A suspect in the Brussels airport attack dubbed the “man in the hat” has been handed over to France to be questioned about the Paris atrocities.
Mohamed Abrini was detained in Brussels in April last year over his suspected involvement in the 22 March attacks and the Paris killings, which the Islamic State group has claimed responsibility for.
Belgium’s prosecutor’s office said in a statement: “In the framework of the investigation related to the attacks in Paris on 13 November 2015, Mohamed Abrini was surrendered to the French judicial authorities for a period of one day.”
Eric Van Der Sypt, a spokesman, said the decision was based on “mutual agreements” between the two countries.
He said: “It’s not uncommon that suspects in different cases are surrendered for one day or a few days.”
Belgian investigators have said the airport and metro bombers, who killed 32 people, were part of the same Brussels-based cell that plotted the November 2015 Paris attacks. Some 130 people were killed in the Paris attacks.
Abrini, who was dubbed the “man in the hat” in CCTV images, fled from the airport without apparently detonating a suitcase bomb after accomplices Najim Laachraoui and Ibrahim El Bakraoui set off theirs, killing 16 people and themselves.
Sources close to the Belgian-led investigation have said the three bombers targeted passengers travelling to the United States, as well as Jewish people and perhaps Russians at the airport.
US sources said they are confident the airline check-in counters for flights to the United States, Israel and Russia were targeted.
Abrini had a record as a petty criminal who grew up in the deprived Molenbeek area of Brussels with Salah Abdeslam, the only survivor of the group that carried out the Paris attacks.
He was nicknamed “Brioche” after his days working in a bakery and is thought to have given up training as a welder at the age of 18 before he became radicalised.
The Belgian, of Moroccan origin, was seen at a petrol station north of Paris two days before the 13 November attacks with prime suspect Abdeslam, who drove one of the vehicles used in the attacks.
Belgian authorities have charged Abrini with “participation in the activities of a terrorist group and terrorist murders” following the atrocity in Paris.
Investigators said he briefly visited Syria last year and his younger brother Suleiman, 20, died there.
He came on to the radar of security services while he was allegedly part of the same cell as Abdelhamid Abaaoud, one of the organisers of the Paris attacks who opened fire on bars, restaurants and a concert hall before he died in a police shootout shortly afterwards.
God, that’s pathetic. That’s why I’ll hardly touch the damned things…
By NICOLE PERLROTHSEPT. 13, 2015
One of scores of intelligence analysts working at his computer at the headquarters of the security firm iSight in Chantilly, Va. Credit Gabriella Demczuk for The New York Times
CHANTILLY, Va. — On a recent Wednesday morning, 100 intelligence analysts crammed into a nondescript conference room here and dialed into a group call with 100 counterparts in Argentina, Brazil, Cyprus, India, the Netherlands, Romania, Spain, Taiwan and Ukraine.
As they worked their way around the room, the analysts briefed one another on the latest developments in the “dark web.”
A security firm in Pakistan was doing a little moonlighting, selling its espionage tools for as little as $500. Several American utility companies were under attack. A group of criminals were up to old tricks, infecting victims with a new form of “ransomware,” which encrypts PCs until victims pay a ransom.
The analysts, employees of iSight Partners, a company that provides intelligence about threats to computer security in much the same way military scouts provide intelligence about enemy troops, were careful not to name names or clients, in case someone, somewhere, was listening on the open line.
John Watters, iSight’s chief, evokes military jargon to talk about his company’s focus. Credit Brandon Thibodeaux for The New York Times
For the last eight years, iSight has been quietly assembling what may be the largest private team of experts in a nascent business called threat intelligence. Of the company’s 311 employees, 243 are so-called cyberintelligence professionals, a statistic that executives there say would rank iSight, if it were a government-run cyberintelligence agency, among the 10 largest in the world, though that statistic is impossible to verify given the secretive nature of these operations.
ISight analysts spend their days digging around the underground web, piecing together hackers’ intentions, targets and techniques to provide their clients with information like warnings of imminent attacks and the latest tools and techniques being used to break into computer networks.
The company’s focus is what John P. Watters, iSight’s chief executive, calls “left of boom,” which is military jargon for the moment before an explosive device detonates. Mr. Watters, a tall, 51-year-old Texan whose standard uniform consists of Hawaiian shirts and custom cowboy boots, frequently invokes war analogies when talking about online threats.
“When we went into Iraq, the biggest loss of life wasn’t from snipers,” he said. It was from concealed explosive devices. “We didn’t get ahead of the threat until we started asking ourselves, ‘Who’s making the bombs? How are they getting their materials? How are they detonating them? And how do we get into that cycle before the bombs are ever placed there?’”
