back to top

In Midst Of Terror Attack, US Intel Unit Was Blocked From Tracking The Terrorists

When knife-wielding terrorists attacked civilians on London Bridge, a key US intelligence unit raced to help — but found they were shut out of critical classified computer networks. The problem has hampered several antiterrorist efforts and prevented the unit from fully complying with the Senate investigation into Donald Trump and Russia.

Posted on

As images of bloody civilians fleeing London Bridge filled newsfeeds on June 3, US intelligence and law enforcement officials raced to help investigate an unfolding terrorist assault on America’s closest ally.

But one group of officers uniquely situated to help was shut out: officials in the Treasury Department bureau that tackles financial crimes and terrorist financing. In the first frantic moments of an attack, the bureau’s databases of banking records can yield invaluable clues about who the killers are, who else is in their cells, and whether more attacks are imminent.

But not on June 3. When the officials got to their secure operations center in Northern Virginia that Saturday night, they discovered that everyone on duty had been blocked from the classified networks their response depended upon. They couldn't open links emailed by the FBI about the suspected terrorists they were supposed to be chasing. They couldn't begin following the threads connecting those suspects to the people who had been funding and supporting them.

The lack of access for personnel within the Financial Crimes Enforcement Network — never before reported — cost antiterrorism forces on both sides of the Atlantic crucial time in identifying and pursuing the people and networks around the attackers, according to sources and documents reviewed by BuzzFeed News.

Sources said the lack of access has also hindered the congressional inquiry into President Donald Trump and Russia. The Financial Crimes Enforcement Network — FinCEN for short — has not turned over all the records that the Senate Intelligence and Finance committees requested as part of their probes into the 2016 election. While the agency did send over about 2,000 pages of banking and other financial information to the Intelligence Committee in March, officials said they are still waiting for additional information on transactions between specific people. Sources declined to name those people or describe the transactions.

Accusing the Treasury Department of making it impossible for Congress to “follow the money,” Democratic Sen. Ron Wyden, of Oregon, announced last week that he would would block the confirmation vote on Trump’s nominee to be Treasury’s assistant secretary for intelligence and analysis, Isabel Patelunas, until the remaining documents are produced.

The Treasury Department did not respond to specific questions from BuzzFeed News about FinCEN’s response to terrorist attacks or congressional requests, but issued a statement saying in part that its “employees obtain and maintain access to the tools needed to support our partners in law enforcement, the intelligence community and foreign counterparts.”

FinCEN’s skill at following the money has proven valuable in past terrorist attacks. After the 2013 bombing of the Boston Marathon, one FBI official told BuzzFeed News, the “names searches FinCEN did were far more effective and thorough than what we had been doing when it came to identifying the attackers” and mapping the terrorist network tied to them.

Two explanations have emerged for why FinCEN personnel have been locked out. The problem was either a retaliatory move in an increasingly nasty power struggle with the Treasury Department’s Office of Intelligence and Analysis, which controls the digital keys to classified computer networks, or it was a bureaucratic snafu regarding the keys’ timely renewal.

Members of Congress who have been briefed on the situation say it needs to be fixed immediately. FinCEN’s lack of access puts America’s national security at “grave” risk, said Republican Steve Pearce, chair of the House Subcommittee on Terrorism and Illicit Finance. As a result of the shutout, “FinCEN was unable to effectively respond to critical, time-sensitive requests for information from law enforcement partners, including the Federal Bureau of Investigation,” Pearce wrote on June 9 in a previously undisclosed letter to Treasury Secretary Steven Mnuchin. Pearce, whose office declined to comment beyond what is in the letter, wrote that the problem was “bewildering” and “unacceptable.”

In their statement to BuzzFeed News, Treasury officials said that they have responded to Pearce “to reassure his office” that the Office of Intelligence and Analysis, known as OIA, “did not conduct a large-scale withdrawal of access.” The statement also said that OIA and FinCEN have “coordinated closely” to make sure employees who need access have it.

A CIA officer told BuzzFeed News that he and others who work with FinCEN to track terrorist financing remain worried. When FinCEN officials are locked out, he said, they might not find “that one piece of information that stops a terrorist attack.”

And the FBI — which works closely with FinCEN, and which often serves as the intermediary to foreign intelligence agencies — has raised its own alarms with the Director of National Intelligence and with Jamal El-Hindi, FinCEN’s acting secretary.

“They are just way better at following the money,” said the FBI agent who has worked with El-Hindi's employees. “They have better tools than the Bureau and better expertise in knowing what to look for,” he explained. “You want to have the best people on it. And FinCEN are the best people.”

At issue are so-called public key infrastructure certificates, or PKIs, which enable government employees to gain access to information sent on certain classified computer networks. Without the PKI certificates, even officials with top-secret security clearances are locked out of the computer networks on which classified information is shared. FinCEN personnel do still have access to the vast financial and banking information their agency holds. But each qualified FinCEN official is also supposed to have a unique, functioning access key.

