Sunday, October 23, 2011

Boomerang! Is the Pentagon Field-Testing 'Son of Stuxnet'?

When the cybersecurity firm Symantec announced they had discovered a sophisticated Trojan which shared many of the characteristics of the Stuxnet virus, I wondered: was the Pentagon and/or their Israeli partners in crime field-testing insidious new spyware?

According to researchers, the malicious program was dubbed "Duqu" because it creates files with the prefix "~DQ." It is a remote access Trojan (RAT) that "is essentially the precursor to a future Stuxnet-like attack." Mark that carefully.

In simple terms, a Trojan is malicious software that appears to perform a desirable function prior to its installation but in fact, steals information from users spoofed into installing it, oftentimes via viral email attachments.

In the hands of enterprising security agencies, or criminals (the two are functionally synonymous), Trojans are primarily deployed for data theft, industrial or financial espionage, keystroke logging (surveillance) or the capture of screenshots which may reveal proprietary information.

"The threat" Symantec averred, "was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered."

The malware, which began popping-up on the networks of several European firms, captured lists of running processes, account and domain information, network drives, user keystrokes and screenshots from active sessions and did so by using a valid, not a forged certificate, stolen from the Taipei-based firm, C-Media.

Whereas Stuxnet, believed to be a co-production of U.S. and Israeli cyber-saboteurs, was a weaponized virus programmed to destroy Iran's civilian nuclear power infrastructure by targeting centrifuges that enrich uranium, Duqu is a stealthy bit of spy kit that filches data from manufacturers who produce systems that control oil pipelines, water systems and other critical infrastructure.

Sergey Golovanov, a malware expert at Kaspersky Labs told Forbes that Duqu is "is likely the brainchild of a government security apparatus. And it's that government's best work yet."

Speaking from Moscow, Golovanov told Forbes in a telephone interview that "right now were are pretty sure that it is the next generation of Stuxnet."

"We are pretty sure that Duqu is a government cyber tool and are 70% sure it is coming from the same source as Stuxnet," Golovanov said.

"The victims' computer systems were infected several days ago. Whatever it is," Golovanov noted, "it is still in those systems, and still scanning for information. But what exactly it is scanning for, we don't know. It could be gathering internal information for encryption devices. We only know that it is data mining right now, but we don't know what kind of data and to what end it is collecting it."

Whom, pray tell, would have "access to Stuxnet source code"?

While no government has claimed ownership of Stuxnet, IT experts told Forbes "with 100% certainty it was a government agency who created it."

Suspects include cryptologists at the National Security Agency, or as is more likely given the outsourcing of intelligence work by the secret state, a combination of designers drawn from NSA, "black world" privateers from large defense firms along with specialists from Israel's cryptologic division, Unit 8200, operating from the Israeli nuclear weapons lab at the Dimona complex, as The New York Times disclosed.

Analyst George Smith noted: "Stuxnet was widely distributed to many computer security experts. Many of them do contract work for government agencies, labor that would perhaps require a variety of security clearances and which would involve doing what would be seen by others to be black hat in nature. When that happened all bets were off."

Smith averred, "once a thing is in world circulation it is not protected or proprietary property."

While one cannot demonstrably prove that Duqu is the product of one or another secret state satrapy, one can reasonably inquire: who has the means, motive and opportunity for launching this particular bit of nastiness into the wild?

"Duqu's purpose," Symantec researchers inform us, "is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party."

In other words, while Stuxnet was programmed to destroy industrial systems, Duqu is an espionage tool that will enable attackers "looking for information such as design documents that could help them mount a future attack on an industrial control facility."

Although it can be argued, as Smith does, that "source code for malware has never been secure," and "always becomes something coveted by many, often in direct proportion to its fame," it also can't be ruled out that military-intelligence agencies or corporate clones with more than a dog or two in the "cyberwar" hunt wouldn't be very interested in obtaining a Trojan that clips "industrial design" information from friend and foe alike.

Black Programs

The circulation of malicious code such as Duqu's is highly destabilizing. Considering that the U.S. Defense Department now considers computer sabotage originating in another country the equivalent to an act of war for which a military response is appropriate, the world is on dangerous new ground.

Speaking with MIT's Technology Review, Ronald Deibert, the director of Citizen Lab, a University of Toronto think tank that researches cyberwarfare, censorship and espionage, told the publication that "in the context of the militarization of cyberspace, policymakers around the world should be concerned."

Indeed, given the fact that it is the United States that is now the biggest proliferator in the so-called cyber "arms race," and that billions of dollars are being spent by Washington to secure such weapons, recent history is not encouraging.

With shades of 9/11, the anthrax mailings and the Iraq invasion as a backdrop, one cannot rule out that a provocative act assigned to an "official enemy" by ruling elites just might originate from inside the U.S. security complex itself and serve as a convenient pretext for some future war.

A hint of what the Pentagon is up to came in the form of a controlled leak to The Washington Post.

Last spring, we were informed that "the Pentagon has developed a list of cyber-weapons and -tools, including viruses that can sabotage an adversary's critical networks, to streamline how the United States engages in computer warfare."

The list of "approved weapons" or "fires" are indicative of the military's intention to integrate "cyberwar" capabilities into its overall military doctrine.

According to Ellen Nakashima, the "classified list of capabilities has been in use for several months and has been approved by other agencies, including the CIA."

The Post reported that the new "framework clarifies, for instance, that the military needs presidential authorization to penetrate a foreign computer network and leave a cyber-virus that can be activated later."

