On Monday, Attorney General William Barr and FBI Director Christopher Wray announced a breakthrough in the investigation into the December 6, 2019, terrorist attack at Naval Air Station Pensacola. Three U.S. sailors were killed and eight other Americans wounded when Mohammed Saeed Alshamrani (Al-Shamrani) opened fire. There was never any real doubt about Alshamrani’s terrorist motive. Alshamrani, a member of the Royal Saudi Air Force, espoused his jihadist beliefs on social media and paraphrased Osama bin Laden in his martyr’s will. But it wasn’t clear if there was more to the story. That is, U.S. officials didn’t know if the Saudi was merely inspired by al-Qaeda, or if he was guided by terrorists abroad.
We now know the answer: Alshamrani was working for Al-Qaeda in the Arabian Peninsula (AQAP) all along.
In early February, AQAP claimed “full responsibility” for the attack in a video released online. Although the video was highly suggestive, containing multiple images of Alshamrani through the years, as well as screenshots of his notes and will, it didn’t prove that AQAP had directed Alshamrani. That’s where the breakthrough came in.
After more than four months of trying to crack the encryption on Alshamrani’s iPhones, the FBI’s technical team finally succeeded. The phones’ contents clearly showed that Alshamrani was an AQAP man. Alshamrani “had specific conversations with overseas AQAP associates about plans and tactics,” according to the DoJ’s announcement. He “was communicating with AQAP right up until the attack and conferred with his associates until the night before he undertook the murders.”
Not only was Alshamrani an AQAP operative, he was a sleeper agent who waited several years to strike. Alshamrani was “radicalized” by 2015 and joined the Royal Saudi Air Force “in order to carry out a ‘special operation’” according to the DoJ. As a member of the Saudi Air Force, he was enrolled in a joint U.S. military training program, which brought him to America. All the while, Alshamrani was secretly dedicated to jihad—not the Saudi military. Somehow, despite his jihadist social media postings, he managed to evade background checks and other scrutiny until it was too late.
Alshamrani is just the latest AQAP terrorist tasked with harming Americans. AQAP was founded in early 2009, when a quartet of al-Qaeda veterans merged the Saudi and Yemeni wings of Osama bin Laden’s terror network into one operation. By the end of that same year, it was clear that AQAP posed a threat to the West.
On Nov. 5, 2009, Sgt. Nidal Malik Hasan went on a shooting rampage at Fort Hood, Texas, killing 13 of his fellow Americans and wounding dozens of others. Hasan was a devoted admirer of Anwar al-Awlaki, the AQAP cleric who both inspired and directed terrorist plots aimed at the U.S. On Christmas Day 2009, a young AQAP recruit named Umar Farouk Abdulmutallab tried to detonate his underwear bomb onboard a Detroit-bound airplane. He failed to ignite the explosive device and was subdued by passengers. Afterward, Abdulmutallab admitted to authorities that Awlaki was his spiritual mentor and that he went through with the attack because Awlaki encouraged him to do so. AQAP has released photos of Abdulmutallab and Awlaki standing side-by-side to underscore their close relationship.
Awlaki was an early adopter of new communication and publishing technologies. He produced a series of lectures on early Islamic history that became popular with Muslims living throughout the West. That series was recorded on CDs in the 1990s, before the Internet made it easy to upload audio files. As the Internet evolved, so did Awlaki. He created his own website, used file sharing sites to disseminate his messages, and quickly took to social media.
Awlaki married his knowledge of Islam’s earliest decades with a call to wage jihad on behalf of al-Qaeda. Along with another American, Samir Khan, Awlaki developed AQAP’s Inspire magazine—a short-lived publication that influenced numerous jihadist recruits living in the West, including Faisal Shahzad, who attempted to detonate a car bomb in Times Square on May 1, 2010, and the Tsarnaev brothers, who attacked Boston Marathon on April 15, 2013.
