Archive for the ‘CIA’ Category
ASSESSMENT: Insider Threats, Espionage Recruitment and Psychological Profiling
Insider Threat SNOWDEN:
The insider threat has always been and always will be the bigger of the threats or so the aphorism goes. In reality it certainly seems to be the case in the Snowden affair and the NSA is still stinging from it as I write this. Snowden leveraged his administrative access where he could and used technical and social means as well to gather the information and access he wanted to ex-filtrate out of Ft. Meade. Since Snowden was so successful and the NSA and IC has been blindsided by the ease of the attack and their stunning lack of controls the government and IC has been re-thinking their security around insider threats. Since much of today’s technology allows for ease of access and people tend to be the weakest link in the security chain (on average) the NSA is looking to more proactive controls against this type of exploit. Since they failed logically and technically to stop an insider attack I assume that they are in a real bind trying to assert control over not only the data they house but also the custodians of that data and architecture as well.
The Insider Threat Has Always Been The Largest:
Since the dawn of time the insider threat has always been a go to if possible in waging war against anyone. The Trojan Horse for example is the greatest use of the “insider” by placing outsiders inside and making the opposition the method of their own doom. Insiders though are commonly traitors or spies (sleeper or other) inserted or bought to work for the opposition to gain access inside the confines of the sanctum. In the case of hacking and digital malfeasance this often times takes the shape of an insider who feels they have been wronged in some way and either steals IP or destroys operations within a company or org to cause great damage. What has come to light though over the years and now has been brought to the fore are the psychological and social cues or traits that make a person more likely to be an insider threat.
In the case of espionage the recruitment of spies really is the tale of an insider threat. What makes someone become an asset for a service like the CIA? Within the IC (CIA) a lot of time was spent on the psychology of recruitment and handling of assets. MICE was the standard by which the CIA handled recruitment and handling up until recently when a new paradigm was put forth (RASCLS) which is much more reciprocal instead of just carrot and stick. Where all of this touches on insider threats though in the common vernacular of INFOSEC is where the motivation lies for someone’s actions. In a paper put out recently called “Inside the Mind of An Insider” the focus is on technologists and insider attacks that they have or may carry out and their personal motivations as well as proclivities to do so within the tech sector. I however would assert that this take is only a sub header within the larger umbrella of motivations and actions that an insider whether or not they are a spy or just an aggravated tech worker would have or carry out.
in the paper (cited above in picture at top) the writers lay out the “six characteristics” that coincidentally make up much of the same ideals and motivations that you will find in a recruit-able asset within the IC sphere. In fact, I would assert as well that if in fact Snowden were at all contacted by an outside security services to do what he did, these motivations would have been leveraged within him as well. What it all comes down to human nature. We are all subject to wants and desires as well as feelings of being under appreciated or not appreciated at all in our daily lives. This makes anyone potentially an insider whether they self activate or are handled by someone.
Countermeasures And Technologies:
The NSA though has been working on some technical means of detection and deterrence of an insider attack where other logical means have failed. These consist of programs that monitor behaviour patterns of users and access as well as I can only assume their outside activities such as internet access, browsing, and comments on sites. Can such programs really detect accurately the mind of a person and their motivations to lock down on them as a potential threat? I am sure that the technology is getting much better at this heuristic behaviour detection so sure but I don’t think it will be infallible however. I also suspect that it will also mark people as bad actors when in fact they may never even entertain the thought of actually carrying out some plan against the NSA or whatever company that might employ such tech. I would also assume that the people at the NSA will be undergoing more frequent and rigorous Poly sessions as well as perhaps psychological profiling which does not bode well for many I think who want to feel as though they are part of a team. Generally the job is stressful enough when you cannot talk about anything you do and are always fearing that you might slip at some point and give away information that you shouldn’t. The psychological stress of cleared life is hard and this will all just make it a little harder in the post Snowden world.
ANALYSIS:
Whether you call it an “insider threat” or a spy, saboteur, or insurgent the same psychology applies. People are motivated by things that are personal to them. Desires they have for money, power, or fame as well as a myriad of other reasons for their actions. To attempt to detect and deter this activity will be quite the undertaking and hard enough in the classified world. Now imagine that you are not a cleared individual but instead an corporate employee, how are you going to feel about such activities and programs attempting to tell whether or not you might turn on the company and damage their servers? I somehow doubt that many corporations will undertake the threat modelling here for insider threats as seriously as the NSA but I can see where some might want some insight. We already have things like Websense and IDS/IPS/SIEM tech that follows traffic but with the advent of the likes of Facebook, how long will it be until they offer a service that tracks users behaviour and sells it to your security department? If companies are sufficiently worried about their insider threats then they will begin profiling and putting in countermeasures.
Welcome to the brave new world…
K.
Malware Wars!… Cyber-Wars!.. Cyber-Espionage-Wars! OH MY
X
Flame, DuQU, STUXNET, and now GAUSS:
Well, it was bound to happen and it finally did, a third variant of malware that is ostensibly connected to the story that Mikko Hypponen posted about after an email he got from a nuclear scientist in Iran has come to pass as true. The email claimed that a new piece of malware was playing AC/DC “Thunderstruck” at late hours on systems it had infected within the labs in Iran. I took this with a grain of salt and had some discussions with Mikko about it offline, he confirmed that the email came ostensibly from a known quantity in the AEOI and we left it at that, its unsubstantiated. Low and behold a week or two later and here we are with Eugene tweeting to the world that “GAUSS” is out there and has been since about 2011.
Gauss it seems had many functions and some of them are still unknown because there is an encryption around the payload that has yet to be cracked by anyone. Eugene has asked for a crowd sourced solution to that and I am sure that eventually someone will come out with the key and we will once again peer into the mind of these coders with a penchant for science and celestial mechanics. It seems from the data provided thus far from the reverse R&D that it is indeed the same folks doing the work with the same framework and foibles, and thus, it is again easily tied back to the US and Israel (allegedly per the mouthiness of Joe F-Bomb Veep) and that it is once again a weapon against the whole of the middle east with a decided targeting of Lebanon this time around. Which is an interesting target all the more since there has been some interesting financial news of late concerning banks and terror funding, but I digress…
I am sure many of you out there are already familiar with the technology of the malware so I am leaving all of that out here for perhaps another day. No, what I want to talk about is the larger paradigm here concerning the sandbox, espionage, warfare, and the infamous if not poorly named “CyberWar” going on as it becomes more and more apparent in scope. All of which seems to be centered on using massive malware schemes to hoover data as well as pull the trigger when necessary on periodic digital attacks on infrastructure. Something that truly has not been seen before Stuxnet and seems to only have geometrically progressed since Langer et al let the cat out of the bag on it.
Malware Wars:
Generally, in the information security sector, when I explain the prevalence of malware today I often go back to the beginning of the Morris worm. I explain the nature of early virus’ and how they were rather playful. I also explain that once the digital crime area became profitable and firewalls became a standard appliance in the network environment, the bad actors had to pivot to generally tunnel their data from the inside out home through such things as a firewall. This always seems to make sense to those I explain it to and today it is the norm. Malware, and the use of zero day as well as SE exploits to get the user to install software is the the way to go. It’s a form of digital judo really, using the opponents strength against them by finding their fulcrum weakness.
And so, it was only natural that the espionage groups of the world would turn to malware as the main means of gaining access to information that usually would take a human asset and a lot of time. By leveraging human nature and software flaws it has been a big win for some time now. I was actually amused that Henry Crumpton in the “Art of Intelligence” talks about how the CIA became a very early adopter of the network centric style of warfare. I imagine that some of the early malware out there used by spooks to steal from unprotected networks was CIA in origin and in fact that today’s Gauss probably has some relatives out there we have yet to see by people who have been doing this for some time now and we, the general public had no idea.
Times change though, and it seems that Eugene’s infrastructure for collecting data is creating a very wide dragnet for his people to find these infections and then reverse them. As we move forward expect to see more of these pop up, and surely soon, these will not just be US/UK/IL based attempts. Soon I think we will see the outsourced and insourced products of the likes of Iran and other nation states.. Perhaps we already have seen them, well, people like Mikko and Eugene may have at least. Who knows, maybe someday I will find something rooting about my network huh? Suffice to say, that this is just the beginning folks so get used to it.. And get used to seeing Eugene’s face and name popping up all over the place as well.. Superior showman that he is.
An Interesting Week of News About Lebanon and Bankers:
Meanwhile, I think it very telling and interesting as we see the scope of these malware attacks opening up, that not only one or two countries were targeted, but pretty much the whole of the Middle East as well. Seems its an equal opportunity thing, of course the malware never can quite be trusted to stay within the network or systems that it was meant for can we? There will always be spillage and potential for leaks that might tip off the opposition that its there. In the case of Gauss, it seems to have been targeted more at Lebanon, but, it may have been just one state out of a few it was really meant for. In the case of Lebanon though, and the fact that this piece of malware was also set to steal banking data from that area, one has to look on in wonder about the recent events surrounding HSBC.
Obviously this module was meant to be used either to just collect intelligence on banking going on as well as possibly a means to leverage those accounts in ways as yet undetermined by the rest of us. Only the makers and operators really know what the intent was there, but, one can extrapolate a bit. As terror finances go, the Middle East is the hotbed, so any intelligence on movement of money could be used in that light just as well as other ways to track the finances of criminal, geopolitical, and economic decisions being made there. Whether it be corporations or governmental bodies, this kind of intelligence would be highly prized and I can see why they would install that feature on Gauss.
All of this though, so close to the revelations of HSBC has me thinking about what else we might see coming down the pike soon on this front as well. Cur off the funding activities, and you make it much harder to conduct terrorism huh? Keep your eyes open.. You may see some interesting things happening soon, especially given that the Gauss is out of the bag now too. Operations will likely have to roll up a bit quicker.
Espionage vs. Sabotage vs. Overt Warfare of Cyber-Warfare:
Recently I have been working on some presentation stuff with someone on the whole cyberwar paradigm and this week just blew the lid off the whole debate again for me. The question as well as the rancor I have over the term “Cyberwar” has been going on some time now and in this instance as well as Stuxnet and Flame and DuQu, can we term it as cyberwar? Is this instead solely espionage? What about the elements of sabotage we saw in Stuxnet that caused actual kinetic reactions? Is that cyberwar? If there is no real war declared what do you term it other than sabotage within the confines of espionage and statecraft?
Then there is the whole issue of the use of “Cold War” to describe the whole effect of these operations. Now we have a possible cold war between those states like Iran who are now coding their own malware to attack our systems and to sabotage things to make our lives harder. Is that a war? A type of war? All of these questions are being bandied about all the while we are obviously prosecuting said war in theater as I write this. I personally am at a loss to say exactly what it is or what to term it really. Neither does the DoD at this point as they are still working on doctrine to put out there for the warriors to follow. Is there a need for prosecuting this war? It would seem that the US and others working with them seem to think so. I for one can understand the desire to and the hubris to actually do it.
Hubris though, has a funny way of coming back on you in spectacular blowback. This is my greatest fear and seemingly others, however, we still have a country and a government that is flailing about *cough the Senate cough* unable to do anything constructive to protect our own infrastructure even at a low level. So, i would think twice about the scenarios of actually leaking statements of “we did it” so quickly even if you perceive that the opposition has no current ability to strike back.. Cuz soon enough they will. It certainly won’t be a grand scale attack on our grid or telco when it does happen, but, we will likely see pockets of trouble and Iran or others will pop up with a smile, waving, and saying “HA HA!” when it does occur.
The Sandbox and The Wars We Are Prosecuting There by Malware Proxy:
Back to the Middle East though… We have been entrenched in there for so so long. Growing up I regularly watched the news reports about Lebanon and Israel, Iran and the hostages, Iraq, Saddam, Russian Proxy wars via terrorism, Ghadaffi and his ambitions as well as terror plots (which also hit close to home with the Lockerbee bombing) You kids today might think this is all new, but let me tell you, this has been going on for a long long time. One might even say thousands of years (Mecca anyone? Crusades?) So, it’s little wonder then that this would all be focused on the Med.
We are conducting proxy wars not only because of 9/11 but also economic and energy reasons as well. You want a good taste of that? Take a look at “Three Days of the Condor” a movie about a fictional “reader” for the CIA who stumbles on to a plan to disrupt governments in the Middle East to affect oil prices and access. For every person that said the Iraq war and Afghanistan wasn’t about oil, I say to them look at the bigger picture. There are echoes there of control and access that you cannot ignore. Frankly, if there wasn’t oil and money in the region, I think we would have quite a different story to look on as regards our implementing our forces there.
