How Internet surveillance, IT sleuth work helped indict suspected terrorist Zazi

How Internet surveillance, IT sleuth work helped indict suspected terrorist Zazi

Summary: The indictment of suspected terrorist Najibullah Zazi, charged with acquiring and preparing bombs similar to the ones deployed in the 2005 London subway attacks, rides on Zazi's Internet surfing habits.Here's a look at the key linchpins where IT crossed paths with detective work.


Source: CBS News video

The indictment of suspected terrorist Najibullah Zazi, who is charged with acquiring and preparing bombs similar to the ones deployed in the 2005 London subway attacks, rides substantially on Zazi's Internet surfing habits.

Federal prosecutors say that Zazi was trained in Pakistan and shuttled between Queens, N.Y. and Denver in an attempt to prepare bombs. The Feds allege that Zazi was involved in an Al Qaeda conspiracy to attack the U.S.

As you read the indictment and order for permanent detention (also see FBI statement, CBS News) you can almost picture the various connected databases and monitoring techniques at work. Simply put, Internet surveillance and information technology sleuthing played a big role in the Zazi case. FBI agents arrested Zazi in Colorado.

Jeffrey Knox, an assistant U.S. attorney, tells the tale in the permanent detention document. Here's a look at the key linchpins where IT crossed paths with detective work. The Customs databases...

Zazi flew from Newark Liberty International Airport to Peshawar, Pakistan on Aug. 28, 2008.   Something triggered in a database, given that Zazi, 24, was going to Peshawar, known as a terrorism hotbed.

Pakistan email accounts...

Here's where the surveillance kicked in. Knox notes in the order for detention:

Zazi is associated with three email accounts ("Email Account 1," "Email Account 2" and "Email Account 3") that were active during his time in Pakistan. One of the accounts is directly subscribed to Zazi, and all three accounts contain slight variations of the same password. The government will establish at trial that these accounts were used in furtherance of Zazi's efforts to manufacture explosive devices. Among other things, during a consent search of two of the three accounts, agents found jpeg images of nine pages of handwritten notes containing formulations and instructions regarding the manufacture and handling of different kinds of explosives. Based on email header information, these images had been emailed to Email Accounts 2 and 3 in early December 2008, while Zazi was in Pakistan. As discussed below, the same notes were transferred onto Zazi's laptop computer in June 2009.

Customs databases again...

Zazi flew back to the U.S. via JFK International Airport in Queens on Jan. 15, 2009.

You are your Internet search history...

Knox continues:

A lawfully-authorized search of Zazi's laptop computer reflects that Zazi transferred the bomb-making instruction notes onto his laptop and/or accessed the notes on his laptop in June and July 2009. The FBI's search of the laptop also reflects that Zazi conducted several internet searches for hydrochloric acid during the summer of 2009, and "bookmarked" a site on two different browsers for "Lab Safety for Hydrochloric Acid." Zazi also searched a beauty salon website for hydrocide and peroxide.

Turns out Zazi and cohorts went shopping at various beauty supply stores for these ingredients. The Feds say that Zazi rented an Aurora, Colo. hotel room on Sept. 6 and 7 and tried to put the ingredients together.

The cell phone tap...

According to the permanent detention request:

Also on September 6 and 7, Zazi attempted to communicate on multiple occasions with another individual - each communication more urgent in tone than the last - seeking to correct mixtures of ingredients to make explosives. Included in the communications were requests related to flour and ghee oil, which are two ingredients listed in the bomb-making instructions. Zazi repeatedly emphasized in the communications that he needed the answers right away.

Internet search history take 2...

Knox writes:

A lawfully-authorized search of Zazi's laptop computer reflects that the next day, September 8, Zazi searched the internet for locations of a home improvement store within zip code 11354, the zip code for the Flushing neighborhood of Queens, New York. He then searched the home improvement store's website for muriatic acid, which is a diluted version of hydrochloric acid and, as discussed, could constitute the third component of TATP, which is comprised of hydrogen peroxide, acetone and a strong acid like hydrochloric acid. Zazi viewed four different types of muriatic acid. He viewed one particular type - Klean Strip Green Safer Muriatic Acid - multiple times. This product claims to have lower fumes and is safer to handle than standard muriatic acid.

Too little too late: Ditching the hard drive...

