Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Psychology’ Category

A Psychological Thumbnail of Donald J Trump’s Narcissistic Personality Disorder and Its Implications

with 4 comments

_dyyoknt-jpglarge

 

DSM-V Narcissistic Personality Disorder:

screenshot-from-2017-01-27-08-54-45 screenshot-from-2017-01-27-08-55-24

As you may have noticed of late I have been pretty quiet here. Since the election I have been taking stock of what is happening and trying to assess what is yet to come and what courses of action might be appropriate. As they say, when you are quiet you can hear more, unfortunately in this environment of late the cacophony is 24/7 and now has so many ‘alternative facts’ it is hard to parse it out and keep one’s sanity. I have though pondered 45’s psychology because he has been giving us all quite the window into his psyche since his inauguration. Of course if you have been paying attention to Trump throughout the years you have seen glimpses of his disorder but one could just shrug that off because he was a celebrity and not the president. Now though, he is in the presidency and he has control of many levers of power.

With that in mind I would like to acquaint you all with NPD (Narcissistic Personality Disorder) from the clinical point of view and expand a little given what we all have seen unfolding in the media as he overreacts to those things that challenge his own reality of grandiosity. As you can see from above, the diagnostic keys for NPD align to much of what we have seen of Trump over the years but in particular highlighted recently with regard to his exceeding need to have the “largest ever” crowd at an inaugural. Let’s map his recent actions with the DSM shall we?

  • Identity: Excessive reference to others for self definition and self esteem regulation; exaggerated self appraisal may be inflated or deflated, or vacillate between extremes; emotional regulation mirrors fluctuations in self esteem
    • I have the best people
    • I have a great brain
    • I had the biggest turnout at an inaugural
    • The rain stopped and the sun shown down on me during the speech
    • The media is at war with me
    • The CIA is acting like the Nazi’s against me
    • His whole Twitter feed
    • The Spicer incident with Trump ordering him to have his first press conference to trumpet his own reality of exceptionally large crowds at the inaugural post the Women’s march
  • Self direction: Goal setting is based on gaining approval from others; personal standards are unreasonably high in order to see oneself as exceptional, or too low based on a sense of entitlement; often unaware of own motivations.
    • All of Trump’s products with his name on them proclaim to be the ‘best’ the gold standard
    • He is the son of a rich man who he sought to please but has always held the entitlement of being a “winner” per his fathers ideology of winners and losers
    • Gaining his fathers approval was key in his youth (being a winner)
    • As to motivations, he has vacillated on topics to garner attention in the media on many occasions then lies about being pro or anti anything even after the footage is produced
  • Empathy: Impaired ability to recognize or identify with the  feelings and needs of others; excessively attuned to reactions of others, but only if perceived as relevant to self; over or underestimate of own effect on others.
    • Mocking the disabled
    • Othering of lower classes
    • Reactions only when the attacks are against his own self worth or perception thereof (See debates “I’m like the smartest guy I know”)
  • Intimacy: Relationships largely superficial and exist to serve self esteem regulation; mutuality constrained by little genuine interest in others‟ experiences and predominance of a need for personal gain
    • Most telling, when asked who his friends were by a reporter he said “I don’t really have any”
    • All relationships therefore in light of that comment (which was then backstopped) are then for gain of some kind as perceived by Trump
  • Pathological personality traits in the following domain:
    1.Antagonism, characterized by:
    A. Grandiosity: Feelings of entitlement, either overt or covert; self centeredness; firmly holding to the belief that one is
    better than others; condescending toward others.
    B. Attention seeking: Excessive attempts to attract and be the focus of the attention of others; admiration seeking.
    C. The impairments in personality functioning and the individual‟s personality trait expression are relatively stable across time and consistent across situations.
    D. The impairments in personality functioning and the individual‟s personality trait expression are not better understood as normative for the individual‟s developmental stage or socio cultural environment
    E. The impairments in personality functioning and the individual‟s personality trait expression are not solely due to the direct physiological effects of a substance (e.g., a drug of abuse, medication) or a general medical condition (e.g., severe head trauma)

    • See all indicators above
    • See arc of his personality over time in the media
    • He has no sense of the disorder whatsoever, in fact admitting such would only dimish his own portrait of esteem
    • We are not aware of drug abuse or trauma to the individual

You can see where he is lining up with the DMS-V categories and I could go on with citations but we don’t really need to do we? All of this should be rather apparent and become even more nauseatingly clear as we move along in his presidency. It is also of note that leaks have started to appear due to the president’s outbursts from his narcissism at his staff. He is already alienating staff and likely will continue to alienate others around him who must work with him as his narcissistic tendencies assert themselves against them.

Another narrative I would like to bring up is the whole kompromat against Trump and how the NPD plays in this milieu. If there is kompromat on Trump then it is likely to be the one thing that would really work against a sufferer of NPD. Imagine the amounts of schadenfreude Trump would have to deal with if such documented evidence were to be released? Particular to this vein of thought would not be the sexual foray’s, I should think that some part of Trump would rationalize this as is overt manliness and sexual prowess (if only sex acts with hookers, if it was in fact being urinated on, well, that is another bent that may lead to diminishing his self perception) and use it to self re-enforce his beliefs. The kompromat that would be most damaging to him would be financial and call into question the quality of his businesses and his products. Alternatively the evidence of bad business dealings, dirty deals, and most of all, Trumps not being his own man but being beholden to others (i.e. monies lent and lost etc) that would diminish his grandiosity and perception of his world.