So, with that in mind, and with terrorism and nuclear ambitions (Iran) look at the malware targeting going on. Look at all of the nascent “Arab Springs” going on (albeit really, these are not springs, these are uprisings) we have peoples who want not to live under oppressive regimes not just because they aren’t free to buy an iPhone or surf porn, but they are also oppressed tribes or sects that no longer wish to be abused. All of this though, all of the fighting and insurgency upsets the very delicate balance that is the Middle East. Something that we in the US for our part, have been trying to cultivate (stability) even if that stability came from another strongman that we really don’t care for, but, who will work with us in trade and positional relevance to other states.
In goes the malware.. Not only to see what’s going on, but also to stop things from happening. These areas can be notoriously hard to have HUMINT in and its just easier to send in malware and rely on human nature to have a larger boon in intelligence than to try and recruit people to spy. It’s as simple as that. Hear that sucking sound? That’s all their data going to a server in Virginia. In the eyes of the services and the government, this is clearly the rights means to the ends they desire.
We Have Many Tigers by The Tail and I Expect Blowback:
Like I said before though, blowback has a nasty habit of boomeranging and here we have multiple states to deal with. Sure, not all of them has the ability to strike back at us in kind, but, as you have seen in Bulgaria, the Iranians just decided to go with their usual Hezbollah proxy war of terrorism. Others may do the same, or, they may bide their time and start hiring coders on the internet. Maybe they will hire out of Russia, or China perhaps. Hell, it’s all for sale now in the net right? The problem overall is that since we claimed the Iran attack at Natanz, we now are not only the big boy on the block, we are now the go to to be blamed for anything. Even if we say we didn’t do it, who’s gonna really believe us?
The cyber-genie is out of the cyber-bottle.
Then, this week we saw something new occur. A PSYOP, albeit a bad one, was perpetrated by the Assad regime it seems. Reuters was hacked and stories tweeted/placed on the net about how the rebel forces in Aleppo had cut and run. It was an interesting idea, but, it was ineffective for a number of reasons. The crux though is that Reuters saw it and immediately said it was false. So, no one really believed the stories. However, a more subtle approach at PSYOPS or DISINFO campaigns is likely in the offing for the near future I’d think. Surely we have been doing this for a while against them, whether it be in the news cycles or more subtle sock puppets online in social media sites like Twitter or Facebook. The US has been doing this for a long time and is well practiced. Syria though, not so much.
I have mentioned the other events above, but here are some links to stories for you to read up on it…
- PSYOPS Operations by the nascent Syrian cyber warfare units on Reuters
- Hezbollah’s attack in Bulgaria (bus bombing) in response to STUXNET and other machinations
- Ostensible output of INTEL from Gauss that may have gotten HSBC in trouble and others to come (Terrorism funding and money laundering)
All in all though, I’d have to say that once the players become more sophisticated, we may in fact see some attacks against us that might work. Albeit those attacks will not be the “Cyber Pearl Harbor” that Dr. Cyberlove would like you to be afraid of. Politically too, there will be blowback from the Middle East now. I am sure that even after Wikileaks cables dump, the governments of the Med thought at least they could foresee what the US was up to and have a modicum of statecraft occur. Now though, I think we have pissed in the pool a bit too much and only have ourselves to blame with the shit hits the fan and we don’t have that many friends any more to rely on.
It’s a delicate balance.. #shutupeugene
Pandora’s Box Has Been Opened:
In the end, we have opened Pandora’s box and there is no way to get that which has escaped back into it. We have given the weapon framework away due to the nature of the carrier. Even if Gauss is encrypted, it will be broken and then what? Unlike traditional weapons that destroy themselves, the malware we have sent can be easily reverse engineered. It will give ideas to those wishing to create better versions and they will be turned on us in targeted and wide fashions to wreak as much digital havoc as possible. Unfortunately, you and I my friends are the collateral damage here, as we all depend on the systems that these types of malware insert themselves into and manipulate.
It is certainly evident as I stated above, our government here in the US is unable to come up with reasonable means to protect our systems. Systems that they do not own, Hell, the internet itself is not a government run or owned entity either, and yet they want to have an executive ability to shut it down? This alone shows you the problem of their thinking processes. They then decide to open the box and release the malware genie anyway… It’s all kind of scary when you think about it. If this is hard to concieve, lets put it in terms of biological weapons.. Weapons systems that have been banned since Nixon was in office.
The allusion should be quite easy to understand. Especially since malware was originally termed “Virus” There is a direct analogy there. Anyway, here’s the crux of it all. Just like bioweapons, digital “bioware” for lack of a better term, also cannot be controlled once let into the environment. Things mutate, whether at the hand of people or systems, things will not be contained within the intended victims. They will escape (as did all the malware we have seen) and will tend to have unforeseen consequences. God forbid we start really working on polymorphics again huh? If the circumstances are right, then, we could have a problem.
Will we eventually have to have another treaty ban on malware of this kind?
Time will tell.. Until then, we all will just be along for the cyberwar ride I guess. We seem to be steadily marching toward the “cyberwar” everyone is talking about… determined really to prosecute it… But will it get us anywhere?
K.
The Hezbullah Cyber Army: War In HYPERSPACE!
WAR! in HYPERSPACE: The Cyber Jihad!
A day or so ago, a story came out and made the rounds on the INFOSEC-O-Sphere about the Hezbullah Cyber Army The story, which was cub titled “Iranian Terror” was titled “Iranian Cyber-Jihadi Cells in America plot Destruction on the Net and in Reality” Which, would get all our collective attentions right? The story goes on to tell about the newly formed Cyber Army that will be waging all out war on the US and others in “Hyperspace”
Yes, that’s right, you read that correctly.. This guy Abbasi is either trying to be clever, or, this is some bad translation. Sooo… Hyperspace it is! Well, I have a new tag line for him…
“In hyperspace.. No one can hear you giggle”
At any rate, the whole idea of a Cyber Jihad or a Cyber Hizbullah is a notion that should not just be sloughed off as rhetoric. I do think that if the VEVAK are involved (and they would want a hand in this I am sure) they could in fact get some real talent and reign in the ranks to do some real damage down the road a piece I think. So, while I may be a little tongue in cheek here at the start of this post, I want you all to consider our current threatscape (*cough* SCADA etc) and consider the amount of nuisance they could be if they made a concerted effort with the likes of the HCARMY.
So, yeah, this could be an interesting development and it is surely one to keep our eyes on collectively… But.. Don’t exactly fear for your lives here ok? After all, my opinion still applies that the bugaboo of scada does not easily fit into the so called cyberwar unless it is effectively carried out with kinetic attacks and a lot of effort. Nope, if the HCA is going to do anything at all, it will be on the playing field of the following special warfare fronts;
- PSYOPS
- DISINFORMATION (PSYOPS)
- Support of terrorism (Hezbullah and others)
- INTEL OPS
Interview by IRNA with HCA
More than anything else though at the moment, the whole revealing of the HCA is more a publicity stunt than much else I think. For all of the talk in the US and other countries about mounting their own “Cyber Militia’s” it seems that Iran and Hezbullah wanted to get in on the ground floor..
Oh… Wait..
They forgot about the PLA and the Water Army!
DOH!
Oh well, sorry guys… Guess you will have to keep playing on that whole “HYPERSPACE WAR” angle to get your headlines huh? Besides, really, how much street cred is an organization like this anyway? So far I have been poking around all of their sites and find nothing (links or files) that would he helpful in teaching their “army” how to hack.
My guess.. This is kinda like putting out the inflatable tanks and planes for the Germans to bomb in place of the real ones.
The "About" Statement on HCA
Now.. Before You All Go Off Half Cocked (That means you Mass Media)
Meanwhile, I have seen the story that I linked up top scrawled all over the digital wall that is Twitter these last couple days. I am sure with everything that has been going on in Iran of late (i.e. the tendency for their bases to explode lately as well as their pulling another takeover of a consulate as well as spy roll ups) the media is salivating on this story because its juicy. It has it all really…
Cyberwar (hate that term)
HYPERSPACE!
Espionage
BOOGA BOOGA BOOGA We’re gonna activate our hackers inside your borders and attack your SCADA’s!
What’s the media not to love there?
HCA's YouTube Page Started in September
Well, let me set you all straight. This is piffle. This is Iran posturing and the proof thus far has been they have defaced a couple of sites with their logo.
THE HORROR!
This group has not even reached Anonymous standards yet! So relax.. Sit back… Watch the show. I am sure it will quickly devolve into an episode of the keystone cops really. They will make more propaganda videos for their YouTube, create a new Twitter account, and post more of their escapades on their two Facebook pages to let us all know when they have defaced another page!
… Because no one will notice unless they let us know…
Just The Persian Facts Ma’am
The real aegis here seems to be shown within the “about” statement for the group. Their primary goals seem to be to attack everyone who does not believe in their moral and religious doctrine. A translation of the statement rattles on about how the West are all foul non believers and that we are “pompous” Which really, kinda makes me think that the Iranian people, or at least this particular group, has a real inferiority complex going. More so though, it seems from the statement that they intend more of a propaganda and moral war against the west and anyone else they see fit than any kind of real threatening militant movement.
You know.. Like AQAP or AQ proper.. Or Jamaa Islamiya.
This is an ideological war and a weak rallying cry by a group funded by a government in its waning years trying to hold on to the digital snake that they cannot control forever. Frankly, I think that they are just going to run around defacing sites, claiming small victories, and trying to win over the real hackers within their country to their side of the issue.
Which… Well, I don’t think will play well. You see, for the most part, the younger set who know how to hack, already bypass the governments machinations and are a fair bit more cosmopolitan. Sorry Mamhoud, but the digital cat is already out of the bag and your recognition of this is too late. How long til the Arab Spring reaches into the heart of Tehran and all those would be hackers decide to work against you and your moral jihad?
Be afraid Mamhoud… khomeini…
All you really have is control temporarily.. You just have yet to realize it.
Tensions In The Region: Spooks & The Holiday Known as KABOOM
Now, back to the region and its current travails. I can see why this group was formed and rolled out in IRNA etc. Seems to me even with the roll up of the CIA operations there in Iran you guys still are being besot with problems that tend to explode.
- Wayward Trojan drones filled with plastique
- Nuclear scientists who are either being blown up or shot in the streets
- Nuclear facilities becoming riddled with malware that eats your centrifuges.
What You Should Really Worry About From All of This
My real fear though in all of this hoo ha out of the HCA is that VEVAK and Hezbullah will see fit to work with the other terrorist groups out there to make a reality of this whole “Cyber Jihad” thing. One of these factors might in fact be the embracing of AQ a bit more and egging them on in their own cyber jihad. So far the AQ kids have been behind on this but if you give them ideas AND support, then we have a problem I think. The ideal of hit and run terror attacks on infrastructure that the government and those in the INFOSEC community who have been wringing their hands over might come to pass.
HCA Propaganda Fixating on OWS
If the propaganda war heats up and gains traction, this could embolden others and with the support of Hezbullah (Iran) they could “try” to make another Anonymous style movement. Albeit I don’t think that they will be motivated as much by the moral and religious aspects that HCA puts out there as dictum. Maybe though, they will have the gravitational force enough to spin all of this off into the other jihadist movements.
“The enemy of my enemy is my friend”
If the HCA does pull off any real hacks though (say on infrastructure) then indeed they will get the attention they seek and more than likely give the idea to other movements out there to do the same.
AND that is what worries me.
Cinch Up That Seatbelt… It’s Gonna Be A Bumpy Ride
Finally, I think that things are just getting started in Iran and its about to get interesting. With all of the operations that seem to be going on in spook world (please don’t use PIZZA as a code word again mmkay?) and the Israeli’s feeling pressured by Tehran’s nuclear ambitions and rhetoric, I suspect something is about to give way. Add to this the chicken-hawks who want to be president (Herman I wanna touch your monkey) Caine and the others who have so recently been posturing like prima donna models on a runway over Iran and we have a disaster to come.
Oh.. and Bachmann.. *Shudder* Please remove her from the Intelligence committe!! That whole Pakistani nuclear AQ attacks thing was sooo not right!
PSSSSST BACHMANN they’re called SECRETS! (or, for your impaired and illiterate self SEKRETS) STFU ok?
OH.. Too late, now NATO is attacking into Pakistan…
It looks to me like the whole middle east is about to erupt like a pregnant festering boil and we are the nurse with the needs who has to pop it and duck.
So.. Uh yeah, sorry, got carried away there… I guess the take away is this; When you look at all the other stuff going on there, this alleged cyber army is laughable.
Yuk yuk yuk… You’re killin me Ahmed!
K.