According to cell phone taps, Zazi started to realize he was being tracked after renting a car to New York. Zazi purchased an airline ticket and returned to Denver on September 12. After laptop searches revealed scans of handwritten bomb making instructions, Zazi removed the hard drive. According to Knox:

After Zazi's laptop was searched in New York, and after Zazi returned to Colorado with his laptop, agents executed a search warrant at his Aurora residence. Agents recovered the same laptop that had previously been searched and found that the hard drive had since been removed.

There are still gaps in the account and specifics about how the Feds followed Zazi's Internet habits. But it's safe to say that the case would be a lot harder to prove if it weren't for Zazi's search habits and digital fingerprints.

Watch CBS Videos Online

Topics: Collaboration, Browser, Hardware, Laptops, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Kinda eerie

    Makes me wonder if I should delete that "Socialism" picture of Obama as the Joker from my machine.
    • Kinda eerie

      Yes. And change the hard drive.
    • Don't commit any crimes and you'll be fine. nt

  • There are 2 Issues Here

    The first is whether such forensics have a
    legitimate place in law enforcement and the
    second is whether these methods can be misused.
    I believe that the obvious answer for both is
    yes. I am happy and relieved that this
    apparent terrorist was investigated and caught.
    I would not like to be similarly investigated
    (though I'm not sure why anyone would
    want to bother, I've got a pretty boring life).

    Until someone shows me evidence of systematic
    abuse, I say go for it. Continue to use
    reasonable methods like this to keep us safe.
    • Also Conflicted

      I agree with the sentiment that a potential bombing has been shut down. Prevention is good.

      I do have problems with the government blasting out so much information about this case. It is too much of "the end justifies the means" kind of thinking. It is also too much of the "your tax dollars at work to protect you, trust us".

      It does sound like there was a conspiracy to perform terrorist acts and it is good to stop this action before someone gets killed or injured. There are too many details that may prevent successful prosecution or a fair trial.

      If you think back to the Atlanta bombing, a security guard found a bomb and was able to warn everyone so that the damage was limited. He ended up being cast as the perpetrator of the act by over zealous or lazy police work. He was found to be innocent of the bombing but that is not what a lot of people remember.

      The police, detectives, FBI investigate; the prosecutors charge the crime; but only the courts can determine guilt. This crime is being tried in the court of public opinion and that is very dangerous. The details should not be released until after a court has found the defendant guilty.

      The balance between civil rights and the safety of the public is difficult. But we should be careful in allowing civil rights to be trampled, because they may be the only thing to protect the innocent.
      • if he's cooking chemicals

        if he's cooking chemicals he's not innocent. simple as that.
        • Yes, but guilty of what?

          Cooking up explosives is a violation of law all by itself. But in the much larger terrorism case the government is trying to put together, it alone is not conclusive.

          Most of the stuff Zazi did is not illegal. It's not illegal to fly to Peshawar, even if you happen to be a Muslim. It's not illegal to email yourself instructions on making a bomb. It's not illegal to shop for ingredients that can be bought off of store shelves. It's only when all these things are put together that you can make a terrorism case.

          The case as presented so far is strong, but it's not nearly as strong or conclusive as what the government wanted before it was forced to detain Zazi.
      • I agree

        Trial by media is not a fair trail. Some of this evidence needs to stay in the courts and off the cameras until there is a verdict.
    • There is systematic abuse

      If you ever became a pain to the government for
      legitimate reasons (political activism, etc), all
      kinds of embarrassing personal things about you
      could start surfacing, and you would begin to
      notice odd things; cars parked nearby, same dude
      in the stores and restaurants near you. They
      wouldn't have to actually act to let you know they
      were unhappy. That's how they keep everyone in
      • like they have enough personnel to follow activists

        like they have enough personnel and interest in following political activists. yeah, right. LOL...
        • That's exactly who they do follow

          Look at Pakistan. Musharraf did not spend his
          resources going after the real bad guys - he
          used his secret police to harass moderate and
          legitimate critics of his regime - the very
          people who might actually replace him. All
          governments have the same interests.

          And this business about not having anything to

          "Show me the man, and I will find the crime."
          - Lavrentiy Beria
    • that's the whole point

      That's the whole point of why it didn't matter that the Bush administration had some big brother listening taking place. If you don't have anything to hide, what are you worried about? So although I did not vote for Bush, I cross the isle and am conservative when it comes to believing in broad, open powers for intelligence to be able to listen in on whatever they want to listen in on.
      • HMMM

        You trust the government with your privacy and think that just because you have nothing to hide that they won't harass you? Is it better to let 10 guilty men free rather than kill an innocent man or kill them all and let god sort them out? It all changes when you find that you are a target and how little it would take for any government to totally mess your life up.