On the other hand, and here's where Duqu may enter the frame, the "military does not need such approval, however, to penetrate foreign networks for a variety of other activities. These include studying the cyber-capabilities of adversaries or examining how power plants or other networks operate."

Additionally, Nakashima wrote, Pentagon cyberwarriors "can also, without presidential authorization, leave beacons to mark spots for later targeting by viruses, the official said."

As part of Washington's on-going commitment to the rule of law and human rights, as the recent due process-free drone assassination of American citizen Anwar Al-Awlaki, followed by that of his teenage son and the revenge killing of former Libyan leader Muammar Qaddafi by--surprise!--Al Qaeda-linked militias funded by the CIA clearly demonstrate, the "use of any cyber-weapon would have to be proportional to the threat, not inflict undue collateral damage and avoid civilian casualties."

Try selling that to the more than 3,600 people killed or injured by CIA drone strikes, as Pakistan Body Count reported, since our Nobel laureate ascended to his Oval Office throne.

As George Mason University researchers Jerry Brito and Tate Watkins described in their recent paper, Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy, despite overheated "rhetoric of 'cyber doom' employed by proponents of increased federal intervention," there is a lack of "clear evidence of a serious threat that can be verified by the public."

However, as Brito and Watkins warned, "the United States may be witnessing a bout of threat inflation similar to that seen in the run-up to the Iraq War," one where "a cyber-industrial complex is emerging, much like the military-industrial complex of the Cold War. This complex may serve to not only supply cybersecurity solutions to the federal government, but to drum up demand for them as well."

A "demand" which will inevitably feed the production, proliferation and deployment of a host of viral attack tools (Stuxnet) and assorted spybots (Duqu) that can and will be used by America's shadow warriors and well-connected corporate spies seeking to get a leg-up on the competition.

While evidence of "a serious threat" may be lacking, and while proponents of increased "cybersecurity" spending advanced "no evidence ... that opponents have 'mapped vulnerabilities' and 'planned attacks'," Brito and Watkins noted there is growing evidence these are precisely the policies being pursued by Washington.

Why might that be the case?

As a declining imperialist Empire possessing formidable military and technological capabilities, researcher Stephen Graham has pointed out in Cities Under Siege: The New Military Urbanism, the United States has embarked on a multibillion dollar program "to militarize the world's global electronic infrastructures" with a stated aim to "gain access to, and control over, any and all networked computers, anywhere on Earth."

Graham writes that "the sorts of on-the-ground realities that result from attacks on ordinary civilian infrastructure are far from the abstract niceties portrayed in military theory."

Indeed, as "the experiences of Iraq and Gaza forcefully remind us," robotized drone attacks and already-existent cyberwar capabilities buried in CIA and Pentagon black programs demonstrate that "the euphemisms of theory distract from the hard fact that targeting essential infrastructure in highly urbanized societies kills the weak, the old and the ill just as surely as carpet bombing."

A Glimpse Inside the Complex

In the wake of the HBGary hack by Anonymous earlier this year, the secrecy-shredding web site Public Intelligence released a 2009 Defense Department contract proposal from the firm.

Among other things, it revealed that the Pentagon is standing-up offensive programs that "examine the architecture, engineering, functionality, interface and interoperability of Cyber Warfare systems, services and capabilities at the tactical, operational and strategic levels, to include all enabling technologies."

HBGary, and one can assume other juiced defense contractors, are planning "operations and requirements analysis, concept formulation and development, feasibility demonstrations and operational support."

"This will include," according to the leaked proposal, "efforts to analyze and engineer operational, functional and system requirements in order to establish national, theater and force level architecture and engineering plans, interface and systems specifications and definitions, implementation, including hardware acquisition for turnkey systems."

Indeed, the company will "perform analyses of existing and emerging Operational and Functional Requirements at the force, theater, Combatant Commands (COCOM) and national levels to support the formulation, development and assessment of doctrine, strategy, plans, concepts of operations, and tactics, techniques and procedures in order to provide the full spectrum of Cyber Warfare and enabling capabilities to the warfighter."

During the course of their analysis Symantec learned that Duqu "uses HTTP and HTTPS to communicate with a command-and-control (C&C) server that at the time of writing is still operational."

"The attackers were able to download additional executables through the C&C server, including an infostealer that can perform actions such as enumerating the network, recording keystrokes, and gathering system information. The information is logged to a lightly encrypted and compressed local file, which then must be exfiltrated out."

To where, and more importantly by whom was that information "exfiltrated" is of course, the $64,000 question.

A working hypothesis may be provided by additional documents published by Public Intelligence.

According to a cyberwar proposal to the Pentagon by General Dynamics and HBGary, "Project C" is described as a program for the development "of a software application targeting the Windows XP Operating System that, when executed, loads and enables a covert kernel-mode implant that will exfiltrate a file from disk (or other remotely called commands) over a connected serial port to a remote device."

We're informed that Project C's "primary objectives" was the design of an implant "that is clearly able to exfiltrate an on-disk file, opening of the CD tray, blinking of the keyboard lights, opening and deleting a file, and a memory buffer exfiltration over a connected serial line to a collection station."

"As part of the exploit delivery package," HBGary and General Dynamics told their prospective customers, presumably the NSA, that "a usermode trojan will assist in the loading of the implant, which will clearly demonstrate the full capability of the implant."