The Psychology of “Neo Jihad” Radicalization
The Paradigm Pivot:
Soon after the attacks on 9/11 the US and other countries began a “War On Terror” that attempted to disrupt and destroy the Al Qaeda networks. The military and intelligence wars on AQ have been very successful in that they have splintered the group, cut its main lines of C&C, and forced them to scatter into the hills of Waziristan and other places. The intelligence war began with stepped up surveillance technically as well as, after much spin up, getting physical assets on the ground and inserted into the intelligence gathering apparatus. Once the networks were set up, and the AQ infrastructure fractured, it became apparent to the leaders of AQ that they needed to proselytize in a different way to get more “recruits” for the global jihad that they wanted.
Once the realization set in, the AQ leadership began to move online to communicate, radicalize, and recruit new jihadi’s to the cause. As time went by and more of the networks were broken, the ranks of jihad began to thin out. This became a real problem for Al Qaeda and it realized that it needed a new paradigm to reach the “Western” ummah that they could try to sway to jihad. With the creation of GIMF, and AQAP later on, the footprint of jihadi propaganda and radicalization took shape online. Since 2001, we have seen AQ and affiliates grapple with how to get their message across as well as create channels for those who are not in the 2 lands, to radicalize, and then come to jihad.
This post is about not only the means that AQ, AQAP, and others have come up with as a response to the problem, but also a profile of the GEN2 jihadi’s online that are being radicalized and who have acted in the past as well as those who may in the future.
Online Jihad: 10 Years of Internet Jihad
A plethora of sites on the internet have been set up over the years by AQ and its affiliates to propagandize and communicate. many of these sites at first were just simple file upload areas and small bulletin boards. Today we have many mass media style sites including videos, tutorials, online chat areas, and private messaging. The PHP bulletin boards set up on domain named sites or on servers (stealth) that have been hacked, have been the most popular of all. With these sites, the jihad radicalization goes on with postings within pass-worded group sites like Shamukh (AQ) or Ansar.com.
For the most part, these sites have only been partially successful in being a command and control mechanism for AQ. They have failed to gather the swelling support that they would have liked on the part of the Western ummah and it is this lack of fervor that has them vexed. I have personally seen this vexation in AQAP’s “Inspire Magazine” as they have been trying to become more “Hip and Western” to get a new audience. All of their efforts though, have had lackluster returns. This lack of response on the part of the young westernized groups that they are targeting is likely to a few factors;
- The radicalization process is not in person
- The western mindset of the targets is more secular in nature and separate from the core AQ groups experiences
- These youths are not living in lands where war is ongoing
The Psychology of Radicalization:
Radicalization: The process in which an individual changes from passiveness or activism to become more revolutionary, militant or extremist. Radicalization is often associated with youth, adversity, alienation, social exclusion, poverty, or the perception of injustice to self or others.
Much of the classic radicalizing that happens within movements such as Al Qaeda happens when the like minded get together under the penumbra of a stronger personality that leads them. In the case of Islamic Jihad, there have been many Imam’s and leaders who preach this type of thought within their right wing versions of Islam. This is the core of the idea behind raising the ummah army to fight a jihad, the radicalization of the parishioners through direct proselytizing. Since 9/11 though, much of the Muslim community has come under scrutiny from intelligence gathering groups seeking to find the next cell of terrorists being exhorted to jihad by an imam or another leader.
In other cases secular leaders may arise, this may take shape in the form of someone like Mohammad Atta, or the like who are within a circle of like minded people (What Dr. Marc Sageman calls “a group of guys” theory) who “self radicalize” and either make contact with core AQ, or, they decide to act on their own, using the internet as their guide to jihad techniques and ideals. This may happen with two or more individuals seeking like minded people, or, a leader may inculcate them into their particular brand of thought.
A third and seemingly rising type of radicalization seems to be the Lone Wolf or Loner. This is a person either seeking to belong to something greater than they are, or, someone mentally unbalanced and moving along the lines of their own particular mental illness. The Lone Wolves and the Loner’s are dangerous in that they are now one of the primary targets of AQ and their propaganda/radicalization drive other than the “group of guys” The reason for this is that all of these groups can “self radicalize” without having to step into a mosque by reading online and digitally relating with other like minded jihadi’s online. The major difference being that there is no direct contact and, for most, this method of contact and radicalizing lacks the added social element of being in person as a part of a group.
This is a key feature of radicalization that needs to be understood. Since we are social animals, we need to feel that kinship and the only real way to do this primarily is to be within a social dynamic structure that includes physically being there. Online it seems, just does not cut it for most. However, there are others, the mentally ill, and those who are so socially awkward, that online seems to be the only way that they can relate, that have become the next generation of jihobbyists. This in tandem with the fact that now it is rather hard to make contact with, and access the core AQ group physically (i.e. going to a training camp in Waziristan) has made the online radicalization process the pre-eminent way for the jihadi process to carry on.
Jihad GEN 2.0: Lone Wolves, Wolf Packs, & Loners
- Lone Wolves: Single actors who radicalize either by self or online groups but act alone
- Wolf Packs: “The Group of Guys” Who radicalize together as a unit and attempt jihad
- Loners: The single player who radicalizes online and may have contacts with some but is not a team player
Lone Wolves, or the “Lone Wolf” The most likely candidate for the lone wolf is a second generation immigrant who feels some sort of synergy with their parents homeland. There have been a spate of cases where Al Shebaab had converts sneak off from the US to Somalia to train with them. The majority of these lone wolves in this case, were kids in their teens or early twenties that took off to join the jihad there. The premise though, is that these are people who are not necessarily part of any one group but seek out the jihad on their own. They often connect with the core jihadi groups in some way (Malik Hassan and Anwar Al Awlaki) and then act on their own in a more constructed and supported way from the core AQ groups.
Wolf Packs are groups of like minded individuals who have either come together and then radicalized, or, have formed due to a strong leader. These are the most dangerous of the groups because they tend to be groomed by core AQ and, as a group, not only self radicalize, but they re-enforce their belief and action as a social dynamic. Wolf packs have been seen as the more organized and thus more dangerous element in this behavior model. An example of the wolf pack would be the Lackawana 6 or others who banded together and eventually went to an AQ training camp. Though, in the case of the Lackawanna 6, it seems as though they came back from the trip decidedly lacking the motivation to carry out a mission. This is likely because of their Westernized mind set. They did however provide material support to the jihad, and were convicted of this.
Loners are the last type of jihadi that the AQ core are seeking to incite. The loner tends to be an individual who is socially inept to the degree that some have actually been diagnosed with Aspergers Syndrome. Still others have proven to be mentally ill individuals who latch onto the jihad for whatever reasons are driving their psyche. On average, the loner can be seen as the spree killer of the group that feeds the need of the jihad in that they sow fear and confusion while potentially taking out numbers of people. An example of a loner would be Nidal Malik Hassan (Ft. Hood Shooter) who clearly was mentally unstable and went on a shooting rampage injuring 30 and killing 13.
Loners tend to be more the spree killers with guns than they are bomb makers. Another loner type would be Faisal Shahzad, who attempted to make a propane bomb alone. His training was incomplete or he was inept, because the device failed to go off. In the case of Shahzad, he also spent time in Pakistan (from where he emigrated to the US) with the Pakistani Taliban. His radicalization went on unseen by others around him and his actions became more erratic as time went on. I have not seen a psych evaluation of him, but from all that I have seen, it may well be that he too is mentally unstable.
Another couple of reasons to worry more about the “loner” type of jihadi are these:
- They are loners, thus unless someone in the family see’s whats going on, it will likely go unseen until its too late
- They are often here in the US and with guns easily available, make their spree killing scenarios most likely to work
Online Radicalization: Propaganda, Congregation, Synergy & The Online Shadow War
As mentioned above, the radicalization process online has mainly consisted of websites that cater to the newbie to the jihad up to the hard core members. Primarily though, these sites have been a means to gain new recruits for the holy war. These sites had been for a long time, rather blatantly operating online because the governments had not caught up with the technology. Recently though, there has been a change going on within the online jihad. Due to many factors including actions on the part of the hacker community, the propaganda machine that has been the jihadi bulletin board system online has begun to go underground as well as redouble its propaganda efforts.
AQAP’s “Inspire Magazine” releases also have been slowed down and the core’s processes for distribution tightened because of tampering with the files in the past and the worries that they have been compromised as a network online. Spooks and hackers have been infiltrating their networks and websites for a while now and they have caught on. Of course in some ways, the assumption should always have been so. However, attacks on the AQ propaganda sites have increased over the last couple of years to include complete take downs of certain sites through DD0S as well as compromise and destruction of their back ends. Since these occurrences, the smarter of the group have decided that it was time to create a new propaganda jihad.
Abu Hafs al–Sunni al–Sunni, is an exemplar of this mindset. He espouses that the propaganda jihad needs to be more layered and secret. His proposal is to hide the online jihad in plain sight, by making pages that have stealth links (gateway sites) that will lead the knowing, to the real sites where content can be obtained and ideas shared. His ideas were a bit ahead of the curve for most on the boards, but now, post 2011, the administrators and the core AQ I think, are taking a closer look at this model. As online sites that are non secret become more and more targeted, it is only natural that they jihad would eventually have to go underground to continue and flourish from a command and control as well as radicalization standpoint. By locking down the content with gateways to it, those who are serious could congregate behind the digital curtain and carry on, while the digital bill boards call to all those thinking about joining the fray.
As the online jihad progresses technically, so too will their followers and this is a concern. With technologies such as TOR (The Onion Router) and their “Hidden Services” one can now easily hide all content behind a network that cannot be tracked or traced. Online chats can be had in total anonymity as well as files can be left within the confines of such networks for only those who have the right address to get them (net/net meet the new digital anonymous dead drops) and it is here that once again the pivot happens within the dynamic of online jihad. Once the technological skills of the jihadi’s come online, so too will the types of attacks online that could be carried out by them as well as the success rates of kinetic attacks because they are using solid methods to transmit and connect with each other to plan operations.
Already we have seen this movement happening on the forums and it really is only a matter of time until some of these guys read the man page on how to configure their own TOR node with hidden services turned on. It is clear that the technologies are making it easier for them to hide in plain site as well as behind the technical curtain, so, it is my proposition that the next iteration of the GWOT have a component of psychological operations more involved. Just as I have said about the Anonymous situation ongoing, the greater successes are likely to come about because we better understand the players motivations and psyche’s.
Countering The Threat:
In conclusion, I see a two pronged method of attack to fight the online jihad:
- Psyops: The idea that psychological operations has always been a part of the counter insurgency effort. However, in the digital world this has been more the spooks territory than the digital warfighter. Of course the digital war is new as is the online jihad so it is a natural progression to see this type of warfare as well as detective process being implemented.
- Technical Counter-Insurgency Operations: As the technological adroitness grows on the part of the jihadi’s so should the capabilities on the counter insurgency online. It is understood that the US has quite a bit of technical know how online so it is an easier supposition to make that we will be able to step up quickly. However, it is the melding of the two (psyops/pscyhology and technical ops) that must happen to wage this battle well.
APPENDIX A:US Cases of Terrorism since 9/11
2002
• José Padilla. José Padilla (32), a native U.S. citizen, convert to Islam, and al Qaeda
operative, was arrested upon his return from the Middle East to the United States.
Although there is no question of his al Qaeda connection, his mission remains unclear.
He was convicted for providing material support to al Qaeda and sentenced in 2008.
A co-defendant, Kifah Wael Jayyousi (40), a naturalized U.S. citizen from Jordan, was
also convicted.
• The Lackawanna Six. Six Yemeni-Americans—Sahim Alwar (26), Yahya Goba (25),
Yasein Taher (24), Faysal Galab (25), Shafal Mosed (23), all born in the United States,
and Muktar al-Bakri (21), a naturalized citizen—were arrested for training at an
al Qaeda camp in Afghanistan.
• The Portland Seven. Seven individuals—Patrice Lumumba Ford (31), Jeffrey Leon
Battle (31), October Martinique Laris (25), Muhammad Ibrahim Bilal (22), Ahmed
Ibrahim Bilal (24), all native U.S. citizens; Habis Abdulla al Saoub (37), a U.S. perma-
nent resident from Jordan; and Maher Hawash (38), a naturalized U.S. citizen from
Jordan—were arrested for attempting to join al Qaeda and the Taliban.
• Earnest James Ujaama. Earnest James Ujaama (36), a native U.S. citizen, was arrested
for providing support to the Taliban.
• Imran Mandhai. Imran Mandhai (20), a U.S. permanent resident from Pakistan, told
an FBI informant that he wanted to wage war against the United States. He planned
to assemble an al Qaeda cell and attack various targets in Florida, including electrical
substations, Jewish businesses, a National Guard armory, and also, improbably, Mount
Rushmore. Under surveillance for a long time, Mandhai was arrested and subsequently
convicted of conspiracy to destroy property.
