Perspective Intelligence

Two events centered on New York City separated by five days demonstrated the end of one phase of terrorism and the pending arrival of the next. The failed car-bombing in Times square and the dizzying stock market crash less than a week later mark the book ends of terrorist eras.

The attempt by Faisal Shahzad to detonate a car bomb in Times Square was notable not just for its failure but also the severely limited systemic impact a car-bomb could have, even when exploding in crowded urban center. Car-bombs or Vehicle-Borne IED’s have a long history (incidentally one of the first was the 1920 ‘cart and horse bomb’ in Wall Street, which killed 38 people). VBIED’s remain deadly as a tactic within an insurgency or warfare setting but with regard to modern urban terrorism the world has moved on. We are now living within a highly virtualized system and the dizzying stock-market crash on the 6th May 2010 shows how vulnerable this system is to digital failure. While the NYSE building probably remains a symbolic target for some terrorists a deadly and capable adversary would ignore this physical manifestation of the financial system and disrupt the data-centers, software and routers that make the global financial system tick.  Shahzad’s attempted car-bomb was from another age and posed no overarching risk to western societies. The same cannot be said of the vulnerable and highly unstable financial system.

Computer aided crash (proof of concept for future cyber-attack)

There has yet to be a definitive explanation of how stocks such as Proctor and Gamble plunged 47% and the normally solid Accenture plunged from a value of roughly $40 to one cent, based on no external input of information into the financial system. The SEC has issued directives in recent years boosting competition and lowering commissions, which has had the effect of fragmenting equity trading around the US and making it highly automated. This has created four leading exchanges, NYSE Euronext, Nasdaq OMX Group, Bats Global Market and Direct Edge and secondary exchanges include International Securities Exchange, Chicago Board Options Exchange, the CME Group and the Intercontinental Exchange. There are also broker-run matching systems like those run by Knight and ITG and so called ‘dark-pools’ where trades are matched privately with prices posted publicly only after trades are done. As similar picture has emerged in Europe, where rules allowing competition with established exchanges and known by the acronym “Mifid” have led to a similar explosion of types and venues. Read the rest of this entry »

“The principal characteristic of twenty-first-century international relations is turning out to be nonpolarity: a world dominated not by one or two or even several states but rather by dozens of actors possessing and exercising various kinds of power. This represents a tectonic shift from the past.”

“Today’s world differs in a fundamental way from one of classic multipolarity: there are many more power centers, and quite a few of these poles are not nation-states. Indeed, one of the cardinal features of the contemporary international system is that nation-states have lost their monopoly on power and in some domains their preeminence as well.”

-Richard Hass, Head of the Council on Foreign Relations and former head of Policy Planning at the U.S. Department of State, writing in 2008.

Google’s rise over the past ten years has coincided with and arguably assisted in the creation of extra-state entities, which can project enormous power globally. The equation can be simplistically stated: in an information economy, control of information equates to raw power. The Industrial Revolution fueled the British Empire, control of markets fueled the American Empire, control of information is fueling the Google empire. In the space of ten years, the Internet has gone from supporting pets.com to being the pre-eminent vehicle for projecting power. However, the continuation of the open Eco-system of information, innovation and development, which has provided the platform for this success is not assured (as has been highlighted by a variety of Internet scholars and strategic thinkers). Open systems are messy, and therefore, closed wall Internet systems may grow in popularity as consumers seek protection from some of the anarchy that reigns online. This scenario is not new. The United States is the original messy open political system and by managing to control this method of organizing society it became a super-power. China offers an alternative: a closed wall system to protect its citizens from the anarchy of open society. Google has been the champion of the open Internet. Just as American exceptionalism has driven the United States to intervene globally to uphold Jeffersonian values, Google intervenes in FCC auctions to ensure the open access to information. Of course the commercial imperative cannot be denied – the United States has financially benefited from promoting the market state, and Google financially benefits wherever there is an open (uncensored) Internet. It has been unclear whether Google would ever seek alliances with nation-states given its extra-territorial virtual nature, but that time appears to have arrived.  Read the rest of this entry »

When there is a catastrophic loss of an aircraft in any circumstances, there are inevitably a host of questions raised about the safety and security of the aviation operation. The loss of Air France flight 447 off the coast of Brazil with little evidence upon which to work inevitably raises the level of speculation surrounding the fate of the flight. Large-scale incidents such as this create an enormous cloud of data, which has to be investigated in order to discover the pattern of events, which led to the loss (not helped when some of it may be two miles under the ocean surface). So far French authorities have been quick to rule out terrorism it has however, emerged that a bomb hoax against an Air France flight had been made the previous week flying a different route from Argentina. This currently does not seem to be linked and no terrorist group has claimed responsibility. Much of the speculation regarding the fate of the aircraft has focused on the effects of bad weather or a glitch in the fly-by-wire system that could have caused the plane to dive uncontrollably. There is however another theory, which while currently unlikely, if true would change the global aviation security situation overnight. A Hacked-Jet.