Duqu, according to Symantec researchers, "uses a custom C&C protocol, primarily downloading or uploading what appear to be JPG files. However, in addition to transferring dummy JPG files, additional data for exfiltration is encrypted and sent, and likewise received."

While we don't know which firms were involved in the design of Stuxnet and now, Duqu, we do know thanks to Anonymous that HBGary had a Stuxnet copy, shared it amongst themselves and quite plausibly, given what we've learned about Duqu, Stuxnet source code may have been related to the above-mentioned "Project C."

Kevin Haley, Symantec's director of product management told The Register that "the people behind Stuxnet are not done. They've continued to do different things. This was not a one-shot deal."

Sunday, October 16, 2011

Amid Calls for 'Less Democracy,' German Security Agencies Caught Planting Spyware on Private Computers

Revelations by the Chaos Computer Club (CCC) that German secret state agencies are installing spyware on personal computers capable of transforming a PC's webcam and microphone into a listening device, sparked outrage across the political spectrum.

It has since emerged that despite legal requirements that police do so only with a warrant and only if surveillance intercepts are used to prevent threats to "life, limb or liberty," authorities are not complying with strict limits laid down by Germany's Supreme Court.

And while these disclosures may have ignited a political firestorm in Berlin, they will come as no surprise to readers of Antifascist Calling.

Three years ago, I reported that Germany's foreign intelligence service, the Bundesnachrichtendienst or BND, was caught up in a major scandal after the whistleblowing web site WikiLeaks, published documents which revealed that the agency had extensively spied on, and even recruited, journalists for use in illicit intelligence operations.

Recalling the CIA's long-running Operation Mockingbird program that enrolled journalists as spies in what are now euphemistically called "influence operations," the covert manipulation of the domestic and foreign press according to WikiLeaks, showed "the extent to which the collaboration of journalists with intelligence agencies has become common and to what dimensions consent is manufactured in the interests of those involved."

BBC News reported that "Bavaria has admitted using the spyware, but claimed it had acted within the law." And Deutsche Welle disclosed that "several additional German states have admitted to deploying spyware," including "Baden-Württemberg, Brandenburg, Schleswig-Holstein and Lower Saxony," but like their counterparts in Bavaria, those officials also claimed they had operated "within the parameters of the law."

As I have written many times, the secret state is bound by their own set of "laws." Normal rules and procedures which are supposed to protect citizens from unwarranted government intrusions are deemed inoperative for reasons of "national security."

In the United States, constitutional protections designed to guarantee the right of citizens to protest, enjoy a modicum of privacy in their daily lives or, at the most basic level, have their day in court before being executed, have been overthrown by two successive administrations who assert the right to conduct the affairs of state in secret, according to a set of legal guidelines which are unreviewable by any court.

It would appear that similar moves are underway in Germany.

'Backdoor Functionality'

The Chaos Computer Club revealed in their analysis that when they reverse engineered the program, variously dubbed "0zapftis", "Bundestrojaner" or "R2D2," they discovered that the spyware "found in the wild" and "submitted to the CCC anonymously," can "not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the internet."

Club researchers learned that "the trojan's developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court. On the contrary, the design included functionality to clandestinely add more components over the network right from the start, making it a bridge-head to further infiltrate the computer."

"The government malware can," analysts noted, "unchecked by a judge, load extensions by remote control, to use the trojan for other functions, including but not limited to eavesdropping."

"This complete control over the infected PC, is open not just to the agency that put it there, but to everyone. It could even be used to upload falsified 'evidence' against the PC's owner, or to delete files, which puts the whole rationale for this method of investigation into question."

Their study also "revealed serious security holes that the trojan is tearing into infected systems. The screenshots and audio files it sends out are encrypted in an incompetent way, the commands from the control software to the trojan are even completely unencrypted. Neither the commands to the trojan nor its replies are authenticated or have their integrity protected."

"We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities," a CCC spokesperson commented. "The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'."

Nothing 'Magical' about this 'Lantern'

There are glaring similarities between the "R2D2" package deployed by German police and "Magic Lantern" software used by the FBI. As with Bureau spyware, the German program is a keystroke logging virus installed via a malicious email attachment or by exploiting operating system vulnerabilities.

When news of the FBI program first broke back in 2000, the Electronic Privacy Information Center (EPIC) obtained documents under a Freedom of Information Act request relating to the system, which were part of a suite of surveillance tools then called Carnivore.

At the time, EPIC revealed that the FBI "had developed an Internet monitoring system that would be installed at the facilities of an Internet Service Provider (ISP) and would monitor all traffic moving through that ISP."

Once a user is spoofed into installing the malicious Trojan, it is activated when PGP encryption is used to enhance email security. When switched on, the Trojan will log the PGP password which will then allow the agents to read the encrypted communications unbeknownst to the sender. Since its first iteration in the 1990s, such programs are exponentially more sophisticated and are now capable of scooping-up virtually everything a user stores on a computer or handset.

A 2007 exposé by Wired Magazine revealed that Magic Lantern's "computer and internet protocol address verifier" or CIPAV, "gathers a wide range of information, including the computer's IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer's registered owner and registered company name; the current logged-in user name and the last-visited URL."

And once that data was obtained, it was siphoned-off to the Bureau's technology laboratory in Quantico, Virginia via fiber optic splitter cables.

