The ease with which Turkish authorities uncovered the plot by officials linked to Saudi intelligence services to murder Jamal Khashoggi should come as little surprise, according to a half dozen current and former law enforcement or intelligence officials, because of multiple technological advances over the last decade.
“Faces can’t be hidden anymore and once [they’re] seen [on camera] it’s more and more often the case they’ll never be forgotten, because it’s all just easily stored and accessed data now,” said one current counterintelligence official for a NATO country who agreed to speak anonymously and then only in general terms about the technology now available to law enforcement and intelligence services.
Within hours of dissident Saudi journalist Khashoggi’s disappearance and apparent murder inside the Saudi Consulate in Istanbul, Turkish law enforcement and intelligence officials were able to determine that Khashoggi never left the building as the Saudis had claimed and were able to identify up to 15 members of the team that entered Turkey just hours before or shortly after Khashoggi’s arrival at the consulate. Within a day of those faces and potential identities being broadcast, open-source researchers using commercial software were able to link at least five of the men to key positions in the kingdom’s security services.
“The Saudis are just the latest to deal with a reality that the Russians and Israelis have been forced to address in recent history: You can’t really send people into countries to do stuff without official cover,” the official said. “In the case of the Russians, sure they can send two guys to deliver nerve agents against an enemy, but this isn’t the ’70s — those guys will have left something of an official trail somewhere, and particularly with the UK but increasingly the rest of the world, they’re going to be caught or identified relatively quickly.”
Sources in Europe, the Middle East, and the United States agreed with this assessment, each noting that cheap and effective facial recognition systems that can search huge quantities of data — be it from recent digital sources or by scanning historical photos for matches — have created a nightmarish world for undercover operatives.
“We knew it was over when the Israelis were so easily caught in 2010 killing Mahmoud al-Mabhouh in a hotel room in Dubai,” a retired CIA agent who now consults on security in Dubai said, referring to the assassination of the logistics chief for Hamas. “Killing dudes isn’t like the movies: You often need a large team to do it right and get away with it. Well, 24 or whatever it was people all entering Dubai at the same time and going to the same places … fake passports aren’t a great help when the computers can determine your every movement in the last 24 hours or so.”
“Sending a 15-person kill team is not a good move unless you don’t care that they will be fairly easily identified and thus can never really travel again, let alone operate,” said a senior police official with London’s Metropolitan Police, referring to the members of the Khashoggi hit team who arrived in Turkey all within hours of one another.
“And I’m sorry to inform Hollywood producers, but the big heist is a thing of the past in many ways as well. Ask the Hatton Garden blokes,” he added.
The official was referring to the April 2015 robbery of a high-security safe deposit facility in London by a technologically sophisticated heist crew that used a long bank holiday weekend to drill their way into the vault and rob it without being noticed. It worked perfectly — until the license plate of an Audi the group used to surveil the facility pinged on closed-circuit video and was identified by a computer as suspicious.
“That car plate allowed us to roll up the crew because from there you can retroactively track cellphones, place members of the gang in various locations. What would be days or weeks of human eyeballs going over data looking for a yet unknown pattern can take minutes,” the official said.
Within a month of the robbery, initially billed in British newspapers as a triumphant whodunnit, the gang was identified, and by March of the next year seven men had been convicted, sentenced to years in prison, and ordered to repay 27.5 million British pounds. The exact amount stolen has never been determined with certainty because the safe deposit boxes’ contents were unknown prior to the robbery.
The case is similar for the two Russians accused of poisoning a Russian defector and his daughter with a nerve agent in Salisbury in early March. Within days, British investigators had the data on hand to identify the perpetrators, who had immediately left the UK for Russia after delivering the poison. They were later identified by the website Bellingcat from open sources as Russian military intelligence officers.
“The first days and weeks we used all the electronic data, phones and CCTV, to prevent more people from being exposed. At that stage the most critical issue was figuring out how they delivered it and whether there was an additional risk to the public, which turned out to be the case,” said the Met official. “But two Russian men spending just a couple of days and traveling the way they did back and forth from London for a very short and otherwise indefensible trip, that’s just not something one can do anymore.”
The ease with which the perpetrators were eventually identified may not have mattered to the Russians, said the former US intelligence official. “It’s quite possible the Russians don’t care about the initial identification ’cause their guys were out and maybe their target and the message sent was worth it,” he said.
But the identification was not without cost. “That’s a lot of money and training invested in two guys you can never use for anything outside Russia again,” he added.
A member of a NATO counterterrorism agency with extensive experience in the Middle East described the clumsy manner in which the Saudis operated in Istanbul as completely baffling in light of how technologically advanced their own services are at home.
“Saudi Arabia is the most sophisticated police state I have ever seen. They’ve simply got everyone and everything locked down since they first faced a major al-Qaeda threat inside the kingdom in 2005,” said the official, who remains in the region undercover and cannot be named. “I suspect only China has more direct and advanced surveillance on its population every day, and frankly I’m not even sure they do.
“Setting aside the possibility there was a bug in the consulate, which also seems likely, the stupid manner they thought they could enter and leave the country and drive around in official vehicles makes no sense because they’d have to know that the Turks have literally the same technology they do. I’d also argue they knew they’d be caught, except the response was so idiotic and poorly planned I can’t imagine they expected any real scrutiny.”
The official said the Saudis’ efforts to cover their tracks would be almost comedic if the murder — Khashoggi allegedly was dismembered — weren’t so horrific.
“The so-called body double would make me laugh out loud except obviously a man was killed in a horrible way,” the official said. “Yes, disguises are still used in intelligence tradecraft but it’s for quick stuff: A bald man goes into a mall and reappears in the parking garage in a wig. He’s trying to drop direct surveillance and, frankly, as the Americans found in Moscow, even that doesn’t work so well these days because of cameras, cellphones, facial recognition. Social media is a great intelligence-gathering tool for us but it’s also a constant threat because it’s not as though we can hire only people who have never had a photograph taken or used Facebook.”
In May 2013, a suspected CIA case officer on official cover in Moscow was detained and expelled by Russian counterintelligence after being caught trying to recover a “dead drop” of information. That the officer was wearing a wig and had another in his possession at the time of his arrest was roundly mocked in the Russian media.
The undercover European counterterrorism official said that the last truly anonymous operator was Imad Mughniyeh, the former head of Lebanese Hezbollah’s military operations who was killed by a suspected Israeli–American operation in Damascus in 2008. So few public records or photos existed of him before his death that Hezbollah was able to argue he didn’t exist or was long retired.
In reality, according to multiple historical accounts, including books by Hezbollah scholar Nicholas Blanford and former CIA officer Bob Baer, Mughniyeh had the presence of mind in his late teens during Lebanon’s civil war to steal or destroy all official documents on his life before undertaking a slew of 1980s terror attacks.
“He just didn’t exist. It’s all top secret and I can’t get too much into it, but many, many countries thought they had photos of him that turned out to be someone else,” the European counterterror official said. “When he was finally killed after 30 years of hunting, a bunch of analysts had bad days when they realized they weren’t even looking for the correct guy. By the end, I suspect the Israelis and Americans — I’m not sure when they figured it out — were withholding the proper data to keep from spooking him.”