Some FinCEN officials have been without them for more than a year, hampering their counterterrorism work, sources said.

In May, after the bombing of the Ariana Grande concert in Manchester that killed more than 20 and injured many more, FinCEN officials could get access to some limited information, but not to many of the details needed to thoroughly trace suspects’ financial networks. And in August, when a terrorist in a van drove into a crowd of people along Las Ramblas in Barcelona, mowing down tourists and residents, many FinCEN officials on duty again lacked full access, preventing them from providing a complete picture of the suspects' financial activities. In recent weeks, BuzzFeed News has learned, FinCEN officers were also unable to fulfill requests from the White House National Security Council for financial information related to corruption in Venezuela because the two officials who cover that country were blocked from the classified networks.

The House Subcommittee on Terrorism and Illicit Finance has called on the Treasury’s inspector general to investigate the matter.

Having FinCEN “cut off from a timely and critical source of communication and vital information during a terrorist attack is wholly unacceptable," wrote Sam White, the senior adviser to the subcommittee, in a June 4 email to Treasury Inspector General Eric Thorson.

In a response, obtained by BuzzFeed News from congressional sources, the inspector general said that there was no effort to sideline FinCEN — just a routine review process to ensure that such “high level access authority” is granted only to those who really need it.

Treasury officials have also said that it’s necessary to limit access to classified systems to protect against so-called insider threats, citing leaks by Chelsea Manning and Edward Snowden, according to sources.

But some in Congress said the real problem is the turf battle within the Treasury Department. It started, sources said, with a proposal to move FinCEN’s counterterrorism and intelligence work, and its financial database, under the purview of the Office of Intelligence and Analysis (OIA), and now the two bureaus are at each other’s throats.

FinCEN was established in 1990 to combat financial crimes. It receives about 55,000 filings a day from financial institutions on suspicious transactions and cash transactions in excess of $10,000. To search this vast trove of financial data, FinCEN has unique computer tools that no other government agency has. And with the exception of the National Counterterrorism Center, no other intelligence agency even has full access to FinCEN’s underlying database because of laws restricting domestic spying on US citizens.

FinCEN officials began finding themselves locked out as far back as summer 2016, according to sources — just around the time several employees raised questions about the plan to transfer much of FinCEN’s counterterrorism work to OIA.

FinCEN staff “felt like they were letting down their colleagues in other agencies, and the American people.”

Officials at FinCEN and in Congress raised concerns about the legality of the plan, arguing, among other things, that giving an intelligence agency such as OIA privileged access to the vast financial database, without special guidelines approved by the attorney general, would violate domestic surveillance laws.

Last October, Congress put the plan on hold after learning that Treasury’s Office of Terrorism and Financial Intelligence was trying to rush it through prior to the presidential election, according to a previously undisclosed letter sent to then–treasury secretary Jacob Lew by Rep. Sean Duffy, the Republican chair of the Subcommittee on Oversight and Investigations.

“It is troubling,” Duffy wrote on Oct. 8, 2016, that Treasury intends to complete the reorganization “before a new administration takes over in January 2017 and despite bipartisan requests to proceed at a more deliberate rate,” Duffy wrote on Oct. 18, 2016. He added that the plan may violate “appropriations requirements, civil service rules and constraints on the gathering and use of financial intelligence data.”

Meanwhile, the access problems have continued, and came to a head during the London Bridge attacks.

Not one person on duty that night had access to all the necessary networks, according to sources. Hours into the attack, when authorities were tallying the dead and wounded on the streets of London, an off-duty FinCEN staffer was found who did have access. This person was at last able to open the links that the FBI and others had sent, and thereby to assist British intelligence authorities — however slowly — with their requests.

FinCEN staff “felt like they were letting down their colleagues in other agencies, and the American people,” said a source with knowledge of the situation. They “were frustrated that senior leadership within Treasury were actively trying to prevent staff from doing its job.”

Following that episode, some FinCEN officials had their access to classified networks restored. But by no means all of them. FinCEN staff have told Treasury officials and congressional committees that their counterterrorism work continues to be hindered. ●

CORRECTION

Eric Thorson's name was misspelled in an earlier version of this post.

Jason Leopold is a senior investigative reporter for BuzzFeed News and is based in LA. Recipient: IRE 2016 FOI award; Newseum Institute National Freedom of Information Hall of Fame. PGP fingerprint 46DB 0712 284B 8C6E 40FF 7A1B D3CD 5720 694B 16F0. Contact this reporter at jason.leopold@buzzfeed.com

Contact Jason Leopold at jason.leopold@buzzfeed.com.

Jessica Garrison is a senior investigative editor for BuzzFeed News and is based in San Francisco.

Contact Jessica Garrison at jessica.garrison@buzzfeed.com.

Got a confidential tip? Submit it here.