As whistleblower Babak Pasdar revealed in 2008, following earlier disclosures by AT&T whistleblower Mark Klein, Verizon, and other giant telecommunications firms, including AT&T, maintained a high-speed DS-3 digital line that handed the Bureau and other security agencies "unfettered" access to the carrier's wireless network, including billing records and customer data "transmitted wirelessly."

Just after the scandal broke, Wired Magazine disclosed that "two years before the Bavarian state in Germany began using a controversial spy tool to gather evidence from suspect computers, German authorities approached the Federal Bureau of Investigation to discuss a similar tool the U.S. law enforcement agency was using."

"Bavarian authorities," Wired reported, "began using their spyware in 2009. It's not known if that spyware is based on the FBI's, but in July 2007, German authorities contacted the FBI seeking information about its tool."

The FBI's assistant legal attache in Frankfurt "sent an email to Bureau colleagues on July 24, 2007, writing, 'I am embarrassed to be approaching you again with a request from the Germans ... but they now have asked us about CIPAV (Computer Internet Protocol Address Verifier) software, allegedly used by the Bu[reau]'."

The email uncovered by Wired was part of a huge cache of files obtained by the Electronic Frontier Foundation (EFF) in response to their 2007 Freedom of Information Act request for data on CIPAV.

In the years since those disclosures, secret state surveillance is more pervasive than ever and and now includes the "lawful interception" of GPS locational data streamed automatically to their manufacturers or hosting services by smart phones.

It appears that German secret state officials are playing a similar game. According to Der Spiegel, at least two agencies, the Bundeskriminalamt, or BKA, the federal crime investigation agency equivalent to the FBI, and some 16 Landeskriminalamt or LKAs, regional investigative bureaus, may have deployed the malware during wide-ranging investigations unrelated to terrorism.

Following Chaos Computer Club revelations, it is clear that German authorities have been caught red-handed violating a landmark decision by the Supreme Court. "The court," Der Spiegel noted, "specified that online spying was only permissible if there was concrete evidence of danger to individuals or society."

In a follow-up piece, Der Spiegel disclosed that the firm DigiTask was the spyware's developer. Along with hundreds of similar firms, DigiTask is a niche security outfit that develops applications for the so-called "lawful interception" market.

In 2008, WikiLeaks released two documents concerning "interception technology for Skype and SSL in Bavaria, Germany. The first document is a communication by the Bavarian Ministry of Justice to the prosecutors office, relating to cost distribution for the interception licenses between police and prosecution. The second document allegedly presents the offer made by Digitask, the German company developing the technology, and holds information on pricing and license model, high-level technology descriptions and other detail."

According to the WikiLeaks analysis, the DigiTask offer "introduces a basic description of the cryptographic workings of Skype, and concludes that new systems are needed to spy on Skype calls."

We were informed in that letter that German police were interested in standing-up a "Skype Capture Unit."

"In a nutshell: malware is installed onto a target machine, to intercept Skype Voice and Chat. Another feature introduced is a recording proxy, that is not part of the offer, yet would allow for anonymous proxying of recorded information to a target recording station. Access to the recording station is possible via a multimedia streaming client, supposedly offering real-time interception."

"Another part of the offer," WikiLeaks noted, was related to "an interception method for SSL based communication, working on the same principle of establishing a man-in-the-middle attack on the key material on the client machine. According to the offer, this method works for Internet Explorer and Firefox web browsers. Digitask also recommends using overseas proxy servers, to cover the tracks of all activities."

As it turns out those proxy servers were conveniently located in the United States. This raises the distinct possibility that information captured by German secret state officials is also being shared with "partner agencies" of their close NATO ally, the CIA, FBI and NSA.

This was confirmed by CCC's analysis of R2D2's code. "To avoid the location of the command and control server, all data is redirected through a rented dedicated server in a data center in the USA. The control of this malware is only partially within the borders of its jurisdiction."

"Considering the incompetent encryption and the missing digital signatures on the command channel, this poses an unacceptable and incalculable risk. It also poses the question how a citizen is supposed to get their right of legal redress in the case the wiretapping data get lost outside Germany, or the command channel is misused."

The short answer is, they can't.

Aside from lining the pockets of DigiTask shareholders, there are more sinister uses for the malware. As the World Socialist Web Site noted "the remote-control function could be used to load and execute malicious software, and to plant bogus digital evidence on the computer, which can then be detected if the computer was seized. A suspect would have no way of proving that this had happened."

This would certainly be a convenient way to "neutralize" a troublesome politician, journalist or over-eager anticorporate campaigner.

'Less Democracy'

Following similar efforts in the United States, evidence that police are illegally spying on German citizens using sophisticated malware developed for the government are neither benign nor accidental events.

As a recent article in German Foreign Policy disclosed, leading voices in Europe's largest state are "pleading for a transition toward 'less democracy'." A recent book, published under the title, Dare Less Democracy, claims that the "voice of the people" and the "'emancipatory Zeitgeist, putting everything into question,' has a too 'paralyzing influence" on current governance'."

"The author," the critical online leftist magazine observes, "demands to 'correct the system' for 'more efficient policy making.' These 'corrections' must include the dismantlement of democratic participation."

Author Laszlo Trankovits, the bureau chief of the Deutsche Presse Agentur in South Africa, who had previously worked for the agency in Washington "as its White House correspondent," explained "it should never be suggested that a 'democratic society can do away with inequality and establish social justice'."