“Our business,” Mr. Watters continued, “is tracking the arms merchants and bomb makers so we can be left of boom and avoid the impact altogether.”
ISight’s investors, who have put $60 million into the company so far, believe that its services fill a critical gap in the battle to get ahead of threats. Most security companies, like FireEye, Symantec, Palo Alto Networks and Intel’s security unit, focus on blocking or detecting intrusions as they occur or responding to attacks after the fact.
ISight goes straight to the enemy. Its analysts — many of them fluent in Russian, Mandarin, Portuguese or 21 other languages — infiltrate the underground, where they watch criminals putting their schemes together and selling their tools.
The analysts’ reports help clients — including 280 government agencies, as well as banks and credit-card, health care, retail and oil and gas companies — prioritize the most imminent and possibly destructive threats.
Security experts say the need for such intelligence has never been greater. For the last three years, businesses have been investing in “big data” analytic tools that sound alarms anytime someone does something unusual, like gain access to a server in China, set up a private connection or siphon unusually large amounts of data from a corporate network.
The result is near constant and confusing noise. “Except for the most mature organizations, most businesses are drowning in alerts,” said Jason Clark, the chief security officer at Optiv, a security firm.
The average organization receives 16,937 alerts a week. Only 19 percent of them are deemed “reliable,” and only 4 percent are investigated, according to a study released in January by the Ponemon Institute, which tracks data breaches. By the time criminals make enough noise to merit a full investigation, it can take financial services companies more than three months, on average, to discover them, and retailers more than six months.
“Just generating more alerts is wasting billions of dollars of venture capital,” said David Cowan, an iSight investor and a partner at Bessemer Venture Partners. The last thing an executive in charge of network security needs is more alerts, he said: “They don’t have time. They need human, actionable threat intelligence.”
Mr. Cowan and others point to what happened to Target in 2013, when the retailer ignored an alert that ultimately could have stopped criminals from stealing 40 million customers’ payment details from its network.
A year earlier, iSight warned its clients that criminals were compiling and selling malware that was specifically designed to scrape payment data off cash registers. Had Target received that warning, the blip on its network might not have gone unnoticed.
“Target faced the same problem every retailer does every day,” Mr. Watters said. “They are awash in a sea of critical alerts every day. Without threat intelligence, they had roulette odds of picking the right one.”
Gartner, the research firm, estimates that the market for threat intelligence like iSight’s could grow to $1 billion in two years from $255 million in 2013. Gartner predicts that by 2018, 60 percent of businesses will incorporate threat intelligence into their defensive security strategy.
ISight, which plans to file for an initial public offering of stock next year, hopes to capitalize, as do the dozens of other cyberthreat intelligence outfits now flooding the market, each with a slightly different approach.
That proliferation of start-ups has led to a new complaint from computer security chiefs: overlapping information — sometimes as much as 40 percent — in the reports they receive, none of which is cheap. ISight charges customers based on size, and while it does not disclose pricing, some customers say they pay $500,000 or more annually for the company’s services, as much as five times what low-end services charge.
ISight makes 90 percent of its revenue from subscriptions to its six intelligence streams, each focused on a particular threat, including cyberespionage and cybercrime.
The company’s most recent competition comes from its oldest clients, particularly banks, which have been hiring former intelligence analysts to start internal operations. One former client, which declined to be named because of concerns that doing so could violate a nondisclosure agreement, said it had been able to build its own intelligence program at half the cost of its canceled iSight subscriptions.
But most businesses do not have the same resources as, say, a company like Bank of America, whose chief executive recently said there was no cap on the bank’s cybersecurity budget.
Many of those businesses remain paralyzed by the drumbeat of alarms that expensive security technologies are sounding on their networks.
At iSight’s threat center, the company’s approach is perhaps best summed up by a logo emblazoned on a T-shirt worn by one of its top analysts: “Someone should do something.”
For your Monday Acculturation…
That very day two of them were going to a village named Emma′us, about seven miles from Jerusalem, and talking with each other about all these things that had happened. While they were talking and discussing together, Jesus himself drew near and went with them.
But their eyes were kept from recognizing him. And he said to them, “What is this conversation which you are holding with each other as you walk?”
And they stood still, looking sad. Then one of them, named Cle′opas, answered him, “Are you the only visitor to Jerusalem who does not know the things that have happened there in these days?”
And he said to them, “What things?”
And they said to him, “Concerning Jesus of Nazareth, who was a prophet mighty in deed and word before God and all the people, and how our chief priests and rulers delivered him up to be condemned to death, and crucified him. But we had hoped that he was the one to redeem Israel. Yes, and besides all this, it is now the third day since this happened. Moreover, some women of our company amazed us. They were at the tomb early in the morning and did not find his body; and they came back saying that they had even seen a vision of angels, who said that he was alive. Some of those who were with us went to the tomb, and found it just as the women had said; but him they did not see.”
