Perspective Intelligence

When there is a catastrophic loss of an aircraft in any circumstances, there are inevitably a host of questions raised about the safety and security of the aviation operation. The loss of Air France flight 447 off the coast of Brazil with little evidence upon which to work inevitably raises the level of speculation surrounding the fate of the flight. Large-scale incidents such as this create an enormous cloud of data, which has to be investigated in order to discover the pattern of events, which led to the loss (not helped when some of it may be two miles under the ocean surface). So far French authorities have been quick to rule out terrorism it has however, emerged that a bomb hoax against an Air France flight had been made the previous week flying a different route from Argentina. This currently does not seem to be linked and no terrorist group has claimed responsibility. Much of the speculation regarding the fate of the aircraft has focused on the effects of bad weather or a glitch in the fly-by-wire system that could have caused the plane to dive uncontrollably. There is however another theory, which while currently unlikely, if true would change the global aviation security situation overnight. A Hacked-Jet.

Given the plethora of software modern jets rely on it seems reasonable to assume that these systems could be compromised by code designed to trigger catastrophic systemic events within the aircraft’s navigation or other critical electronic systems. Just as aircraft have a physical presence they increasingly have a virtual footprint and this changes their vulnerability. A systemic software corruption may account for the mysterious absence of a Mayday call – the communications system may have been offline. Designing airport and aviation security to keep lethal code off civilian aircraft would in the short-term, be beyond any government civil security regime. A malicious code attack of this kind against any civilian airliner would, therefore be catastrophic not only for the airline industry but also for the wider global economy until security caught up with this new threat. The technical ability to conduct an attack of this kind remains highly specialized (for now) but the knowledge to conduct attacks in this mold would be as deadly as WMD and easier to spread through our networked world. Electronic systems on aircraft are designed for safety not security, they therefore do not account for malicious internal actions.   Read the rest of this entry »

The Intelligence and Security Committee (ISC) in the UK was established by Parliament as part of the 1994 Intelligence Services Act to examine the work of the intelligence and security agencies in the UK.

The ISC was asked to review information, which emerged following the CREVICE trial in April 2007 that Mohammed Siddique KHAN and Shazad TANWEER (two of the four 7/7 bombers) had come to the attention of MI5 during the CREVICE operation. The question bluntly asked was, “If MI5 had come across Mohammed Siddique KHAN and Shazad TANWEER before, why didn’t they prevent this outrage?” Read the rest of this entry »

Terrorist attackers against Mumbai are reported to have used GPS, Blackberries and Google Earth during various phases of their operation.  The fact that this does not seem remarkable is a comment on how rapid technological change as become.  On the flip side this incident also saw an explosion of user-created content covering the attacks including:

• Twitter – the real-time element of this service gives it a significant advantage in covering ongoing incidents. Link
• Flickr – photographs of the incident by Vinukumar Ranganathan have attracted hundreds of visitors. Link
• Google Docs- User created spreadsheet of casualties. Link
• Google Maps – User created incident map. Link
• Wikipedia – Quickly had a 4,000 word description of the attack that was constantly being corrected and revised. Link
• Human search engine Mahalo.com – Extensive user generated content on the attacks. Link
• Citizen Media aggregator Now Public – also has an extensive amount of coverage. Link

It isn’t possible to look at the explosion of content relating to the attacks without concluding that the proliferation of information and the tools to produce it in a variety of ways, almost certainly aid terrorists and amplify the effect of their attacks.

On a tactical note the same tools that allow someone thousands of miles away to monitor the situation on the ground also allow the attackers to get a clearer picture of what government forces may be planning.  Initial reports have claimed the terrorists in the Taj hotel did use their blackberries for this purpose.  Along those lines the BBC carried a report regarding Indian government attempts to switch-off Twitter – this remains unconfirmed.

Finally, it also leads to the conclusion that next-gen attacks will seek to control the information or dis-information flow as part of the attack process.  The central lesson here seems to be don’t believe everything you read online!

There continues to be some discussion and rejection of the idea that terrorists would be able to exploit new technology platforms such as social networking and virtual worlds. In arecent post the blogger Abu Aardvark (aka Marc Lynch from GW University) goes some way in debunking ideas surrounding terrorist use of social networking, Wiki’s and virtual worlds. He further states that Al Qaeda is now behind the curve in using the area of user-generated content and interactivity. While, the aardvark’s media analysis relating to ‘al-Qaeda outreach’ appears to be sound I think he misses a fundamental point about terrorists and technology.