"Trankovits," German Foreign Policy notes, is "a member of the elitist Rotary-Club." He demands that "the elite clearly 'commits itself to capitalism and profit,' and that 'intelligent forms of public relations' be used to communicate policy measures to the population. However, the demand for more 'transparency' is 'counterproductive and paralyzing' for any 'governance efficiency' and must be rejected."

That drivel such as this was penned by a journalist for Germany's leading news agency, to whit, that the media should serve as a propaganda mouthpiece for casino capitalist interests, is one more sign that democratic norms, already seriously eroded in the West, are now being rapidly jettisoned by our political masters.

With the global capitalist system on the verge of a repeat performance of the 2008 meltdown, and with a worldwide resurgence of opposition to the one-sided costs of saving a system of financial plunder borne by the working class, elite calls for "less democracy" are warning signs that stern measures, including blanket surveillance and naked police violence, are in the offing.

Sunday, October 9, 2011

Dead Men Tell No Tales: The CIA, 9/11 and the Awlaki Assassination

On September 30, the CIA and Joint Special Operations Command (JSOC) assets under the Agency's control, assassinated the alleged "external operations" chief of the Afghan-Arab database of disposable Western intelligence assets, also known as Al-Qaeda, Anwar al-Awlaki, and a second American citizen, Samir Khan, the 25-year-old editor of Inspire magazine, in a drone strike in Yemen.

As The Washington Post reported last month, the "commingling" of CIA officers, JSOC paramilitary troops and contractors "occupy an expanding netherworld between intelligence and military operations" where "congressional intelligence and armed services committees rarely get a comprehensive view."

Or any "view" at all, which is precisely what the CIA and Pentagon have long desired; an oversight-free zone where American policymakers operate, as Dick Cheney infamously put it, on the "dark side," a position fully-embraced by the "hope and change" administration of Barack Obama.

Awlaki's state-sponsored killing, like the May 2 murder of Osama Bin Laden in Abbottabad, Pakistan, resurface many unanswered questions concerning the 9/11 attacks, the so-called trigger for America's global "War on Terror."

But before turning to those issues, it is necessary to take a detour and examine administration actions; specifically the deliberations undertaken by Obama's national security team which culminated in Awlaki's death.

White House "Death Panel"

Unlike the fantasies of the corporate-controlled Tea Party who charged during the run-up to the White House sell-out of health care reform that the administration would create "death panels" to deny care to the elderly, it has since emerged that Team Obama has stood-up the authentic article.

According to The Washington Post, President Obama's Justice Department "wrote a secret memorandum authorizing the lethal targeting" of Awlaki. The Post reports that the memorandum "was produced following a review of the legal issues raised by striking a U.S. citizen and involved senior lawyers from across the administration. There was no dissent about the legality of killing Aulaqi."

That memorandum, according to The New York Times, was drafted in June 2010, some six months after Awlaki had been placed on the White House hit list, by Office of Legal Counsel attorneys "David Barron and Martin Lederman."

Both former OLC lawyers are prominent "liberals" from prestigious universities; Barron at Harvard and Lederman at Georgetown University.

Ironically enough, in several scholarly articles they had railed against the previous administration's adaptation of the "Unitary Executive Theory" promulgated by "torture memo" authors Jay Bybee and John Yoo.

Under Bush, OLC opinions were used to justify everything from warrantless wiretapping, the domestic deployment of the military to arrest Americans, to the torture and indefinite detention of "terrorist" suspects at the Guantánamo Bay prison gulag and CIA "black sites."

This of course begs the question: if Awlaki's murder was "legal," why then was the authorization to do so reached in camera by officials following a deliberative process which can't be shared with the public because of "national security"?

The answer should be chilling and shocking to all Americans: because the nucleus of a death squad state recalling those stood-up in Chile and Argentina during the "dirty war" period of the 1970s may now exist.

Reuters disclosed that Americans "are placed on a kill or capture list by a secretive panel of senior government officials, which then informs the president of its decisions, according to officials."

"There is no public record of the operations or decisions of the panel," reporter Mark Hosenball wrote, "which is a subset of the White House's National Security Council. ... Neither is there any law establishing its existence or setting out the rules by which it is supposed to operate."

According to Reuters, "targeting recommendations are drawn up by a committee of mid-level National Security Council and agency officials. Their recommendations are then sent to the panel of NSC 'principals,' meaning Cabinet secretaries and intelligence unit chiefs, for approval."

A "former official" told Hosenball that "one of the reasons for making senior officials principally responsible for nominating Americans for the target list was to 'protect' the president," i.e., provide Obama legal cover under the thin veneer afforded by "plausible deniability."

McClatchy News reported that "broadly speaking" White House orders to kill Awlaki were based on claims that "the nation's inherent right of self-defense [is] recognized under international law." However, "international law also imposes limits: Targeted killing is banned except to protect against 'concrete, specific and imminent' danger."

And although the administration now claims that Awlaki was targeted for death because "his role in AQAP had gone 'from inspirational to operational'," Reuters disclosed that "officials acknowledge that some of the intelligence purporting to show Awlaki's hands-on role in plotting attacks was patchy."

In fact, the White House has failed to provide any proof whatsoever that Awlaki posed an "imminent danger" to the United States, although there is considerable evidence that he was on the radar of U.S. and allied secret state intelligence agencies for more than a decade, had close ties to several of the 9/11 hijackers and could have been picked up and indicted at any time.

Instead, federal law enforcement officials gave Awlaki a green light to leave the United States, unlike thousands of innocent Muslim-Americans swept-up and detained by the FBI in the post-9/11 hysteria that followed the attacks.

