Terror Watch: Deconstructing the Intelligence

Was the Bush administration justified this week in making a public show of intelligence that Al Qaeda planned to attack top American financial institutions? It's a tough call. The news that some of the information predated the 9/11 attacks prompted some administration critics to suggest that the White House was playing politics with terror. But at least one terrorist suspect arrested overseas in recent days has provided information indicating that Al Qaeda's plans to attack "financial institutions" are still active, a senior U.S. official has told NEWSWEEK.

The information from the newly arrested suspect is one of several "streams" of intelligence that flowed together late last week and convinced top administration officials that a pre-election attack inside the United States could be in the works--and that the threat needed to be publicized. Another stream was evidence found in a computer seized from a suspected Qaeda computer expert arrested in Pakistan last month that contained material on buildings in New York and other cities--including Chicago and San Francisco. And officials pointed to a third continuing stream of "threat reporting" from intelligence agencies indicating that Al Qaeda operatives are trying to plot a significant U.S. attack before the November vote.

Not all intelligence and law-enforcement officials are quite so concerned or impressed by the White House's handling of the latest alerts. Some officials in cities affected by the warnings say that while the information about the detailed surveillance of the financial buildings is intriguing and disturbing, the Feds have not made a compelling case that there is really a current threat of attack against any of the targets. Inside the U.S. bureaucracy, some intelligence experts also complain that top Bush administration policymakers, including Homeland Security Secretary Tom Ridge, may have undermined the credibility of the latest intelligence by using the alert to tout campaign themes promoting Bush's record on fighting terrorism.

What exactly was the main source of the administration's information?

Officials indicated that some useful data may have come from interrogations of Ahmed Khalfan Ghailani, a suspected "facilitator" for one of the Qaeda cells involved in the 1998 bombing of the American embassies in Kenya and Tanzania. Ghailani was captured by Pakistani security forces on July 25. U.S. intelligence officials declined to say whether it was the detainee himself who was the source of the latest information about the threats to financial targets--or whether that information came from associates whom the Pakistanis said were arrested with him or from suspects arrested elsewhere overseas (possibly England).

Several intelligence and law-enforcement sources say the most compelling recent intelligence was downloaded and decrypted by U.S. intelligence agencies from computer disks seized from Muhammad Naeem Noor Khan, a suspected Al Qaeda communications and computer expert arrested by Pakistani authorities in mid-July. Khan had apparently been traced by the CIA after the arrest several weeks earlier of Musaad Aruchi, a terror suspect whom some Pakistani officials identified as a nephew of the captured Khalid Shaikh Mohammed, said to be the mastermind of the 9/11 attacks on New York and Washington.

U.S. officials confirmed that Khan's computer disks included detailed information on financial buildings identified in the administration's new selective "Orange" terror alerts for Washington, New York and Newark, N.J. These buildings include the New York Stock Exchange, the Citigroup Center in Manhattan, the Prudential Insurance building in downtown Newark and the World Bank and International Monetary Fund headquarters buildings in Washington, which are only a couple of blocks from the White House. (References to buildings in Chicago and San Francisco were considered so brief or cryptic as to be relatively insignificant).

Officials said the seized computer disks included information indicating that some of the buildings may have been subjected to extended surveillance by what investigators assume were Qaeda operatives inside the United States, who made logs of security routines and precautions at some of the buildings. Detailed information was also found on the disks about some of the buildings' design features, including their ventilation systems. (Captured Al Qaeda operatives have told U.S. authorities that the curriculum in Al Qaeda's pre-9/11 Afghan training camp system included instruction in how to attack office buildings by wafting cyanide or other poison gases into their air-conditioning intake ducts).

The decoded computer disks also indicated that whoever was casing the financial centers had also made a detailed study of the buildings' designs, apparently looking for architectural flaws. One law-enforcement source said that some of the material indicated that terrorist operatives had made detailed studies of how the Prudential building in Newark in particular might be brought down in a terrorist attack, apparently with a truck bomb. New York authorities were also greatly concerned about that the Citigroup Center on New York's Lexington Avenue was one of the surveillance targets, since there have been historical concerns that the building's design might in certain circumstances make it vulnerable to collapse. (After news reports several years ago focused on design questions, the building's structure was reinforced, a law-enforcement source told NEWSWEEK).

Intelligence and law-enforcement officials confirmed to NEWSWEEK that most of the surveillance data and other information about the financial buildings downloaded from the seized computer disks appears to date back to 2000 and 2001--before the 9/11 attacks. But officials also insisted that there were clear electronic traces on the disks indicating that one or more of its files--but apparently no more than a handful--were opened by someone in January of this year. Officials said that U.S. intelligence experts were still trying to determine whether or not new information had been put onto the disks this year, and whether, if new information was recorded, it was information that the computer's operator had simply downloaded from the Internet, or whether it involved new first-hand surveillance reports by possible terrorist "sleeper agents" operating currently inside the country.

Even if it turns out, on further analysis, that someone merely opened a file in January to look at it--and did not input new data--one U.S. intelligence officer said that this could indicate that plots against the buildings listed in the computer may actively be "in play."

Some officials acknowledge that one reason the administration felt compelled to make so much of a public show of its latest intelligence bonanza was that nobody in the government wants to take the risk of being accused, in the wake of the 9/11 Commission report, of covering up or playing down intelligence that most experts agree is graphic and significant. Several officials said that if an attack occurred on one of the financial buildings mentioned in the latest intelligence after the administration had kept the intel secret, Congress and the media would inevitably accuse it of a cover-up. The administration's calculation was that it was better to put the information out (with caveats that perhaps were issued a bit later than appropriate) and be accused of crying wolf than sitting on the information and being accused of a cover-up if something bad happened. "We're damned if we do and damned if we don't," said one senior official ruefully.