Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘A New Paradigm’ Category

Attribution: Fingerprints vs. Ballistics and Inductive vs. Deductive Reasoning

with 4 comments

The Problem

In the present day where the word “Cyberwar” is all the rage, and governments as well as private sector entities are seeking to cash in on the power grab that is mostly information warfare as the Chinese actually call it (信息战) too many are forgetting a core problem to the picture. This problem, is “attribution” as it has been termed in the community. To attribute an attack to an individual, government body, or group, is something that to date, has not been discussed as much as I would like to see with regards to all of the cyberwarfare talk as well as any other inferences with regard to forensics and geopolitical ascription to acts of “war” as this is has been labeled by this terrible terminology that we have latched onto.

Nomenclature aside, there are issues around trying to determine definitively where an attack has really come from because of the nature of computer systems, varying countries that they reside in, and the potential for the actor to be anyone from nation state to individuals of a collective privately, or a single determined individual. It is my contention that “attribution” can be very hard to prove in a court of law, never mind that a country may in fact be ready to wage war against another on the grounds of what is taken to be the truth of where an attack originated from and who the actors really were. There are too many variables that may never be one hundred percent certain to be basing any of these decisions on in my view, unless one has hacked back into the core final system that originated everything and that is rarely the case today.

So, where does this leave us? How do we even attempt to attribute an attack to any one person, government, or group? Can we ever be certain of any of this information? Can we base an aggressive action against a nation based on any of it?

Fingerprints and Ballistics

Some would approach the problem of attribution of digital attacks on the methodology that began the criminal forensics process we have today. Fingerprints were the first forensic model for determining who really may have created a crime if the evidence did not consist of an eye witness attesting to the fact that “they did it” Ballistics soon followed once guns began to have lans and grooves bored into the barrels to allow for more accuracy. Both of these examples leave telltale marks on the bullets or objects to determine which person or what gun were the arbiter of whatever crime was committed. Today though, we do not have the same narrow confines of data to examine as both of these examples allow for.

Code is the medium of today and while there are certain ways to tell if code was written in the style of a person or written on a particular computer, for the most part, these do not allow for absolute certitude as to who the actor was that created the code, nor for that matter, who used said code to effect an outcome (i.e. attacks on systems) conclusively. All one really has in most cases, are pieces of code, that, with the right coder, may in fact look like anothers, or, all attributions have been stripped from, or, lastly, copied directly from open sources and then tweaked. All of these scenarios allow for a great lassitude on determination conclusively on source or origin.

Digital Fingerprints 

With all that said, the digital fingerprints are there, and with luck someone can determine if the coder was sloppy and forgot something. Interestingly, much of this was out in the open and talked about with regard to the Stuxnet infections in Iran. Once the code was audited, there were many subtle clues as to who “may” have written, and in fact there were potential red herrings left in the code such as “mytrus” and other tidbits that may in fact just been placed there to mess with those seeking to perform forensics in hopes of finding out who did it. To date, many think that the US and the UK did the work, planned the operation, created the code, and implemented it, but, there is no conclusive proof of any of that is there?

Suffice to say, that everyone does make mistakes, but, with the right amount of diligence, it an adversary can make it incredibly hard code wise, to determine who did the writing. On the other side of the coin, the digital forensics arena also looks at the network and hardware side of the equation as well. Many attacks today are not directly coming from the home systems of the adversary, but instead they are coming from proxy machines that have either been rented or, more likely, hacked previously. This too can be heavily obfuscated and be something of a problem to gather information from if those systems reside in countries unfriendly to the attacked parties. One would likely have to hack into those already compromised systems and then attempt to gather intelligence as to where they were being controlled from and by. This is of course if the system wasn’t already burned or, as in many cases, the logging had all been removed and thus there were no logs to see.

From this perspective, yet again, there is a great amount of doubt that can be injected into the picture of just who attacked because of the nature of the technologies. Unless the systems are live, and in fact the adversary is either still using them or was exceedingly sloppy, it could be very hard to in fact prove conclusively any one actor or actors carried out and attack even from the digital forensics side of the house. This leaves us with a problem that we have to solve I think in order to truly be able to “attribute” an attack even tentatively to anyone. One cannot only rely on the technologies that are the medium of the attack, one must also use reasoning, psychology, and logic as well as whatever the forensics can allude to as to the attacker. This is very much akin to the process used by CIA analysts today and should be the SOP for anyone in this field, because the field is now truly global as well as has been brought into the nation state arena of espionage and terrorism, never mind actual warfare.

Inductive vs. Deductive Reasoning

First off, I would like to address Inductive and Deductive reasoning in this effort as one of the precepts core to these attribution attempts. By using both of these in a rigorous manner, we can attempt to shake out the truths to situations that may in fact seem clear on the face of them, but, once looked into further may be discounted, or at the very least questioned. Much of this lately has been the hue and cry that APT (Advanced Persistent Threat’s) are all pretty much originating from China. While many attacks have in fact been attributed to China, the evidence has not always been plainly clear nor, in many cases, has the evidence been anywhere in the open due to classification by the government and military.

There are many “secret squirrels” out there and they all pretty much squeek “CHINA” all the time. Unhappily, or perhaps unfortunately, these same squirrels end up being the ones talking to the news media, and thus a juggernaut is born in the news cycle. It just so happens that there are many other nation states as well as other actors (private/corporate/individual) that may well be the culprits in many of the attacks we have seen over the years as well. Unfortunately, all too many times though, a flawed inductive or deductive process of determination has been employed by those seeking to lay the blame for attacks like ghostnet or ghost rat etc. Such flawed thought processes can be shown by examples like the following;

All of the swans we have seen are white, thus, All swans are white.

This has pretty much been the mindset in the public and other areas where attacks in the recent past have been concerned. The attacks on Google for instance were alleged to have come from China, no proof was ever really given publicly to back this up, but, since the media and Google said so, well, they came from China then.. Right? While the attack may have in fact come from China, there has been no solid evidence provided, but people are willing to make inductive leaps that this is indeed the truth of it and are willing to do so on other occasions where China may have had something to gain but proof is still lacking. The same can be said with the use of deductive reasoning as well. We can deduce from circumstances that something has happened and where it may have originated (re: hacking) but, without using both the inductive method as well as the deductive with evidence to back this up, you end up just putting yourselves in the cave with the elephant trunk.

Psychology and Victimology

Another part of the picture that I believe should be added to the investigative process on attacks such as these, is the use of psychology. By using the precepts of psychological profiling as well as victimology, one can take a peek into the motivations of the attacker as well as the stance of the victim that they attacked into account on the overall picture. It is important to know the victim, their habits, their nature, and background. These factors can often lead to insights into who the adversary may in fact be. While the victimology paints the picture of the victim, it also helps flesh out the motives and possible psychology of the aggressor as well.

Of course one need not be a board certified psychiatrist or psychologist to perform a vicimtology in the way that we need to within the confines of determining who may have hacked a client. Many pentester’s do this very thing (though perhaps not enough today it seems) by profiling their targets when they are preparing for a test scenario. The good ones also not only look at what the target does, but also how they do it. They also look at how things work logically, as well as every other aspect of the business to determine how best to attack and what would have the most effect to replicate what an attacker “could” do to them. This is a key also to determining who may have actually attacked as well as why they did and this leads to another part of the puzzle, that of motives.

In trying to determine who attacked one must look at the motives for the attack. These motives can also show you the lengths that the attacker was willing to take (i.e. creating custom code and other APT style attack vectors/methods) to effect their end state goal. If there seems to be no real reason for their attack, and they have not stated it in other ways (like Anonymous and their declarations of attacks) then we are left to come to grips with seeking the reasons as well as what they took/destroyed/manipulated in the end. It is important to look at the whole picture instead of focusing on the minutiae that we in the INFOSEC field often find ourselves looking at daily in these IR events.

Hannibal Lecter: First principles, Clarice. Simplicity. Read Marcus Aurelius. Of each particular thing ask: what is it in itself? What is its nature? What does he do, this man you seek?

The Pitfalls of Attribution Theory

Another part of the picture that must also be assessed is that of the mindset of the assessor themselves. Today we seem to have quite the echo chamber going on with the likes of Beitlich and others concerning China and APT activities as I alluded to earlier. The media of course has amplified this problem threefold, but, the core problem is that we as investigators are sometimes easily tainted by the echo chamber. Thus I put it to you that the precept of “Attribution Theory” also play a key role in your assessments and that it can be a pitfall for you. In Attribution theory, one must also take into account such things as the motivations of the person doing the attributing. This means that even if you are a consultant in an IR, you too can allow your own leanings to sway your findings in such an endeavor as trying to determine who hacked whom with leading evidence but no definitive proof thereof.

Motives are key, motives of the assessor, motives of the victim, and motives of the adversary. One must take these all into account and be as impartial as possible and mindful of these things. It is my contention today, that all too often people are all too available to the idea that “China did it” is the go to assessment of a so called “APT” attack, especially so when APT is one of the most misused acronyms today in the information security field. It is just behind the term “Cyberwar” in my opinion in fact as one of the most misused and poorly constructed acronyms or terms for what is happening today.

In the end, one must take a step back and see the bigger picture as well as the minutiae that comprises its total while not being too easily swayed by our own bias or conditioning. I suggest you acquaint yourselves with these ideas and use them when involved in such cases where APT and Cyberwar are concerned.

There will Always Be “Reasonable Doubt”

In conclusion, I would like to assert that there will always be reasonable doubt in these cases. Given now that we are considering actions of war and legislation over attacks and counter attacks within the digital sphere, I would hope that those in government be made aware of the issues around attribution. I cannot conceive of going to war or launching missiles over a digital attack on some system somewhere. The only way I can see this actually becoming kinetic is if the attack is in tandem with boots on the ground or missiles fired from a distinct area of a foreign power. Unfortunately though, it seems of late, that governments are considering such actions as hacking the grid, as an acceptable trigger to kinetic response by the military. This for me is all the more scary given what I know about attribution and how hard it is in the digital world to determine who did what and when, never mind from where.

Presently I am working on a framework of this whole process model and will in the near future be presenting it as well as other aspects of determining the attribution of attacks on companies and systems at a conference in Ireland. It is my belief, with my partners in this presentation, that given more subtle cues of psychology, as well as sociological and historical inference, one can get a greater picture of the attacker as well as the motives for an attack if they are not openly stated by the aggressor. Of course none of this will eliminate “reasonable doubt” but, as CIA and other intelligence analysts have proven with such methodologies, one can make a more solid case by looking at all aspects surrounding a person, case, or incident to determine the truth.

K.

Written by Krypt3ia

2012/05/18 at 19:15

The Digital Posse Comitatus: Or How Generals Obfuscate and Inveigle To Congress

leave a comment »

Posse Comitatus

NSA, Black Chambers, and MAE’s with NARUS STA-6400’s

The recent article on wired.com about the Senate hearing with General Alexander (NSA) was an amusing. In it, they link to a video of the testimony before congress by Alexander on the issue of interception and surveillance of digital traffic in the US by the NSA and thusly, the DoD by way of alleged hardware and processes by NSA. This ability to do so has been around for some time in the digital age we live in now and really came out when Mark Klein came out of the closet on the NARUS system at the MAE he worked at.  However, way before this, the CIA and other agencies had such things as “Black Chambers” to open your mail or to look at your faxes/cable traffic via back door deals with the companies that made those technologies available. So this is nothing new in theory, just the actual practice of it has changed through the nature of technologies.

So, when I see the General hemming and hawing, obfuscating and inveigling about “how” things are done with the FBI as the internal acting body for surveillance and investigation after filling out paperwork, I have to snort and say “Liar” Or at the very least “obfuscator” The truth of the matter is that the NSA has the capabilities and the hardware but there is supposed to be a firewall against all of this happening (though there have been other whistleblowers from NSA who say otherwise) but, post 9/11 the lines have blurred considerably at the order of GWB.

Post 9/11: Bush Opens The Floodgates

There are stories of a room full of alphabet agency heads with GW when he told them all of the old rules applied no more. Domestic surveillance and all of the old rules were being thrown out the window and from what I heard, they were all kinda aghast at hearing it. What GWB was open the floodgates to the world of warrantless wiretaps and surveillance culture we now have and diminished the lines between military and civilian agencies collection and alleged sharing of data. In the case of the NSA though, the abilities were always there to monitor the traffic of the US, remember, how much of the infrastructure is indeed here? No, the only firewall was a rule set that said “thou shalt not listen to these people” and that was it. Post 9/11 though, because the 19 hijackers were here, they decided that the needs of securing the nation, rested on that firewall being turned off.

So it was that it steadily has become easier for the FBI and others domestic and military, to use the technologies at the hand of NSA and others to monitor the digital infrastructure. Ostensibly at first there were to be FISA courts and warrants, but, over the years as you have seen in the news, such things have become less and less used and the system negated. In the case of FISA, the FBI used it less and less, and in the case of the NSA, well, they never needed it because there weren’t “technically” allowed to monitor US Citizens right? This is not to say that they are always doing such things, but, you know that some have and it depends on the cases that they are making.

Remember, all of this is ostensibly to protect the nation from another 9/11.. And that the masses today are more often than not, oblivious to the precedents being set. This does not mean too that the NSA is just abusing these capabilities all of the time, nor is the FBI, in asking NSA for such intercepts.. But… Who watches the watchers really? Oversight committees only see so much and for those of you who say it is inconceivable I shall point to earlier history with Nixon and others as proof that it is not. So, if you wish to believe that it is all for our own good, and that terrorists like you see on NCIS are all being caught by these means legally and with honor, so be it.

Just know that people are fallible and the processes are so loose now with secrecy levels as never before to make things that do happen, never see the light of day whether they were right or wrong in the end.

NSL Letters and Warrantless Wiretaps

Today we have Anonymous making the waters muddier than ever before as well as a myriad of other security nightmares going on. Much of what goes on that requires the FBI to look into it is indeed illegal actions on the part of individuals and groups. On the terrorism side for instance there are many alleged “lone wolves” out there, jihobbyists really, who are mentally unhinged enough to want to plan and act out that require surveillance. These types of activities require the laws we have in place and the NSL letters and FISA warrants  kinda eventually went out the window because they were too slow for the feds allegedly. Just as well, there were issues with the warrants filled out being overly broad and not having sustainable reasons for their being sworn out. Was it just laziness on the part of the feds or did they just want to obfuscate because they “wanted” them to go through because had they filled them out right or at all, they would have been denied?

Today we have cases of warrant-less wiretapping going on as well as the recent warrant-less GPS issue that was overturned by the courts and thus the FBI had to turn off some number of GPS units in the field. But hell, really. what’s the point when your cell phone does all the GPS tracking for you huh? Everyone today pretty much has one that does it and it’s likely on because you are not thinking about the fact that you are tracking yourself every 8 seconds by just owning the damn thing and having it on. So, once again, it comes down to the grey areas here where privacy is really only what you make for yourselves. In the case of an NSL letter or a warrantless wiretap, well, you won’t know about it until you are van&d right?

