dedicated manner during 1997 to 2000 in which Regan went about procuring and hiding the documents, compartmented as well as top secret, in preparation for their sale.  A lengthy program with the spy's post-conviction cooperation to recover the secreted papers appears to have taken months to unearth the more than 20,000 pages buried in 19 separate locations.  Twelve locations were found in Pocahontas State Park in central Virginia with seven more dug up in Patapsco Valley State Park near Baltimore.  The FBI dig was delayed at times because Regan forgot the complex codes he used to record the locations of the buried packages; the FBI took about a month with Regan's help to break the codes, some of which had been buried in a toothbrush holder along Interstate 95 near Fredericksburg.  Wrapped in garbage bags, lightweight plastic or Tupperware, the caches of documents were buried 18 inches deep.

          The amazing volume of 20,000 pages of detailed information about US satellites, early warning systems and weapons of mass destruction raises the question of how they could be removed from a classified, secure installation without detection.  Punishment for those who allowed it to happen or preventive measures to avoid recurrence were not addressed in the news account.  Presumably CI authorities were aware of the spy's activities before his arrest, but it would appear likely the bulk of his stealing and burrowing occurred prior to his detection. (Harvey) (WashPost 31 Jul 03, page B1 //J. Markon)





IDENTITY THEFT TORNADO -- Individual privacy and personal identity face an unprecedented assault, with one survey suggesting that last year alone, 7 million consumers fell victim to identity theft. It's gotten so bad that federal authorities employ a word -- "phishing" -- to describe the practice by high-tech criminals of sending official-looking e-mails, ostensibly from EBay or some other company, to gull unsuspecting consumers into giving up data that make identity theft a breeze. At the same time, insurers, banks and investment firms are building huge databases and selling consumer information to the highest bidder. Be on guard!! (Jonkers) (http://www.latimes.com/news/opinion/)


DEPARTMENT OF HOMELAND SECURITY (DHS) ADVISORY -- The National Cyber Security Division (NCD) of the DHS / Information Analysis and Infrastructure Protection Directorate is issuing this advisory to heighten awareness of potential Internet disruptions beginning August 16, 2003.  An Internet worm dubbed "msblast", "lovesan", or "blaster" began spreading on August 11th that takes advantage of a recently announced vulnerability in computers running some versions of the Microsoft Windows operating system.  DHS addressed this issue in an advisory available at http://www.dhs.gov/interweb/assetlibrary/Advisory_Internet_Impact_MS2.PDF.

              NCD would like to highlight that this worm contains additional code which may cause infected computers to attempt repetitive connections to www.Windowsupdate.com (which is used as a starting point for users of Microsoft Windows operating systems for software updates), beginning just after midnight on the morning of August 16th. Other customers who attempt to use the site to update their Microsoft Windows operating systems on or after August 16th might experience slowness in response or inability to connect to the update site.

          The code in the worm instructs infected computers to repeatedly connect to that site beginning on the 16th of August.  Starting on January 1, 2004, the worm will switch to cyclic behavior in which it attacks the Microsoft web site from the 16th of each month to the end of the month.  Between the 1st and 15th of the month, infected computers may attempt to scan for other vulnerable systems in order to spread the worm.  The worm uses the clock in the infected computer to determine when to start and stop; therefore Microsoft may begin seeing attacks on the morning of the 15th due to time zone differences around the world.  This pattern of spreading from the 1st to the 15th and flooding Microsoft between the 16th and the end of the month may continue indefinitely.

          Details on which computers are vulnerable and instructions for cleaning infected computers are available at http://www.microsoft.com/security/incident/blast.asp. DHS encourages system administrators and computer owners to update antivirus software with the latest signatures available from their respective software vendor. In order to limit the spreading of the worm, DHS further suggests that Internet Service Providers and network administrators consider blocking TCP and UDP ports 69, 135, 139, 445, and 4444 for inbound connections unless absolutely needed for business or operational purposes.

          DHS encourages recipients of this Advisory to report information concerning suspicious or criminal activity to local law enforcement, local FBI's Joint Terrorism Task Force (in Washington, DC/Northern Virginia; (202) 278-2000) or the Homeland Security Operations Center (HSOC).  The HSOC may be contacted at: Phone: (202) 282-8101(Special Agent Gary Harter, Email:  gharter@leo.gov FBI Washington Field Office)


SPECIAL ADVISORY NOTE: This appears to be the first virus that attacks computers directly, rather than relying on users to open an e-mail attachment. It is expected to unleash a mass attack on a Microsoft site this weekend that could severely slow Internet traffic. The virus, or Internet worm, is called MSBlast.exe or Lovesan and takes control of a computer connected to the Internet. Rather than being spread through e-mail, it probes a computer for security flaws and then downloads itself onto that PC. The original version of the worm came with a message to Microsoft's co-founder and chairman: "Billy Gates why do you make this possible? Stop making money and fix your software."