A "former military intelligence officer who worked with special operations troops to hunt down high-value terrorism targets," told the right-wing Washington Times: "I think it's pretty easy to understand why they didn't take him alive. Would you want to deal with the hassle of trying to put him on trial, an American citizen that has gotten so much press for being the target of a CIA kill order? That would be a nightmare. The ACLU would be crawling all over the Justice Department for due process in an American court."

That about sums up the dominant mindset of an Empire in sharp decline: the rule of law and due process for criminal suspects reduced to a "hassle."

Slouching Towards Dictatorship

Obama's national security team justified whacking Awlaki, as with their earlier hit on Osama Bin Laden, by referencing the Bush-era Authorization for Use of Military Force (AUMF), hastily passed by Congress in the wake of the 9/11 attacks.

"A decade later," McClatchy reported, "the Obama administration contends that this wartime authority remains even if it's evolved for reasons the administration won't fully elucidate."

The relevant section of AUFM reads: "IN GENERAL -- That the President is authorized to use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks that occurred on September 11, 2001, or harbored such organizations or persons, in order to prevent any future acts of international terrorism against the United States by such nations, organizations or persons." (emphasis added)

Readers will undoubtedly note that in passing the resolution, Congress not only ceded its authority to declare war to the Executive Branch but also planted the seeds of the administration's preemptive war doctrines along with an unprecedented expansion of its domestic surveillance powers.

More pertinently, is the reason why the administration "won't fully elucidate" how the Bush-era AUMF "evolved" chiefly due to the fact that secret annexes now exist which authorize the killing of Americans, not only in Yemen or other "War on Terror" fronts, but right here in the United States itself?

After all, it's not beyond the Obama administration to play fast and loose with the truth or hide repressive policies under layers of top secret presidential "findings" or a multitude of CIA and Pentagon black programs, as did the previous Bush government.

Recall that during the run-up to the reauthorization of three expiring provisions of the USA Patriot Act, civil libertarians decried the use of secret legal memos justifying everything from unchecked access to internet and telephone records to the deployment of government-sanctioned malware on private computers during "national security" investigations.

Recall too, that the Obama administration, as The New York Times disclosed in June, handed the FBI "significant new powers to its roughly 14,000 agents, allowing them more leeway to search databases, go through household trash or use surveillance teams to scrutinize the lives of people who have attracted their attention."

These "news rules," the Times averred, will give agents "more latitude" to investigate citizens even when there is no evidence they have exhibited "signs of criminal or terrorist activity."

It gets worse.

Last month, The New York Times revealed that the FBI "is permitted to include people on the government's terrorist watch list even if they have been acquitted of terrorism-related offenses or the charges are dropped."

Under these new standards, the Bureau may deem someone a "known or suspected terrorist," not based on evidence gathered through a criminal investigation, but solely if officials have "particularized derogatory information," including that derived from First Amendment protected activities, to support to support an individuals' watch listing or placement on a "no-fly" list.

One administration wag, speaking on condition of anonymity because to do otherwise would reveal "closely held deliberations within the administration," but did so anyway because this was clearly a sanctioned leak to stenographer Peter Finn, told The Washington Post that "what constitutes due process in [the Awlaki case] is a due process in war."

"The administration officials refused to disclose the exact legal analysis used to authorize targeting Aulaqi," Finn wrote, "or how they considered any Fifth Amendment right to due process."

We now know, thanks to Reuters, that authorization came from a White House death panel, an extra-constitutional committee of anonymous officials operating outside the rule of law.

As we have seen since Barack Obama took office, as under the previous Bush government, the Constitution is a meaningless scrap of paper with some words on it, duly trotted out on national holidays only to be cast aside in practice; that is, when it isn't used as a rhetorical hammer against assorted "new Hitlers" or geopolitical rivals whose resources corporate America seek to "liberate."

Dead Men Tell No Tales

As toxic to democratic norms and the rule of law as the Awlaki affair clearly is, there are underlying parapolitical themes surrounding his murder which strengthen suspicions that what took place in Yemen on September 30 is more than just another story about an overt power grab by the Executive Branch.

While the government and media continue to cover-up the role played by the CIA and other secret state agencies in alleged intelligence "failures" leading up to the 9/11 attacks, evidence suggests that the Awlaki killing, as with last May's murder of former bête noire and on-again, off-again ally, Osama Bin Laden, may have been a "clean-up" operation designed to remove inconvenient witnesses with knowledge of Agency involvement in the plot.

As Antifascist Calling reported nearly two years ago in the wake of the aborted 2009 bombing of Northwest Airlines Flight 253 on Christmas Day over Detroit, a plot for which Awlaki was accused of orchestrating, though evidence can't be supplied because it's "secret," The Washington Post disclosed that Awlaki had extensive contacts with 9/11 hijackers Nawaf Alhazmi, Khalid Almihdhar and Hani Hanjour who "had spent time at his mosques in California and Falls Church."

In a series of 2010 articles (here, here, here and here), I reported on the stark parallels between September 11 and the Flight 253 affair.

And as with the 2001 attacks we were told "changed everything," far from being a failure to "connect the dots," intelligence and law enforcement officials possessed sufficient information that should have prevented accused bomber, Umar Farouk Abdulmutallab, from boarding that plane and placing the lives of nearly 300 air passengers at risk.

And wile Awlaki wasn't given a free pass by the administration in that botched attack, earlier government failures to apprehend him certainly set the stage.