Generally though, I do not believe that people are being unjustly convicted yet or being watched en mass.. However, the environment is ripe if you tweet something that gets someone’s attention right? It’s when I say this or think about this, is when I think of Nixon and the odious things he was doing with Hoover and the FBI as well as his CIA plumbers. Some may feel that this is the same feeling today that they are having where all of this is concerned.

Watching Alexander Dance Reminds Me Of That Scene In “Clear and Present Danger”

Going back to the testimony by General Alexander I find it particularly interesting that the senator brings up Posse Comitatus and Alexanders reaction to that. I had generally thought that Posse Comitatus was kinda dead anyway, but, it is an important question to ask now about the digital domain today. NSA has it’s civilian portion but generally it is a military arm run by a general. By asking about domestic surveillance, the senator is breaching an important question about how the military wants in on the digital battlespace and just where that will be fought. Can one, in the digital age insure that battles by the military will only be carried out in servers outside the continental United States? The short answer is no, and one has to argue then that the military could very well be fighting battles within the US (networks) and would this in fact contravene the Posse Comitatus act?

It’s an interesting puzzle to look at and I am thinking perhaps the Senate is beginning to have a light bulb go on over their collective heads about it. Though, it is my thinking that the general was not being as literal minded or truthful about the intricacies of what they were asking for an answer about. In my opinon he sidestepped it a bit and I am sure others out there will differ with my opinion. In my mind though, the crossing of the Posse Comitatus line where this type of intercepts are concerned was long ago broken by the administrations desire for “security”

Don’t get me wrong though, I agree, that there are times when this is quite necessary, but, there should be rules and processes.. Unfortunately in the case of the FISA court and FBI, we have seen where it was contravened repeatedly, so who’s to say that the NSA is any different? Overall though, the scene reminded me of “Clear and Present Danger” where Jack Ryan is asking for “training money” when in fact he has been set up and is actually getting money for Operation RECIPROCITY. It was at that time that the senator asks him if he’s telling the truth and that they had heard this all before during Viet Nam.

Where does the truth of it really lie? Will we ever know?

IT’S FUCKING BAMFORD YOU FUCKWITS!

In the end, it was an interesting little video and I really wished that the players could even get the little details right. For your edification Senators and General Alexander, the writer’s name is James BAMFORD I am pretty sure that Alexander has heard the name before and I think he kinda just got a giggle out of the cluelessness of the senator asking the question. Bamford though, does his research and he knows his shit, so, I will lean toward believing him over the testimony in this particular video. So NSA is building a new facility and some have pointed out that it could in fact enhance their abilities to surveil domestic actors or, just suck up the internet traffic as a whole. The likelihood is that the capability is there, but once again, the laws and the rules say that they cannot “use” such data.

Read between the lines on the testimony.. The tech is there.. It’s the rules that say they cannot use it.

Your mileage may vary on what you choose to believe the intent and the follow through is.

K

Anonymous and ANTISEC: Mixing Metaphors Can Lead to Trouble

with 6 comments

The Steady March Toward Anonymous Jihad

The picture above showed up on the internet attached to a right wing site. Edited I assume with the text “The left has declared jihad on capitalism” This image and the connotation of it should be of concern to Anonymous at large because of its potential for swaying thought. I can only assume that this image and more like it coming from the OWS movement sites will only proliferate as the right wing candidates vie for the position of President and in the process, make the Anon’s and the OWS movement seem to be a terrorist movement or groups.

I am sorry to say though, that unless this person photographed was a shill for the right, then someone or more than a few people have got the wrong idea and are wearing the typical shemagh in tandem with the Anon mask and have thus started the ball rolling on this themselves. I for one actually wore the same together back before Anon and the OWS movement began to really pick up steam, and I did so tongue in cheek.

You see.. tying the two together is just a bad idea if you want to be seen as a non corrupt, honest, and heroic movement. Just look at the history surrounding the shemagh and the terrorist use of it and you will see it’s a fairly bad idea as promotional notions go post 9/11.

Now unfortunately the ball is rolling to make you all the tool of the right’s campaign against anything they deem to be “Un-American”

One Man’s Terrorist is Another’s Freedom Fighter

Meanwhile, I would also like to take you to task for your core use of threats and rhetorical catch phrases that have also been getting.. Well.. A little scary at times and yet we are already inured to them I think. The lines;

We never forget

We never forgive

Expect us

All come off as eliciting a threat I should imagine that even to those you claim to be protecting. After all, how long before you all decide that the one you are protecting has pissed you off in some way and now they are the next threat? It seems from all of the back biting that has gone on with Anonymous and the defections (public and other) that have taken place show that the “Mob Rule” style of action and control that seems to be at play here could get out of hand rather easily no? It’s a slippery slope you have all set yourselves upon and I just want to warn you now that the rhetoric and the actions (sanctioned and un-sanctioned) can lead to blowback unless you pay attention.

The latest iteration with the release of this image (at the top of the page) will only make it easier for those who are out there and thinking you are all misguided or power mad are in fact the next form of terrorists. In fact, I would not hesitate to say that the governments of the world which you are fighting, and are in power to start with, are considering you terrorists. In the case of the US, domestic terrorists (i.e. ows and you all who are in the US wearing a mask) and if attacks come from outside the country on to US systems/soil, with the recent DoD rulings on response in kind with kinetic attacks, you do have a problem.

You all consider (those who are partaking in actions for political/social beliefs held) that you are fighting against an authoritarian system. A system that you decry as evil and yet, looking into your organization (sorry “swarm” or “collective”) shows the same hue and cries of those you don’t like. You all seem like digital villagers at the gate with pitchforks and fire… Throwing rotten tomatoes and yelling “Off with their heads”

Smacks really of the French Revolution to me.

Now though, you have certain factions within your umbrella (Antisec) that are actively carrying out attacks on the government and the police organisations. You cry out that the police are evil (and granted what I have seen at the OWS protests with pepper spray and violence gives you that right) but your actions of outing data are.. Well.. Just as bad really.

Sorry, but, you are becoming them… Please stop.

The Propaganda Wars (Anonymous vs. Governments)

So now we have the propaganda wars ongoing. Anonymous claims that the governments are corrupt and they would be right in a great number of cases. The government is claiming that you all (Anonymous and OWS) are just a rabble of spoiled brats who need to cut their hair and take a shower. Who’s really right here? It seems to me that much of the recent OP’s like Robin Hood are just dysfunctional half baked ideas as opposed to really taking up social or legal issues that are relevant today.. Never mind actually taking them on and trying to come up with a plan that would help with the issues.

Additionally, these videos you put out now are getting closer and closer to the jihadi videos out there that AQ has been putting out over the years. The same graphics, the same music, the same metaphor and rhetoric with a tinge of threat.

Not good.

I suppose there is a certain sense of empowerment you are all getting from this, but let me tell you this. From the LEO’s and the government perspective, the more you do it, the closer you are getting to patterns that the terrorists have been using. Perhaps its just that you live in the YouTube age, but I should think that you all would take a step back and think about this a bit. It’s not helping your cause.

Eventually though as the 2012 race moves on, I can expect you all to be lumped into the same bucket with the terrorists just because of your inherent shadowy reflection of modus operandi and propaganda. Additionally, the government types (The Republican base and the teabaggers) will also be using you all as a fulcrum of fear spreading propaganda about you. Propaganda that you will not be able to fight because you cannot control your respective cells and actions.

The propaganda and disinformation genie is out of the bottle kids.

Dictum and Rhetoric Can be Your Enemy

So, what can you do? Well, perhaps cut down on the dictum and rhetoric a bit. Don’t let all the crazy hangers on dilute the message as well. I know this goes against your core ideal of being a “collective” but, even a collective should be able to do this. All of these crazies out there who are doing things in your name are only doing those of you with an agenda (social/political) a disservice.

At the same time, I have to say that I think in other quarters, without the government types making you a “threat” by labelling you so, you all have managed to inure the general populace into a sense of apathy. You have been real bilious but really, what have you all changed? What substantive thing have you done for the people Anonymous? I asked this before but I still don’t see a real effect here. Sure you can claim the OWS movement but really, what have they done as well?

The government is still bailing out other governments secretly it seems as of recent reports…

Arrests are sky-rocketing at the protests but… Well, nothing new there.

No laws have changed

No real political backing has come from anyone in the government (the left say)

Nope, generally, you all have been deemed to be rather impotent, so, what great paradigm shift has occurred here? Perhaps if you came up with candidates or a party that might be different but as yet I see none of this. What I see is a group of people upset with their government but not substantively coming up with means to change that government… That usually means that you have to either dismantle it or, get inside of it as  a part of it and make change happen.

So far, you do not even have the traction to change the electoral process here. Someone will be elected in 2012 and I can pretty much guarantee you all that it will be the same ol same ol once again.

So yet again I ask you.. What are you doing?

So, What is The End Game Here?

I guess in the end, I just want to see something cohesive happen here. What do you all want? You want to end corrupt practices? You want better more humane government? You want other countries governments to stop torturing their populaces and allow them to be free to buy Macbooks?

*blink*

What’s the plan? Without an end goal then its all just mental masturbation kids.

Ehh.. Just beware that you are starting to look foolish and you will be made into the boogey man if you are not careful.

K.

Written by Krypt3ia

2011/12/01 at 16:20

The Hezbullah Cyber Army: War In HYPERSPACE!

with one comment

WAR! in HYPERSPACE: The Cyber Jihad!

A day or so ago, a story came out and made the rounds on the INFOSEC-O-Sphere about the Hezbullah Cyber Army The story, which was cub titled “Iranian Terror” was titled  “Iranian Cyber-Jihadi Cells in America plot Destruction on the Net and in Reality” Which, would get all our collective attentions right? The story goes on to tell about the newly formed Cyber Army that will be waging all out war on the US and others in “Hyperspace”

Yes, that’s right, you read that correctly.. This guy Abbasi is either trying to be clever, or, this is some bad translation. Sooo… Hyperspace it is! Well, I have a new tag line for him…

“In hyperspace.. No one can hear you giggle”

At any rate, the whole idea of a Cyber Jihad or a Cyber Hizbullah is a notion that should not just be sloughed off as rhetoric. I do think that if the VEVAK are involved (and they would want a hand in this I am sure) they could in fact get some real talent and reign in the ranks to do some real damage down the road a piece I think. So, while I may be a little tongue in cheek here at the start of this post, I want you all to consider our current threatscape (*cough* SCADA etc) and consider the amount of nuisance they could be if they made a concerted effort with the likes of the HCARMY.

So, yeah, this could be an interesting development and it is surely one to keep our eyes on collectively… But.. Don’t exactly fear for your lives here ok? After all, my opinion still applies that the bugaboo of scada does not easily fit into the so called  cyberwar unless it is effectively carried out with kinetic attacks and a lot of effort. Nope, if the HCA is going to do anything at all, it will be on the playing field of the following special warfare fronts;

  1. PSYOPS
  2. DISINFORMATION (PSYOPS)
  3. Support of terrorism (Hezbullah and others)
  4. INTEL OPS
These are the primary things I can see their being good at or being pawns of the VEVAK for.
So.. Sleep well for now because really all you have to truly worry about is that they are going to deface your page it seems (see picture at the top of the post)

Interview by IRNA with HCA

More than anything else though at the moment, the whole revealing of the HCA is more a publicity stunt than much else I think. For all of the talk in the US and other countries about mounting their own “Cyber Militia’s” it seems that Iran and Hezbullah wanted to get in on the ground floor..

Oh… Wait..

They forgot about the PLA and the Water Army!

DOH!

Oh well, sorry guys… Guess you will have to keep playing on that whole “HYPERSPACE WAR” angle to get your headlines huh? Besides, really, how much street cred is an organization like this anyway? So far I have been poking around all of their sites and find nothing (links or files) that would he helpful in teaching their “army” how to hack.

My guess.. This is kinda like putting out the inflatable tanks and planes for the Germans to bomb in place of the real ones.

The "About" Statement on HCA

Now.. Before You All Go Off Half Cocked (That means you Mass Media)

Meanwhile, I have seen the story that I linked up top scrawled all over the digital wall that is Twitter these last couple days. I am sure with everything that has been going on in Iran of late (i.e. the tendency for their bases to explode lately as well as their pulling another takeover of a consulate as well as spy roll ups) the media is salivating on this story because its juicy. It has it all really…

Cyberwar (hate that term)

HYPERSPACE!

Espionage

BOOGA BOOGA BOOGA We’re gonna activate our hackers inside your borders and attack your SCADA’s!

What’s the media not to love there?

HCA's YouTube Page Started in September

Well, let me set you all straight. This is piffle. This is Iran posturing and the proof thus far has been they have defaced a couple of sites with their logo.

THE HORROR!

This group has not even reached Anonymous standards yet! So relax.. Sit back… Watch the show. I am sure it will quickly devolve into an episode of the keystone cops really. They will make more propaganda videos for their YouTube, create a new Twitter account, and post more of their escapades on their two Facebook pages to let us all know when they have defaced another page!

… Because no one will notice unless they let us know…

Just The Persian Facts Ma’am

The real aegis here seems to be shown within the “about” statement for the group. Their primary goals seem to be to attack everyone who does not believe in their moral and religious doctrine. A translation of the statement rattles on about how the West are all foul non believers and that we are “pompous” Which really, kinda makes me think that the Iranian people, or at least this particular group, has a real inferiority complex going. More so though, it seems from the statement that they intend more of a propaganda and moral war against the west and anyone else they see fit than any kind of real threatening militant movement.

You know.. Like AQAP or AQ proper.. Or Jamaa Islamiya.

This is an ideological war and a weak rallying cry by a group funded by a government in its waning years trying to hold on to the digital snake that they cannot control forever. Frankly, I think that they are just going to run around defacing sites, claiming small victories, and trying to win over the real hackers within their country to their side of the issue.

Which… Well, I don’t think will play well. You see, for the most part, the younger set who know how to hack, already bypass the governments machinations and are a fair bit more cosmopolitan. Sorry Mamhoud, but the digital cat is already out of the bag and your recognition of this is too late. How long til the Arab Spring reaches into the heart of Tehran and all those would be hackers decide to work against you and your moral jihad?

Be afraid Mamhoud… khomeini…

All you really have is control temporarily.. You just have yet to realize it.

Tensions In The Region: Spooks & The Holiday Known as KABOOM

Now, back to the region and its current travails. I can see why this group was formed and rolled out in IRNA etc. Seems to me even with the roll up of the CIA operations there in Iran you guys still are being besot with problems that tend to explode.

