Authors: Matt Apuzzo,Adam Goldman
Tags: #Political Science, #Security (National & International), #Law Enforcement, #Intelligence & Espionage, #Terrorism, #True Crime, #Espionage
But nobody was more upset than Brenda Heck, the ITOS section chief for domestic operations. In the chain of command, there were Cummings and Heimbach at headquarters and McJunkin at Liberty
Crossing in northern Virginia. Heck came next. She had been on special assignment for the FBI in London in 2006, when authorities there unraveled a plot to detonate liquid explosives aboard transatlantic flights, so she was unnerved by the thought of an al-Qaeda operative driving into New York with a jug full of liquid.
Borelli had read the email. Not long after, he got a call from Bill Sweeney from the Counterterrorism Division. Sweeney worked for Heck, who had a reputation for driving her people hard. “I don’t give a shit what you think,” she’d snap. “I need to know what you know.” Sweeney was on the hook to get answers, but Borelli didn’t have any. Zazi’s whole plot seemed based on some kind of chemical mixture. With a big bottle of liquid in his car, somebody should have done something.
“Talk to New Jersey,” Borelli said, frustrated. They’d been in charge of the traffic stop.
Sweeney said they were already questioning the cop on the bridge to figure out exactly what he’d seen. Could he describe the jug? Could he draw it? Was it really a jug? Or was it more like a bottle that someone would buy to take to the gym or wash down a sandwich at the deli? Did it look like Zazi had been drinking out of it? In any event, now the water jug was in New York, and it had to be addressed. At that moment, Borelli was preoccupied with the apartment building at 144-67 Forty-first Avenue. This address wasn’t linked to any of Zazi’s known associates. It wasn’t in any of the biographical workups. The FBI had been operating under the assumption that if Zazi was part of a terrorist cell, the other members were Ahmedzay and Medunjanin. Neither had ties to this building.
When the surveillance team located Zazi in an apartment on the fifth floor, and it looked as though he wasn’t coming out anytime soon, Borelli told the surveillance team to send someone to peer inside the car. “Take a walk by,” he said. “See if we can find this bottle.” The car was empty. The surveillance guys had gotten a good look at Zazi when he’d parked. He hadn’t taken a jug with him into the apartment. Whatever the officer had seen on the bridge that afternoon, it wasn’t here.
Meanwhile, Borelli received more information. Five people lived at the apartment, all believed to be Pakistani or Afghans. It looked as though some, maybe all, were cabbies. It looked to the FBI like a flophouse.
The FBI watched Zazi’s ATM card purchases and listened to his phone calls as they happened. So they knew immediately when, from inside the apartment, Zazi bought a plane ticket back to Denver for Saturday, September 12. It made no sense. Why would he drive all the way across the country, stay for a day, and then buy a ticket home? Was the plane the target? Or was he planning to make a fast exit from the city after tomorrow?
Zazi didn’t appear again that night. He hid the scale and calculator in a closet, distancing himself from the last of his bomb-making materials. For the agents in the field, there was no more work to do. It was now up to the analysts to figure out everything they could about the five men living in the apartment. To the agents in the command center, that flophouse appeared to be a sleeper cell. Especially when the FBI determined that one of the men, Naiz Khan, had flown back from Pakistan the same day as Zazi on January 15, 2009, on a separate flight.
• • •
Despite the common misperception, 9/11 was not a failure of intelligence collection. All the signs of an impending attack had been there. The system was blinking red. Al-Qaeda’s plan succeeded because the United States did not understand what it was seeing. It was a failure of analysis.
Before 9/11, the FBI’s analytical ranks were a mess. The bureau had been designed to build criminal cases, not to predict attacks. Agents in Boston, Chicago, and Seattle might be working cases involving the same terrorist group. Nobody was in charge of combing the information and finding common threads. And nobody was reading CIA cables and NSA reports and seeing how they related to the FBI’s own investigations.
