Prior to anonymous leakers from inside the U.S. federal government spilling their guts to the Washington Post, New York Times, and Wall Street Journal this week, here’s what the public knew about the intelligence behind the laptop ban initially announced by U.S. authorities on 21 March 2017. (All links containing these pieces of information are listed at the end of this section.)
The public knew that the intelligence related to both ISIS and Al-Qaeda; namely, Al-Qaeda in the Arabian Peninsula, which operates principally in Yemen.
The specific concerns about the use of laptops came from intelligence that the groups were involved in the following:
- Developing explosives undetectable to airport scanners
- Loading those undetectable explosives into laptops
- Testing the explosives using actual airport scanners to which they had gained access (ISIS is specifically said to be doing this)
The current and real nature of the laptop-explosive threat was demonstrated by attacks and attempted attacks that had already taken place. Both Al-Qaeda and ISIS were implicated in those attacks, which included:
- The in-flight bombing attack, claimed by ISIS, on a Russian Metrojet aircraft over the Sinai Peninsula in October 2015
- An attack by Somali group Al-Shabaab (linked to AQAP) on a Daallo Airlines flight to Djibouti in February 2016
- An attempt to smuggle explosives in a printer onto another Somali aircraft in March 2016, with a tactical profile like the attack on the Russian aircraft, and probable links to Al-Shabaab/AQAP
The public knew that intel on both ISIS and Al-Qaeda was involved, due to disclosures from intelligence officials in March 2017. When the laptop ban was first announced, some U.S. officials connected it with intel gained from the Yemen raid by U.S. special forces on 29 January 2017. Statements from the unnamed officials were mixed, with some saying that the intel was about ISIS, and specifically not about AQAP. However, as analyst Thomas Joscelyn said at the time (and I concur), it is feasible and likely that it was both.
Beyond that, Joscelyn had done publicly available analysis placing the bomb-plotters of both ISIS and Al-Qaeda in Syria (as well as in Yemen, in the case of AQAP). (See his Politico/FDD post “What’s Really Behind Trump’s Laptop Ban,” from 22 March 2017, below.)
The Al-Qaeda link providing the strongest clue to the location of its bomb plotters in Syria is the so-called “Khorasan Group,” which the Obama administration named and began bombing in 2014.
CENTCOM briefed the Khorasan Group to the public in these terms at the time:
Khorasan Group is a term used to refer to a network of Nusrah Front and al-Qaida core extremists who share a history of training operatives, facilitating fighters and money, and planning attacks against U.S. and Western targets, Centcom officials explained. The strikes were not in response to the Nusrah Front’s clashes with the Syrian moderate opposition, they added, and did not target the Nusrah Front as a whole.
Rather, officials said, they were directed at the Khorasan Group, which is taking advantage of the Syrian conflict to advance attacks against Western interests and whose focus is not on overthrowing the Assad regime or helping the Syrian people.
Attacking Khorasan Group targets came with special explanations from the U.S. because of their location, generally in the area between Aleppo and Idlib in northwestern Syria. Attacks on the Khorasan Group, per se, continued through at least April 2016.
Russian operations have dominated that part of Syria since the Russians deployed forces there in the fall of 2015, and U.S. attacks there have been relatively few. When the Al-Nusra Front transitioned to a renamed, follow-on organization, some of the leadership of the Khorasan Group was absorbed into the larger — growing — Al-Qaeda “army” in Idlib. (More below.)
Joscelyn makes this important connection in his 22 March article:
The Khorasan Group included jihadists from around the globe, including men trained by AQAP’s most senior bomb maker, a Saudi known as Ibrahim al Asiri. U.S. officials have fingered al Asiri as the chief designer of especially devious explosive devices. Al Asiri has survived multiple attempts to kill him. But even if the U.S. did catch up with al Asiri tomorrow, his expertise would live on. Some of his deputies have trained still others in Syria.
The features of the laptop-threat intel thus filter the likely nexus of the plotting and training threat down to the Khorasan Group (and whoever has been in contact with it). That said, as mentioned above, the Al-Qaeda core group it represented is now being subsumed in the larger “Al-Qaeda army” in Syria, which would be infused with the expertise of the Khorasan Group, and which Joscelyn puts at about 10,000 men.
The Islamic State gets all the headlines, but Al-Qaeda has quietly built its largest guerrilla army ever in Syria, with upwards of 10,000 or more men under its direct command. The group formerly known as Jabhat al Nusra merged with four other organizations to form Hay’at Tahrir al Sham (“Assembly for the Liberation of Syria”) in January. Brett McGurk, the special presidential envoy for the anti-ISIS coalition, told the Senate Foreign Relations Committee months earlier, in June 2016, that Nusra was already Al-Qaeda’s “largest formal affiliate in history” with “direct ties” to Zawahiri.
When the vice president of Iraq expressed concerns in mid-April 2017 that the leaders of ISIS and Al-Qaeda – Abu Bakr al-Baghdadi and Ayman al-Zawahiri – were in talks to rejoin forces (after their split in the 2012-14 timeframe), the AQ army in Syria was one of the chief concerns for the U.S. and our coalition.
Location-wise, ISIS has little presence now in Idlib Province, which remains the base for the consolidated post-Nusra Al-Qaeda forces. Although that area is one candidate for the geographic origin of the laptop-threat intel, some others may be more likely.