  • Wayward Trojan drones filled with plastique
  • Nuclear scientists who are either being blown up or shot in the streets
  • Nuclear facilities becoming riddled with malware that eats your centrifuges.
You guys have it tough right now.
Let me clue you guys in on something… If you weren’t such a repressive and malignant regime, we might work with you on your nuclear programs to power your country. But, unfortunately, you guys are FUCKING NUTS! So, we keep having to blow your plans to shit (we as in the rest of the world other than say North Korea that is) because we are all concerned you just want a bomb. Why do you want that bomb? So you can lord it over the rest of us and use it as a cudgel to dismantle Israel say.. Or maybe to just out and out lob it over the border.
You are untrustworthy.
Oh well.. Yes we all have played games there and I agree some shit was bad. The whole Shah thing.. Our bad… Get over it.
I suspect that the reason why all of these bad things are happening to you now though sits in the PDB on the presidents desk or maybe in a secret IAEA report that says you guys are close to having a nuclear device. You keep claiming that you are just looking to use nuclear power peacefully… But then you let Mamhoud open his mouth again and shit just comes right out.
Until you guys at least try to work with others and not repress your people as much.. Expect more KABOOM.

What You Should Really Worry About From All of This

My real fear though in all of this hoo ha out of the HCA is that VEVAK and Hezbullah will see fit to work with the other terrorist groups out there to make a reality of this whole “Cyber Jihad” thing. One of these factors might in fact be the embracing of AQ a bit more and egging them on in their own cyber jihad. So far the AQ kids have been behind on this but if you give them ideas AND support, then we have a problem I think. The ideal of hit and run terror attacks on infrastructure that the government and those in the INFOSEC community who have been wringing their hands over might come to pass.

HCA Propaganda Fixating on OWS

If the propaganda war heats up and gains traction, this could embolden others and with the support of Hezbullah (Iran) they could “try” to make another Anonymous style movement. Albeit I don’t think that they will be motivated as much by the moral and religious aspects that HCA puts out there as dictum. Maybe though, they will have the gravitational force enough to spin all of this off into the other jihadist movements.

“The enemy of my enemy is my friend”

If the HCA does pull off any real hacks though (say on infrastructure) then indeed they will get the attention they seek and more than likely give the idea to other movements out there to do the same.

AND that is what worries me.

Cinch Up That Seatbelt… It’s Gonna Be A Bumpy Ride

Finally, I think that things are just getting started in Iran and its about to  get interesting. With all of the operations that seem to be going on in spook world (please don’t use PIZZA as a code word again mmkay?) and the Israeli’s feeling pressured by Tehran’s nuclear ambitions and rhetoric, I suspect something is about to give way. Add to this the chicken-hawks who want to be president (Herman I wanna touch your monkey) Caine and the others who have so recently been posturing like prima donna models on a runway over Iran and we have a disaster to come.

Oh.. and Bachmann.. *Shudder* Please remove her from the Intelligence committe!! That whole Pakistani nuclear AQ attacks thing was sooo not right!

PSSSSST BACHMANN they’re called SECRETS! (or, for your impaired and illiterate self SEKRETS) STFU ok?

OH.. Too late, now NATO is attacking into Pakistan…

It looks to me like the whole middle east is about to erupt like a pregnant festering boil and we are the nurse with the needs who has to pop it and duck.

So.. Uh yeah, sorry, got carried away there… I guess the take away is this; When you look at all the other stuff going on there, this alleged cyber army is laughable.

Yuk yuk yuk… You’re killin me Ahmed!

K.

Neuromancing The Cyberwars

leave a comment »

The Great Cyberwar to Come

Every day lately I open up the newsfeed and see more and more dire predictions of cyber doom and cyber war. Each time I read this stuff I just have to hang my head and curse under my breath all of the morons out there both reporting on it as well as those purveyors spinning the cyberwar to come. In fact, I really loathe the term “Cyberwar” as do I think, many of my compatriots in the infosec industrial complex (ooh coined a new one there huh?) Every time these people open their mouths I have to just borrow a line from Seinfeld and bellow;

“SERENITY NOW!”

Enough already of this Cyberwar lunacy! Let me tell you something, we have been in an information war for a long long time and a component of that is EW (Electronic Warfare) For years we have been manipulating warfare through information whether it be planting fake stories in the press (newspapers, tv, radio etc) to manipulating data within systems as part of disinformation campaigns. The only real difference today, and I think is the crux of the cyberwar craze are two factors:

  1. Everything seems to be connected by computers today
  2. We can now manipulate not only data, but the machines that process actual physical processes (ICS/SCADA)

So yes, there is more that potentially can be done to an enemy target electronically, but, the hoopla and hype around cyberwarfare has gotten WAY out of hand today and someone needs to bust that bubble before the morons in charge get their trigger fingers on the button. Perhaps though, its too late for that as I am looking around today and see that the military is saying they have the potential right to launch attacks after cyber attacks…

Good God… It makes one root for Skynet thinking about the great cyberwar to come.

Trust Us… We’re the Government!

What is most frightening to me is that the government and the military seem to be under many misapprehensions over “cyberwar” In the case of the government, more to the point, Congress and the House, we have two august bodies that are filled with some of the most misinformed and Luddite oriented groups of people I have ever seen… And these are the people we are going to entrust to make policy on such topics? The said same people who would have the likes of Gregory Evans speak to them about digital security?

We are doomed.

So, what do we have here? We have the people making laws led by the blind and the chicken little’s of the world. All of this over the overhyped and overblown idea that the great cyber war is a commin and no one is safe! Our power will go out because hackers will shut it all down! The gas pipelines will explode because John McClane won’t be able to get the Apple kid to the right terminal during the fire sale! The financial system will collapse because Thomas Gabriel will have jacked into the feeds and slurped ALL of our digital records on to his terabyte drives!

OH NO!

Yeah, you might be asking yourself right about now;

“Do they really believe that shit?”

Well, take a look at some of their laws lately concerning digital matters and privacy.. Then tell me they really know anything about the internet nor digital security. So, yes, I firmly believe they believe it. In fact, there is an old trope in the movies about hackers. You know the one, where the hacker just sits down and 5 seconds later they are root on the Gibson… Yeah, I really think that is how they percieve hacking and how easy it would be to hack the planet.. So to speak.

So, are you comfortable with these people deciding whether or not we actually physically (or digitally) attack another country after we get a little pwn3d?

I am not.

Attribution… We Don’t Need No Stinkin Attribution!

Back to the DoD and their recent proclamation about physical and other attacks against those who attack us with a cyber attack. I just have one word for them to chew on and contemplate;

ATTRIBUTION

You know, that pesky word meaning we actually KNOW who attacked us? Yeah, well as far as I have seen today, it’s pretty damned hard to determine most of the time who did what and where on the net. Digital forensics only get you so far, compromised machines can be tampered with in so many ways to make it look like someone did something and these guys want to launch cruise missiles against nation states over a DDoS?

Mmmm yeah… This will not end well.

Ok, so the next great cyberwar will take place pretty much like the whole premise of the Terminator films then? Will Skynet become sentient or will we just have a military and government that says “THEY DID IT” and fire off some missiles? Frankly, what I see here is a lot of posturing and hope that the reality is that people will realise that they cannot attribute anything and not fire one missile due to the lack of concrete proof.

But.. That assumes that cooler heads prevail and there are not too many hawks in the room….

Dark Prognostications of DOOM… Trust Me, I Write Blogs!

Meanwhile, we have the blogosphere and the pundits out there with slit eyed prognostications about how many more times 9/11 it would be, this cyberwar to come that McClane is not there to save us from.

“THERE ARE NO AIR GAPS TO SCADA! WE ARE DOOMED!”

“THE COLLATERAL DAMAGE WILL BE HUGE!”

“OUR WAY OF LIFE WILL BE DESTROYED!”

Blech. Look, sure, a cyber attack on key infrastructure would be bad. It could cause a real ruckus and we could have pockets of the country/world where power may be down a while, gas lines could blow, and there would be collateral damage. However, this would not be an all out war. In fact, I think it would be far worse if someone took out the core routers to the internet… I mean, at least that is doable if you do it right with kinetic attacks at key points (MAE’s etc) However, I just don’t see it as a likely scenario.

Frankly, you know what keeps me worried?

  1. Biological warfare or accidents with the materials
  2. A dirty bomb or a nuclear bomb cobbled together from illicit materials from the likes of Russia or Pakistan
  3. Mass coronal ejections causing a large EMP

Cyberwar.. Not so much.

The problem is that there are too many pundits and too many crazy opinions out there that are getting ear time with the Luddites in charge. Hell, for that matter, I am a blogger too, so I could be part of the problem as well huh? Maybe I am all wet and tomorrow China will attack at dawn… It’ll be just like Red Dawn.. Except they will hit us first with cyber attacks and then drop thousands of troops on us (Wait a minute! What a movie idea!)

CRAP! Someone beat me to it!

Oh I know! instead the Chinese will just release all our prisoners from cell blocks by using Metasploit against their ICS systems that lock the doors!!!

Heh.

Remember you heard it here first!

Reality? Nah, Just Pass Me The SymStim and Goggles!

I guess in the end, I just have to resign myself to the fact that sanity will not prevail. We will have a military with putative attribution and a Congress unqualified to rule on such things to pass the vote to attack those who attacked us with their packets and malware.

We’re screwed…

Oh well, I will just have to put in the REM and listen to the end of the world and we know it…

*Sits back…puts on shades…Hacks the Gibson*

YEEEHA!

K.

INFOPOCALYPSE: You Can Lead The World To The Security Trough.. But You Can’t Make Them Think.

leave a comment »

“Dark, profound it was, and cloudy, so that though I fixed my sight on the bottom I did not discern anything there”

(Dante Alighieri; The Inferno)

The current state of the Security “Industry”

It seems that once again people who I have acquaintance with in the security industry are wondering just how to interface with corporations and governments in order to build a base of comprehension about the need for information security. The problems though are myriad with these questions and the task to reach people can be a daunting one, never mind when you have groups of them in hierarchies that comprise some of the worst group think in the world (AKA corporations)

Added issues for the “industry” also surround the fact that it is one at all. Once something moves from an avocation to a profession, you have the high chance of it becoming industrialised. By saying something has been made industrialised, implies to many, the cookie cutter Henry Ford model really. In the security world, we have seen this from the perspective of magic boxes that promise to negate security vulnerabilities as well as teams of consultants who will “securitize” the company that is hiring them with magic tools and wizardry. The net effect here is that those paying for and buying into such products and services may as well be buying a handful of magic beans instead.

Now, not every company will be efficacious in their assessments nor live up to the promises they make for their hardware/software solutions. Many practitioners out there and companies really try to do the right thing and do so pretty well. However, just as in any other business, there are charlatans and a wide range of skilled and unskilled plying their arts as well. Frankly, all that can be said on this issue is “Caveat Emptor”  It’s a crap shoot really when it comes to goods and services for security solutions. The key is though, to be able to secure yourselves as a company/entity from the standpoint of BASIC security tenets up.

Often its the simple things that allow for complete compromise.. Not just some exotic 0day.

So we have a cacophony of companies out there vying for people’s dollars as well as a news cycle filled with FUD that, in some cases are directly lifted from the white papers or interviews with key players from those said same companies seeking dollars. It is all this white noise that some now, are lamenting and wondering just how do we reign things in and get a stable base to work from in an ethical way to protect companies and individuals from information security meltdowns. More so it seems lately, the question has been how do we reach these people in the first place? How do we actually get a meaningful dialogue with the corporate masters and have them come away with the fundamentals of security as being “important”

Unfortunately, I think that there are some major psychological and sociological hurdles to overcome to reach that point where we can evince the response we all would like to see out of those C level execs. I have written about them before, but I will touch on them again later in this piece. Suffice to say, we all have a tough row to hoe where this is concerned, so, I expect there to be no easy answer… Nor really, any satisfactory conclusions either.

“It is a tale Told by an idiot, full of sound and fury, Signifying nothing”

(Shakespeare; MacBeth)

Security Joan of Arc’s and their Security Crusade:

Joan De Arc was a woman ahead of her time. She wore men’s clothing and lead the French in battle against the English and to victory, all as a teen girl. She later was burned at the steak for heresy and just recently made a saint many years later. I give you this little history lesson (link included) to give you an idea of who you all are in the security industry lamenting over not being listened to. You too may be ahead of your time, but, just as she was, you too will not be listened to because your ideas (to the listeners) are “radical”

Now, radical is a term I am using to denote how the corporate types are seeing it. We, the security advocates, do not see these concepts as radical, but instead as common everyday things that should be practices (complex passwords, patching effectively, etc) They (the client) see these things as impediments to their daily lives, their bottom lines, and their agenda’s both personal and corporate. There are many players here, and all of them have agenda’s of their own. This is a truism that you must accept and understand before you rail against the system that is not listening to your advice.

Here’s a bit of a secret for you.. The more ardent you seem, the more likely you will be branded a “Joan” The perception will be that you are a heretic and should not be listened to. Instead you should be marginalised in favour of the status quo.. After all, they have gone about their business every day for years and they are just fine! The more you rail, or warn with dire tones, the more you will be placed at the back of the mind.

Think Richard Clarke (I heard that chuckle out there)

Though Joan inspired the French forces to battle on and win more than a few battles, she eventually was burned at the steak. Much of this was because of her unique nature and fervour. Much as yours may do the same to you… Without of course literally being burned at the steak and you all must learn this. I think you have to take a page from the hackers playbook really and use the axiom of being a “Ninja”

The subtle knife wins the battle.

 

“If the Apocalypse comes, beep me”

(Joss Whedon;Buffy the Vampire Slayer)

What’s the worst that could happen really?

The quote above really made me chuckle in thinking about this article and the problems surrounding the premise. This I think, is the epitome of some people’s attitudes on security. Most folks just go along their days oblivious to the basic security measures that we would like them to practice as security evangelists. The simple fact is that like other apocalypse scenarios, people just have not lived through them and been affected by them to change their behaviours accordingly. What solidified this for me recently was the snow storm last October here in New England that caught so many people flat footed. They simply had not ever really had to rely on their wits and whatever they had on hand before like this. When the government and the corporations (CL&P) failed to provide their services to the populace, the populace began to freak out.

Its the same thing for information security. Whether it is the government or the corporations that supply us all, both are comprised of people who all pretty much lack this perspective of being without, or having really bad things happen to them. 9/11 comes the closest, but, that only affected NYC and DC directly (i.e. explosions and nightmarish scenarios with high casualties) In the case of corporations, you have lawyers and layers of people to blame, so really, what are the risk evaluations here when it is easy to deflect blame or responsibility? For that matter, it was inconceivable to many in the government (lookin at you Condi) that terrorists would use planes as missiles… Even though a month before a report was handed out with that very scenario on the cover.

The core of the idea is this. Human nature on average, and a certain kind of psychology (normative) that says “This can’t happen to us” We all have it, just some of us are forward thinking and see the potentials. Those forward thinkers are likely security conscious and willing to go out of their way to carry out actions to insure their security. Things like storing extra food and water as well as other things that they might need in case of emergency. These can be life of death deal breakers.. Not so much for information security at your local Acme Widget Corp. In the corporate model, they have the luxury of “It’s somebody else’s problem” So, these things are usually not too important to them unless that person making the decision is cognisant of the issues AND responsible for them. Unfortunately, as we have learned these last 10 years or so, responsibility is not their strong suit.