While the CIA’s analysts were trying to predict trends and assess risks, the FBI’s analysts were there to help the agents build cases—what’s known as tactical analysis. There was nobody to conduct
strategic analysis
, to help the bureau understand all that it had collected.
The analytical corps was a ragtag group, many of them former secretaries and support staff who were still responsible for emptying trash and answering phones. There was no formal training—which wasn’t surprising, because everyone knew that analysis was a dead-end job. There was no way up from the analytical ranks into senior management, which meant that agents with no analytical experience were in charge of supervising analysts.
The FBI had never completed a comprehensive analysis of the threat of international terrorism. Nobody saw the value in a written, structured report on the nation’s vulnerabilities. FBI agents relied on their experience and their guts to tell them what the threat was.
1
Even had they conducted such an analysis, it’s not clear how much it would’ve mattered. Back then, two out of every three analysts were not qualified to do their own jobs.
2
In the eight years since the attacks, the CIA had dispatched more spies around the world, the FBI had put more agents on the streets, and the NSA was listening to more phone calls and reading more emails than ever before. By 2009, the once-decentralized FBI had become one in which headquarters oversaw all terrorism investigations. The analytical corps had more than doubled. A new generation of graduates from top-flight universities arrived eager to serve after 9/11. They joined the holdovers from the pre-9/11 era, analysts who found a niche and managed to thrive in the new FBI.
The first analysis of Zazi’s travel records—the work that told the FBI that he had likely traveled with Medunjanin and Ahmedzay—had been carried out in Colorado under the supervision of an analyst named Laura Brady.
3
She had started as a secretary and on 9/11 was one of the few analysts with terrorism experience. Until then her focus was
domestic attacks by animal rights groups, homegrown radicals, and right-wing extremists. She’d worked the 1998 ecoterrorism investigation into the firebombing of the Vail Ski Resort.
Albert Banke had been in the FBI’s New York office for more than two decades. He’d started as a mechanic, fixing the bureau’s cars. Then, in the days when analysts came from all corners, Banke landed on the analytical desk. As it turned out, he had a talent for analyzing phone records. During the 1990s, when the FBI was taking on the Mafia, Banke used its members’ calls to paint a picture of a criminal organization.
A lifelong New Yorker, he sometimes carried a shop rag in his back pocket, as if to underscore his blue-collar roots. Banke and his team papered the command center walls with easel paper, using Zazi’s and Ahmedzay’s phone records to create a timeline of their relationships.
There were analysts at FBI headquarters in Washington working the Zazi case, too. In the early stages of the investigation, one of them had named the operation. Unlike CIA officers, whose operations receive randomly generated code names, FBI officials can label their cases whatever they wish. That led to puns like the marriage-fraud case “Knot So Fast” and the cigarette-trafficking probe “Secondhand Smoke.” The Washington analyst picked High Rise because Denver was the Mile High City.
4
The FBI can collect a staggering amount of information and, in terrorism cases, get it quickly. With an address, agents can obtain a list of everyone who lives there. With names, they can ferret out credit scores, financial histories, and account information at every bank and investment firm. That sort of information had always been available with a grand jury subpoena from the Justice Department. The 9/11 attacks, however, prompted Congress to pass the USA Patriot Act, which made it available with a different subpoena, called a national security letter.
As the name suggests, these were simply letters from the FBI ordering companies to provide information about its customers. Before 9/11, that power was limited to counterintelligence cases in which the
FBI was investigating people connected with foreign governments—basically, spies. The Patriot Act widely expanded its scope. No longer limited to banks, the bureau could now get information from pawnbrokers, casinos, travel agencies, dealers in precious jewels, car dealerships, title companies, or, as a final catch-all, any other business “whose cash transactions have a high degree of usefulness in criminal tax or regulatory matters.”
5
The FBI can get this information without the tedious review of Justice Department lawyers or a grand jury.
One of the first things the FBI did when investigating Zazi was to obtain a national security letter for his phone records and those of his friends and family. Once, an analyst like Banke might have had to retype these records to get them into Telephone Applications, the FBI’s proprietary database. Now they usually drop in neatly.