          According to Internet security firm Symantec Corp., any Windows 2000, XP or NT computer that had not patched the security flaw could expect to be infected by the worm within 25 minutes of being connected to the Internet. More than 167,000 computers in North America had the worm by yesterday evening, and many more are expected to be infected. Windows XP users who are infected by the worm are typically given a 60-second notification that their computer is going to be shut down before the system crashes. You can get infected just by being Internet-connected. Consider a temporary off-switch! (Jonkers) (rthompson@nationalpost.com)





A DEATH IN WASHINGTON: BETRAYED BY THE PHILBY SPY RING - WALTER G. KRIVITSKY AND THE STALIN TERROR, by Gary Kern (with an introduction by Nigel West), Enigma Books, New York, July 2003, ISBN 1-929631-14-6. Soviet master spy Walter G. Krivitsky was a small, dapper and very nervous man, who played a major role in Soviet espionage in the 1920s and 1930s and knew many of the most important spies embedded in European nations. He was also the first key Soviet defector to warn the West early on about the Stalin regime. He became friends with Whittaker Chambers, encouraging him to come forward and thus precipitating the Alger Hiss case. Krivitsky provided the British with clues that would certainly have unmasked the Philby spy group, but following his debriefing in London he was found out by Anthony Blunt, who warned Moscow. Krivitsky also had published a damning account of the sins of the Soviet regime in 1939, "In Stalin's Secret Service." He made the Soviet death list.  Krivitsky told the New York Times, "If they ever try to prove that I took my own life, don't believe it." The Times used that quotation in a story when Krivitsky was found dead of a gunshot wound to the head in a locked hotel room in the Bellevue Hotel near Washington's Union Station on Feb. 10, 1941. Washington police, after a cursory walk-through, dismissed the death as a suicide, sent the body to the morgue, and allowed the room to be cleaned. Arthur Koestler, a refugee from the communist system, speaking for many skeptics of the seemingly mysterious death of Walter Krivitsky which was deemed a "suicide" said "There's an old OGPU saying 'Any fool can commit a murder, but it takes an artist to commit a natural death.'

          This book is not simply the final word on the Krivitsky mystery it is also a model of how exciting and thrilling true espionage history can be when events themselves are allowed to take over and be recounted by a master of the subject. The author, Gary Kern, spent ten years researching the book, and covers all original documents released by the British archives and the FBI in 2002-2003. It would appear to be a fascinating read. (Jonkers) (Unread, but based on recommendation by Joe Goulden, whose review, published in the Washington Times 10 August 03, will be included in the next edition of 'Intelligencer.')





CENTER FOR CRYPTOLOGIC HISTORY SYMPOSIUM 2003 will be conducted 30 and 31 October 2003 at the Maritime Institute in Linthicum, Maryland. For questions and registration, call 301 688 2336 (RJ)


EMPLOYMENT EXCHANGE -- Science Applications International Corporation (SAIC), a Fortune 500 company and AFIO corporate member, has a critical need to fill full time positions within the Intelligence Community. Those hired will be SAIC staff employees with full benefits.  Positions are in the Washington, DC area. Those interested in part-time employment (less than 32 hours/week) will receive equal consideration. Positions include: (1) Collection management Officers with at least five years experience writing, editing, and evaluating intelligence reports from human sources (HUMINT). Current TS/SCI clearances with full scope polygraph required. (2) HUMINT Operations Officers for the Intelligence Community working priority national security issues -- high value targets, WMD, counterterrorism, and counterintelligence. Current TS/SCI clearances with full scope polygraph required, and (3) Intelligence Analysts with military or civilian intelligence or law enforcement experience. Counterterrorism experience a plus.  Minimum three years total experience, bachelors degree, and current TOP SECRET clearance required.


Send resumes to:  Gil Kindelan (AFIO member), Business Area Manager for Operations and Analysis, National Intelligence Operation, 703-676-4804, kindelang@saic.com AND Seunghye Huggins, Senior Recruiter for the National Intelligence Operation, 703-676-5592, seunghye.b.huggins@saic.com.(RJ) 



WINs are protected by copyright laws and intellectual property laws, and may not be reproduced or re-sent without specific permission from the Producer. Opinions expressed in the WINs are solely those of the editor(s) or author(s) listed with each article. AFIO Members Support the AFIO Mission - sponsor new members! CHECK THE AFIO WEBSITE at www.afio.com for back issues of the WINs, information about AFIO, conference agenda and registrations materials, and membership applications and much more! (c) 2003, AFIO, 6723 Whittier Ave, Suite 303A, McLean, VA 22101. afio@afio.com; Voice: 703 790-0320; Fax: 703 790-0264