The defining feature of terrorism and technology is its adaptive quality. It is highly unlikely that individual terrorists or terrorist groups would exactly replicate the mainstream functions of the technology abu aardvark highlights in his post. It is more likely they would take certain elements from the various innovations and mesh them together or otherwise distort them. So an al-Qaeda Facebook isn’t going to happen anytime soon but using the system to identify IDF soldiers for possible assassination already has. Similarly an ‘AQThirdlife’, which replicates the virtual world Second Life seems unlikely but using some of its key features still seems probable. The virtual money transfer aspect continues to be a high on most peoples list of concerns (this is discussed in a recent SSRN paper written by Stephen Landman, Funding Bin Laden’s Avatar: A proposal for the regulation of Virtual Hawalas, which he has kind enough to share with me). Aardvark’s point about an AQThird life also fails to account for phenomena such as the virtual caliphate, which is running in the UK, where users log into areas to see and hear sermons by dead or expelled radical preachers – there continues to be a market for extremism and virtual exposure to it is potentially more powerful than real exposure.

As ever the central point is that given rapid and increasing virtualization flexible thinking and planning is required to conceptualize the next form of terrorist threat — blogs appear to be a great enabler of this practice.

The Army’s 304th Military Intelligence Battalion recently produced a presentation entitled, “ al Qaida-Like Mobile Discussions & Potential Creative Uses”. The presentation has some interesting information regarding, ‘Pro Terrorist Propaganda Cell Phone Interfaces”, mobile phone target surveillance, “Voice Changers for Terrorist Telephone Calls” and finally, “Potential for Terrorist use of Twitter”. This last topic has received some commentary having been seized upon by Wired’s Danger Room Blog. As usual with discussions centered on the terrorist potential use of any new technology, negative comments focus on the, “ why don’t they just use the telephone” argument. However, this as ever misses the wider point.

Twitter has been around since July 2006 and is billed as a micro-blogging service with a social networking aspect – it is a highly fluid platform that can be meshed with a variety of other online tools. As with many innovations in this space its full utility is simply unknown – therefore, it is useful to speculate on both the potential negative and positive uses. As a society we now have a pretty good idea of how the telephone works.

The military intelligence report highlights three scenarios relating to how Twitter could be used – terrorist command and control, terrorist real-time targeting for suicide operations and pre-operational research on terrorist targets who use Twitter. Of these scenarios it is the latter that is so far potentially the most ‘negative’ use of Twitter. It is possible to produce an unnerving amount of information relating to specific Twitter users based on their social patterns and individual entries. As a rule of thumb it seems that it is never the primary functions of these platforms, which are the most revealing but their secondary and tertiary applications.

Twitter along with its competitor Jaiku continues to develop and as it does so will its impact on society. It is worth noting that the LA Fire Department is making good use of Twitter as a real-time incident information platform. Perhaps the terrorist use of Twitter will be the revival of alhesbah as a micro-blog sending ideological updates to followers as well as including LAFD style incident updates – I would add this as, potential use scenario 4.

It isn’t every morning that you wake up and read in the newspaper that one of the worlds most dangerous terrorists has been released on bail but that is exactly what happened today when the New York Times reported on the release of Abu Doha (aka Amar Makhlouf, aka the Doctor, aka Rachid) from custody in the UK. For those that aren’t familiar with Abu Doha it is worth re-stating the threat he posed to American and western interests during the late 1990s and period prior to 9/11. He is widely known to have been a senior leader within the GSPC and a founder member of one of al-Qaeda’s training camps in Afghanistan subsequently becoming one, if not the most senior member of al-Qaeda operating in Europe. Prior to his arrest in February 2001 by a Special Branch officer, while he was attempting to flee to Saudi Arabia during operation ODIN he was responsible for: plotting an attempted attack on Los Angeles airport, a plot to bomb the US embassy in Rome, an attempt to bomb unspecified targets in Strasbourg as well as having a hand in organizing al-Qaeda cells for operations against United States targets within Germany. This is on top of the large number of recruits he managed to bring into the movement.