• Anwar al-Awlaki. Anwar al-Awlaki (31), a U.S. citizen born in New Mexico, studied
engineering in college and motivation in graduate school, then became an increasingly
radical imam. After being questioned by the FBI several times, he left the United States
in 2002 and went to Yemen, where he is now a leading spokesperson for al Qaeda.
2003
• Adnan Gulshair el Shukrijumah. A provisional arrest warrant was issued for Adnan
Gulshair el Shukrijumah (27), a Saudi national and legal permanent resident, who grew
up and worked in the United States. Shukrijumah was suspected of involvement in a
number of terrorist plots. In 2010, he was indicted for his involvement in the 2009 Zazi
plot to blow up New York subways.
• Iyman Faris. Iyman Faris (34), a naturalized U.S. citizen from Pakistan, was arrested
for reconnoitering the Brooklyn Bridge for a possible al Qaeda attack.
• The Northern Virginia Cluster. Eleven men were arrested in June 2003 for training
at a jihadist training camp abroad, intending to join Lashkar-e-Toiba, and planning
terrorist attacks: Caliph Basha Ibn Abdur Raheem (28), a native U.S. citizen; Sabri
Benkhala (27), a native U.S. citizen; Randoll Todd Royer (39), a native U.S. citizen;
Ibrahim al-Hamdi (25), a Yemeni national; Khwaja Mahmood Hasan (27), a natural-
ized U.S. citizen from Pakistan; Muhammed Aatique (30), a legal permanent resident
from Pakistan; Donald T. Surratt (30), a native U.S. citizen; Masoud Ahmad Khan
(33), a naturalized U.S. citizen from Pakistan; Seifullah Chapman (31), a native U.S.
citizen; Hammad Abdur-Raheem (34), a U.S.-born citizen and Army veteran of the
first Gulf War; and Yong Ki Kwon (27), a naturalized U.S. citizen from Korea. Two
other individuals were also arrested in connection with the group: Ali al-Timimi (40), a
U.S.-born citizen, and Ali Asad Chandia (26), a citizen of Pakistan. Six of the accused
pleaded guilty, and another three were convicted. Benkhala was acquitted but was later
charged and convicted of making false statements to the FBI. Al-Timimi was convicted
in 2005. The case against Caliph Basha Ibn Abdur Raheem was dismissed.
• Uzair Paracha. Uzair Paracha (23), a legal permanent resident from Pakistan, was
indicted for attempting to help an al Qaeda operative enter the United States in order
to attack gas stations. He was convicted in 2005.
• Abdurahman Alamoudi. Abdurahman Alamoudi (51), a naturalized U.S. citizen from
Eritrea, was indicted in the United States for plotting to assassinate Saudi Arabia’s
Prince Abdullah.
• Ahmed Omar Abu Ali. Ahmed Omar Abu Ali (22), a native U.S. citizen, was arrested
by Saudi authorities and later extradited to the United States for providing support to
a terrorist organization and plotting to assassinate the president of the United States.
2004
• Mohammed Abdullah Warsame. Mohammed Abdullah Warsame (31), a legal perma-
nent resident from Somalia, was arrested for conspiring to support al Qaeda. He was
found guilty and sentenced in 2009.
Chronology of the Cases
• Ilyas Ali. Ilyas Ali (55), a naturalized U.S. citizen from India, pleaded guilty to provid-
ing material support to the Taliban and al Qaeda. He attempted to sell hashish and
heroin in return for Stinger missiles, which he then planned to sell to the Taliban. Two
other defendants, Muhammed Abid Afridi and Syed Mustajab Shah, both Pakistani
nationals, were also convicted in the case.
• Amir Abdul Rashid. Ryan Gibson Anderson (26)—a native U.S. citizen and convert to
Islam who called himself Amir Abdul Rashid—was a soldier in the U.S. Army at Fort
Lewis, Washington, when he was arrested in February 2004 for contacting Islamic
websites related to al Qaeda and offering information about the U.S. Army.
• Mark Robert Walker. A Wyoming Technical Institute student, Mark Robert Walker
(19), a native U.S. citizen who, according to reports, became obsessed with jihad, was
charged with attempting to assist the Somali-based group, Al-Ittihad al Islami. He
planned to provide the group with night-vision devices and bulletproof vests.
• Mohammed Junaid Babar. Mohammed Junaid Babar (31), a naturalized U.S. citizen
from Pakistan, was arrested in New York for providing material support to al Qaeda.
• The Herald Square Plotters. Shahawar Martin Siraj (22), a Pakistani national, and
James Elshafy (19), a U.S.-born citizen, were arrested for plotting to carry out a terrorist
attack on New York City’s Herald Square subway station.
• The Albany Plotters. Yassin Aref (34), an Iraqi refugee in the United States, and
Mohammad Hossain (49), a naturalized U.S. citizen from Bangladesh, two leaders of a
mosque in Albany, New York, were arrested for attempting to acquire weapons in order
to assassinate a Pakistani diplomat.
• Adam Yahiye Gadahn. Adam Yahiye Gadahn (26), a native U.S. citizen and convert to
Islam, moved to Pakistan in 1998. By 2004, he was identified as a member of al Qaeda
planning terrorist attacks in the United States, and he subsequently became one of
al Qaeda’s principal spokesmen. He was formally indicted in 2006.
• The Abdi Case. Nuradin Abdi (32), a Somali national granted asylum in the United
States, was indicted in June 2004 for plotting with Iyman Faris to blow up a Colum-
bus, Ohio, shopping mall. (He was arrested in November 2003.)
• Gale Nettles. Gale Nettles (66), a native U.S. citizen and ex-convict, was arrested in
August in an FBI sting for plotting to bomb the Dirksen Federal Building in Chi-
cago and for attempting to provide al Qaeda with explosive material. His motive was
revenge for his conviction as a counterfeiter, but he wanted to connect with al Qaeda,
which he figured would pay him for his excess explosive materials. He was convicted
on the terrorist charge in 2005.
• Carpenter and Ransom. Two New Orleans men, Cedric Carpenter (31), a convicted
felon, and Lamont Ransom (31), both native U.S. citizens, intended to sell fraudulent
identity documents to the Philippine jihadist terrorist group Abu Sayyaf in return for
cash and heroin. Ransom, who had previously served in the U.S. Navy, was familiar
with the group. Both were convicted and sentenced in 2005.
2005
• The New York Defendants. Three defendants—Mahmud Faruq Brent (32), a U.S.-
born citizen who had attended a training camp in Pakistan run by Lashkar-e-Toiba;
Rafiq Abdus Sabir (50), a U.S.-born citizen and medical doctor who volunteered to pro-
vide medical treatment to al Qaeda terrorists; and Abdulrahman Farhane (52), a natu-
ralized U.S. citizen from Morocco who agreed to assist in fundraising for the purchase
of weapons for insurgents in Chechnya and Afghanistan—were linked to defendant-
turned-informant Tarik Shah (42), a U.S.-born citizen who was arrested in May 2005
for offering to provide training to insurgents in Iraq. Shah identified his co-defendants,
and all four were convicted.
• The Lodi Case. Hamid Hayat (22), a native-born U.S. citizen, and his father, Umar
Hayat, a naturalized U.S. citizen from Pakistan, were arrested in June 2005 for secretly
attending a terrorist training camp in Pakistan. Umar Hayat ultimately pleaded guilty
of lying to federal authorities.
• The Torrance Plotters. Kevin James (29), Levar Washington (21), and Gregory
Patterson (25), all native U.S. citizens and converts to Islam, and Hammad Riaz Samana
(21), a permanent resident from Pakistan, were charged in August 2005 with planning
to carry out terrorist attacks on National Guard armories, a U.S. military recruiting
center, the Israeli consulate, and Los Angeles International airport. (This case is some-
times referred to as the Sacramento Plot.)
• Michael Reynolds. Michael Reynolds (47), a native U.S. citizen, acquired explosives
and offered them to an informant whom he believed was an al Qaeda official to blow
up the Alaska Pipeline in return for $40,000.
• Ronald Grecula. Ronald Grecula (70), a native U.S. citizen, was arrested in Texas in
May 2005 for offering to build an explosive device for informants he believed to be
al Qaeda agents. He pleaded guilty to the charge in 2006.
2006
• The Liberty City Seven. Seven men—Narseal Batiste (32), a native U.S. citizen;
Patrick Abraham (39), a Haitian national illegally in the United States after over-
staying his visa; Stanley Grunt Phanor (31), a naturalized U.S. citizen; Naudimar
Herrera (22), a native U.S. citizen; Burson Augustin (21), a native U.S. citizen; Rothschild
Augustin (26), a native U.S. citizen; and Lyglenson Lemorin (31), a legal permanent resi-
dent from Haiti—were charged in June 2006 with plotting to blow up the FBI build-
ing in Miami and the Sears Tower in Chicago. Herrera and Lemorin were acquitted.
Chronology of the Cases
• Syed Hashmi. Syed “Fahad” Hashmi (30), a Pakistani-born U.S. citizen, was arrested
in London on charges of providing material support to al Qaeda.
• Derrick Shareef. Derrick Shareef (22), a native U.S. citizen and convert to Islam, was
arrested for planning a suicide attack on an Illinois shopping mall. He intended to
place hand grenades in garbage cans, but the plot also involved handguns.
• The Fort Dix Plotters. Six men—Mohammad Ibrahim Shnewer (22), a naturalized
U.S. citizen from Jordan; Serdar Tatar (23), a legal permanent resident from Turkey;
Agron Abdullahu (24), a U.S. permanent resident from Kosovo; and Dritan Duka (28),
Shain Duka (26), and Elljvir Duka (23), three brothers from Albania living in the
United States illegally—were charged with plotting to carry out an armed attack on
soldiers at Fort Dix, New Jersey.
• The Toledo Cluster. Mohammad Zaki Amawi (26) and Marwan El-Hindi (43), both
naturalized U.S. citizens from Jordan, and Wassim Mazloum (25), a legal permanent
resident from Lebanon, were arrested in Toledo, Ohio, for plotting to build bombs to
use against American forces in Iraq. Two additional persons were also charged in this
case: Zubair Ahmed (26), a U.S.-born citizen, and his cousin Khaleel Ahmed (25), a
naturalized U.S. citizen from India.
• The Georgia Plotters. Syed Harris Ahmed (21), a naturalized U.S. citizen, and Ehsanul
Islam Sadequee (20), a U.S.-born citizen from Atlanta, Georgia, were arrested in April
2006 for discussing potential targets with terrorist organizations and receiving instruc-
tion in reconnaissance.
• Daniel Maldonado. Daniel Maldonado (27), a native U.S. citizen and convert to
Islam, was arrested for joining a jihadist training camp in Somalia. He was captured
by the Kenyan armed forces and returned to the United States.
• Williams and Mirza. Federal authorities charged two students at Houston Commu-
nity College—Kobie Diallo Williams (33), a native U.S. citizen and convert to Islam,
and Adnan Babar Mirza (29), a Pakistani national who had overstayed his student
visa—with aiding the Taliban. According to the indictment, the two planned to join
and train with the Taliban in order to fight U.S. forces in the Middle East.
• Ruben Shumpert. Ruben Shumpert (26), also known as Amir Abdul Muhaimin, a
native U.S. citizen who had been convicted for drug trafficking, converted to Islam
shortly after his release from prison. When the FBI came looking for him in 2006, he
fled to Somalia and joined al-Shabaab. He was reportedly killed in Somalia in Decem-
ber 2008.
2007
• Hassan Abujihaad. Hassan Abujihaad (31), formerly known as Paul R. Hall, a native
U.S. citizen and convert to Islam who had served in the U.S. Navy, was arrested in
April 2007 for giving the locations of U.S. naval vessels to an organization accused of
supporting terrorists.
• The JFK Airport Plotters. Russell Defreitas (63), a naturalized U.S. citizen from
Guyana; Abdul Kadir (55) a Guyanese citizen; Kareem Ibrahim (56), a Trinidadian;
and Abdal Nur (57), another Guyanese citizen, were charged in June 2007 with plot-
ting to blow up aviation fuel tanks at John F. Kennedy Airport in New York. Defreitas
was arrested in Brooklyn. The other three plotters were arrested in Trinidad and extra-
dited to the United States.
• Ahmed Abdellatif Sherif Mohamed. Ahmed Abdellatif Sherif Mohamed (26), a U.S.
permanent resident from Egypt, was arrested for providing material support to terror-
ists by disseminating bomb-making instructions on YouTube. He pleaded guilty to the
charge.