        The 1950's communist hunts and congressional hysteria that blacklisted people for no real crime should make you more cautious in trusting any government. All it takes is someone in power who doesn't like something that you take for granted.
      • actually it does matter

        I applaud the govt agents for their work. I
        notice that in the statements they say
        "lawfully-authorized search". I take this to
        mean they had search warrants. I am all for
        letting the govt "listen in", etc when they
        have a valid search warrant. Our govt is based
        upon a checks and balances approach. If a law
        enforcement agency can provide to a court/judge
        that they have probable cause to "listen in"
        then ok. And we have the FISA court to provide
        these checks and balances.

        However, we cannot afford to give up our
        freedoms in a fruitless chase to feel safe. We
        are also a nation of laws and govt agents must
        follow those laws or none of us will ever be
        safe. Once we travel down that slippery slope
        the terrorists have won. Only by living up to
        the standards our nation was founded upon do we

        I will not live in fear of the government.
  • RE: How Internet surveillance, IT sleuth work helped indict suspected terrorist Zazi

    He'll have a whale of a time with the other terrorists in jail!
  • RE: How Internet surveillance, IT sleuth work helped indict suspected terrorist Zazi

    Hmm... Wonder if Zazi will spend any time at the Hotel Cheney... He should, for giving the Feds excuses to track movements on the Internet.
  • Great thing he was caught

    And exceptionally, I guess we can all hope that he'll be
    put into a "normal" jail with the typical brutal
    gangsters, who will enjoy beating this guy to a bloody

    He'll especially enjoy that he'll no longer be a "virgin"
    after the first few days in jail.
    • A little old fashioned here

      Like everyone, I want convicted criminals locked up and punished. Reform would great but it hardly ever seems to work out. Captured terrorist like this need to locked up and the key thrown away. What I am not comfortable with is the idea that prison should be a place of sexual abuse and physical torture.

      • Prison will always be torture.

        Medical care, food, sanitation, living conditions, etc. none of that would be at a level that most of us would be ok dealing with. Prison is not supposed to be nice, although I agree that deliberately hurting and neglecting people would be taking it too far.
  • A decent catch

    Downloading the instructions, or downloading the information on the chemicals and their preparations, or e-mailing them to himself isn't a crime. I did so in the process of researching the claims in the article.

    Nor is it a crime to visit those particular countries.

    And it's not a crime to purchase any of those materials.

    It became a crime when he began to combine those materials in an attempt to construct explosives. We've chosen as a community and a society to prohibit the unregulated creation of explosives because it puts an undue risk of injury or death on members of the community. This nut case could have killed hundreds of people in that motel if the materials prematurely detonated. And that particular explosive is well-known for being unstable and unsafe.

    And the purposes which he was going to use the explosives for are also a crime.

    Was there justification for the increased surveillence?

    Immigrant from Afghanistan. Score: 1. Total Threat Score: 1. No problem.

    Muslim. No problem. Score: 1. Total Threat Score: 2. No problem.

    Not an american citizen. Score: 1. Total Threat Score: 3. No problem.

    Flies back to Peshawar, Pakistan; on the U.S. Dept of State Travel Warning List for terrorism. Score: 2. Total Threat Score: 5. Score reached flag level. Notify Department of Homeland Security to run world-wide internet search on this person for e-mail and blog postings containing words: "explosive", "revenge", "target", <various explosives and ingredients names>.

    At least 3 hits on internet search, all e-mail. Score: 30 (10 per hit). Total Threat Score: 35. Second flag goes up. Possible terrorist threat. Open case file and initiate electronic surveillence of suspect.

    I'm sure there's more to it than just this; but what it amounts to is intrusion of the government into our private affairs. In this case, probably publicly available information accumulated enough data to justify further intrusion into this guys life.

    If we increased how much the government can intrude in our lives (i.e. spy on us), would our level of safety be any higher? Doubtful. Worse, it would make our lives much more difficult than they are now. They got this guy this time. Eventually, they will miss someone and an atrocity will happen. People will be injured and killed. We had 31,110 people killed in highway accidents in 2008. Frankly, until the annual death rate from domestic terrorist activities consistently reaches 10% of that level, we shouldn't devote any more resources, or allow any greater infringements on our right to privacy.