And he said to them, “O foolish men, and slow of heart to believe all that the prophets have spoken! Was it not necessary that the Christ should suffer these things and enter into his glory?” And beginning with Moses and all the prophets, he interpreted to them in all the scriptures the things concerning himself.
So they drew near to the village to which they were going. He appeared to be going further, but they constrained him, saying, “Stay with us, for it is toward evening and the day is now far spent.” So he went in to stay with them.
When he was at table with them, he took the bread and blessed, and broke it, and gave it to them. And their eyes were opened and they recognized him; and he vanished out of their sight.
They said to each other, “Did not our hearts burn within us while he talked to us on the road, while he opened to us the scriptures?” And they rose that same hour and returned to Jerusalem; and they found the eleven gathered together and those who were with them, who said, “The Lord has risen indeed, and has appeared to Simon!”
Then they told what had happened on the road, and how he was known to them in the breaking of the bread…
HAPPY EASTER FOLKS – IT IS THE MORN OF OUR GREAT RESURRECTION
Our Ancient and Medieval ancestors were much, much more ingenious that most modern people give them credit for. Someone should create/produce an app/algorithm to scour ancient and medieval medicinal texts (and other kinds of texts) to see what other advantages could be gleaned.
Rather than doing this kind of work (and this is hardly the first example I’ve seen of such historical re-creation) by piecemeal examination and experimentation.
By the way I not long ago finished another set of brilliant lectures by Mike Drought of Wheaton College.
Take cropleek and garlic, of both equal quantities, pound them well together… take wine and bullocks gall, mix with the leek… let it stand nine days in the brass vessel…
So goes a thousand-year-old Anglo Saxon recipe to vanquish a stye, an infected eyelash follicle.
The medieval medics might have been on to something. A modern-day recreation of this remedy seems to alleviate infections caused by the bacteria that are usually responsible for styes. The work might ultimately help create drugs for hard-to-treat skin infections.
The project was born when a microbiologist at the University of Nottingham, UK, got talking to an Anglo Saxon scholar. They decided to test a recipe from an Old English medical compendium called Bald’s Leechbook, housed in the British Library.
Some of the ingredients, such as copper from the brass vessel, kill bacteria grown in a dish – but it was unknown if they would work on a real infection or how they would combine.
Sourcing authentic ingredients was a major challenge, says Freya Harrison, the microbiologist. They had to hope for the best with the leeks and garlic because modern crop varieties are likely to be quite different to ancient ones – even those branded as heritage. For the wine they used an organic vintage from a historic English vineyard.
As “brass vessels” would be hard to sterilise – and expensive – they used glass bottles with squares of brass sheet immersed in the mixture. Bullocks gall was easy, though, as cow’s bile salts are sold as a supplement for people who have had their gall bladders removed.
After nine days of stewing, the potion had killed all the soil bacteria introduced by the leek and garlic. “It was self-sterilising,” says Harrison. “That was the first inkling that this crazy idea just might have some use.”
A side effect was that it made the lab smell of garlic. “It was not unpleasant,” says Harrison. “It’s all edible stuff. Everyone thought we were making lunch.”
The potion was tested on scraps of skin taken from mice infected with methicillin-resistant Staphylococcus aureus. This is an antibiotic-resistant version of the bacteria that causes styes, more commonly known as the hospital superbug MRSA. The potion killed 90 per cent of the bacteria. Vancomycin, the antibiotic generally used for MRSA, killed about the same proportion when it was added to the skin scraps.
A loathsome slime
Unexpectedly, the ingredients had little effect unless they were all brought together. “The big challenge is trying to find out why that combination works,” says Steve Diggle, another of the researchers. Do the components work in synergy or do they trigger the formation of new potent compounds?
Using exactly the right method also seems to be crucial, says Harrison, as another group tried to recreate the remedy in 2005 and found that their potion failed to kill bacteria grown in a dish. “With the nine-day waiting period, the preparation turned into a kind of loathsome, odorous slime,” says Michael Drout of Wheaton College in Norton, Massachusetts.
If the 9th Century recipe does lead to new drugs, they might be useful against MRSA skin infections such as those that cause foot ulcers in people with diabetes. “These are usually antibiotic-resistant,” says Diggle. However, he doesn’t recommend people try this at home.
It wouldn’t be the first modern drug to be derived from ancient manuscripts – the widely used antimalarial drug artemisinin was discovered by scouring historical Chinese medical texts.
Harrison is due to present the research at the Society for General Microbiology conference in Birmingham, UK, this week.