And it appears that Awlaki’s teachings made an impression on Alshamrani as well. The FBI quickly found that Alshamrani’s social media posts “echoed” Awlaki’s teachings. This was one reason the bureau concluded the Pensacola shooting was an act of terrorism early on. Some of Alshamrani’s posts were especially ominous, including one on the anniversary of 9/11 last year in which he wrote: “the countdown has started.”
Alshamrani was visiting the 9/11 memorial in New York City at the time.
While Awlaki became widely known for his rhetorical inspiration of terrorism, his wicked deeds were never limited to just words. Awlaki utilized encrypted messaging applications on his laptops to communicate with and direct aspiring terrorists living in the West. He was found of Asrar al-Mujahideen (“Mujahideen Secrets”)—an application distributed by the jihadists for sending and receiving encrypted emails. The process Awlaki used was cumbersome, as it involved cutting and pasting emails across applications. But it allowed him to securely communicate with men such as Rajib Karim, a British Airways employee who explored ways to attack airliners destined for the U.S.
Awlaki was killed in an American drone strike on September 30, 2011, a few years before the proliferation of smartphones with encrypted messaging applications. Such technology would have made Awlaki’s job much simpler. All a terrorist has to do these days is purchase a smartphone, quickly download a messaging app and he or she can then securely communicate with terrorist masterminds anywhere in the world.
This is a nightmare for counterterrorism professionals.
And this is probably how Alshamrani was communicating with AQAP’s operatives—via encrypted messaging applications on his iPhones.
The DoJ didn’t specify which apps he used, but Alshamrani had multiple options. Terrorists have used apps such as WhatsApp and Signal, which anyone can download, to plot attacks around the globe since they became widely available. Another online messaging app, Telegram, also enables private end-to-end encrypted calls and chats.
Since 2014, European counterterrorism officials have uncovered a series of what they call “remote-controlled” plots and attacks involving these same tools. In July 2016, for instance, an Afghan teenage refugee walked onto a train in Würzburg, Germany, and began hacking at passengers. Fortunately, no one was killed, but some of the victims were severely wounded. German officials learned after the fact that the assailant had been in contact with his ISIS handler right up until the moment he stepped on the train. ISIS handlers have remotely guided other terrorist plots in Germany, as well as in Australia, France, the UK and elsewhere. One ISIS operative built an online rolodex that he used to direct a string of terror plans in his native Indonesia via WhatsApp and Telegram.
The terrorists’ use of encrypted messaging is only part of the problem. Smartphones have their own tough-to-crack security.
The Pensacola attack has added urgency to a debate pitting the desire to protect Americans against privacy concerns. At the press conference earlier this week, Attorney General Barr criticized Apple for allegedly failing to assist the government in its investigation. Apple has steadfastly refused to hack the security on its own phones.
“Thanks to the great work of the FBI—and no thanks to Apple – we were able to unlock Alshamrani’s phones,” Barr said. “The bottom line: our national security cannot remain in the hands of big corporations who put dollars over lawful access and public safety. The time has come for a legislative solution.”
That last part likely means Barr wants Congress to act, requiring Apple and other companies to assist the DoJ and FBI.
Apple replied to Barr’s criticisms with a statement of its own, denying that it was unhelpful. “We provided every piece of information available to us, including iCloud backups, account information and transactional data for multiple accounts, and we lent continuous and ongoing technical and investigative support to FBI offices in Jacksonville, Pensacola, and New York over the months since,” Apple said.
But the company refuses to create a way to circumvent the password protection on its phones, citing the ability of nefarious parties to use this same “backdoor.”
“It is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoor—one which will make every device vulnerable to bad actors who threaten our national security and the data security of our customers,” Apple said. “There is no such thing as a backdoor just for the good guys, and the American people do not have to choose between weakening encryption and effective investigations.”
Apple has a point.
Three years ago, I discussed the “backdoor” issue with a very senior counterterrorism official. He has spent much of his life tracking terrorists—and thwarting their attacks against the United States. When I asked him whether he thought Apple and other companies should build “backdoors” into their devices, a policy that would make his life much easier, he didn’t hesitate: “Absolutely not.” He preferred various other legal processes and remedies for accessing phones.