So, on they go.. About their business after you, the security curmudgeon has told them that they need to store food for the winter..

But the grasshoppers, they don’t listen… Until they are at your door in the snow begging for food.

 

“More has been screwed up on the battlefield and misunderstood in the Pentagon because of a lack of understanding of the English language than any other single factor.

(John W. Vessey, Jr.)

How do we communicate and manipulate our elephants?

Back to the issue of how to communicate the things we feel important. This has been a huge issue for the security community for a couple of reasons.

  1. The whole Joan of Arc thing above
  2. The languages we speak are.. Well.. like Tamarian and theirs are corporate speak.

We, the security practitioners, often speak in metaphor and exotic language to the average corporate manager. You have all seen it before, when their eyes glaze over and they are elsewhere. We can go on and on about technical issues but we never really seem to get them to that trough in the title. Sometimes you can get them to the trough easily enough by hacking them (pentesting) but then they think;

“Well this guy is a hacker… No one else could do this! What are the chances this is going to really happen? Naaahhh forget it, it’s not likely”

So there is a bias already against doing the things that we recommend. Then comes the money, the time, and the pain points of having to practice due diligence. This is where they turn off completely and the rubric of it is that unless they are FORCED to carry out due diligence by law or mandate, they won’t. We all have seen it.. Admit it.. It’s human nature to be lazy about things and it is also human nature to not conceive that the bad things could happen to them, so it would be best to prepare and fight against them.

So, how do we communicate with these people and get them on the same page?

I have no answers save this;

“Some get it.. Some don’t”

That’s the crux.. You have to accept that you as the security practitioner will NEVER reach everyone. Some will just say thank you and good day… And you have to accept that and walk away. As long as you have performed the due diligence and told them of their problems.. You have done all you can. You can try and persuade or cajole them… But, in the end, only those who get it or have been burned before will actually listen and act on the recommendations you make.

“The greater our knowledge increases the more our ignorance unfolds”

(John F. Kennedy)

The Eternal Struggle

There you have it. This will always be the case and it will always be the one thing that others seeking to compromise corporations and governments will rely on. The foolishness of those who do not plan ahead will be their undoing..

Eventually.

All you can do sage security wonk, is calmly and professionally explain to them the issues and leave it to them to drink.

K.

Insidiae, Psychologia, Et Liber Pericula

with 3 comments

I have been watching Anonymous for a while now and I think that its time to discuss some observations I have had lately. It seems that after some time, the Anon collective has, even though there have been arrests, decided that, as they say, “You can’t arrest an idea” I have wondered though, just how many of the Anon’s actually perceive this as a war against government tyranny and how many just do it for the lulz. This is the crux of the issue frankly for me and I have been thinking about this for some time trying to gather data to form my hypothesis.

What I have come up with are the following motivations and constructs that I believe the Anonymous collective live by and use to rationalize their behavior.

Group Think

Group Think is a term for a social and psychological dynamic in groups to harmonize their actions causing deficiency of mental efficiency. Signs of group think are the following:

  1. Illusion of invulnerability –Creates excessive optimism that encourages taking extreme risks.
  2. Collective rationalization – Members discount warnings and do not reconsider their assumptions.
  3. Belief in inherent morality – Members believe in the rightness of their cause and therefore ignore the ethical or moral consequences of their decisions.
  4. Stereotyped views of out-groups – Negative views of “enemy” make effective responses to conflict seem unnecessary.
  5. Direct pressure on dissenters – Members are under pressure not to express arguments against any of the group’s views.
  6. Self-censorship – Doubts and deviations from the perceived group consensus are not expressed.
  7. Illusion of unanimity – The majority view and judgments are assumed to be unanimous.
  8. Self-appointed ‘mindguards’ – Members protect the group and the leader from information that is problematic or contradictory to the group’s cohesiveness, view, and/or decisions.

A distinct feature of group think is that it is exacerbated by a lack of clear rules on decision making. It is my contention that the diaspora of anonymous inherently has the of decision making rules as well as a large amount of group think dynamics within its younger set. The group as a whole though may not mean the total “group” (i.e. Anonymous rank and file) but whatever group has collected to decide on an “op”

Also, given the nature of the Anonymous collective as seen online, they tend to not be very forgiving toward those they do not like or disagree with. This fractiousness and tendencies toward berating behaviour tend to re-enforce the group think model.

Collective Psychopathy

The term “Collective Psychopathy” is something that when I looked it up online I only found a couple of references to Freud and ego. I am guessing others have made the connection but perhaps there is no official designation made.. Maybe I just missed it in the literature. The core of the idea for me is that collectively, groups like anonymous can manifest a sociopathic or psychopathic potential in certain circumstances. In the case of the actions of Anonymous actors online in their dialogues and statements, they manifest key features of what is considered psychopathic behaviours.

Psychopathy is a mental disorder characterised primarily by a lack of empathy and remorse, shallow emotions, egocentricity, and deceptiveness. Psychopaths are highly prone to antisocial behaviour and abusive treatment of others, and are very disproportionately responsible for violent crime. Though lacking empathy and emotional depth, they often manage to pass themselves off as normal people by feigning emotions and lying about their pasts.

While in the real world interactions of all of these individuals may in fact be not at all psychopathic in nature (though, they may be depending on the person) the “online” personae that the individual takes on tends to have psychopathic tendencies due to the medium of the Internet. The key factors of this transition are the following;

  • You are “anonymous” so it is easy to lie
  • Any damage you inflict is not in person
  • There generally is a “lesser” possibility of repercussions for your actions due to anonymity and technology issues

Given the chance, anyone will act outside their particular moralities when placed in situations where repercussions are near null. This is something that has recently been studied in the Psychology of Character by DeSteno and Valdesolo. Their findings are that often, given the opportunity, a person will commit to acts outside of their character if there are no repercussions. It is my belief that this also can be applied to the online activities of individuals as well as collectively (i.e. Anonymous)

It is this very set of features to online behaviour and nature, that be-gets the potential for a collective to work with leadership, and group think, to actions that the individuals might not ordinarily partake in because there would be repercussions, they would be directly inflicting damage, and they would certainly not be anonymous. Thus, collectively, within these parameters, the group dynamics and the disconnect from reality allows the individual to join the collective without really being forced to consider what their actions outcomes would be on a personal level.

Age and Development

Another factor in this picture of collective psychopathy is the age of the individuals and their development levels. Many of the Anon’s have tended to be younger individuals and as such, they are not “fully cooked” according to physiology and psychology. It has been stated that the development of the brain (the static fixing of neural pathways) does not on average finish until the individual is approximately in their latter twenties. This also means that within the teens up until the time the brain is finished developing, that the individual has a higher tendency to be unable to make rational decisions;

Specifically, a teen’s prefrontal cortex – the piece of brain right behind the forehead that is involved in complex decision making – is not capable of the kind of reasoning that allows most grown-ups to make rational decisions.

Thus, it is easier to look toward the collective psychopathy theory given the individuals propensity for lack of reasoning and the conditions that the Internet afford for anonymously motivated behaviour. It is also easier to concede that said younger individuals who wish to belong to a community or to “be cool” also would be more amenable to the ideas put forth by the collective due to the lack of rational thought processes as well as critical thinking to take part in high risk behaviour.

Simply put, the median age of the collective and the nature of its environment allow for them to run amok as well as dissociate the reality from the unreality of the Internet. It was also key to note that the use of LOIC even though it did nothing to obfuscate the end user’s IP address could be perceived as part of this picture.

Social Mores (individual and group)

Added to all of this, is the culture of the Internet itself. As it is a virtual reality, it also has its own set of mores on the social level. Where in reality some things are taboo, online, they may be just another everyday thing. Social norms are not the same within the net as opposed to open society. Within the context of Anonymous, one just needs look further back to the progenitor of all of this, 4chan, where a laissez-faire attitude abounds about many things that are socially unacceptable in the real world versus the virtual.

Examples of this can be seen from trolling, to the explicit content on the site matched with language that connotes hate speech as well as apathy or hostility toward social norms in regular society.

De-Humanisation through Language & Imagery

With the social mores being different from normal society, one can also see within the Internet and the dialogues online between elements of the Anonymous collective, a pattern of de-humanising speech. The use of the invective “nig” or “nigger” in chats from Anonymous seems to be the parlance of the venue as much as it is an epithet. This co-option of the slur performs another means of de-humanising a person that they are speaking to or about online. I hardly think that many of these individuals would in fact use the word and others like it within the non virtual world for fear of repercussions. However, within the confines of the virtual world that they think they rule, this is a weapon as well as a mode of speech.

Additionally, one might also look at the 4chan boards to see imagery also that is on the same level and may be considered hate speech in our society at large but thought nothing more of online by the denizens there. This is all part of the segregation of online and off-line personae that give the individuals and the collective, to act freely without remorse. Had Goebbels had the Internet, his propaganda would have been much more effective to a larger audience not only because of the connectivity, but also from the social and reality distancing that the Internet provides.

Conspiracy Theories And The Echo Chamber

Lastly, the rationalisation lately by Anonymous and LulzSec has been that they are fighting the good fight against government and corporate conspiracies. As seen from the response to the FBI recently below;

LulzSec and Anonymous Statement

Hello thar FBI and international law authorities, We recently stumbled across the following article with amazement and a certain amount of amusement: http://www.npr.org/2011/07/20/138555799/fbi-arrests-alleged-anonymous-hackers

The statements made by deputy assistant FBI director Steve Chabinsky in this article clearly seem to be directed at Anonymous and Lulz Security, and we are happy to provide you with a response. You state:

“We want to send a message that chaos on the Internet is unacceptable, [even if] hackers can be believed to have social causes, it’s entirely unacceptable to break into websites and commit unlawful acts.”

Now let us be clear here, Mr. Chabinsky, while we understand that you and your colleagues may find breaking into websites unacceptable, let us tell you what WE find unacceptable:

  • Governments lying to their citizens and inducing fear and terror to keep them in control by dismantling their freedom piece by piece.
  • Corporations aiding and conspiring with said governments while taking advantage at the same time by collecting billions of funds for federal contracts we all know they can’t fulfil.
  • Lobby conglomerates who only follow their agenda to push the profits higher, while at the same time being deeply involved in governments around the world with the only goal to infiltrate and corrupt them enough so the status quo will never change.

These governments and corporations are our enemy. And we will continue to fight them, with all methods we have at our disposal, and that certainly includes breaking into their websites and exposing their lies. We are not scared any more. Your threats to arrest us are meaningless to us as you cannot arrest an idea. Any attempt to do so will make your citizens more angry until they will roar in one gigantic choir. It is our mission to help these people and there is nothing – absolutely nothing – you can possibly to do make us stop.

“The Internet has become so important to so many people that we have to ensure that the World Wide Web does not become the Wild Wild West.”

Let me ask you, good sir, when was the Internet not the Wild Wild West? Do you really believe you were in control of it at any point? You were not. That does not mean that everyone behaves like an outlaw. You see, most people do not behave like bandits if they have no reason to. We become bandits on the Internet because you have forced our hand. The Anonymous bitchslap rings through your ears like hacktivism movements of the 90s. We’re back – and we’re not going anywhere.

Expect us.

This use and belief of the conspiracies against the “people” is a telling thing. While others have used religion, Anonymous has latched on to conspiracy theories as their aegis. Just like religion, a conspiracy theory is hard to disprove because the individual can always rationalise that some other piece of the puzzle is still missing and the conspiracy, or belief, lives on. Both of these things are hard to disprove as well as debunk because of rationalising that its adherents latch on to so they continue to believe and act under the apprehension that there is either a God, or some other force at work (government cabal’s) that control their lives in some way.

In the echo chamber of Anonymous and the internet, this use of and belief in the conspiracies has given many of the anon’s a construct of belief to latch onto that perhaps they lacked in the real world. Just as well, this belief and the ability to take action online with impunity (perceived) has energized them to take action, then rationalise further toward more and larger actions.

The net effect is that this all becomes self perpetuating…

Conclusion

The conclusion to all of this for me is that truly, the statement that Anonymous is an “idea” is true. It is an idea formed by individuals that coalesced into a group that in turn has become a splinter society online. *note: Even when they want to protest in the real world, they want their anonymity with masks* This society has its own norms and mores that are counter to the one we live in outside of the net. The denizens of this world are often young and biologically not fully capable of rational/logical thought and swayed by the sense of belonging to something as well as a desire to reject the cultural norms of the real world.

All of this, in tandem with a sense of invincibility has lead them to take actions counter to the culture outside of the Internet and directly affect the outside world because the online world holds so much of our real life data today. Due to the disconnect and the “othering” that goes on within this community (i.e. the contention of psychopathy) these individuals are disconnected from the realities of what they are doing and thus feel nothing other than the potential fears that they “may” be caught in real life. However, this seems to be lesser of a fear as they go along upping the ante and still getting away with it en mass.

The idea and the reality are two different things.

K.

Written by Krypt3ia

2011/09/20 at 15:39

The Psychology of “Neo Jihad” Radicalization

with one comment

The Paradigm Pivot:

Soon after the attacks on 9/11 the US and other countries began a “War On Terror” that attempted to disrupt and destroy the Al Qaeda networks. The military and intelligence wars on AQ have been very successful in that they have splintered the group, cut its main lines of C&C, and forced them to scatter into the hills of Waziristan and other places. The intelligence war began with stepped up surveillance technically as well as, after much spin up, getting physical assets on the ground and inserted into the intelligence gathering apparatus. Once the networks were set up, and the AQ infrastructure fractured, it became apparent to the leaders of AQ that they needed to proselytize in a different way to get more “recruits” for the global jihad that they wanted.

Once the realization set in, the AQ leadership began to move online to communicate, radicalize, and recruit new jihadi’s to the cause. As time went by and more of the networks were broken, the ranks of jihad began to thin out. This became a real problem for Al Qaeda and it realized that it needed a new paradigm to reach the “Western” ummah that they could try to sway to jihad. With the creation of GIMF, and AQAP later on, the footprint of jihadi propaganda and radicalization took shape online. Since 2001, we have seen AQ and affiliates grapple with how to get their message across as well as create channels for those who are not in the 2 lands, to radicalize, and then come to jihad.

This post is about not only the means that AQ, AQAP, and others have come up with as a response to the problem, but also a profile of the GEN2 jihadi’s online that are being radicalized and who have acted in the past as well as those who may in the future.

Online Jihad: 10 Years of Internet Jihad

A plethora of sites on the internet have been set up over the years by AQ and its affiliates to propagandize and communicate. many of these sites at first were just simple file upload areas and small bulletin boards. Today we have many mass media style sites including videos, tutorials, online chat areas, and private messaging. The PHP bulletin boards set up on domain named sites or on servers (stealth) that have been hacked, have been the most popular of all. With these sites, the jihad radicalization goes on with postings within pass-worded group sites like Shamukh (AQ) or Ansar.com.