One of the more bizarre parts of this case is the fact that the British press is constrained from reporting who exactly this man is and have to refer to him as ‘U’ – no such restrictions applied to the New York Times – although the UK’s Ministry of Justice did feel able to provide the exact address of his house arrest to British journalists! (See report in the UK Guardian).

The legal problems which, have led to his release to the south-east of England stem from the collapse of the extradition case the United States was pursuing against him based on evidence provided by Ahmed Rassem (the LAX plotter). Rassem had provided full details on Doha’s involvement in pulling him from a camp in Afghanistan and sending him to Canada in order to attack LAX. However, sometime in 2003 Rassem stopped co-operating with US authorities and by the time of his trial in 2005 had ‘forgotten’ all the details he had previously supplied regarding Doha’s involvement. By then the plots Doha had been linked to in Germany and France had been through judicial procedure and these countries could no longer extradite him for involvement in those crimes. This has left the UK trying to pursue its own case against him. And herein lies the problem. For all the misplaced grandstanding of the current British government regarding 42-day pre-detention times the UK has not developed a robust counter-terrorist legal response. The latest changes in legislation do allow for the use of surveillance and wiretap evidence under some circumstances but these are so constrained as to make them practically unworkable (review of changes provided here by BBC). This makes the UK one of the weaker legal jurisdictions with regard to counter-terrorism at the same time that it faces possibly the greatest threat – it is not an accident that Abu Doha decided to base himself in the UK.

The UK is now only left with the option of continuing to attempt to extradite Abu Doha to Algeria. This doesn’t too look hopeful given the UK and EU legal requirements that individuals cannot be extradited to countries where they may face torture. There does therefore, exist the very real possibility that one of the most accomplished and dangerous terrorists to emerge from the original al-Qaeda organization may walk free. It is a testament to Doha’s quality as a terrorist that his true identity remains unknown and he is on the verge of walking away from captivity.

The ability to use accepted legal means to detain terrorists of the caliber of Abu Doha is a significant measure of a countries counter-terrorist capability — in this the UK continues to be found wanting. The contrast with the United States policy couldn’t be starker, with al-Qaeda leaders around the world finding 500lb bombs dropped on their heads rather than house arrest that includes, ‘time in the garden only between 9am and 8pm’. Neither, of these courses is sustainable. Real legal and administrative innovation is still needed on both sides of the Atlantic which, recognizes the need for a legitimate legal process as a key element of a counter-terror policy as well as providing an effective tool for detaining the world’s most dangerous individuals.

(There are numerous articles regarding Abu Doha available across the Internet, which makes the UK’s ruling that the press can only refer to him as ‘U’ seem misguided. Previous rulings regarding Abu Doha from the Special Immigration Appeals Commission can be found here).

Capitol Hill March 2008.

On February 29 2008, Andrew Cochran moderated a special panel titled, “Meta-Terror: Terrorism and the Virtual World” before a packed room on Capitol Hill in Washington. Panelists were Kenneth Silva, Senior Vice President and Chief Technology Officer of VeriSign, and Contributing Experts Roderick Jones of Concentric Solutions International and Evan Kohlmann of the NEFA Foundation. The Counterterrorism Foundation co-sponsored this special panel with the GAGE International consulting firmand the NEFA Foundation.

The event drew considerable press interest, with three of us interviewed by the BBC before the event. See “Cyber-threats in Virtual Worlds and Beyond” and “US seeks terrorists in web worlds” on the BBC site.

The following is a transcript of the event, beginning with my introductions of the panelists and continuing through their remarks (edited for grammar and using the panelists’ written remarks when available), and including the attendees’ questions and the panelists’ answers.

Read the rest of this entry »

February 2008.

The trial of Mohammed Hamid one of the leading organizers of terrorism in the UK has ended. Hamid along with three of his followers has been convicted using new legislation introduced in 2006, which criminalizes attendance at a place used for terrorist training. There was no evidence presented in this trial of weapons or explosives, simply the covertvideo tape of Mohammed Hamid and his followers performing what was described as ‘military training’, over a two-year period. The police investigation (Operation Overamp) relied on skilled technical surveillance and the undoubted bravery of an undercover officer. Hamid was found guilty of organizing terrorist camps and encouraging others to murder non-believers. The men later convicted of the failed July 21 attacks on London’s transport system were among those who attended his camps.

Read the rest of this entry »