• Omar Hammami. Now known as Abu Mansour al-Amriki, Omar Hammami
(23), a native-born U.S. citizen, left Alabama some time not later than 2007 to join
al-Shabaab in Somalia. He later appeared in the group’s recruiting videos. Hammami
was indicted in 2010 for providing support to al-Shabaab.
• Jaber Elbaneh. Jaber Elbaneh (41), a naturalized U.S. citizen from Yemen, was con-
victed in absentia by a Yemeni court for plotting to attack oil and gas installations in
Yemen. He had previously been charged in the United States with conspiring with the
Lackawanna Six. He was one of a number of al Qaeda suspects who escaped from a
Yemeni prison in 2006. He subsequently turned himself in to Yemeni authorities.
• The Hamza Case. Federal authorities charged the owner and several officials of Hamza,
Inc., a financial institution, for money laundering and secretly providing money to
al Qaeda. Those charged included Saifullah Anjum Ranjha (43), a legal permanent U.S.
resident from Pakistan; Imdad Ullah Ranjha (32), also a legal permanent resident from
Pakistan; and Muhammed Riaz Saqi, a Pakistani national living in Washington, D.C.
Also charged in the case were three Pakistani nationals living in Canada and Spain.
2008
• Christopher Paul. Christopher “Kenyatta” Paul (43), a native U.S. citizen and convert
to Islam living overseas, was arrested upon his return to the United States in April 2008
for having plotted terrorist attacks on various U.S. targets. He later pleaded guilty.
• Bryant Vinas. Bryant Vinas (26), a native U.S. citizen and convert to Islam, was
arrested in Pakistan and extradited to the United States for having joined al Qaeda in
Pakistan. He also provided al Qaeda with information to help plan a bombing attack
on the Long Island Rail Road.
• Somali Recruiting Case I. As many as a dozen Somalis may have been recruited in
the Minneapolis, Minnesota, area by Shirwa Ahmed (26), a naturalized U.S. citizen
Chronology of the Cases from Somalia, to fight in Somalia. Ahmed subsequently was
killed in a suicide bomb- ing in Somalia.
• Sharif Mobley. Sharif Mobley (26), a native U.S. citizen of Somali descent, moved
to Yemen in 2008, ostensibly to study Arabic and religion, but in reality, authorities
believe, to join a terrorist organization. He was later arrested by Yemeni authorities in
a roundup of al Qaeda and al-Shabaab militants. In March 2010, he killed one guard
and wounded another in an attempt to escape.
2009
• The Riverdale Synagogue Plot. Native U.S. citizens James Cromite (55), David
Williams (28), Onta Williams (32), and Laguerre Payen (27), a Haitian national, all con-
verts to Islam, were arrested in an FBI sting in New York in May 2009 for planning to
blow up synagogues.
• Abdulhakim Mujahid Muhammad. In June 2009, Abdulhakim Mujahid
Muhammad (23), also known as Carlos Bledsoe, a native U.S. citizen and Muslim con-
vert, killed one soldier and wounded another at an Army recruiting station in Arkansas.
• The North Carolina Cluster. Daniel Boyd (39), a native U.S. citizen and convert to
Islam who fought against the Soviets in Afghanistan in the late 1980s, was arrested
in July 2009 along with his two sons, Zakarlya Boyd (20) and Dylan Boyd (22), also
converts to Islam, and four others, including three U.S. citizens—Anes Subasic (33), a
naturalized U.S. citizen from Bosnia; Mohammad Omar Aly Hassan (22), a U.S.-born
citizen; and Ziyad Yaghi (21), a naturalized U.S. citizen—and Hysen Sherifi (24), a
legal U.S. resident from Kosovo, for plotting terrorist attacks in the United States and
abroad. Jude Kenan Mohammad (20), a U.S.-born citizen, was also a member of the
group. He was arrested by Pakistani authorities in 2008. Boyd reportedly reconnoi-
tered the Marine Corps base at Quantico, Virginia.
• Betim Kaziu. Betim Kaziu (21), a native U.S. citizen, was arrested in September
2009 for traveling overseas to join al-Shabaab or to attend a terrorist training camp in
Somalia.
• Ali Saleh Kahlah al-Marri. Ali Saleh Kahlah al-Marri (38), a U.S. permanent resi-
dent and dual national of Qatar and Saudi Arabia, was charged with attending an
al Qaeda training camp in Pakistan. He pleaded guilty to providing material support
to a terrorist group.
• Michael Finton. Michael Finton (29), a native U.S. citizen and convert to Islam, was
arrested in September 2009 in an FBI sting for planning to blow up a federal court-
house in Springfield, Illinois.
• Hosam Maher Smadi. Hosam Maher Smadi (19), a Jordanian citizen living in the
United States, was arrested in September 2009 in an FBI sting for planning to blow up
an office building in Dallas, Texas.
• Najibullah Zazi. Najibullah Zazi (25), a permanent U.S. resident from Afghanistan,
was arrested in September 2009 for receiving training in explosives at a terrorist train-
ing camp in Pakistan and buying ingredients for explosives in preparation for a ter-
rorist attack in the United States. Indicted with Zazi were his father, Mohammed Zazi
(53), a naturalized U.S. citizen from Afghanistan, and Ahmad Afzali (38), a U.S. per-
manent resident from Afghanistan, both for making false statements to federal inves-
tigators; neither was involved in the terrorist plot. In January 2010, authorities arrested
Adis Medunjanin (24), a naturalized U.S. citizen from Bosnia, and Zarein Ahmedzay
(25), a naturalized U.S. citizen from Afghanistan, and charged them with participat-
ing in the plot.
• Tarek Mehana. In October 2009, federal authorities in Massachusetts arrested Tarek
Mehana (27), a dual citizen of the United States and Egypt, for conspiring over a seven-
year period to kill U.S. politicians, attack American troops in Iraq, and target shopping
malls in the United States. Two other individuals, including Ahmad Abousamra (27), a
U.S. citizen, were allegedly part of the conspiracy. Abousamra remains at large.
• David Headley. In an increasingly complicated case, David Headley (49), a U.S.-born
citizen of Pakistani descent and resident of Chicago, was arrested in October 2009
along with Tahawar Rana (48), a native of Pakistan and a Canadian citizen, for plan-
ning terrorist attacks abroad. Headley was subsequently discovered to have partici-
pated in the reconnaissance of Mumbai prior to the November 2008 attack by the ter-
rorist group Lashkar-e-Toiba. He pleaded guilty in March 2010.
• Colleen Renee LaRose. Calling herself “Jihad Jane” on the Internet, Colleen Renee
LaRose (46), a native U.S. citizen and convert to Islam, was arrested in October 2009
for plotting to kill a Swedish artist whose drawings of Muhammad had enraged Mus-
lims and for attempting to recruit others to terrorism. Her arrest was concealed until
March 2010. LaRose pleaded guilty to the charges.
• Nidal Hasan. In November 2009, Nidal Hasan (38), a native U.S. citizen and Army
major, opened fire on fellow soldiers at Fort Hood, Texas, killing 13 and wounding 31.
• The Pakistan Five. In November 2009, five Muslim Americans from Virginia—
Umar Farooq (25), a naturalized U.S. citizen from Pakistan; Ramy Zamzam (22), who
was born in Egypt, immigrated to the United States at the age of two, and became a
citizen by virtue of his parents becoming citizens; Waqar Hassan Khan (22), a natu-
ralized U.S. citizen from Pakistan; Ahmad Abdullah Mimi (20), a naturalized U.S.
citizen from Eritrea; and Aman Hassan Yemer (18), a naturalized U.S. citizen from
Ethiopia—were arrested in Pakistan for attempting to obtain training as jihadist guer-
rillas. Khalid Farooq, Umar Farooq’s father, was also taken into custody but was later
released. The five were charged by Pakistani authorities with planning terrorist attacks.
• Somali Recruiting Case II. In November 2009, federal authorities indicted eight
men for recruiting at least 20 young men in Minnesota for jihad in Somalia and rais-
ing funds on behalf of al-Shabaab. By the end of 2009, a total of 14 indictments had
been handed down as a result of the ongoing investigation. Those indicted, all but
one of whom are Somalis, were Abdow Munye Abdow, a naturalized U.S. citizen from
Somalia; Khalid Abshir; Salah Osman Ahmad; Adarus Abdulle Ali; Cabdulaahi Ahmed
Faarax; Kamal Hassan; Mohamed Hassan; Abdifatah Yusef Isse; Abdiweli Yassin Isse;
Zakaria Maruf; Omer Abdi Mohamed, a legal permanent resident from Somalia; Ahmed
Ali Omar; Mahanud Said Omar; and Mustafa Salat. No age information is available.
• Abdul Tawala Ibn Ali Alishtari. Abdul Tawala Ibn Ali Alishtari (53), also known as
Michael Mixon, a native U.S. citizen, was indicted and pleaded guilty to attempting to
provide financing for terrorist training in Afghanistan.
2010
• Raja Lahrasib Khan. Raja Lahrasib Khan (57), a naturalized U.S. citizen from Paki-
stan, was charged with sending money to Ilyas Kashmiri, an al Qaeda operative in
Pakistan, and for discussing blowing up an unidentified stadium in the United States.
• Times Square Bomber. Faisal Shazad (30), a naturalized U.S. citizen from Pakistan,
had studied and worked in the United States since 1999. In 2009, he traveled to Paki-
stan and contacted the TTP (Pakistan Taliban), who gave him instruction in bomb-
building. Upon his return to the United States, he built a large incendiary device
in a sport utility vehicle (SUV) and attempted unsuccessfully to detonate it in New
York City’s Times Square. He was arrested in May 2010. Three other individuals were
arrested in the investigation but were never charged with criminal involvement in the
case.
• Jamie Paulin-Ramirez. The arrest of Colleen R. LaRose (“Jihad Jane”) in 2009 led to
further investigations and the indictment of Jamie Paulin-Ramirez (31), also known as
“Jihad Jamie.” Paulin-Ramirez, a native-born U.S. citizen and convert to Islam, alleg-
edly accepted an invitation from LaRose to join her in Europe in order to attend a
training camp there. According to the indictment, she flew to Europe with “the intent
to live and train with jihadists.” She was detained in Ireland and subsequently returned
to the United States, where she was arraigned in April 2010.
Wesam el-Hanafi and Sabirhan Hasanoff. Wesam el-Hanafi (33), also known
as “Khaled,” a native-born U.S. citizen, and Sabirhan Hasanoff (34), also known as
“Tareq,” a dual U.S.-Australian citizen, were indicted for allegedly providing material
In September 2010, Sami Samir Hassoun (22), was arrested in an FBI sting in Chicago
for attempting to carry out a ter-rorist bombing. Hassoun expressed anger at Chicago
Mayor Richard Daley. It is not clear that the case is jihadist-related.
In December 2010, Awais Younis (26), a naturalized U.S. citizen from Afghanistan, was
arrested for threatening to bomb the Washington, D.C., Metro system. He made the threat on
Facebook, and it was reported to the authorities. Neither of these cases is included in the chronology.
support to a terrorist group. The two men, one of whom traveled to Yemen in 2008,
provided al Qaeda with computer advice and assistance, along with other forms of aid.
• Khalid Ouazzani. Khalid Ouazzani (32) pleaded guilty in May to providing material
support to a terrorist group. Ouazzani, a Moroccan-born U.S. citizen, admitted to rais-
ing money for al Qaeda through fraudulent loans, as well as performing other tasks at
the request of the terrorist organization between 2007 and 2008.
• Mohamed Mahmood Alessa and Carlos Eduardo Almonte. Two New Jersey men,
Mohamed Mahmood Alessa (20), a native U.S. citizen, and Carlos Eduardo Almonte
(24), a naturalized citizen from the Dominican Republic and convert to Islam, were
arrested in June at New York’s JFK Airport for conspiring to kill persons outside the
United States. The two were on their way to join al-Shabaab in Somalia.
• Barry Walter Bujol, Jr. Barry Walter Bujol, Jr. (29), a native U.S. citizen and convert
to Islam, was arrested as he attempted to leave the United States to join al Qaeda in
Yemen. He had been under investigation for two years and was in contact with an
undercover agent he believed to be an al Qaeda operative.
• Samir Khan. In June 2010, the Yemen-based affiliate of al Qaeda began publishing
Inspire, a slick, English-language online magazine devoted to recruiting Western youth
to violent jihad. The man behind the new publication was Samir Khan (24), a Saudi-
born naturalized U.S. citizen who moved to the United States with his parents when
he was seven years old. He began his own journey to violent jihad when he was 15. He
reportedly left the United States in late 2009, resurfacing in Yemen in 2010.