Given the plethora of software modern jets rely on it seems reasonable to assume that these systems could be compromised by code designed to trigger catastrophic systemic events within the aircraft’s navigation or other critical electronic systems. Just as aircraft have a physical presence they increasingly have a virtual footprint and this changes their vulnerability. A systemic software corruption may account for the mysterious absence of a Mayday call – the communications system may have been offline. Designing airport and aviation security to keep lethal code off civilian aircraft would in the short-term, be beyond any government civil security regime. A malicious code attack of this kind against any civilian airliner would, therefore be catastrophic not only for the airline industry but also for the wider global economy until security caught up with this new threat. The technical ability to conduct an attack of this kind remains highly specialized (for now) but the knowledge to conduct attacks in this mold would be as deadly as WMD and easier to spread through our networked world. Electronic systems on aircraft are designed for safety not security, they therefore do not account for malicious internal actions.   Read the rest of this entry »

As a one-time student of the cold war, pondering the potential causes of a global nuclear war was something of a Sunday afternoon past-time. The historic classic is of course the Cuban missile crisis but equally important were the series of near misses based on the faulty reading of radar early-warning systems when flocks of birds flew over the Artic Circle, or overly aggressive NATO military exercises feeding Soviet anxieties. With the recent North Korean provocations, sadly this subject is back in vogue. In some ways, although there are no clear diplomatic solutions to the North Korean danger, it does play to traditional intellectual strengths the US has in the field of geo-political nuclear strategy – a relief from the messy world of non-state actors, insurgency and cyber-militias. However, there may be a new element in all of this that could act as the proverbial flock of geese: cyber-pranksters.

North Korea is famously a closed society, which hasn’t registered or used its Internet domain designation (.kp). However, it does have a ‘government’ website operated by theKorean Friendship Association hosted in Spain. Over the past month the loose affiliation of hackers, pranksters and griefers operating under the ‘Anonymous‘ theme have reportedly organized two Distributed Denial of Service (DDoS)attacks against this site – knocking it offline for 90mins at a time. Would this be seen as western provocation by North Korea? Who knows, but it does raise the question of how uncontrolled or accidental cyber-warfare could have unintended consequences, a new factor in an old dynamic. Unlike nuclear technology the ability to conduct cyber-warfare is not the sole preserve of states. Individuals, or loosely affiliated groups of individuals operating on a trans-national basis can replicate some if not all of a nations capability. The image-boards, which are the home point for these ‘Anonymous’ cyber attacks operate collaborative wiki’s to organize and co-ordinate their attacks — this enables them to harness the power of the crowd. The targets vary substantially from YouTube to Club Penguin, therefore interest in overt political statements are more the exception than the norm. Clearly there is much more to say on the ‘Anonymous’ and ‘Chan’ phenomena but for now it is interesting to note this new factor in an all too familiar stand-off.

Communism or Lulz?

PDF’s of Insurgency Wiki relating to North Korea and 888Chan message board on the same subject.

The Intelligence and Security Committee (ISC) in the UK was established by Parliament as part of the 1994 Intelligence Services Act to examine the work of the intelligence and security agencies in the UK.

The ISC was asked to review information, which emerged following the CREVICE trial in April 2007 that Mohammed Siddique KHAN and Shazad TANWEER (two of the four 7/7 bombers) had come to the attention of MI5 during the CREVICE operation. The question bluntly asked was, “If MI5 had come across Mohammed Siddique KHAN and Shazad TANWEER before, why didn’t they prevent this outrage?” Read the rest of this entry »

As part of the virtualization of terrorism it is worth considering what, if any, terrorist tactics can be applied in this new paradigm. One tactic, which can probably transfer from the real world to cyber environments is assassination, or in this case virtual-assassination. The tactic of assassination has value for a number of reasons. It can remove competent or charismatic leadership, damage morale and as a side effect can force an increase in security. So how would all this work in cyberspace?  You can’t of course physically murder someone there. But by looking at what assassination actually achieves it is possible to formulate a scenario that has a similar cyberspace effect.  Read the rest of this entry »