According to History Commons, "shortly before the [FBI] investigation [into Awlaki's alleged ties to the now-shuttered Holy Land Foundation] is closed," in 2000, Awlaki "is beginning to associate with hijackers Nawaf Alhazmi and Khalid Almihdhar shortly before the investigation ends."

"For instance," History Commons avers, "on February 4, one month before the FBI investigation is closed, al-Awlaki talks on the telephone four times with hijacker associate [and suspected Saudi intelligence agent] Omar al-Bayoumi."

"The 9/11 Commission will later speculate that these calls are related to Alhazmi and Almihdhar, since al-Bayoumi is helping them that day, and that Alhazmi or Almihdhar may even have been using al-Bayoumi's phone at the time. Al-Bayoumi had also been the subject of an FBI counterterrorism investigation in 1999."

Keep in mind that at least two of the hijackers, Nawaf Alhazmi and Khalid Almihdhar, figure prominently in recent revelations by researcher Kevin Fenton, the author of Disconnecting the Dots.

In a recent conversation with Boiling Frogs Post's Sibel Edmonds and Peter B. Collins, Fenton said that during the course of his investigation, drawn from the Congressional 9/11 Joint Inquiry, the 9/11 Commission, the Justice Department's Inspector General's report, and the CIA's still-redacted Inspector General's report, he discovered that the CIA had deliberately withheld information from the FBI that the future hijackers had entered the United States with multiple entry visas issued in Jeddah, Saudi Arabia.

Even though the Agency had identified the pair as international terrorists who attended a 2000 Al-Qaeda summit in Malaysia where they and others, including Khalid Shaikh Mohammed and Khallad Bin Attash, one of the principle architects of the 1998 U.S. Embassy bombings in Kenya and Tanzania, planned the assault on the USS Cole and the 9/11 attacks, they kept this from the FBI, information that could have led straight to the heart of Al-Qaeda's "planes operation."

Fenton provides substantial evidence that the CIA's Alec Station Director Richard Blee and deputy, Tom Wilshire, concealed intelligence from investigators, concluding this "information was intentionally omitted in order to allow an al-Qaeda attack to go forward against the United States."

As part of this continuing cover-up, Awlaki's ties to the 9/11 hijackers were far more extensive than secret state officials have led us to believe.

In fact, although the Obama administration has justified killing Awlaki with false claims that he was AQAP's "external operations" chief, his role before 9/11 was substantially more significant from an investigatory perspective: that of a "fixer," first in San Diego where he assisted Saudi spook Omar al-Bayoumi in "settling" Alhazmi and Almihdhar, and later in Falls Church, Virginia, where he did the same for Hani Hanjour.

In 2002, Newsweek revealed that "some federal investigators suspect that al-Bayoumi could have been an advance man for the 9-11 hijackers, sent by Al Qaeda to assist the plot that ultimately claimed 3,000 lives."

"Two months after al-Bayoumi began aiding Alhazmi and Almihdhar," Newsweek disclosed, "al-Bayoumi's wife began receiving regular stipends, often monthly and usually around $2,000, totaling tens of thousands of dollars.

Payments arrived "in the form of cashier's checks, purchased from Washington's Riggs Bank by Princess Haifa bint Faisal, the daughter of the late King Faisal and wife of Prince Bandar, the Saudi envoy who is a prominent Washington figure and personal friend of the Bush family."

With startling similarities to the Awlaki case, ten days after the attacks, al-Bayoumi is picked up by British authorities in London, where he had relocated in July 2001, at the request of the FBI. Although his phone calls, bank accounts and associations are scrutinized, the Bureau claim they found no connections to terrorism.

The Washington Post will report that by 2002 the FBI had concluded, the same year Awlaki leaves the U.S., "that no evidence could be found of any organized domestic effort to aid the hijackers."

Recall that new information linking some members of the Saudi royal family and its intelligence apparatus to the attacks has recently surfaced. Last month, The Miami Herald revealed that two weeks before the kamikaze assaults on the World Trade Center and the Pentagon, a Saudi family "abruptly vacated their luxury home near Sarasota, leaving a brand new car in the driveway, a refrigerator full of food, fruit on the counter--and an open safe in a master bedroom."

Investigative reporters Anthony Summers and Dan Christensen learned that "law enforcement agents not only discovered the home was visited by vehicles used by the hijackers, but phone calls were linked between the home and those who carried out the death flights--including leader Mohamed Atta--in discoveries never before revealed to the public."

"Ten years after the deadliest attack of terrorism on U.S. soil," Summers and Christensen wrote, "new information has emerged that shows the FBI found troubling ties between the hijackers and residents in the upscale community in southwest Florida, but the investigation wasn't reported to Congress or mentioned in the 9/11 Commission Report."

In a follow-up piece that significantly advanced the story, researcher Russ Baker reported on the WhoWhatWhy web site "that those alleged confederates were closely tied to influential members of the Saudi ruling elite."

Building on information first disclosed by the Herald, Baker, the author of Family of Secrets, reports that this "now-revealed link" between those who consorted with the hijackers in Florida "and the highest ranks of the Saudi establishment, reopens questions about the White House's controversial approval for multiple charter flights allowing Saudi nationals to depart the U.S., beginning about 48 hours after the attacks, without the passengers being interviewed by law enforcement--despite the identification of the majority of the hijackers as Saudis."