• Rockwood’s Hitlist. Paul Rockwood (35), a U.S. citizen who served in the U.S. Navy
and converted to Islam while living in Alaska, was convicted in July 2010 for lying
to federal authorities about drawing up a list of 15 targets for assassination; they were
targeted because, in his view, they offended Islam. He was also accused of research-
ing how to build the explosive devices that would be used in the killings. His wife,
Nadia Rockwood (36), who has dual UK-U.S. citizenship, was convicted of lying to
authorities.
• Zachary Chesser. Zachary Chesser (20), a native U.S. citizen and convert to Islam, was
arrested for supporting a terrorist group in July as he attempted to board an airplane to
fly to Somalia and join al-Shabaab. Chesser had earlier threatened the creators of the
television show South Park for insulting Islam in one of its episodes.
• Shaker Masri. A U.S. citizen by birth, Shaker Masri (26) was arrested in August 2010,
allegedly just before he planned to depart for Afghanistan to join al Qaeda or Somalia
to join al-Shabaab.
• Somali Recruiting Case III. As part of a continuing investigation of recruiting and
funding for al Qaeda ally al-Shabaab, the U.S. Department of Justice announced four
indictments charging 14 persons with providing money, personnel, and services to the
terrorist organization. In Minnesota, 10 men were charged with terrorism offenses for
leaving the United States to join al-Shabaab: Ahmed Ali Omar (27), a legal permanent
resident; Khalid Mohamud Abshir (27); Zakaria Maruf (31), a legal permanent resident;
Mohamed Abdullahi Hassan (22), a legal permanent resident; Mustafa Ali Salat (20), a
legal permanent resident; Cabdulaahi Ahmed Faarax (33), a U.S. citizen; and Abdiweli
Yassin Isse (26). Three were new on the list and had been the subject of previous indict-
ments: Abdikadir Ali Abdi (19), a U.S. citizen; Abdisalan Hussein Ali (21), a U.S. citi-
zen; and Farah Mohamed Beledi (26). A separate indictment named Amina Farah Ali
(33) and Hawo Mohamed Hassan (63), both naturalized U.S. citizens, for fundraising
on behalf of al-Shabaab. A fourth indictment charged Omar Shafik Hammami (26),
a U.S. citizen from Alabama, and Jehad Sherwan Mostafa (28) of San Diego, Califor-
nia, with providing material support to al-Shabaab. (Hammami’s involvement is listed
in this chronology under the year 2007, when he first left the United States to join
al-Shabaab; Mostafa is listed separately in the next entry.)
• Jehad Serwan Mostafa. In August 2010, Jehad Serwan Mostafa (28), a native U.S.
citizen, was indicted for allegedly joining al-Shabaab in Somalia. He reportedly left
the United States in December 2005 and was with al-Shabaab between March 2008
and June 2009.
• Abdel Hameed Shehadeh. Abdel Hameed Shehadeh (21), a U.S.-born citizen of Pal-
estinian origin, was arrested in October for traveling to Pakistan to join the Taliban
or another group to wage jihad against U.S. forces. Denied entry to Pakistan, then
Jordan, Shehadeh returned to the United States and subsequently attempted to join
the U.S. Army. He allegedly hoped to deploy to Iraq, where he planned to desert and
join the insurgents. When that did not work out, he tried again to leave the country
to join the Taliban.
• Farooque Ahmed. Farooque Ahmed (34), a naturalized U.S. citizen from Pakistan, was
arrested in October for allegedly plotting to bomb Metro stations in Washington, D.C.
FBI undercover agents learned of Ahmed’s intentions by posing as al Qaeda operatives.
• Shabaab Support Network in San Diego. Saeed Moalin (33), a naturalized U.S. cit-
izen from Somalia, Mohamed Mohamed Mohamud (38), born in Somalia, and Issa
Doreh (54), a naturalized U.S. citizen from Somalia, all residents of San Diego, were
arrested for allegedly providing material support to al-Shabaab. The investigation of
this network is continuing, and a fourth man from Southern California, Ahmed Nasir
Taalil Mohamud (35), was subsequently indicted.
• Al-Shabaab Fundraising II. In November, federal authorities arrested Mohamud
Abdi Yusuf (24), a St. Louis resident, and Abdi Mahdi Hussein (35) of Minneapolis,
both immigrants from Somalia. The two are accused of sending money to al-Shabaab
in Somalia. A third person, Duane Mohamed Diriye, believed to be in Africa, was also
indicted.
• Nima Ali Yusuf. Nima Ali Yusuf (24), a legal permanent resident originally from Soma-
lia, was arrested in November for allegedly providing material support to a terrorist
group. She was accused of attempting to recruit fighters and raise funds for al-Shabaab.
• Mohamed Osman Mohamud. Mohamed Osman Mohamud (19), a naturalized U.S.
citizen originally from Somalia, was arrested in December for attempting to detonate
what he believed to be a truck bomb at an outdoor Christmas-tree-lighting ceremony
in Portland, Oregon. He reportedly had wanted to carry out some act of violent jihad
since the age of 15. His bomb was, in fact, an inert device given to him by the FBI,
which set up the sting after it became aware of his extremism through a tip and subse-
quent monitoring of his correspondence on the Internet.
• Antonio Martinez. Antonio Martinez (21), also known as Muhaamed Hussain, a nat-
uralized U.S. citizen and convert to Islam, was arrested in December for allegedly plot-
ting to blow up the Armed Forces Career Center in Catonsville, Maryland. The car
bomb he used to carry out the attack was a fake device provided to him by the FBI,
which had been communicating with him for two months.
APPENDIX B: Research Materials
1302002992ICSRPaper_ATypologyofLoneWolves_Pantucci
Wk 6-3 Terrorism background psychology Sageman
The Post Bin-Laden World
Well, it finally happened. OBL is ostensibly dead, though we have no real proof of that for the masses to see, but we are being told as much and that there have been DNA matches made. As you are all being barraged with I am sure, the salient points of the operation are these:
- OBL was not in the kush, but instead in a populated area situated about an hour outside of Islamabad Pakistan
- The compound was built in 2005 and has been under surveillance for some time
- The compound was located in an area that was off limits to the reapers and other drones, thus they thought they were secure
- The compound was about half a mile away from the Pakistani military version of West Point
- The courier that OBL trusted most was the one who led us to him. He was in turn alleged to have been outed by KSM in Gitmo under “interrogation” as well as others in CIA ghost sites
- Once the CIA had the pseudonym it took about two years to actually get his real name and then to locate him
- Once we had a lock on enough data to place OBL there, the go code was given to neutralise OBL (he was not to be captured)
- SEAL Team SIX confiscated more than 3 computers from the premises and I am sure those have been sent already to the NSA for decrypt/forensics
- OBL’s body and any photos of it have been deep six’d so as not to give the jihadi’s anything to work with for Nasheeds and other propaganda
- It was old fashioned intelligence work and a SPECOPS team that eventually got him… Not just fancy drones and technology
All in all, Sunday was a good day for SPECOPS, the CIA, and the U.S. So, what does this mean though for the GWOT and for all of us now?
AQ’s Response:
So far, I have seen very little chatter on the jihadi boards whatsoever. In fact, it has been downright quiet out there. I think there is a mix of disbelief and a bit of fear out there that is keeping them quiet. Just as there has been no body provided or photo’s thereof, they all must be waiting on an announcement from AQ as to the loss. However, I don’t expect that announcement to be soon. I am sure Ayman has been scuttled off somewhere ‘safe’ and the rest of the thought leadership (what’s left that is) is wondering just where to go from here.
Much of the inactivity on the part of AQ also likely is due to their loss of computers that likely held A LOT of data that were taken by the SEAL’s at exfiltration. I would assume that much of what was left of their internal network has been compromised by this loss and when the systems are cracked and examined, there will be more raids coming. So, they all are likely bugging out, changing identities if possible and burning the rest of the network to prevent blowback.
Frankly, this is a real death blow to AQ itself no matter how autonomous the network cells have become. Though, OBL had been less the public face of things for some time with Ayman taking up the face roll. Time will tell just what happens to the AQ zeitgeist in its original form, but I think I already know what has happened, and it has been going on for some time…
In the end, I don’t expect a real response from AQ proper and if anything, I expect a feeble one from Ayman in a few days. Remember, Ayman is not well liked within many jihadi circles, so the succession of AQ is likely to have Ayman try, but I think in the end fail to be the new OBL.
AQAP and Anwar al-Awlaki the new thought leaders:
Meanwhile, I believe this is the new AQ. AQAP has been developing a base that includes the whole Inspire Magazine machine. Anwar Al-Awlaki has been the titular head of jihadi thought for some time now, but with the demise of OBL and AQ proper, he will be the lightning rod I suspect. I think also that we will be hearing from him very soon and with that audio, no doubt released by Al-Malahem, he will take the spot that OBL and Ayman did. Whether that will be at the behest or acquiescence of Ayman or not I cannot be sure.
Awlaki is frankly, the charismatic Americanized version of OBL that will be able to and has been, moving the western takfiri’s to jihad with his fiery speeches. With his team of younger, hipper, and technically savvy, he will have a better chance of activating the youth movements and gaining the respect of the older set.
AQ Attacks:
I frankly do not see any major attacks coming from AQ proper in the near future that would rival 9/11. However, I do see the potential for some attacks in Pakistan/Afghanistan/Iraq from operators using shahid attacks. I do believe though, that they will be working on larger scale attacks as they are patient and have a real desire now to avenge OBL.
Time will tell on this, but I do not think that operationally, AQ is in a position to really do anything of merit at this time. This is specifically so because OBL’s computers and data have been captured and as I said before, the networks are likely broken.
AQAP Attacks:
AQAP though, is an entity unto itself and I can see them putting together another parcel bomb plot pretty quickly. The last plot (the one with the toner cartridges) was put together in short order and had a very low cost, so I think if anyone, AQAP has a better chance of actuating a plan and carrying it off.
Of course, they may not succeed just like the last time. In some ways though, we got lucky on that one as the Saud’s got intel that they shared foiling the plot.
Lone Wolves:
This is the one I think most viable and worry about. The disparate crazy loners who have self radicalized to jihad are the ones likely to do something bonkers. These guys may not have the training, may not have the infrastructure, but, they make up for it all in sheer whack nutty-ness.
The one thing about this is that I suspect that these folks will be the ones here in the states. So soft targets will be a premium (malls, games, etc)
Moving Forward:
The next week is going to be interesting. As time goes on, and the AQ networks begin to settle, then I am sure we will see some response from them. Meanwhile, I will continue to monitor the boards and see what’s what.
I do though want to recommend that you all out there keep your wits about you as you are out and about in soft targets like malls, games, and other gathering places. If anything, its that lone wolf actor who may try something and those would be targets they would choose for maximum effect.
More when I have it.
K
Rumblings On Stuxnet’s Potential for A Chernobyl Style Incident at Bushehr
A source called me over the weekend and alluded to some intel concerning the Bushehr nuclear plant with regard to Stuxnet. Of course you all out there are probably sick of hearing about Stuxnet (especially the infosec/IW community) but, I thought this was interesting and should drop a post. My source says that certain people in the know are worried about the whole stuxnet operation from the point of view that it was released into systems that, to the creators of the operation, were not completely understood. That is to say that Iran, being as hard to get intel on, may have had configurations or issues that the creators and implementors of Stuxnet did not account for and could indeed have caused a larger catastrophe with the malware.
This is now making the rounds quietly in certain areas of the media, but, I want to call your attention to this article that I found on payvand.com. In it, a nuclear expert speaks about the potential for a nuclear accident due to the design specs of the reactor at Bushehr and the fact that the Russians reported that they were removing the nuclear material from the reactor recently.
From: Dr. Sadeq Rabbani, Former Deputy of the Nuclear Energy Organization
The Russians claim that they were obliged to remove the fuel from the Bushehr nuclear reactor in order to replace a part that was installed during the time the Germans were managing the construction of the plant. It should be noted that according to the contract with Russia for construction of the Bushehr plant, the Russians replaced all inner parts of the reactor and presented a new design. In the German model, a vertical design was used, but the Russians adopted the horizontal model. This means that the created problem was not related to the inner parts of the German-designed reactor.
So the Russians were paid for the construction of the Bushehr reactor and have also changed the design. Now the problem is whether the Russians were wrong in their design. It is unlikely that the Russians were wrong in their design, because this is not the first plant that they have constructed, and their experience is valuable.
There remains only the Stuxnet virus that Iran denies has been able to affect the Bushehr facilitates. So, if we assume that the Iranian authorities are right, the Russians are playing with us by delaying the launch of the Bushehr plant, and want to continue to delay launching it.