For the most part, these sites have only been partially successful in being a command and control mechanism for AQ. They have failed to gather the swelling support that they would have liked on the part of the Western ummah and it is this lack of fervor that has them vexed. I have personally seen this vexation in AQAP’s “Inspire Magazine” as they have been trying to become more “Hip and Western” to get a new audience. All of their efforts though, have had lackluster returns. This lack of response on the part of the young westernized groups that they are targeting is likely to a few factors;

  1. The radicalization process is not in person
  2. The western mindset of the targets is more secular in nature and separate from the core AQ groups experiences
  3. These youths are not living in lands where war is ongoing
So, the target populations that they are aiming at are hard to reach and likely not predisposed to radicalization online easily. However, there are others who they do reach. These are a smaller group of individuals who are outlined below in the GEN2.0 section of this post. First though, there needs to be an explanation of the psychology of radicalization that will backstop the three points above on why the jihad is missing the mark with the western youth.

The Psychology of Radicalization:

Radicalization: The process in which an individual changes from passiveness or activism to become more revolutionarymilitant or extremist. Radicalization is often associated with youthadversityalienationsocial exclusionpoverty, or the perception of injustice to self or others.

Much of the classic radicalizing that happens within movements such as Al Qaeda happens when the like minded get together under the penumbra of a stronger personality that leads them. In the case of Islamic Jihad, there have been many Imam’s and leaders who preach this type of thought within their right wing versions of Islam. This is the core of the idea behind raising the ummah army to fight a jihad, the radicalization of the parishioners through direct proselytizing. Since 9/11 though, much of the Muslim community has come under scrutiny from intelligence gathering groups seeking to find the next cell of terrorists being exhorted to jihad by an imam or another leader.

In other cases secular leaders may arise, this may take shape in the form of someone like Mohammad Atta, or the like who are within a circle of like minded people (What Dr. Marc Sageman calls “a group of guys” theory) who “self radicalize” and either make contact with core AQ, or, they decide to act on their own, using the internet as their guide to jihad techniques and ideals. This may happen with two or more individuals seeking like minded people, or, a leader may inculcate them into their particular brand of thought.

A third and seemingly rising type of radicalization seems to be the Lone Wolf or Loner. This is a person either seeking to belong to something greater than they are, or, someone mentally unbalanced and moving along the lines of their own particular mental illness. The Lone Wolves and the Loner’s are dangerous in that they are now one of the primary targets of AQ and their propaganda/radicalization drive other than the “group of guys” The reason for this is that all of these groups can “self radicalize” without having to step into a mosque by reading online and digitally relating with other like minded jihadi’s online. The major difference being that there is no direct contact and, for most, this method of contact and radicalizing lacks the added social element of being in person as a part of a group.

This is a key feature of radicalization that needs to be understood. Since we are social animals, we need to feel that kinship and the only real way to do this primarily is to be within a social dynamic structure that includes physically being there. Online it seems, just does not cut it for most. However, there are others, the mentally ill, and those who are so socially awkward, that online seems to be the only way that they can relate, that have become the next generation of jihobbyists. This in tandem with the fact that now it is rather hard to make contact with, and access the core AQ group physically (i.e. going to a training camp in Waziristan) has made the online radicalization process the pre-eminent way for the jihadi process to carry on.

Jihad GEN 2.0: Lone Wolves, Wolf Packs, & Loners

  • Lone Wolves: Single actors who radicalize either by self or online groups but act alone
  • Wolf Packs: “The Group of Guys” Who radicalize together as a unit and attempt jihad
  • Loners: The single player who radicalizes online and may have contacts with some but is not a team player
These terms above have been bandied about for a while now in the CT arena. The reason for this is two fold. One, we have been seeing these types radicalizing and acting out. Two, AQ has also seen this trend and they are trying to leverage these small groups or single individuals to action. As stated at the top of this post, the lines of communication and radicalization have had to change since the war on terror began. It is because we have so cornered AQ and their afiliates in the 2 lands, that they have resorted to these tactics, and, they are finding it hard to have any good results. This however, has not stopped them from trying and also trying to innovate new ways to radicalize the Western ummah.

Lone Wolves, or the “Lone Wolf” The most likely candidate for the lone wolf is a second generation immigrant who feels some sort of synergy with their parents homeland. There have been a spate of cases where Al Shebaab had converts sneak off from the US to Somalia to train with them. The majority of these lone wolves in this case, were kids in their teens or early twenties that took off to join the jihad there. The premise though, is that these are people who are not necessarily part of any one group but seek out the jihad on their own. They often connect with the core jihadi groups in some way (Malik Hassan and Anwar Al Awlaki) and then act on their own in a more constructed and supported way from the core AQ groups.

A number of these “lone wolves” were caught here in the US when they were intercepted by the FBI in sting operations. These operations mostly consisted of assets talking to the lone wolf and asking them what they would do for jihad. What operations would they like to pull off, and offer that wolf the means to carry out their intentions. This for some, treads the line of entrapment, but for me, I think it is fair game because either way, the individual, unless being held captive and tortured etc, is not suffering from “Stockholm Syndrome” and thus acting under their own will. Social dynamics aside, these actors sought out the jihad, and in my mind, already have instabilities and predispositions that will inevitably lead them to do something with or without the help of an agent provocateur.

Wolf Packs are groups of like minded individuals who have either come together and then radicalized, or, have formed due to a strong leader. These are the most dangerous of the groups because they tend to be groomed by core AQ and, as a group, not only self radicalize, but they re-enforce their belief and action as a social dynamic. Wolf packs have been seen as the more organized and thus more dangerous element in this behavior model. An example of the wolf pack would be the Lackawana 6 or others who banded together and eventually went to an AQ training camp. Though, in the case of the Lackawanna 6, it seems as though they came back from the trip decidedly lacking the motivation to carry out a mission. This is likely because of their Westernized mind set. They did however provide material support to the jihad, and were convicted of this.

Another wolf pack though are the 19 who carried out the attacks on 9/11. The Hamburg Cell, as they were called, came together in Germany where they self radicalized at a local mosque and eventually made contact with the core AQ group. This group would be considered the progenitor of the wolf pack jihad itself and are lauded by AQ for their success. They are the model for AQ’s blueprint originally on reaching a western audience.

Loners are the last type of jihadi that the AQ core are seeking to incite. The loner tends to be an individual who is socially inept to the degree that some have actually been diagnosed with Aspergers Syndrome. Still others have proven to be mentally ill individuals who latch onto the jihad for whatever reasons are driving their psyche. On average, the loner can be seen as the spree killer of the group that feeds the need of the jihad in that they sow fear and confusion while potentially taking out numbers of people. An example of a loner would be Nidal Malik Hassan (Ft. Hood Shooter) who clearly was mentally unstable and went on a shooting rampage injuring 30 and killing 13.

Loners tend to be more the spree killers with guns than they are bomb makers. Another loner type would be Faisal Shahzad, who attempted to make a propane bomb alone. His training was incomplete or he was inept, because the device failed to go off. In the case of Shahzad, he also spent time in Pakistan (from where he emigrated to the US) with the Pakistani Taliban. His radicalization went on unseen by others around him and his actions became more erratic as time went on. I have not seen a psych evaluation of him, but from all that I have seen, it may well be that he too is mentally unstable.

Another couple of reasons to worry more about the “loner” type of jihadi are these:

  • They are loners, thus unless someone in the family see’s whats going on, it will likely go unseen until its too late
  • They are often here in the US and with guns easily available, make their spree killing scenarios most likely to work
In all, these three types of jihadi’s are the main targets now for the AQ and other core groups to radicalize and energize. The jihad needs recruits to carry out their war and the Qaeda have learned that they need not be the devout and pious to do so. The weak minded and the socially inept will do just fine.

Online Radicalization: Propaganda, Congregation, Synergy & The Online Shadow War

As mentioned above, the radicalization process online has mainly consisted of websites that cater to the newbie to the jihad up to the hard core members. Primarily though, these sites have been a means to gain new recruits for the holy war. These sites had been for a long time, rather blatantly operating online because the governments had not caught up with the technology. Recently though, there has been a change going on within the online jihad. Due to many factors including actions on the part of the hacker community, the propaganda machine that has been the jihadi bulletin board system online has begun to go underground as well as redouble its propaganda efforts.

AQAP’s “Inspire Magazine” releases also have been slowed down and the core’s processes for distribution tightened because of tampering with the files in the past and the worries that they have been compromised as a network online. Spooks and hackers have been infiltrating their networks and websites for a while now and they have caught on. Of course in some ways, the assumption should always have been so. However, attacks on the AQ propaganda sites have increased over the last couple of years to include complete take downs of certain sites through DD0S as well as compromise and destruction of their back ends. Since these occurrences, the smarter of the group have decided that it was time to create a new propaganda jihad.

Abu Hafs alSunni alSunni, is an exemplar of this mindset. He espouses that the propaganda jihad needs to be more layered and secret. His proposal is to hide the online jihad in plain sight, by making pages that have stealth links (gateway sites) that will lead the knowing, to the real sites where content can be obtained and ideas shared. His ideas were a bit ahead of the curve for most on the boards, but now, post 2011, the administrators and the core AQ I think, are taking a closer look at this model. As online sites that are non secret become more and more targeted, it is only natural that they jihad would eventually have to go underground to continue and flourish from a command and control as well as radicalization standpoint. By locking down the content with gateways to it, those who are serious could congregate behind the digital curtain and carry on, while the digital bill boards call to all those thinking about joining the fray.

As the online jihad progresses technically, so too will their followers and this is a concern. With technologies such as TOR (The Onion Router) and their “Hidden Services” one can now easily hide all content behind a network that cannot be tracked or traced. Online chats can be had in total anonymity as well as files can be left within the confines of such networks for only those who have the right address to get them (net/net meet the new digital anonymous dead drops) and it is here that once again the pivot happens within the dynamic of online jihad. Once the technological skills of the jihadi’s come online, so too will the types of attacks online that could be carried out by them as well as the success rates of kinetic attacks because they are using solid methods to transmit and connect with each other to plan operations.

Already we have seen this movement happening on the forums and it really is only a matter of time until some of these guys read the man page on how to configure their own TOR node with hidden services turned on. It is clear that the technologies are making it easier for them to hide in plain site as well as behind the technical curtain, so, it is my proposition that the next iteration of the GWOT have a component of psychological operations more involved. Just as I have said about the Anonymous situation ongoing, the greater successes are likely to come about because we better understand the players motivations and psyche’s.

Countering The Threat:

In conclusion, I see a two pronged method of attack to fight the online jihad:

  1. Psyops: The idea that psychological operations has always been a part of the counter insurgency effort. However, in the digital world this has been more the spooks territory than the digital warfighter. Of course the digital war is new as is the online jihad so it is a natural progression to see this type of warfare as well as detective process being implemented.
  2. Technical Counter-Insurgency Operations: As the technological adroitness grows on the part of the jihadi’s so should the capabilities on the counter insurgency online. It is understood that the US has quite a bit of technical know how online so it is an easier supposition to make that we will be able to step up quickly. However, it is the melding of the two (psyops/pscyhology and technical ops) that must happen to wage this battle well.
We are going to have to step up our online activities to meet the challenge and as far as I have knowledge of, certain areas of law enforcement need to play catch up. The AQ core will continue to reach out to the lonely and dispossessed to radicalize the newcomers as well as use the technologies we have created (privacy/hacking utilities included) to effect the outcomes they desire and we need to be able to counter them.

APPENDIX A:US Cases of Terrorism since 9/11

2002

• José Padilla. José Padilla (32), a native U.S. citizen, convert to Islam, and al Qaeda

operative, was arrested upon his return from the Middle East to the United States.

Although there is no question of his al Qaeda connection, his mission remains unclear.

He was convicted for providing material support to al Qaeda and sentenced in 2008.

A co-defendant, Kifah Wael Jayyousi (40), a naturalized U.S. citizen from Jordan, was

also convicted.

• The Lackawanna Six. Six Yemeni-Americans—Sahim Alwar (26), Yahya Goba (25),

Yasein Taher (24), Faysal Galab (25), Shafal Mosed (23), all born in the United States,

and Muktar al-Bakri (21), a naturalized citizen—were arrested for training at an

al Qaeda camp in Afghanistan.

• The Portland Seven. Seven individuals—Patrice Lumumba Ford (31), Jeffrey Leon

Battle (31), October Martinique Laris (25), Muhammad Ibrahim Bilal (22), Ahmed

Ibrahim Bilal (24), all native U.S. citizens; Habis Abdulla al Saoub (37), a U.S. perma-

nent resident from Jordan; and Maher Hawash (38), a naturalized U.S. citizen from

Jordan—were arrested for attempting to join al Qaeda and the Taliban.

• Earnest James Ujaama. Earnest James Ujaama (36), a native U.S. citizen, was arrested

for providing support to the Taliban.

• Imran Mandhai. Imran Mandhai (20), a U.S. permanent resident from Pakistan, told

an FBI informant that he wanted to wage war against the United States. He planned

to assemble an al Qaeda cell and attack various targets in Florida, including electrical

substations, Jewish businesses, a National Guard armory, and also, improbably, Mount

Rushmore. Under surveillance for a long time, Mandhai was arrested and subsequently

convicted of conspiracy to destroy property.

• Anwar al-Awlaki. Anwar al-Awlaki (31), a U.S. citizen born in New Mexico, studied

engineering in college and motivation in graduate school, then became an increasingly

radical imam. After being questioned by the FBI several times, he left the United States

in 2002 and went to Yemen, where he is now a leading spokesperson for al Qaeda.

2003

• Adnan Gulshair el Shukrijumah. A provisional arrest warrant was issued for Adnan

Gulshair el Shukrijumah (27), a Saudi national and legal permanent resident, who grew

up and worked in the United States. Shukrijumah was suspected of involvement in a

number of terrorist plots. In 2010, he was indicted for his involvement in the 2009 Zazi

plot to blow up New York subways.

• Iyman Faris. Iyman Faris (34), a naturalized U.S. citizen from Pakistan, was arrested

for reconnoitering the Brooklyn Bridge for a possible al Qaeda attack.