Is there a pattern between the hands-off treatment afforded well-connected Saudis and Anwar al-Awlaki's casual, and inexplicable, flight from the United States?

"After 9/11" History Commons points out, "the FBI will question al-Awlaki, and he will admit to meeting with Alhazmi several times, but say he does not remember what they discussed. He will not claim to remember Almihdhar at all." Other accounts suggest that the relationship was much closer.

"The 9/11 Congressional Inquiry," History Commons avers, "claim that Alhazmi and Almihdhar 'were closely affiliated with [al-Awlaki] who reportedly served as their spiritual adviser during their time in San Diego. ... Several persons informed the FBI after September 11 that this imam had closed-door meetings in San Diego with Almihdhar, Alhazmi, and another individual, whom al-Bayoumi had asked to help the hijackers'."

"Around August 2000," History Commons reports, "al-Awlaki resigns as imam and travels to unknown 'various countries.' In early 2001, he will be appointed the imam to a much larger mosque in Falls Church, Virginia. During this time frame, Alhazmi, Almihdhar, and fellow hijacker Hani Hanjour will move to Virginia and attend al-Awlaki's mosque there."

Anecdotally, in 2003 Newsweek reports: "Lincoln Higgie, an antiques dealer who lived across the street from the mosque where Aulaqi used to lead prayer, told Newsweek that he distinctly recalls the imam knocking on his door in the first week of August 2001 to tell him he was leaving for Kuwait. 'He came over before he left and told me that something very big was going to happen, and that he had to be out of the country when it happened,' recalls Higgie."

The antiques dealer later told The New York Times, that when he learned that Awlaki would be permanently leaving San Diego, "he told the imam to stop by if he was ever in the area--and got a strange response." Higgie said, "'I don't think you'll be seeing me. I won't be coming back to San Diego again. Later on you'll find out why'."

Although the FBI suspected Awlaki "had some connection with the 9/11 plot," authorities claim there wasn't enough evidence to charge him, nor can he be deported because he's an American citizen. And when the Bureau hatched an ill-conceived plan to arrest him on an obscure charge of "transporting prostitutes across state lines," that plan collapsed when Awlaki left the U.S. in March 2002.

"But on October 10, 2002," History Commons reports, "he makes a surprise return to the U.S." Although his name is on a terrorist watch list and he is detained by Customs' officials when he lands in New York, they are informed by the FBI that "his name was taken off the watch list just the day before. He is released after only three hours."

"Throughout 2002," History Commons informs us, Awlaki is the "subject of an active Customs investigation into money laundering called Operation Greenquest, but he is not arrested for this either, or for the earlier contemplated prostitution charges. At the time, the FBI is fighting Greenquest, and Customs officials will later accuse the FBI of sabotaging Greenquest investigations."

Awlaki again leaves the U.S., this time for good. Although the FBI admits they were "very interested" in Awlaki, they fail to stop him leaving the country. One FBI source told U.S. News and World Report, "We don't know how he got out."

Inexplicably however, it was not until 2008 that secret state officials concluded that Awlaki was an Al-Qaeda operative! This beggars belief, and raises the question as to why he was allowed to leave in the first place. It certainly can't be for lack of evidence or that when Awlaki set-up shop, first in London and finally in Yemen, he is continually under surveillance by British, Yemeni and American intelligence agencies.

Although interviewed four times by the FBI after September 11, the Bureau concluded, according to The New York Times, that Awlaki's "contacts with the hijackers and other radicals were random."

Other investigators however, disagreed. "One detective," the Times reported, whose name has been scrubbed from 9/11 Commission files, told staff that he believed Awlaki "was at the center of the 9/11 story." At the time of the Flight 253 affair, I wrote that "despite, or possibly because of these dubious connections he was allowed to leave the country."

In fact, the curious disinterest exhibited by authorities in bringing Awlaki to ground following September 11, were neither "errors in judgement" nor "mistakes" by overtaxed investigators but are rather, a modus operandi which suggests that Awlaki and others were part of a CIA domestic operation which allowed the 9/11 plot to go forward.

• • •

Nothing in what I have written above should be construed as justification for the extrajudicial assassination of Anwar al-Awlaki. In fact, the opposite conclusion can be drawn. The available evidence indicates that Awlaki could have been arrested multiple times. At the least serious end of the criminal justice spectrum he could have been charged with providing "material support to a designated foreign terrorist organization," to whit, Al-Qaeda, and legally taken out of circulation.

That he wasn't and continued to operate freely as a propagandist, despite substantial corroboration from multiple law enforcement sources that he was a key figure in the pre-9/11 domestic support network, suggests that Awlaki may have been a double agent, albeit one who had decidedly gone "off the reservation."

Awlaki's handling by authorities raise serious questions about just how extensive U.S. support for Al-Qaeda was prior to, and possibly even after the September 11 attacks, particularly in resource-rich global hot-spots.

As numerous journalists and researchers have painstakingly documented, Al-Qaeda, allied terrorist outfits and international narco-trafficking networks have a long, sordid history of supporting U.S. covert operations that targeted America's geopolitical rivals even as Bin Laden's far-flung organization plotted to attack the United States itself.

In this light, Awlaki's "targeted killing" as with the earlier hit on Osama Bin Laden, may be part of a larger CIA/Pentagon operation to remove inconvenient participants and witnesses from the scene who might have a thing or two to say about the crimes and intrigues hatched by the imperialist Empire.

After all, dead men tell no tales...