His concern was the same as Apple’s. Once a company installs a “backdoor,” there is no restriction on who can use it. Sure, the good guys in the U.S. would find it useful for keeping tabs on al-Qaeda, ISIS, or other terrorists. But the Chinese, Russian, Iranian, and North Korean governments, or other “bad actors,” could easily use the same loophole to spy on legitimate dissidents, democracy activists, and Americans.
The technical aspects of this are beyond my paygrade. From what I gather, Alshamrani reportedly had two older models, an iPhone 7 Plus and an iPhone 5, which third party providers know how to hack. It is possible that physical damage to the phones—Alshamrani shot the iPhone 7 Plus and also tried to destroy the iPhone 5, according to the New York Times—may have impeded the FBI’s ability to penetrate the devices’ password security.
Still, I think Apple and the counterterrorism official I trust have an entirely valid concern. If there is a “legislative solution,” as Barr seeks, you can bet it will be hotly debated and heavily litigated. Apple has called on Congress to act as well, but this debate has been ongoing for years. The FBI tried to compel Apple to crack the encryption on one of the iPhones owned by the terrorist couple who massacred holiday partygoers in San Bernardino, California, in December 2015. Apple fought that demand and the U.S. government eventually dropped the matter after a third party helped get into the phone.
FBI Director Wray echoed Barr’s criticisms of Apple, claiming that the delay in accessing Alshamrani’s iPhones cost the bureau valuable time and leads in its investigation. “Now, months after the attack, anyone he [Alshamrani] spoke to—here or abroad—has had months to concoct and compare stories with co-conspirators, destroy evidence, or disappear,” Wray said. “As a result, there’s a lot we just can’t do at this point that we could have done months ago.” Wray went on to complain that the U.S. government had to “wait to hear” about AQAP’s responsibility from the group itself “months after the fact.”
Wray was referring to the video released by AQAP in early February. The production glorified Alshamrani as a martyr for al-Qaeda’s cause. The video featured an audio recording from AQAP’s emir, Qasim al-Raymi, who claimed that Alshamrani had been lying in wait. “For several years, our hero moved between several U.S. military bases in America to select and contemplate his best and fattest target,” al-Raymi claimed. “Allah bestowed him great patience, and due to the Grace of Him alone, he passed all the military tests and all the security procedures.”
“For years, our hero was hiding his intention in his heart [until] Allah the Almighty granted him success,” al-Raymi continued. “He watered America, the enemy of Allah, from the same bitter cup, [from] which she makes Muslims taste every day.”
We now know from the evidence on Alshamrani’s phones that al-Raymi wasn’t just boasting.
Al-Raymi himself was killed in a U.S. drone strike in Yemen in January. His claim of “full responsibility” for Alshamrani’s actions was obviously recorded sometime in the weeks beforehand.
There’s no question that AQAP has suffered setbacks. Since 2015, America’s drones have relentlessly hunted AQAP’s leaders, killing top figures who have threatened the U.S. and Europe. The complex, multi-sided war in Yemen has constrained AQAP’s political goals, forcing the group to give up ground it once held across the southern part of the country as part of its nascent jihadist state. And many of AQAP’s plots have failed or been thwarted by the U.S. and its allies.
But AQAP remains an integral part of al-Qaeda’s global network. The al-Qaeda web includes jihadi insurgents fighting to build Islamic emirates everywhere from West Africa, through the Horn of Africa, into Yemen and the heart of the Middle East, as well as Afghanistan. And as the shooting in Pensacola last year shows, the group retains some capacity to strike inside the U.S.
More than 18 years after the 9/11 hijackings, al-Qaeda secretly implanted an operative inside a U.S. military installation. This is just one reason why U.S. officials shouldn’t think al-Qaeda is a “shadow of its former self.”
Thomas Joscelyn is a Senior Fellow at the Foundation for Defense of Democracies and the Senior Editor for FDD’s Long War Journal. Follow Tom on Twitter @thomasjoscelyn.