• The Northern Virginia Cluster. Eleven men were arrested in June 2003 for training

at a jihadist training camp abroad, intending to join Lashkar-e-Toiba, and planning

terrorist attacks: Caliph Basha Ibn Abdur Raheem (28), a native U.S. citizen; Sabri

Benkhala (27), a native U.S. citizen; Randoll Todd Royer (39), a native U.S. citizen;

Ibrahim al-Hamdi (25), a Yemeni national; Khwaja Mahmood Hasan (27), a natural-

ized U.S. citizen from Pakistan; Muhammed Aatique (30), a legal permanent resident

from Pakistan; Donald T. Surratt (30), a native U.S. citizen; Masoud Ahmad Khan

(33), a naturalized U.S. citizen from Pakistan; Seifullah Chapman (31), a native U.S.

citizen; Hammad Abdur-Raheem (34), a U.S.-born citizen and Army veteran of the

first Gulf War; and Yong Ki Kwon (27), a naturalized U.S. citizen from Korea. Two

other individuals were also arrested in connection with the group: Ali al-Timimi (40), a

U.S.-born citizen, and Ali Asad Chandia (26), a citizen of Pakistan. Six of the accused

pleaded guilty, and another three were convicted. Benkhala was acquitted but was later

charged and convicted of making false statements to the FBI. Al-Timimi was convicted

in 2005. The case against Caliph Basha Ibn Abdur Raheem was dismissed.

• Uzair Paracha. Uzair Paracha (23), a legal permanent resident from Pakistan, was

indicted for attempting to help an al Qaeda operative enter the United States in order

to attack gas stations. He was convicted in 2005.

• Abdurahman Alamoudi. Abdurahman Alamoudi (51), a naturalized U.S. citizen from

Eritrea, was indicted in the United States for plotting to assassinate Saudi Arabia’s

Prince Abdullah.

• Ahmed Omar Abu Ali. Ahmed Omar Abu Ali (22), a native U.S. citizen, was arrested

by Saudi authorities and later extradited to the United States for providing support to

a terrorist organization and plotting to assassinate the president of the United States.

2004

• Mohammed Abdullah Warsame. Mohammed Abdullah Warsame (31), a legal perma-

nent resident from Somalia, was arrested for conspiring to support al Qaeda. He was

found guilty and sentenced in 2009.

Chronology of the Cases

• Ilyas Ali. Ilyas Ali (55), a naturalized U.S. citizen from India, pleaded guilty to provid-

ing material support to the Taliban and al Qaeda. He attempted to sell hashish and

heroin in return for Stinger missiles, which he then planned to sell to the Taliban. Two

other defendants, Muhammed Abid Afridi and Syed Mustajab Shah, both Pakistani

nationals, were also convicted in the case.

• Amir Abdul Rashid. Ryan Gibson Anderson (26)—a native U.S. citizen and convert to

Islam who called himself Amir Abdul Rashid—was a soldier in the U.S. Army at Fort

Lewis, Washington, when he was arrested in February 2004 for contacting Islamic

websites related to al Qaeda and offering information about the U.S. Army.

• Mark Robert Walker. A Wyoming Technical Institute student, Mark Robert Walker

(19), a native U.S. citizen who, according to reports, became obsessed with jihad, was

charged with attempting to assist the Somali-based group, Al-Ittihad al Islami. He

planned to provide the group with night-vision devices and bulletproof vests.

• Mohammed Junaid Babar. Mohammed Junaid Babar (31), a naturalized U.S. citizen

from Pakistan, was arrested in New York for providing material support to al Qaeda.

• The Herald Square Plotters. Shahawar Martin Siraj (22), a Pakistani national, and

James Elshafy (19), a U.S.-born citizen, were arrested for plotting to carry out a terrorist

attack on New York City’s Herald Square subway station.

• The Albany Plotters. Yassin Aref (34), an Iraqi refugee in the United States, and

Mohammad Hossain (49), a naturalized U.S. citizen from Bangladesh, two leaders of a

mosque in Albany, New York, were arrested for attempting to acquire weapons in order

to assassinate a Pakistani diplomat.

• Adam Yahiye Gadahn. Adam Yahiye Gadahn (26), a native U.S. citizen and convert to

Islam, moved to Pakistan in 1998. By 2004, he was identified as a member of al Qaeda

planning terrorist attacks in the United States, and he subsequently became one of

al Qaeda’s principal spokesmen. He was formally indicted in 2006.

• The Abdi Case. Nuradin Abdi (32), a Somali national granted asylum in the United

States, was indicted in June 2004 for plotting with Iyman Faris to blow up a Colum-

bus, Ohio, shopping mall. (He was arrested in November 2003.)

• Gale Nettles. Gale Nettles (66), a native U.S. citizen and ex-convict, was arrested in

August in an FBI sting for plotting to bomb the Dirksen Federal Building in Chi-

cago and for attempting to provide al Qaeda with explosive material. His motive was

revenge for his conviction as a counterfeiter, but he wanted to connect with al Qaeda,

which he figured would pay him for his excess explosive materials. He was convicted

on the terrorist charge in 2005.

• Carpenter and Ransom. Two New Orleans men, Cedric Carpenter (31), a convicted

felon, and Lamont Ransom (31), both native U.S. citizens, intended to sell fraudulent

identity documents to the Philippine jihadist terrorist group Abu Sayyaf in return for

cash and heroin. Ransom, who had previously served in the U.S. Navy, was familiar

with the group. Both were convicted and sentenced in 2005.

2005

• The New York Defendants. Three defendants—Mahmud Faruq Brent (32), a U.S.-

born citizen who had attended a training camp in Pakistan run by Lashkar-e-Toiba;

Rafiq Abdus Sabir (50), a U.S.-born citizen and medical doctor who volunteered to pro-

vide medical treatment to al Qaeda terrorists; and Abdulrahman Farhane (52), a natu-

ralized U.S. citizen from Morocco who agreed to assist in fundraising for the purchase

of weapons for insurgents in Chechnya and Afghanistan—were linked to defendant-

turned-informant Tarik Shah (42), a U.S.-born citizen who was arrested in May 2005

for offering to provide training to insurgents in Iraq. Shah identified his co-defendants,

and all four were convicted.

• The Lodi Case. Hamid Hayat (22), a native-born U.S. citizen, and his father, Umar

Hayat, a naturalized U.S. citizen from Pakistan, were arrested in June 2005 for secretly

attending a terrorist training camp in Pakistan. Umar Hayat ultimately pleaded guilty

of lying to federal authorities.

• The Torrance Plotters. Kevin James (29), Levar Washington (21), and Gregory

Patterson (25), all native U.S. citizens and converts to Islam, and Hammad Riaz Samana

(21), a permanent resident from Pakistan, were charged in August 2005 with planning

to carry out terrorist attacks on National Guard armories, a U.S. military recruiting

center, the Israeli consulate, and Los Angeles International airport. (This case is some-

times referred to as the Sacramento Plot.)

• Michael Reynolds. Michael Reynolds (47), a native U.S. citizen, acquired explosives

and offered them to an informant whom he believed was an al Qaeda official to blow

up the Alaska Pipeline in return for $40,000.

• Ronald Grecula. Ronald Grecula (70), a native U.S. citizen, was arrested in Texas in

May 2005 for offering to build an explosive device for informants he believed to be

al Qaeda agents. He pleaded guilty to the charge in 2006.

2006

• The Liberty City Seven. Seven men—Narseal Batiste (32), a native U.S. citizen;

Patrick Abraham (39), a Haitian national illegally in the United States after over-

staying his visa; Stanley Grunt Phanor (31), a naturalized U.S. citizen; Naudimar

Herrera (22), a native U.S. citizen; Burson Augustin (21), a native U.S. citizen; Rothschild

Augustin (26), a native U.S. citizen; and Lyglenson Lemorin (31), a legal permanent resi-

dent from Haiti—were charged in June 2006 with plotting to blow up the FBI build-

ing in Miami and the Sears Tower in Chicago. Herrera and Lemorin were acquitted.

Chronology of the Cases

• Syed Hashmi. Syed “Fahad” Hashmi (30), a Pakistani-born U.S. citizen, was arrested

in London on charges of providing material support to al Qaeda.

• Derrick Shareef. Derrick Shareef (22), a native U.S. citizen and convert to Islam, was

arrested for planning a suicide attack on an Illinois shopping mall. He intended to

place hand grenades in garbage cans, but the plot also involved handguns.

• The Fort Dix Plotters. Six men—Mohammad Ibrahim Shnewer (22), a naturalized

U.S. citizen from Jordan; Serdar Tatar (23), a legal permanent resident from Turkey;

Agron Abdullahu (24), a U.S. permanent resident from Kosovo; and Dritan Duka (28),

Shain Duka (26), and Elljvir Duka (23), three brothers from Albania living in the

United States illegally—were charged with plotting to carry out an armed attack on

soldiers at Fort Dix, New Jersey.

• The Toledo Cluster. Mohammad Zaki Amawi (26) and Marwan El-Hindi (43), both

naturalized U.S. citizens from Jordan, and Wassim Mazloum (25), a legal permanent

resident from Lebanon, were arrested in Toledo, Ohio, for plotting to build bombs to

use against American forces in Iraq. Two additional persons were also charged in this

case: Zubair Ahmed (26), a U.S.-born citizen, and his cousin Khaleel Ahmed (25), a

naturalized U.S. citizen from India.

• The Georgia Plotters. Syed Harris Ahmed (21), a naturalized U.S. citizen, and Ehsanul

Islam Sadequee (20), a U.S.-born citizen from Atlanta, Georgia, were arrested in April

2006 for discussing potential targets with terrorist organizations and receiving instruc-

tion in reconnaissance.

• Daniel Maldonado. Daniel Maldonado (27), a native U.S. citizen and convert to

Islam, was arrested for joining a jihadist training camp in Somalia. He was captured

by the Kenyan armed forces and returned to the United States.

• Williams and Mirza. Federal authorities charged two students at Houston Commu-

nity College—Kobie Diallo Williams (33), a native U.S. citizen and convert to Islam,

and Adnan Babar Mirza (29), a Pakistani national who had overstayed his student

visa—with aiding the Taliban. According to the indictment, the two planned to join

and train with the Taliban in order to fight U.S. forces in the Middle East.

• Ruben Shumpert. Ruben Shumpert (26), also known as Amir Abdul Muhaimin, a

native U.S. citizen who had been convicted for drug trafficking, converted to Islam

shortly after his release from prison. When the FBI came looking for him in 2006, he

fled to Somalia and joined al-Shabaab. He was reportedly killed in Somalia in Decem-

ber 2008.

2007

• Hassan Abujihaad. Hassan Abujihaad (31), formerly known as Paul R. Hall, a native

U.S. citizen and convert to Islam who had served in the U.S. Navy, was arrested in

April 2007 for giving the locations of U.S. naval vessels to an organization accused of

supporting terrorists.

• The JFK Airport Plotters. Russell Defreitas (63), a naturalized U.S. citizen from

Guyana; Abdul Kadir (55) a Guyanese citizen; Kareem Ibrahim (56), a Trinidadian;

and Abdal Nur (57), another Guyanese citizen, were charged in June 2007 with plot-

ting to blow up aviation fuel tanks at John F. Kennedy Airport in New York. Defreitas

was arrested in Brooklyn. The other three plotters were arrested in Trinidad and extra-

dited to the United States.

• Ahmed Abdellatif Sherif Mohamed. Ahmed Abdellatif Sherif Mohamed (26), a U.S.

permanent resident from Egypt, was arrested for providing material support to terror-

ists by disseminating bomb-making instructions on YouTube. He pleaded guilty to the

charge.

• Omar Hammami. Now known as Abu Mansour al-Amriki, Omar Hammami

(23), a native-born U.S. citizen, left Alabama some time not later than 2007 to join

al-Shabaab in Somalia. He later appeared in the group’s recruiting videos. Hammami

was indicted in 2010 for providing support to al-Shabaab.

• Jaber Elbaneh. Jaber Elbaneh (41), a naturalized U.S. citizen from Yemen, was con-

victed in absentia by a Yemeni court for plotting to attack oil and gas installations in

Yemen. He had previously been charged in the United States with conspiring with the

Lackawanna Six. He was one of a number of al Qaeda suspects who escaped from a

Yemeni prison in 2006. He subsequently turned himself in to Yemeni authorities.

• The Hamza Case. Federal authorities charged the owner and several officials of Hamza,

Inc., a financial institution, for money laundering and secretly providing money to

al Qaeda. Those charged included Saifullah Anjum Ranjha (43), a legal permanent U.S.

resident from Pakistan; Imdad Ullah Ranjha (32), also a legal permanent resident from

Pakistan; and Muhammed Riaz Saqi, a Pakistani national living in Washington, D.C.

Also charged in the case were three Pakistani nationals living in Canada and Spain.

2008

• Christopher Paul. Christopher “Kenyatta” Paul (43), a native U.S. citizen and convert

to Islam living overseas, was arrested upon his return to the United States in April 2008

for having plotted terrorist attacks on various U.S. targets. He later pleaded guilty.

• Bryant Vinas. Bryant Vinas (26), a native U.S. citizen and convert to Islam, was

arrested in Pakistan and extradited to the United States for having joined al Qaeda in

Pakistan. He also provided al Qaeda with information to help plan a bombing attack

on the Long Island Rail Road.

• Somali Recruiting Case I. As many as a dozen Somalis may have been recruited in

the Minneapolis, Minnesota, area by Shirwa Ahmed (26), a naturalized U.S. citizen

Chronology of the Cases from Somalia, to fight in Somalia. Ahmed subsequently was

killed in a suicide bomb- ing in Somalia.

• Sharif Mobley. Sharif Mobley (26), a native U.S. citizen of Somali descent, moved

to Yemen in 2008, ostensibly to study Arabic and religion, but in reality, authorities

believe, to join a terrorist organization. He was later arrested by Yemeni authorities in

a roundup of al Qaeda and al-Shabaab militants. In March 2010, he killed one guard

and wounded another in an attempt to escape.

2009

• The Riverdale Synagogue Plot. Native U.S. citizens James Cromite (55), David

Williams (28), Onta Williams (32), and Laguerre Payen (27), a Haitian national, all con-

verts to Islam, were arrested in an FBI sting in New York in May 2009 for planning to

blow up synagogues.

• Abdulhakim Mujahid Muhammad. In June 2009, Abdulhakim Mujahid

Muhammad (23), also known as Carlos Bledsoe, a native U.S. citizen and Muslim con-

vert, killed one soldier and wounded another at an Army recruiting station in Arkansas.

• The North Carolina Cluster. Daniel Boyd (39), a native U.S. citizen and convert to

Islam who fought against the Soviets in Afghanistan in the late 1980s, was arrested

in July 2009 along with his two sons, Zakarlya Boyd (20) and Dylan Boyd (22), also

converts to Islam, and four others, including three U.S. citizens—Anes Subasic (33), a

naturalized U.S. citizen from Bosnia; Mohammad Omar Aly Hassan (22), a U.S.-born

citizen; and Ziyad Yaghi (21), a naturalized U.S. citizen—and Hysen Sherifi (24), a

legal U.S. resident from Kosovo, for plotting terrorist attacks in the United States and

abroad. Jude Kenan Mohammad (20), a U.S.-born citizen, was also a member of the

group. He was arrested by Pakistani authorities in 2008. Boyd reportedly reconnoi-

tered the Marine Corps base at Quantico, Virginia.