My source, who has connections with various people in the know, says that there is a higher potential that since the German design and build was overtaken by the Russians, that they may in fact have introduced flaws within the system that “could” lead to a Chernobyl style event if something like Stuxnet had infected other PLC systems. Of course this is a blanket concern with malware on the level of Stuxnet anyway is it not? Of course, Stuxnet was particularly targeted to the Siemens systems for enrichment but, there is always a chance of undesired effects to potentially other systems.
This is not to say that there have been or are other systems that have been compromised by Stuxnet… That we know of.
Ostensibly, Stuxnet was aimed at the weapons facilities but, one must not think that the weapons facilities and the nuclear power program were kept apart by a firewall, for the lack of a better term. I am willing to bet that the two are connected both semantically as well as functionally, and in that, the systems that play a key role may have too. IF Stuxnet travelled to the Bushehr systems, what ‘could’ be the import here? Just as well, what would the design of the reactor play as a part to hastening a large nuclear accident?
The article above goes on to say that Dr. Rabbani does not believe that the design and implementation of the Bushehr reactor is likely to cause an issue. Others though have been saying the opposite. Including my source. All that is really known at this point are the following things;
- When Stuxnet hit Iran claimed that they were just fine! However, reports internally at the nuclear facilities and universities proved otherwise. That the malware was running rampant and they were trying and failing to exterminate it.
- The design and implementation of the nuclear reactor had been started by the Germans (Siemens) and then stopped for many years. Then the Russians picked up where the Germans left off. It is possible that the design changes and or builds on to previous versions could have flaws in them that might make for vulnerabilities.
- The Russians have removed the nuclear materials and the program is steadily losing ground to delay.
All in all, the unforeseen circumstances of malware like Stuxnet may indeed have caused issues at Bushehr, or, they could have been a calculated thing. Perhaps this is just Iran being careful out of paranoia as fallout from the incident. In either scenario, we win out in that the programs are being delayed. However, the worry that my source intoned was that they may not have considered the possibilities of collateral damage and just how bad they could be if the reactor had gone online and melted down. Of course, this is after seeing everything that is happening in Fukushima, so it’s on many minds.
My source went on to ask the question; “This would have to have a presidential order wouldn’t it as an operation?” The answer to that is yes. It is also quite likely that this operation was set forth by the previous administration (Bush) and, well, we know just how well thought out that presidency was huh? To my source, I say be careful in speaking about this. To all of you out there reading this I say keep your eyes peeled, there’s bound to be more fallout.
K.
Anonymous #HQ: Inside The Anonymous Secret War Room
John Cook and Adrian Chen — Dissident members of the internet hacktivist group Anonymous, tired of what they call the mob’s “unpatriotic” ways, have provided law enforcement with chat logs of the group’s leadership planning crimes, as well as what they say are key members’ identities. They also gave them to us.
The chat logs, which cover several days in February immediately after the group hacked into internet security firm HBGary’s e-mail accounts, offer a fascinating look inside the hivemind’s organization and culture.
- Sabu
- Kayla
- Laurelai,
- Avunit,
- Entropy,
- Topiary,
- Tflow
- Marduk
- Metric
- A5h3r4
So, Hubris/A5h3r4/Metric have broken into the inner circle of at least one cell of Anonymous. I say cell because I do not think that these users are the actual full scale leaders of Anonymous, instead, as I have said before, there are cell’s of Anon’s that perform operations sporadically. These folks, if the chat transcripts are true, are the ones just behind the HBGary hack and at least one of them, with the Gawker hack.
Once again, I will reiterate here that I think Anonymous is more like a splinter cell operation than anything else. There is an aegis from the whole as an idea, but, they break off into packs for their personal attacks, or whatever turns them on. They coalesce into a unit when they feel moved to, but, they do not overall, just get together and act without direction on the part or parts of leaders.
The example below of the transcripts for #HQ show that these characters though, are a little high on themselves after the hack on HBG… And you know what happens when you don’t pay attention to the hubris factor. You get cocky and you get burned. As you can see below, some of them are at least nervous about being popped or infiltrated.. Those would be the smart ones…
04:44 <&Sabu> who the fuck wrote that doc
04:45 <&Sabu> remove that shit from existence
04:45 <&Sabu> first off there is no hierachy or leadership, and thus an operations manual is not needed[snip]
04:46 <&Sabu> shit like this is where the feds will get american anons on rico act abuse and other organized crime laws
04:47 <@Laurelai> yeah well you could have done 100 times more effective shit with HBgary
04:47 <@Laurelai> gratted what we got was good
04:47 <&Sabu> if you’re so fucking talented why didn’t you root them yourselves?
04:47 <@Laurelai> but it could have been done alot better
04:47 <&Sabu> also we had a time restraint
04:48 <&Sabu> and as far as I know, considering I’m the one that did the op, I rooted their boxes, cracked their hashes, owned their emails and social engineered their admins in hours
04:48 <&Sabu> your manual is irrelevent.[snip]
04:51 <&Sabu> ok who authored this ridiculous “OPERATIONS” doc?
04:51 <@Laurelai> look the guideline isnt for you
04:51 <&Sabu> because I’m about to start owning nigg3rs
04:51 <&marduk> authorized???
04:52 <@Laurelai> its just an idea to kick around
04:52 <@Laurelai> start talking
04:52 <&Sabu> for who? the feds?
04:52 <&marduk> its not any official doc, it is something that Laurelai wrote up.. and it is for.. others
04:52 <&marduk> on anonops
04:52 <&Sabu> rofl
04:52 <@Laurelai> just idea
04:52 <@Laurelai> ideas
04:52 <&Sabu> man
04:52 <&marduk> at least that is how i understand it
04:52 <@Laurelai> to talk over
04:53 <&Sabu> le sigh
04:53 <&marduk> mmmm why are we so in a bad mood?
04:53 <&Sabu> my nigga look at that doc
04:53 <&Sabu> and how ridiculous it is[snip]
04:54 <&marduk> look, i think it was made with good intentions. and it is nothing you need to follow, if you dont like it, it is your good right
04:55 <&Sabu> no fuck that. its docs like this that WHEN LEAKED makes us look like an ORGANIZED CRIME ORGANIZATION
My observations though have always been that the groups would be infiltrated by someone and then outed. It seems that this may indeed be the case here if the data is indeed real. It seems to me that a certain j35t3r said much the same before, that he could and did indeed infiltrate the ranks, and had their data. Perhaps J has something to do with this? Perhaps not… Still, the principle is sound.
- Infiltrate
- Gather INTEL
- Create maps of connections
- Report
It would seem also that these guys are liminally aware of the fact that their actions can be seen as a conspiracy and that the government will not only get them on hacks potentially, but also use the conspiracy angle to effectively hogtie them in court. Let me tell you kids, there is no perfect hack… Well unless the target is so inept as to have absolutely no logging and does not even know for a very long time that they had been compromised.. Then the likelihood of being found out is slimmer, but, you guys popped and then outed HBG pretty darn quick.
I am willing to bet there are breadcrumbs.. And, those said breadcrumbs are being looked at by folks at some three letter agencies as I write this. You see kids, you pissed in the wrong pool when it comes to vindictiveness. I agree that HBG was up to bad shit and needed to be stopped, but, look at the types of things they were planning. Do you really think that they are above retaliation in other ways than just legal? After all, they were setting up their own digital plumbers division here huh?
Anyway… Just sayin…
Back on topic here with the Backtrace folks and the logs. I have looked at the screen names given and have come to the conclusion that they are all generic enough that I could not get a real lock on anything with Maltego. I had some interesting things pop up when you link them all together, but, overall not enough to do anything meaningful. The other issue is that Maltego, like any tool using search engines and data points, became clogged with new relational data from the articles going wide. I hate it when the data is muddied because of this.
So, yeah, these names are not unique enough to give solid hits. Others though who have been re-using nicks online as well as within the confines of Anonops, well that is another story. I just have this feeling that there are larger drift nets out there now hoovering all you say and do on those anon sites, even if they are in the .eu space. I still have to wonder if any of those IRC servers have been compromised yet by certain intelligence agencies.
One wonders too if China might also be playing in this area… How better to sow discontent and destabilize than to use a proxy like Anonymous for operations?
For that matter.. How about the CIA?
NSA?
Think on it… Wouldn’t Anonymous make a perfect false flag cover operation?
For now, I am going to sit and watch. I would like to see the full chat transcripts though. Now that would be interesting.
“May you live in interesting times”
Indeed.
K.
Top Secret America: The Fifth Column, Uncontrolled and Unaccounted For
The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work.
These are some of the findings of a two-year investigation by The Washington Post that discovered what amounts to an alternative geography of the United States, a Top Secret America hidden from public view and lacking in thorough oversight. After nine years of unprecedented spending and growth, the result is that the system put in place to keep the United States safe is so massive that its effectiveness is impossible to determine.
The investigation’s other findings include:
* Some 1,271 government organizations and 1,931 private companies work on programs related to counterterrorism, homeland security and intelligence in about 10,000 locations across the United States.
* An estimated 854,000 people, nearly 1.5 times as many people as live in Washington, D.C., hold top-secret security clearances.
* In Washington and the surrounding area, 33 building complexes for top-secret intelligence work are under construction or have been built since September 2001. Together they occupy the equivalent of almost three Pentagons or 22 U.S. Capitol buildings – about 17 million square feet of space.
From Secret America in the Washington Post
PBS Frontline report coming this fall
When this article came out there seemed to be just a collective murmur as a response by the masses. I figured that either people just didn’t care, didn’t get it, or were just too stunned to comment about it. Upon reading up some more and seeing the Frontline piece, I have decided that most people just can’t grasp the sheer import of this report. What this all says to me is that the government has no idea of just who is doing what and how much money is being spent. What’s more, the people certainly have no idea (the people as in the voting public) whats really going on either.
Another factor here I think is that many people just have too much faith in the government and in the corporations. When you really look at it though, once you have worked in the sausage factory and have seen how its made, you really never want to eat sausage again. Its like that with working for the government and or corporations really. Having spent all these years in the information security business working for fortune 500 companies as well as the government, I can say I do not want to “Eat the sausage” Of course perhaps the better thing to say is that I do not trust the government nor corporations because they both are comprised of inept people and red tape.
By far though, the concerns that I have are something a bit more ominous in nature. I fear that these machinations will only lead to greater abuses of power by not only the government but also the corporate entities that they have tasked with performing all this secret work. It used to be that there was government oversight on the intelligence community, but you knew that there was some off books things happening. Now, we have post Iraq and still ongoing in Afghanistan, a contractor proxy war that now includes a civilian intelligence element. An element that now seems to be even more “civilian” because it is being operated by corporations and not wings of the government. It gives a new meaning to “black ops”
Another interesting turn in this “secretification” to steal a Bush-ism is the whole issue of just how far the pendulum has swung from the nations not caring so much about HUMINT and intelligence to suddenly being even more fervent about it it seems than they were during the cold war years. I might also hazard a statement to say that since 9/11 it has generally felt more and more like the 50’s again where paranoia is concerned about the “enemy threat to the homeland”
Are we in danger? Yes. Do we need to have to go back to the 50’s mentality of us and them with a McCarthy-esque twist? No.
Of course all or most of this is aimed at Jihadi terrorists and not a governmental body like the Soviet bloc and this is where the disconnect seems to be the largest for me. It’s rather ironic actually that all this effort is being predicated on fighting a group of people who are not generally known for being easily infiltrated nor as easy to get a grasp on as the Sov’s were. People just knee jerked after 9/11 and really, they have only created even more bureaucracy in which the real INTEL will get lost and another attack likely happen because of it.
Welcome to Washington’s dementia…
Spies Among US
First of all, when it comes to espionage, nothing in Russia has changed. After all, the real leader of Russia, Vladimir Putin, was as a career KGB agent who came up through the ranks, and not by exhibiting democratic principles but rather by being a steadfast believer in communist ideology and the especially harsh methods of the Soviet regime with which we are all familiar. In fact, let’s not forget, no one presently in a senior leadershipposition in Russia came up through a nursery of democratic institutions, but rather through the vestiges of Stalin, Kruchev, Andropov, the NKVD and the KGB. Putin, true to his breeding, has surrounded himself with trusted KGB cronies who believe as he does at all levels. So don’t expect anything less from Russia than what they are: not our allies. The KGB had illegals in the United States under the Soviet system and the SVRstill does, according to most experts, under the Russian Federation. How many are here? No one knows, but one thing we can be sure of, this is one of their favored ways to penetrate a nation and have a presence there and they are not giving up on this technique.
