On March 22nd, 2017 at 2:40pm Khalid Masood, 52 drove his Hyundai at a high rate of speed across Westminster Bridge mowing down pedestrians. He crashed into the railing outside of Parliament and exited the vehicle. Armed with two knives, he entered the grounds of Parliament and approached police office Keith Palmer who was unarmed. He stabbed Keith Palmer and was then shot dead by armed police.
This was quickly described as a “Lone Wolf Attack” by many in the media, meaning Masood had no formal support, was given no direction, had no personal network of co-conspirators and acted alone. Sure he could have been, “Inspired” to commit these horrific acts, but there was no need to go hunting for a terror cell in London.
Not buying it, our team does what we always do and started to connect the dots. A few hours later we found something that proved to be very interesting, two digital dead drops.
The first post is encoded with morse code, the second using binary and both were made prior to the attack, before 9am Central European Time. When each is converted both resolve to: ‘51.500947, -0.124530’, the Latitude / Longitude coordinates for UK Parliament.
Given the data above, this leads us to believe this was not a “Lone Wolf” attack. Khalid Masood was given explicit instructions on where to go and carry out this atrocity. With all of the recent focus on secure messaging applications like Signal, WhatsApp, and Telegram the enemy changed the game and hid in plain sight. This information was quickly sent over to MI5 and US based intelligence services and enough time has passed that we can also share it with you.
There is no secret sauce or multimillion dollar AI that was used to locate the examples shown above. We have found that many commercial threat intelligence platforms often increased the time it takes us to identify threats by creating unwanted false positives. The dead dropped messages above were uncovered through retroactive and broad keyword monitoring of geographic references that included 'Big Ben'.
By the way, hiding in plain sight is nothing new. The CIA did it with the OXCART Program in 1964. You can read more about that here: https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/a-12/hiding-oxcart-in-plain-sight.html
And since we are on the subject of OXCART, check this out: https://www.ingloriousamateurs.com/product/oxcart-shirt