• Betim Kaziu. Betim Kaziu (21), a native U.S. citizen, was arrested in September

2009 for traveling overseas to join al-Shabaab or to attend a terrorist training camp in

Somalia.

• Ali Saleh Kahlah al-Marri. Ali Saleh Kahlah al-Marri (38), a U.S. permanent resi-

dent and dual national of Qatar and Saudi Arabia, was charged with attending an

al Qaeda training camp in Pakistan. He pleaded guilty to providing material support

to a terrorist group.

• Michael Finton. Michael Finton (29), a native U.S. citizen and convert to Islam, was

arrested in September 2009 in an FBI sting for planning to blow up a federal court-

house in Springfield, Illinois.

• Hosam Maher Smadi. Hosam Maher Smadi (19), a Jordanian citizen living in the

United States, was arrested in September 2009 in an FBI sting for planning to blow up

an office building in Dallas, Texas.

• Najibullah Zazi. Najibullah Zazi (25), a permanent U.S. resident from Afghanistan,

was arrested in September 2009 for receiving training in explosives at a terrorist train-

ing camp in Pakistan and buying ingredients for explosives in preparation for a ter-

rorist attack in the United States. Indicted with Zazi were his father, Mohammed Zazi

(53), a naturalized U.S. citizen from Afghanistan, and Ahmad Afzali (38), a U.S. per-

manent resident from Afghanistan, both for making false statements to federal inves-

tigators; neither was involved in the terrorist plot. In January 2010, authorities arrested

Adis Medunjanin (24), a naturalized U.S. citizen from Bosnia, and Zarein Ahmedzay

(25), a naturalized U.S. citizen from Afghanistan, and charged them with participat-

ing in the plot.

• Tarek Mehana. In October 2009, federal authorities in Massachusetts arrested Tarek

Mehana (27), a dual citizen of the United States and Egypt, for conspiring over a seven-

year period to kill U.S. politicians, attack American troops in Iraq, and target shopping

malls in the United States. Two other individuals, including Ahmad Abousamra (27), a

U.S. citizen, were allegedly part of the conspiracy. Abousamra remains at large.

• David Headley. In an increasingly complicated case, David Headley (49), a U.S.-born

citizen of Pakistani descent and resident of Chicago, was arrested in October 2009

along with Tahawar Rana (48), a native of Pakistan and a Canadian citizen, for plan-

ning terrorist attacks abroad. Headley was subsequently discovered to have partici-

pated in the reconnaissance of Mumbai prior to the November 2008 attack by the ter-

rorist group Lashkar-e-Toiba. He pleaded guilty in March 2010.

• Colleen Renee LaRose. Calling herself “Jihad Jane” on the Internet, Colleen Renee

LaRose (46), a native U.S. citizen and convert to Islam, was arrested in October 2009

for plotting to kill a Swedish artist whose drawings of Muhammad had enraged Mus-

lims and for attempting to recruit others to terrorism. Her arrest was concealed until

March 2010. LaRose pleaded guilty to the charges.

• Nidal Hasan. In November 2009, Nidal Hasan (38), a native U.S. citizen and Army

major, opened fire on fellow soldiers at Fort Hood, Texas, killing 13 and wounding 31.

• The Pakistan Five. In November 2009, five Muslim Americans from Virginia—

Umar Farooq (25), a naturalized U.S. citizen from Pakistan; Ramy Zamzam (22), who

was born in Egypt, immigrated to the United States at the age of two, and became a

citizen by virtue of his parents becoming citizens; Waqar Hassan Khan (22), a natu-

ralized U.S. citizen from Pakistan; Ahmad Abdullah Mimi (20), a naturalized U.S.

citizen from Eritrea; and Aman Hassan Yemer (18), a naturalized U.S. citizen from

Ethiopia—were arrested in Pakistan for attempting to obtain training as jihadist guer-

rillas. Khalid Farooq, Umar Farooq’s father, was also taken into custody but was later

released. The five were charged by Pakistani authorities with planning terrorist attacks.

• Somali Recruiting Case II. In November 2009, federal authorities indicted eight

men for recruiting at least 20 young men in Minnesota for jihad in Somalia and rais-

ing funds on behalf of al-Shabaab. By the end of 2009, a total of 14 indictments had

been handed down as a result of the ongoing investigation. Those indicted, all but

one of whom are Somalis, were Abdow Munye Abdow, a naturalized U.S. citizen from

Somalia; Khalid Abshir; Salah Osman Ahmad; Adarus Abdulle Ali; Cabdulaahi Ahmed

Faarax; Kamal Hassan; Mohamed Hassan; Abdifatah Yusef Isse; Abdiweli Yassin Isse;

Zakaria Maruf; Omer Abdi Mohamed, a legal permanent resident from Somalia; Ahmed

Ali Omar; Mahanud Said Omar; and Mustafa Salat. No age information is available.

• Abdul Tawala Ibn Ali Alishtari. Abdul Tawala Ibn Ali Alishtari (53), also known as

Michael Mixon, a native U.S. citizen, was indicted and pleaded guilty to attempting to

provide financing for terrorist training in Afghanistan.

2010

• Raja Lahrasib Khan. Raja Lahrasib Khan (57), a naturalized U.S. citizen from Paki-

stan, was charged with sending money to Ilyas Kashmiri, an al Qaeda operative in

Pakistan, and for discussing blowing up an unidentified stadium in the United States.

• Times Square Bomber. Faisal Shazad (30), a naturalized U.S. citizen from Pakistan,

had studied and worked in the United States since 1999. In 2009, he traveled to Paki-

stan and contacted the TTP (Pakistan Taliban), who gave him instruction in bomb-

building. Upon his return to the United States, he built a large incendiary device

in a sport utility vehicle (SUV) and attempted unsuccessfully to detonate it in New

York City’s Times Square. He was arrested in May 2010. Three other individuals were

arrested in the investigation but were never charged with criminal involvement in the

case.

• Jamie Paulin-Ramirez. The arrest of Colleen R. LaRose (“Jihad Jane”) in 2009 led to

further investigations and the indictment of Jamie Paulin-Ramirez (31), also known as

“Jihad Jamie.” Paulin-Ramirez, a native-born U.S. citizen and convert to Islam, alleg-

edly accepted an invitation from LaRose to join her in Europe in order to attend a

training camp there. According to the indictment, she flew to Europe with “the intent

to live and train with jihadists.” She was detained in Ireland and subsequently returned

to the United States, where she was arraigned in April 2010.

Wesam el-Hanafi and Sabirhan Hasanoff. Wesam el-Hanafi (33), also known

as “Khaled,” a native-born U.S. citizen, and Sabirhan Hasanoff (34), also known as

“Tareq,” a dual U.S.-Australian citizen, were indicted for allegedly providing material

In September 2010, Sami Samir Hassoun (22), was arrested in an FBI sting in Chicago

for attempting to carry out a ter-rorist bombing. Hassoun expressed anger at Chicago

Mayor Richard Daley. It is not clear that the case is jihadist-related.

In December 2010, Awais Younis (26), a naturalized U.S. citizen from Afghanistan, was

arrested for threatening to bomb the Washington, D.C., Metro system. He made the threat on

Facebook, and it was reported to the authorities. Neither of these cases is included in the chronology.

support to a terrorist group. The two men, one of whom traveled to Yemen in 2008,

provided al Qaeda with computer advice and assistance, along with other forms of aid.

• Khalid Ouazzani. Khalid Ouazzani (32) pleaded guilty in May to providing material

support to a terrorist group. Ouazzani, a Moroccan-born U.S. citizen, admitted to rais-

ing money for al Qaeda through fraudulent loans, as well as performing other tasks at

the request of the terrorist organization between 2007 and 2008.

• Mohamed Mahmood Alessa and Carlos Eduardo Almonte. Two New Jersey men,

Mohamed Mahmood Alessa (20), a native U.S. citizen, and Carlos Eduardo Almonte

(24), a naturalized citizen from the Dominican Republic and convert to Islam, were

arrested in June at New York’s JFK Airport for conspiring to kill persons outside the

United States. The two were on their way to join al-Shabaab in Somalia.

• Barry Walter Bujol, Jr. Barry Walter Bujol, Jr. (29), a native U.S. citizen and convert

to Islam, was arrested as he attempted to leave the United States to join al Qaeda in

Yemen. He had been under investigation for two years and was in contact with an

undercover agent he believed to be an al Qaeda operative.

• Samir Khan. In June 2010, the Yemen-based affiliate of al Qaeda began publishing

Inspire, a slick, English-language online magazine devoted to recruiting Western youth

to violent jihad. The man behind the new publication was Samir Khan (24), a Saudi-

born naturalized U.S. citizen who moved to the United States with his parents when

he was seven years old. He began his own journey to violent jihad when he was 15. He

reportedly left the United States in late 2009, resurfacing in Yemen in 2010.

• Rockwood’s Hitlist. Paul Rockwood (35), a U.S. citizen who served in the U.S. Navy

and converted to Islam while living in Alaska, was convicted in July 2010 for lying

to federal authorities about drawing up a list of 15 targets for assassination; they were

targeted because, in his view, they offended Islam. He was also accused of research-

ing how to build the explosive devices that would be used in the killings. His wife,

Nadia Rockwood (36), who has dual UK-U.S. citizenship, was convicted of lying to

authorities.

• Zachary Chesser. Zachary Chesser (20), a native U.S. citizen and convert to Islam, was

arrested for supporting a terrorist group in July as he attempted to board an airplane to

fly to Somalia and join al-Shabaab. Chesser had earlier threatened the creators of the

television show South Park for insulting Islam in one of its episodes.

• Shaker Masri. A U.S. citizen by birth, Shaker Masri (26) was arrested in August 2010,

allegedly just before he planned to depart for Afghanistan to join al Qaeda or Somalia

to join al-Shabaab.

• Somali Recruiting Case III. As part of a continuing investigation of recruiting and

funding for al Qaeda ally al-Shabaab, the U.S. Department of Justice announced four

indictments charging 14 persons with providing money, personnel, and services to the

terrorist organization. In Minnesota, 10 men were charged with terrorism offenses for

leaving the United States to join al-Shabaab: Ahmed Ali Omar (27), a legal permanent

resident; Khalid Mohamud Abshir (27); Zakaria Maruf (31), a legal permanent resident;

Mohamed Abdullahi Hassan (22), a legal permanent resident; Mustafa Ali Salat (20), a

legal permanent resident; Cabdulaahi Ahmed Faarax (33), a U.S. citizen; and Abdiweli

Yassin Isse (26). Three were new on the list and had been the subject of previous indict-

ments: Abdikadir Ali Abdi (19), a U.S. citizen; Abdisalan Hussein Ali (21), a U.S. citi-

zen; and Farah Mohamed Beledi (26). A separate indictment named Amina Farah Ali

(33) and Hawo Mohamed Hassan (63), both naturalized U.S. citizens, for fundraising

on behalf of al-Shabaab. A fourth indictment charged Omar Shafik Hammami (26),

a U.S. citizen from Alabama, and Jehad Sherwan Mostafa (28) of San Diego, Califor-

nia, with providing material support to al-Shabaab. (Hammami’s involvement is listed

in this chronology under the year 2007, when he first left the United States to join

al-Shabaab; Mostafa is listed separately in the next entry.)

• Jehad Serwan Mostafa. In August 2010, Jehad Serwan Mostafa (28), a native U.S.

citizen, was indicted for allegedly joining al-Shabaab in Somalia. He reportedly left

the United States in December 2005 and was with al-Shabaab between March 2008

and June 2009.

• Abdel Hameed Shehadeh. Abdel Hameed Shehadeh (21), a U.S.-born citizen of Pal-

estinian origin, was arrested in October for traveling to Pakistan to join the Taliban

or another group to wage jihad against U.S. forces. Denied entry to Pakistan, then

Jordan, Shehadeh returned to the United States and subsequently attempted to join

the U.S. Army. He allegedly hoped to deploy to Iraq, where he planned to desert and

join the insurgents. When that did not work out, he tried again to leave the country

to join the Taliban.

• Farooque Ahmed. Farooque Ahmed (34), a naturalized U.S. citizen from Pakistan, was

arrested in October for allegedly plotting to bomb Metro stations in Washington, D.C.

FBI undercover agents learned of Ahmed’s intentions by posing as al Qaeda operatives.

• Shabaab Support Network in San Diego. Saeed Moalin (33), a naturalized U.S. cit-

izen from Somalia, Mohamed Mohamed Mohamud (38), born in Somalia, and Issa

Doreh (54), a naturalized U.S. citizen from Somalia, all residents of San Diego, were

arrested for allegedly providing material support to al-Shabaab. The investigation of

this network is continuing, and a fourth man from Southern California, Ahmed Nasir

Taalil Mohamud (35), was subsequently indicted.

• Al-Shabaab Fundraising II. In November, federal authorities arrested Mohamud

Abdi Yusuf (24), a St. Louis resident, and Abdi Mahdi Hussein (35) of Minneapolis,

both immigrants from Somalia. The two are accused of sending money to al-Shabaab

in Somalia. A third person, Duane Mohamed Diriye, believed to be in Africa, was also

indicted.

• Nima Ali Yusuf. Nima Ali Yusuf (24), a legal permanent resident originally from Soma-

lia, was arrested in November for allegedly providing material support to a terrorist

group. She was accused of attempting to recruit fighters and raise funds for al-Shabaab.

• Mohamed Osman Mohamud. Mohamed Osman Mohamud (19), a naturalized U.S.

citizen originally from Somalia, was arrested in December for attempting to detonate

what he believed to be a truck bomb at an outdoor Christmas-tree-lighting ceremony

in Portland, Oregon. He reportedly had wanted to carry out some act of violent jihad

since the age of 15. His bomb was, in fact, an inert device given to him by the FBI,

which set up the sting after it became aware of his extremism through a tip and subse-

quent monitoring of his correspondence on the Internet.

• Antonio Martinez. Antonio Martinez (21), also known as Muhaamed Hussain, a nat-

uralized U.S. citizen and convert to Islam, was arrested in December for allegedly plot-

ting to blow up the Armed Forces Career Center in Catonsville, Maryland. The car

bomb he used to carry out the attack was a fake device provided to him by the FBI,

which had been communicating with him for two months.

APPENDIX B: Research Materials

1302002992ICSRPaper_ATypologyofLoneWolves_Pantucci

12Sageman

Wk 6-3 Terrorism background psychology Sageman

20091007.Sageman.ConfrontingalQaeda

208551

The Hidden Wiki: Between The Layers of The Onion Router Networks

with 10 comments

Inside The Onion Darknet:

Someone recently pm’d me online and asked if I had ever heard of “The Hidden Wiki” They said that they could not believe what they were seeing because they had just perused an ad that purported to offer “hired killer” services. This person immediately thought it was just a trap or a joke, but, it turns out that hired killers are just the tip of the iceberg within the TOR arcology.  The TOR network it seems has become the new ‘Darknet’ hiding sites within the onion router networks themselves, totally anonymous and offering every kind of illicit trade one could think of including pedophilia images. There are innocuous sites as well, but there seems to be quite a bit of content (links within the wiki and pastebin’s that offer up nasty things.