The owners of known phone numbers automatically show up. Because the FBI has so many records in its system, there are countless known phone numbers. That helps the analysts spot calls to terrorists but ignore the Friday night order to Sal’s Pizza—unless, that is, Sal’s Pizza has come up in another national security investigation. If that’s the case, the analysts will see an alert that there might be something more going on in the pizza shop.
The FBI can map financial transactions, looking for unusual wire transfers and signs of money laundering. Taken with the phone data, that can help the FBI visualize connections and create “communities of interest.”
A national security letter will get only records. To listen to a call or read an email inside the United States, the Justice Department must obtain a warrant from the Foreign Intelligence Surveillance Court, a highly classified panel in Washington that rarely allows information to become public. To get a warrant, the Justice Department needs only to show that the target of the surveillance is an agent of a foreign power, which can mean a country, a state-controlled entity such as a foreign airline or a news outlet, or an international terrorist group. The warrants
are authorized under the Foreign Intelligence Surveillance Act, and they’ve become known in the FBI simply as FISAs.
A FISA wiretap allows the bureau to listen to calls in real time. The conversations were fed into the FBI’s computers, allowing agents and analysts anywhere in the country to listen. For emails, however, a FISA warrant is like turning on a spigot. In an instant, every email sent, received, or archived comes pouring into the FBI’s computers. That can mean thousands, even tens of thousands of old messages. The government’s software can group them by subject, sender, keywords, or where they were sent and received. The software can detect patterns and unusual behavior to help decipher the trove of data.
The FBI office in Denver handled the FISAs on Zazi and his family. Medunjanin and Ahmedzay were done in New York. All the data were saved on a shared computer drive so analysts in Colorado, New York, and Washington could see it.
That’s merely a sliver of the data to which the FBI has access in the post-9/11 world. The FBI, CIA, NSA, and others operate on computer platforms that don’t talk to one another. That was a problem until a Silicon Valley start-up called Palantir Technologies pulled off what
Bloomberg Businessweek
called “one of the great computer science feats” of the post-9/11 era. Palantir figured out that the government’s computers didn’t need to talk to each other. They just needed to talk to Palantir.
Software from the privately held Silicon Valley company grabs data from around the government. It can quickly alert an FBI analyst that a single phone number among thousands in a case was used to call a number linked to someone in a second case who sent an email to someone identified as a terrorist financier in a third case. It can collate airline reservations, border crossings, passport applications, suspicious financial transactions, and emails. It’s why many in the FBI regard it as the biggest change in analytical software since 9/11.
6
It was an analytical revolution. And it took almost no time for the FBI to start abusing its new powers.
When the FBI needs toll records, it calls the phone company. But
after 9/11, agents were collecting so many that the FBI decided it made more sense to pay phone companies to place workers inside the FBI, alongside agents. AT&T, MCI, and Verizon employees became an arm of the government. They got FBI email addresses and FBI computers, and went to FBI happy hours and going-away parties. If the bureau needed phone records, agents could turn to the AT&T representative, hand over a national security letter, and get the data almost immediately.
The FBI then came up with an even faster way. In a pinch, rather than have to get approval for national security letters, the agents would give the phone companies documents known as “exigent letters,” which said, essentially, “This is an emergency. We’re working on getting you a subpoena or a national security letter, but give us the records in the meantime.” Even though it was never formally approved by the FBI and clearly violated Justice Department rules and federal law, the practice became commonplace.
Nobody was really sure what qualified as an exigent circumstance. Some thought it was a major case; others, a life-and-death situation. Still others thought it was any case in which the FBI brass clamored for information. The bureau collected information on thousands of phone records belonging to Americans that way.
When signing boilerplate exigent letters became too cumbersome, the agents used sticky notes, scrap paper, or phone calls to demand records. They were essentially IOUs: “Give us the phone records. We’ll get you the legal justification later.” Frequently, that justification never came. When a company employee raised concerns, an intelligence analyst responded that it was “not practical” to provide legal justification every time.
7