One is Quneitra, directly opposite the Golan, where ISIS continues to hold territory adjacent to territory held by Jabhat Fatah al-Sham (i.e., the former Al-Nusra, or Al-Qaeda affiliate). Other possibilities are in ISIS’s core territory in eastern Syria, including Raqqa and Palmyra, which have (formerly) well-equipped airports near them. Iraq is doubtful, since ISIS’s energies there are absorbed more in local fighting than in plotting against the West. (It’s unlikely that airport scanners are being used for testing in Iraq, or that such activity is a priority. That testing is most likely to be taking place in Syria — or possibly Libya, where ISIS has held commercial airport locations on the coast long enough to abscond with scanners from them.)
So: testing undetectable explosives, in hand-carried electronic devices, on purloined airport scanners. Parties involved: ISIS and Al-Qaeda. Probable nexus of expertise: trainees of Al-Qaeda’s top bomb-maker in the Khorasan Group, and the successors it has seeded. Which the U.S. has been bombing in Idlib Province in northwestern Syria since 2014. Given the Al-Qaeda-ISIS link in the plot’s features, locations where the groups are in contact are likely sources of the intel.
That said, however, some relevant types of intel can come from knowledgeable sources anywhere (i.e., proximity to the activity involved is not necessary at the time of collection. Human knowledge is). The intel about cooperation and expertise-sharing for a plot could come from ISIS core territory (as was intimated by the media), even without a significant, cooperative presence of Al-Qaeda there.
Some Russians may be reading this, so I’m not going to draw you a map. If I did, they might figure out where the intel came from. (Remember, they could have done these same searches six weeks ago — not that they necessarily needed to — and narrowed down where to look for intel assets that could be passing information to the United States. That’s what intelligence services do.)
But keep in mind what the Russians didn’t know from open source information, until unnamed U.S. officials leaked the information to the media. They didn’t know that any key portion of this widely available information came from Israeli sources.
President Trump didn’t tell anyone that, according to H.R. McMaster — who, let us recall, was heralded by the MSM on his appointment as a tower of integrity, and “the only grown-up in the room” among our top White House national security officials. Based on McMaster’s statements, we can be confident that the president didn’t discuss anything at the level of detail I’ve assembled here, just from searching the web.
The anonymous leakers told the Russians the Israelis were involved, by disclosing that to the media. (Continued below)
https://archive.org/details/WRC_20170323_080000_Early_Today – (Scroll right to the 4:19 AM mark)
Al-Nusra follow-ons/Khorasan Group
AQ-ISIS rejoining forces
Syria factions map
Some perspective, please
This little intelligence-gathering exercise should provide some clarity on the whole matter. It didn’t take any special disclosures or leaks at all, to alert the Russians to features of this laptop threat that narrow down the likely source of the intel to a handful of locations in Syria. Direct knowledge that ISIS was testing laptop-bombs in real airport scanners strongly suggests a human intelligence source.
Not only are the Russians not stupid; they’ve been squatting on the western side of Syria, with some of their most advanced C4I assets in tow, for years now. They’ve had a joint intel center with Iran and Iraq in Baghdad for nearly two of those years. They know from ISIS, Al-Qaeda, and the Al-Nusra follow-ons. They know about the connecting bridge of the Khorasan Group. (They certainly know what Israeli intelligence is capable of, for that matter. But without the felonious disclosure of Israeli intel sourcing by anonymous U.S. officials, the Russians might well have gone to their graves never having that piece of the picture.)
This is the perspective you need, to assess the overheated media onslaught about damage to U.S-Israeli intelligence sharing. There’s been plenty of it, rolled out as if on a stage-manager’s cue; most speculative, very little verifiably sourced to experts who can actually speak with authority. (See, for example, Sheera Frenkel’s insistent piece at Buzz Feed. Frenkel has an unfortunate history of sourcing problems, especially when it comes to Israel.)
The Israel Project, by contrast, spoke on Wednesday with a top former Israeli intelligence official who was willing to go on the record with them. Retired Brig. Gen. Amnon Sofrin, who headed Mossad’s intelligence directorate, was confident that the intelligence-sharing relationship Israel has with us is too strong to be derailed by this incident.
“The cooperation between the two organizations is so solid that I don’t believe that such an event will cause any big damage,” Sofrin said… “It may cause a small damage or a local one, but not a disaster.”
Sofrin also expressed doubts whether the news story would affect overall relations between Israel and the United States.
“No, I don’t believe that this will affect, because the bigger, the larger, or the wider picture I think is more important than such a local event,” he said.
We can be thankful for that. Sofrin also observed that national leaders do have the discretion to share intelligence, in situations where their subordinates would not have the authority to. He cautioned, wisely, that leaders should ask their aides about the sensitivity of information before sharing it. But don’t forget: we have no credible testimony that Trump shared anything sensitive with the Russians.
We only know for certain that anonymous U.S. officials gave the media sensitive information about Israel.
Like many people, I still have all the same reservations I’ve always had about Donald Trump. What I won’t stand for is being railroaded by the media into taking a lie as an agreed premise – or basing government policy on it, in a rush of hysteria and mob fury. And a lie is what the whole “Trump revealed sensitive intel” narrative is, at this point.
* No sources or methods were harmed in composing this blog post.