How, you might ask, is this possible? Well, it is because of the nature of TOR itself. The Onion Router Network was a project started by the navy to anonymize internet traffic. Once it was set loose to the masses, it was upgraded and brought to the masses as a means to surf the web anonymously. This is done by using a series of routers (which you can set up yourself on any machine with the software) to receive and direct traffic anywhere online without any kind of record where the traffic came from once entering the TOR node network. (see diagram)

Once inside the system, unless under specific circumstances, you cannot be tracked. There are methods to obtain a users real IP address but they are hard to implement. So, with that said, the TOR system seems to not only allow people to access content on the internet proper, but now a secondary internet has been created within the tor nodes themselves. It would seem that perhaps this secondary internet could either be a haven for good data, or bad.. And from what I have seen so far, its mostly bad. The illicit trade of pedophilia being the worst of that ilk and it would seem that the purveyors think that they can do so without any hindrance because it is on TOR.

The Marketplace, A Digital Mos Eisley:

The Wiki offers many services, most of them seem to be driven by ‘Bitcoins’ and you can even find software to mine bitcoins as well as create them within this space. One has to wonder if you can really hire a hitman here or if this is just a BS post for the Lulz, but, other services seem straight forward and their sites are working. These services also include a wide spectrum of hacking as well as alleged DD0S/Botnet offerings as well. My first thoughts about all of this tended toward the idea that Anonymous must be like a kid in the candy store here, and then I began to search for them. It did not take me long to locate some sites that were ‘Anonymous’ themed as well as dumps of all the LulzSec hacks as well as a full mirror of Wikileaks dumps.

Here are just a few of the services offered in the Marketplace:

    * Contract Killer - Kill your problem (snitch, paparazzo, rich husband, cop, judge, competition, etc). (Host: FH)
    * BitPoker v1.93 - Poker (Bitcoin). (Host: FH)
    * Buttery Bootlegging - Get any expensive item from major stores for a fraction of the price! (Host: FH)
    * Stat ID's - Selling fake ID's.
    * Bidcoin - Like Ebay. We increase the gross national product. (Host: FH)
    * Video Poker - A casino that features "jacks or better" video poker. - DOWN 2011-08-07
    * Cheap SWATTING Service - Calls in raids as pranks. (Host: FH)
    * Data-Bay - Buy and sell files using digital currency.
    * The Last Box - Assassination Market (Bitcoin). - DOWN 2011-08-07
    * Pirax Web DDoS - Take out your enemies in seconds. (Host: FH)
    * Hacking Services - Hacks IM and Social Nets, does DDoS, sells bank/credit/paypal accounts. Se Habla Espanol. (Host: FH)
    * Email Hacker - Hacks emails (Bitcoin). (Host: FH)
    * CC4ALL - Selling valid Credit-Cards. Most from Germany. (Host: FH)
    * Slash'EM online - Super Lots'A Stuff Hack-Extended Magic tournament server (Bitcoin).
    * Rent-a-Hacker - Pay a professional hacker to solve your problem, destroy your enemys. (Host: FH)
    * BitPoker v2.0 - New version of poker (Bitcoin). (Host: FH)
    * BacKopy - Sells game, software and movie discs (Bitcoin). (Neglected status note) - Broken 2011-08-07
    * The Pirates Cove - Classifieds. (Host: FH)
    * BitLotto - A lottery using Bitcoin. (Host: FH)
    * Brimstone Entertainment - Escort Ads, Strippers, Adult Entertainers. (Host: FH)
    * Red Dog Poker - Play a simple game of poker (Bitcoin).
    * CouponaTOR - A service for getting retail coupons created (Bitcoin). (Host: FH)
    * Virtual Thingies - Buy virtual goodies like premium accounts, usenet access or domains (Bitcoin). (Host: FH)

You can also get a range of services like chemicals to make as well as tutorials how to make and sell anabolic steroids not to mention pages and files on weapons and explosives. Anarchy it seems has found a new digital home. One wonders just how long it will be before the onion becomes a home for jihadi’s as well. I suppose if they aren’t already, it’s only a matter of time until they are hosting their own sites in here as well. The real problem is navigation though for anyone looking around. Which makes this all the better for those seeking to be anonymous and stealth. There are a couple of search engines on the wiki, but due to the nature of TOR, one has to list their site in order for it to be found, so, I assume there are many sites out there that are only known to a very select few.

Paedophiles LOVE Anonmymity:

Meanwhile, it seems that there may be a bit of a war going on between the paedo’s and the hackers within this space as well. This particular page on the hidden wiki had recently been hacked and taken down, but, within a day or so, it was back up online serving out links. The FBI is aware of this site and others that I passed along to them, but, they are once again hard pressed to do anything about it because of the nature of TOR. It would probably be a safe bet though, that they have been monitoring these sites for a little while as the agent I spoke with already knew about the hidden wiki and some of the links forwarded. I guess that things though, are steadily growing on the onion darknet so new stuff is being put out there all the time.

All in all though, this is just another battlefield that the authorities must learn to fight in. Personally, I am with HD Moore in thinking that there may be some way to put a stop to all this… But, when he posited the idea it was 2007. Its almost 2012 and we still have the problem. All I can really hope for is that the decent hacker types living within this liminal digital space will keep taking these sites down and making the paedo’s lives miserable in the meantime.

Anonymity For Better For Worse:

On the flip side of all this is the idea that we need to be able to be anonymous online. I agree with this, I mean, I use TOR every day, but, anonymity is a double edged sword. As you can see from everything above, that very same anonymity that is protecting those who need free speech, or other protections it can afford, are also faced with the darker side of the technology. This space still seems to be fairly new in the sense of services, chat boards, paste sites, and other more normal internet style applications, but, in the contained anonymity that the onion network is giving them, the end users just mostly seem to be using it all for darker purposes.

And this will make things more difficult for everyone else as governments seek to destroy the privacy as they see more of this type of activities going on to use as excuses to peer into them.

K.

Written by Krypt3ia

2011/09/04 at 22:21

Virtual Arkham: Explaining Anonymous, Lulzsec, and Antisec Animus in Our Digital Gotham City

with 12 comments

Personae Dramatis: The Rogues Gallery

In this post I would like to show you what I have been seeing with regard to Anonymous the other groups that have spawned from it. Increasingly over the last year or two I have been seeing analogies both literally, and figuratively between the forces at play and I feel that all of it is directly affected by the comic book world of Batman. The analogies that I am making come from observing not only the actions of the parties but also the methods that they use (down to the imagery in word and graphical) to get that message out to the masses.

In the case of Anonymous and their spin off groups, I have observed a shift in personalities that could be termed an evolution in motivations and thought. Generally though, the game plan seems to be just a general way for the groups to sow anarchy while feeding their narcissistic needs through media attention. This is the crux of the issue I think as the core groups don’t seem to be solely motivated by ethical or political change. Instead, it all seems to be focused on a few drivers;

  1. Lulz Just for the hell of it, or a desire for amorphous anarchy
  2. A feeling of power over other forces (government/law) that subsumes their feelings of powerlessness
  3. A need to fulfil the narcissistic tendencies by sowing havoc and seeing it in the media (like some narcissistic serial killers Denny Rader for example)

Equating this with the world of the Batman has been in the back of my mind for some time, especially since my dealings with Jester. His logo and his persona of the “joker” from the last Dark Knight film set the stage for me to start to think in this vein. A more recent video by the History Channel solidified all of this for me. The video, “Batman Unmasked: The Psychology of the Dark Knight” struck me as not only as being the zeitgeist of this article, but, also seemed to show a generation of comic book and movie goers that are internet denizens that want to emulate this last iteration of “The Joker” specifically.

The Heath Ledger portrayal of Joker seems to have been the catalyst to me, of many an internet anarchist. The media surrounding this being his last role as well as the way the character was re-written in this story arc, hit a common nerve with the masses. So much so, that seemingly, the Joker became the more emulated and lauded character in the story over its real hero, Batman. It is from this realisation that I derive the rest of the analogies made here. Of course these are gross generalities, but, I tend to think that given the recent activities (riots in the UK and flash mob thievery in the US as well as all the lulz) there is a strong correlation to be made.

First though, lets look at the Rogues Gallery that end up in Arkham Asylum…

Ra’s Al Ghul and The Shadow Assassins

Ra’s is a control freak. His agenda is to have order but his means to get that order mean subjugation of the masses and removal of anyone that does not conform to his sense of right and wrong. This order that he wishes to impose comes from his shadow assassins and their lethality without question.

The Riddler

The Riddler is a pure narcissistic criminal genius. His narcissism though, is usually his undoing as he cannot perpetrate any crime without leaving overt clues in an attention seeking pathology. It is this pathology, the need for the attention that drives him altogether and is his undoing.

The Penguin & The Joker or PenguiJoker

The Penguin (Societal and Governmental corruption) and The Joker (pure anarchy) are two rogues that have become one in this scenario. Within the world of Batman though, each attacks the order seeking to destroy it for their own ends. In the Penguin we have someone looking to corrupt the system. Meanwhile, the Joker, is pure anarchy diametrically opposed to the order (aka Batman) Joker’s need is fuelled by a nihilistic world view twisted with a good deal of insanity.

All of the Batman wannabes in hockey suits

Lastly, we have the Bat-men, the would be vigilante’s who want to be the Bat, but, don’t have the tools to really be of use. This character set was added from the last film (The Dark Knight) and I generally attribute to one player in the real world (if you call it that) version of Gotham Knights being played out on the internet. That individual(the afore mentioned jester) oddly enough aligns himself visually much of the time with “The Joker” but, he is more like the hockey suit wearing would be Batman.

Now that I have laid down the Batman’s Rogues Gallery, I will move on to the real world players and their motives aligned with my premise.

Anima & Animus:

The shadow, in being instinctive and irrational, is prone to projection: turning a personal inferiority into a perceived moral deficiency in someone else. Jung writes that if these projections are unrecognized “The projection-making factor (the Shadow archetype) then has a free hand and can realize its object–if it has one–or bring about some other situation characteristic of its power.” [3] These projections insulate and cripple individuals by forming an ever thicker fog of illusion between the ego and the real world.

C.G. Jung

According to Jung and even Freud, the darker side of the psyche can drive our actions solely by the shadow self. One can see hints of their theories in the actions of each of the groups we are talking about here. Even the subtle connections made from overt symbolism can be made through the icon of Antisec itself. As seen at the top of the page, the connections are there to be made between the characters of Penguin, Joker, and Riddler, even if the original core image came from another source altogether (V for Vendetta) I believe that the collective unconscious here latched on to the images of Riddler/Joker/Penguin and co-opten them, if they didn’t actually do so overtly and with forethought.

So, with all of this said, I will make the claim now that I believe the movements and the players have been created out of vainglorious motives and have not changed at all since taking on the mantle of ethical and political change through civil disobedience. To that end, here are the players aligned to their characters from the world of Gotham as well as their psychological underpinnings.

Anonymous: Ra’s Al Ghul and The Shadow Assassins

Anonymous started out as a group of people who inhabited the 4chan group but wanted to do something different for ‘entertainment’ This loose idea was co-opted when they began to commit civil disobedience for their own purposes either political or for the aforementioned entertainment value. Either way, their animus is wholly about the control which they can wield over others. This should never be forgotten, that the core of the group ethos has nothing to do with change or moral/ethical betterment. It is in fact all for their own enjoyment.

Lulzsec: The Riddler

Lulzsec came into being because they felt that the ethos and moral constructs of Anonymous were too weak and they wanted to escalate the ‘lulz’ for their own enjoyment. The take away here is that just being pranksters was not enough, instead they wanted to show everyone they were smarter than everyone else AND that they could do so and get away with it. All the while, they performed these acts in an exceedingly narcissistic way. A key player in this that has been caught would be Topiary. It seems that even in the face of prosecution he thumbs his nose at authorities as well as seems to be enjoying the limelight (philosophical book in hand for the cameras)

Antisec: The Penguin & The Joker or PenguiJoker

The love child of Anonymous and LulzSec are #Antisec. This agenda or perhaps subgroup (I tend to think there are cells of Antisec) has chosen a logo that decidedly shows the melding of at least two of the Batman Rogues Gallery (Joker and Penguin as you can see at the top of this article) This too follows into their attitudes about what they are doing and why they are doing it. They really have no rhyme or reason for what they do other than their own entertainment and attention. This is a classical narcissist behaviour  and by all communiqués laid out by LulzSec, they fully enjoyed their ‘voyage’ in the lulz sea.

Antisec also has a Penguin side to them too. By using the system against itself (i.e. using the governments lack of network and system security) they poke them in the eye by subverting their own data to shame them. This is a lesser characteristic as I see it, but it is still important to note as well as point out the imagery (homage) to the Penguin in their logo whether it was overtly done or by proxy of some unconscious connection made by the designer.

th3j35t3r: All of the Batman wannabes in hockey suits

Finally, we have the jester. A character who wants to be the Batman, but fails to actually affect any kind of real change in the battle. For all of the attempts made, the efforts fall flat and to date, nothing has been attributed to him that substantially made a difference against the Anonymous/Lulzsec movement. I believe he does this as well as his other DDOS actions out of a self described sense of helplessness. Jester makes the claim that he had to do something as he saw his comrades dying at the hands of Jihadists. He made similar remarks about why he was attacking Anonymous, as they were outing data that could harm those in the field of battle.

Either way, his motivations seem to be tainted with a bit of narcissism as well, seeking the attention of the media as he has in the past makes him part and parcel to the overall problem.

Escalation:

And so it goes on… The Anon movement has begat others who have agenda’s of their own (or perhaps pathos is a better word) As the movements lose interest in the day to day grind of operations, they will increasingly seek to up the ante. As the media winds down on them, they will need to seek even bigger targets and outcomes to end up back on the top of the news, all the while feeding their collective need to be the centre of attention. The flip side of this will be that the authorities, unable to cope easily with the problem at hand, will create new and more stringent laws that will harm us all. Though this will not matter to the groups.. Because this is unimportant to their end goal of satisfying their needs. It will keep going round and round and the outcomes are likely not to be good. There will be a lot of collateral damage and in the end, no one will have profited at all from it all.

End Game:

So what is the end game here? Will there be any good outcome from this?

Not if it keeps going the way it has been. More indiscriminate hits against targets without showing anything for it along the lines of showing corruption or malfeasance will only lead to more knee jerk reactions by authorities. I imagine some will be caught and tried for their actions, others will escape and perhaps go on to other things… Overall though, it will not make a better world. It will only have fulfilled the dsires temporarily of the ones perpetrating the acts against.. Well anyone and everyone.. Until they get put into Arkham.

K.