NEW YORK — In the week leading up to the attack on Paris, which ISIS has claimed responsibility for, at least four different intelligence agencies warned French officials about a possible attack on “Western targets.”
“We know of three agencies who passed on these warnings — we were one of them,” said an Israeli diplomat, who acknowledged the intelligence they passed on did not include specific targets for an attack or a date. Jordanian officials told BuzzFeed News they had also sent France a warning, less than a week ago, while Iraqi and Turkish officials have said that they passed on more specific intelligence to French authorities.
“It is fair to say that France was warned,” said the Israeli diplomat, who spoke on condition of anonymity because he was not authorized to speak to the press. “But it is also safe to say France had been warned almost weekly for six months. That was what the chatter was telling us.”
That chatter is the focus of intelligence agencies this week, as they try to figure out what they missed in the months leading up to ISIS’s plan for a complex attack in Paris which left 129 people dead and over 350 wounded. Western intelligence agencies say it is clear there was an intelligence failure, but what is less clear is how to monitor a group like ISIS, which has become increasingly savvy about its online communications, encrypting messages and using a variety of platforms ranging from Tor — the browser helps mask location by bouncing it around a free, worldwide network — to the PlayStation gaming network, on which 110 million users regularly communicate, allowing militants to easily hide in plain sight.
Speaking from the G20 summit in Antalya, Turkey, President Obama said that the intelligence on hand before the Paris attacks was not specific enough to "allow for law enforcement or military actions to disrupt it."
"The concerns about potential ISIL attacks in the West have been there for over a year now. And they come through periodically. There were no specific mentions of this particular attack that would give us a sense of something that we need — that we could provide French authorities, for example, or act on ourselves," said Obama.
“ISIL, overall, has a very high level of awareness of operational security,” said a U.S. intelligence official who spoke to BuzzFeed News from Jordan, using the acronym for ISIS preferred by the United States. He could not be quoted on the record as he was not authorized to speak to the press. “We’ve seen militant groups before where maybe the highest echelon are encrypting everything, and only using secure networks. ISIL, at least from mid-2014 onwards, when they declared themselves a caliphate, has used every tool at their disposal to mask communications from the bottom up,” he said.
ISIS is hardly the first militant group to consider encryption technology: In papers captured during the U.S. raid on Osama bin Laden's compound a letter was found addressed to bin Laden from an individual identified as “brother Azmarai” which read, "We should be careful not to send big secrets by email. We should assume that the enemy can see these emails and [we should] only send through email information that can bring no harm if the enemy reads it. Computer science is not our science and we are not the ones who invented it.”
Those tools range from the most basic — using encrypted messaging platforms such as WhatsApp and Kik — to the more advanced use of gaming platforms to share messages between ISIS leadership in Iraq and Syria and cells awaiting orders in the West. U.S., Israeli, and Jordanian officials who spoke to BuzzFeed News over the weekend said they were aware of the methods and admitted that even though they had the ability to spy on some of that technology, it was like “looking for a needle in a haystack.”
The U.S. intelligence officer told BuzzFeed News that ISIS had shown a surprising flexibility to switch between platforms, recently adopting the privacy-centric Telegram app to set up challenges and deliver messages to over 10,000 followers. Telegram co-founder Pavel Durov recently told TechCrunch that the app is seeing 12 billion messages sent out daily via the platform. In his interview with Techcrunch, Durov seemed aware that his app had become popular among militant groups, including al-Qaeda and ISIS.
“I think that privacy, ultimately, and our right for privacy is more important than our fear of bad things happening like terrorism,” Durov said, adding that if it wasn’t his app, ISIS would find alternative platform for communicating. On Monday, Russian authorities considered a request to close access to the Telegram site.
Durov did not answer repeated requests from BuzzFeed News for comment.
One of those alternatives was highlighted on Nov. 11, when Belgium’s federal home affairs minister, Jan Jambon, said that a PlayStation 4 (PS4) console could be used by ISIS to communicate with their operatives abroad.
“PlayStation 4 is even more difficult to keep track of than WhatsApp,” said Jambon, referencing to the secure messaging platform.
Earlier this year, Reuters reported that a 14-year-old boy from Austria was sentenced to a two-year jail term after he downloaded instructions on bomb-building onto his Playstation games console, and was in contact with ISIS.
It remains unclear, however, how ISIS would have used PS4s, though options range from the relatively direct methods of sending messages to players or voice-chatting, to more elaborate methods cooked up by those who play games regularly. Players, for instance, can use their weapons during a game to send a spray of bullets onto a wall, spelling out whole sentences to each other.
In addition to using sophisticated methods to mask its communications, ISIS makes sure the message is often a code, pre-arranged and known only to the operatives involved.
“Today, intelligence agencies have the ability to intercept specific encrypted messages and decrypt them, given time and reason to do so," said the U.S. intelligence officer. "But if they do this, if they intercept the message and the message reads only one word, ‘tomorrow’ or even, ‘the weather is good,’ how does that help us? We might be warned that something is happening but we don’t know where or when.”
Even as intelligence agencies increase efforts to monitor the myriad platforms on which ISIS is communicating, ISIS can quickly shift and switch tactics. Jordanian and U.S. officials say the most critical intelligence they are lacking is the information gathered by human sources (HUMINT), rather than information gathered by intercepting signals (SIGINT) to monitor emails and phone calls.
“If you imagine the regular flow of SIGINT communication as an ocean where you are trying to find, and swim with, a certain school of fish, deciphering encrypted communication is like trying to find a specific fish in the ocean,” said the Israeli diplomat, who has previously worked closely with his country’s intelligence services. “It can be done, but you need to know exactly what you are looking for.”
BuzzFeed News has corrected this story to reflect that Jan Jambon, Belgium's federal home affairs minister, spoke on Nov. 11, not after the Paris attacks, as originally stated. Jambon had said that ISIS could use PS4 to communicate with operatives abroad. Reports misquoted his original speech to say that a PS4 console had been found in the apartment of one of the Paris attackers.
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.