But why you ask? After all, the Russians have satellites and they can intercept communications and break codes. Yes and more. However, the one thing that Russian intelligence will always rely on is a backup system to their technical expertise in case of war (hostilities). They always want to have a human in the loop who can have access to information and more importantly to other humans.
You see, an illegal that passes as an average American, can have access to things no satellite, phone intercept or diplomat can have access to—every day things, such as a car, a home, a library, neighborhood events, air shows on military bases, location of fiber cables, access to gasoline storage facilities, a basement to hide an accomplice, a neighbor’s son serving in the military, and so on. If you think like an intelligence officer, then you realize in an open society it’s possible to obtain a lot of information. A mere walk in a neighborhood on a Saturday morning can give you access to vehicles parked at a garage sale that have stickers from government installations or high tech companies doing research. These individuals can be tracked or befriended. Neighbors often watch each other’s houses and may even have keys, which give an intelligence officer access to the house, or a car, or a gated community. They get invited to parties, meet people and gain access to individuals with knowledge, influence or information. And that is only the beginning.
Full article HERE
The above is a snippet from a Psychology Today article by a former FBI spycatcher. I bring it to you to perhaps clarify some of the news out there and maybe give some ancillary corroboration to the things I have been saying all along about the 11, now 12 “illegals” that were caught and so quickly deported recently.
It was surprising to see just how many people thought that since the Sov Bloc was gone that the new Russia would be spying on little ol’ us. I guess this says more about our culture than it does about theirs really. Just as the author says above, the Russians still have the “strong man” mentality inculcated within their culture and they are led by none other than Vladimir Putin, KGB down to his boxers… And still in charge. So why would it be so inconceivable that the Russians would have such illegals programs as well as other NOC operatives in country? Its certainly the case and always has been. It’s just that the people of the US are too busy thinking about the latest episode of the Hills instead of perhaps geopolitics huh.
Geopolitics and history aside, the article brings out a key point that I have made on more than a few occasions. HUMINT is ery important. This is something that we learned post 9/11 and have been trying to fix since we fucked it all up back in the 90’s (Sorry Bill Clinton) by reducing the HUMINT capabilities of the likes of the CIA in favor of technological means of spying (ala the NSA) We went too far in the other direction and got caught with our pants around our ankles because we did not have a man on the ground to give us good intel on the 19.
Then we have the 12 illegals pop up… and everyone is surprised that the Russians are spying on us as well as amazed at the old school tradecraft that they are using.
How antiquated…
Antiquated and still quite functional boys and girls.
Expanding it further out though, you can see in the passage that I like the most that;
If you think like an intelligence officer, then you realize in an open society it’s possible to obtain a lot of information. A mere walk in a neighborhood on a Saturday morning can give you access to vehicles parked at a garage sale that have stickers from government installations or high tech companies doing research. These individuals can be tracked or befriended. Neighbors often watch each other’s houses and may even have keys, which give an intelligence officer access to the house, or a car, or a gated community. They get invited to parties, meet people and gain access to individuals with knowledge, influence or information. And that is only the beginning.
THIS is a key thing to pay attention to. Once you are in, you have so much access that you really don’t need all of the arcane spy vs spy stuff to get what you really want here. The illegals were a foothold group sent to burrow in and make lives so they could gather data and make friends. They would be, in states of serious distress between the countries, “inside men” the fifth column to attack the enemy from the inside… Say, does this remind you of anything going on recently? Say, oh Jihadi’s recruiting US citizens for Jihad?
Yep.
Situational Awareness is key.
Krypt3ia 
SPOOK COUNTRY 2011: HBGary, Palantir, and the CIRC
with 5 comments
CIRC: The New Private Intelligence Wing of (insert company name here)
The HBGary debacle is widening and the players are beginning to jump ship each day. The HBGary mother company is disavowing Aaron Barr and HBGary Federal today via twitter and press releases. However, if you look at the email spool that was leaked, you can see that they could have put a stop to Aaron’s game but failed to put the hammer down. I personally think that they all saw the risk, but they also saw the dollar signs, which in the end won the day.
What Aaron and HBGary/Palantir/Berico were offering was a new kind of intelligence gathering unit or “cell” as they called it in the pdf they shopped to Hunton & Williams LLP. Now, the idea and practice of private intelligence gathering has been around for a very long time, however, the stakes are changing today in the digital world. In the case of Hunton, they were looking for help at the behest of the likes of Bank of America to fight off Wikileaks… And when I say fight them off, it would seem more in the sense of an anything goes just short of “wet works” operations by what I see in the spool which is quite telling.
You see, Wikileaks has made claims that they have a certain 5 gig of data that belonged to a CEO of a bank. Suddenly BofA is all set to have Hunton work with the likes of Aaron Barr on a black project to combat Wikileaks. I guess the cat is out of the bag then isn’t it on just who’s data that is on that alleged hard drive huh? It would seem that someone lost an unencrypted drive or, someone inside the company had had enough and leaked the data to Wikileaks. Will we ever really know I wonder?
Either way, Barr et al, were ready to offer a new offering to Hunton and BofA, an intelligence red cell that could use the best of new technologies against Anonymous and Wikileaks. Now, the document says nothing about Anonymous nor Wikileaks, but the email spool does. This was the intent of the pitch and it was the desire of Hunton and BofA to make both Anonymous and Wikileaks go away, for surely if Wikileaks were attacked Anonymous would be the de facto response would they not?
A long time ago William Gibson predicted this kind of war of attrition online. His dystopian world included private intelligence firms as well as lone hackers out there “DataCowboy’s” running the gamut of corporate intelligence operations to outright theft of Pharma-Kombinat data. It seems that his prescient writings are coming into shape today as a reality in a way. With the advent of what Barr and company wanted to offer, they would be that new “cowboy” or digital Yakuza that would rid clients of pesky digital and real world problems through online investigation and manipulation.
In short, Hunton would have their very own C4I cell within their corporate walls to set against any problem they saw fit. Not only this, but had this sale been a go, then perhaps this would be a standard offering to every other company who could afford it. Can you imagine the bulk of corporations out tehre having their own internal intelligence and dirty tricks wings? Nixon, EH Hunt, and Liddy would all be proud. Though, Nixon and the plumbers would have LOVED to have the technology that Aaron has today, had they had it, they may in fact have been able to pull off that little black bag job on Democratic HQ without ever having to have stepped inside the Watergate
The Technology:
I previously wrote about the technology and methods that Aaron wanted to use/develop and what he was attempting to use on Anonymous as a group as the test case. The technology is based on frequency analysis, link connections, social networking, and a bit of manual investigation. However, it seemed to Aaron, that the bulk of the work would be on the technology side linking people together without really doing the grunt work. The grunt work would be actually conducting analysis of connections and the people who have made them. Their reasons for connections being really left out of the picture as well as the chance that many people within the mass lemming hoards of Anonymous are just click happy clueless folks.
Nor did Aaron take into account the use of the same technologies out there to obfuscate identities and connections by those people who are capable, to completely elude his system altogether. These core people that he was looking to connect together as Anonymous, if indeed he is right, are tech savvy and certainly would take precautions. So, how is it that he thinks he will be able to use macroverse data to define a micro-verse problem? I am steadily coming to the conclusion that perhaps he was not looking to use that data to winnow it down to a few. Instead, through the emails, I believe he was just going to aggregate data from the clueless LOIC users and leverage that by giving the Feds easy pickings to investigate, arrest, and hopefully put the pressure on the core of Anonymous.
There was talk in the emails of using pressure points on people like the financial supporters of Wikileaks. This backs up the statement above because if people are using digital means to support Wikileaks or Anonymous they leave an easy enough trail to follow and aggregate. Those who are friending Facebook support pages for either entity and use real or pseudo real information consistently, you can easily track them. Eventually, you will get their real identities by sifting the data over time using a tool like Palantir, or for that matter Maltego.
The ANONYMOUS names file
This however, does not work on those who are net and security savvy.. AKA hackers. Aaron was too quick to make assumptions that the core of Anonymous weren’t indeed smart enough to cover their tracks and he paid the price as we have seen.
The upshot here and extending what I have said before.. A fool with a tool.. Is still a fool.
What is coming out though more each day, is that not only was Aaron and HBGary Fed offering Palantir, but they were also offering the potential for 0day technologies as a means to gather intelligence from those targets as well as use against them in various ways. This is one of the scarier things to come out of the emails. Here we have a company that is creating 0day for use by intelligence and government that is now potentially offering it to private corporations.
Truly, it’s black Ice… Hell, I wouldn’t be surprised if one of their 0day offerings wasn’t already called that.
The INFOSEC Community, HBGary, and Spook Country:
Since my last post was put on Infosecisland, I had some heated comments from folks who, like those commenting on the Ligattleaks events, have begun moralizing about right and wrong. Their perception is that this whole HBGary is an Infosec community issue, and in reality it isn’t. The Infosec community is just what the shortened name means, (information security) You all in the community are there to protect the data of the client. When you cross the line into intelligence gathering you go from a farily clear black and white, to a world of grays.
HBGary crossed into the gray areas long ago when they started the Fed practice and began working with the likes of the NSA/DOD/CIA etc. What the infosec community has to learn is that now the true nature of cyberwar is not just shutting down the grid and trying to destroy a country, but it also is the “Thousand Grains of Sand” approach to not only spying, but warfare in general. Information is the currency today as it ever was, it just so happens now that it is easier to get that information digitally by hacking into something as opposed to hiring a spy.
So, all of you CISSP’s out there fighting the good fight to make your company actually have policies and procedures, well, you also have to contend with the idea that you are now at war. It’s no longer just about the kiddies taking credit cards. It’s now about the Yakuza, the Russian Mob, and governments looking to steal your data or your access. Welcome to the new world of “spook country”
There is no black and white. There is only gray now.
The Morals:
And so it was, that I was getting lambasted on infosecisland for commenting that I could not really blame Anonymous for their actions completely against HBGary/Aaron. Know what? I still can’t really blame them. As an entity, Anonymous has fought the good fight on many occasions and increasingly they have been a part of the mix where the domino’s are finally falling all over the Middle East presently. Certain factions of the hacker community as well have been assisting when the comms in these countries have been stifled by the local repressive governments and dictators in an effort to control what the outside world see’s as well as its own people inside.
It is my belief that Anonymous does have its bad elements, but, given what I know and what I have seen, so does every group or government. Take a look at our own countries past with regard to the Middle East and the CIA’s machinations there. Instead of fighting for a truly democratic ideal, they have instead sided with the strong man in hopes of someday making that transition to a free society, but in the meantime, we have a malleable player in the region, like Mubarak.
So far, I don’t see Anonymous doing this. So, in my world of gray, until such time as Anonymous does something so unconscionable that it requires their destruction, I say let it ride. For those of your out there saying they are doing it for the power and their own ends, I point you in the direction of our government and say this; “Pot —> Kettle —> Black” Everyone does everything whether it be a single person or a government body out of a desired outcome for themselves. Its a simple fact.
Conlcusion:
We truly live in interesting times as the Chinese would curse us with. Today the technology and the creative ways to use it are outstripping the governments in ability to keep things secret. In the case of Anonymous and HBGary, we have seen just how far the company was willing to go to subvert the laws to effect the ends of their clients. The same can be said about the machinations of the government and the military in their ends. However, one has to look at those ends and the means to get them and judge just was it out of bounds. In the case of the Barr incident, we are seeing that true intelligence techniques of disinformation, psyops, and dirty tricks were on the table for a private company to use against private citizens throughout the globe.
The truth is that this has always been an offering… Just this time the technologies are different and more prevalent.
If you are online, and you do not take precautions to insure your privacy, then you lose. This is even more true today in the US as we see more and more bills and laws allowing the government and police to audit everything you do without the benefit of warrants and or by use of National Security Letters.
The only privacy you truly have, is that which you make for yourself. Keep your wits about you.
K.
Rate this:
Written by Krypt3ia
2011/02/19 at 20:45
Posted in 1st Amendment, A New Paradigm, Advanced Persistent Threat, Anonymous, APT, Business Intelligence, Business is war, CAUI, Chiba City Blues, CIA, Codes, COMINT, Commentary, Corporate Intelligence, CounterIntelligence, Covert Ops, CyberSec, CyberWar, Digital Ecosystem, Dystopian Nightmares, Espionage, Hacking, HUMINT, Infosec, Infowar, INTEL, Maltego, Malware, Narus STA 6400, Neurobiology, OPSEC, OSINT, Panopticon, PsyOPS, Recon, Security, Security Theater, SIGINT, Social Engineering, Subversive Behavior, Surveillance State, Tactics, The Five Rings, Tradecraft, Weaponized Code, Wikileaks