In summation I would just like you all to have a look at the DSM-V on this and his pathology he has shown us all and will continue to as time goes on during his presidency. I would also like you all to consider this thumbnail as a core aspect of how you might resist against him. Mocking him seems to be the best tool to use to flummox him and cause a reaction, perhaps I should say over reaction really. Additionally, look at this in light of how other countries will react to him and maybe learn to use this model as well. The way I assess it, if he is mocked enough and in the right ways he will over-rotate and cause ripples around him. Those ripples will come back at him and cause him to react more, it is a feedback loop that may in fact lead to his presidency ending through impeachment.

Interesting thoughts…

Dr. K.

Written by Krypt3ia

2017/01/27 at 15:25

Posted in Psychiatry, Psychology

ASSESSMENT: Insider Threats, Espionage Recruitment and Psychological Profiling

with one comment

Screenshot from 2014-01-27 15:07:53

Insider Threat SNOWDEN:

The insider threat has always been and always will be the bigger of the threats or so the aphorism goes. In reality it certainly seems to be the case in the Snowden affair and the NSA is still stinging from it as I write this. Snowden leveraged his administrative access where he could and used technical and social means as well to gather the information and access he wanted to ex-filtrate out of Ft. Meade. Since Snowden was so successful and the NSA and IC has been blindsided by the ease of the attack and their stunning lack of controls the government and IC has been re-thinking their security around insider threats. Since much of today’s technology allows for ease of access and people tend to be the weakest link in the security chain (on average) the NSA is looking to more proactive controls against this type of exploit. Since they failed logically and technically to stop an insider attack I assume that they are in a real bind trying to assert control over not only the data they house but also the custodians of that data and architecture as well.

The Insider Threat Has Always Been The Largest:

Since the dawn of time the insider threat has always been a go to if possible in waging war against anyone. The Trojan Horse for example is the greatest use of the “insider” by placing outsiders inside and making the opposition the method of their own doom. Insiders though are commonly traitors or spies (sleeper or other) inserted or bought to work for the opposition to gain access inside the confines of the sanctum. In the case of hacking and digital malfeasance this often times takes the shape of an insider who feels they have been wronged in some way and either steals IP or destroys operations within a company or org to cause great damage. What has come to light though over the years and now has been brought to the fore are the psychological and social cues or traits that make a person more likely to be an insider threat.

In the case of espionage the recruitment of spies really is the tale of an insider threat. What makes someone become an asset for a service like the CIA? Within the IC (CIA) a lot of time was spent on the psychology of recruitment and handling of assets. MICE was the standard by which the CIA handled recruitment and handling up until recently when a new paradigm was put forth (RASCLS) which is much more reciprocal instead of just carrot and stick. Where all of this touches on insider threats though in the common vernacular of INFOSEC is where the motivation lies for someone’s actions. In a paper put out recently called “Inside the Mind of An Insider” the focus is on technologists and insider attacks that they have or may carry out and their personal motivations as well as proclivities to do so within the tech sector. I however would assert that this take is only a sub header within the larger umbrella of motivations and actions that an insider whether or not they are a spy or just an aggravated tech worker would have or carry out.

in the paper (cited above in picture at top) the writers lay out the “six characteristics” that coincidentally make up much of the same ideals and motivations that you will find in a recruit-able asset within the IC sphere. In fact, I would assert as well that if in fact Snowden were at all contacted by an outside security services to do what he did, these motivations would have been leveraged within him as well. What it all comes down to human nature. We are all subject to wants and desires as well as feelings of being under appreciated or not appreciated at all in our daily lives. This makes anyone potentially an insider whether they self activate or are handled by someone.

Countermeasures And Technologies:

The NSA though has been working on some technical means of detection and deterrence of an insider attack where other logical means have failed. These consist of programs that monitor behaviour patterns of users and access as well as I can only assume their outside activities such as internet access, browsing, and comments on sites. Can such programs really detect accurately the mind of a person and their motivations to lock down on them as a potential threat? I am sure that the technology is getting much better at this heuristic behaviour detection so sure but I don’t think it will be infallible however. I also suspect that it will also mark people as bad actors when in fact they may never even entertain the thought of actually carrying out some plan against the NSA or whatever company that might employ such tech. I would also assume that the people at the NSA will be undergoing more frequent and rigorous Poly sessions as well as perhaps psychological profiling which does not bode well for many I think who want to feel as though they are part of a team. Generally the job is stressful enough when you cannot talk about anything you do and are always fearing that you might slip at some point and give away information that you shouldn’t. The psychological stress of cleared life is hard and this will all just make it a little harder in the post Snowden world.

ANALYSIS:

Whether you call it an “insider threat” or a spy, saboteur, or insurgent the same psychology applies. People are motivated by things that are personal to them. Desires they have for money, power, or fame as well as a myriad of other reasons for their actions. To attempt to detect and deter this activity will be quite the undertaking and hard enough in the classified world. Now imagine that you are not a cleared individual but instead an corporate employee, how are you going to feel about such activities and programs attempting to tell whether or not you might turn on the company and damage their servers? I somehow doubt that many corporations will undertake the threat modelling here for insider threats as seriously as the NSA but I can see where some might want some insight. We already have things like Websense and IDS/IPS/SIEM tech that follows traffic but with the advent of the likes of Facebook, how long will it be until they offer a service that tracks users behaviour and sells it to your security department? If companies are sufficiently worried about their insider threats then they will begin profiling and putting in countermeasures.

Welcome to the brave new world…

K.

Digital Natives, Digital Immigrants, Exo-Nationals and The Digital Lord of The Flies

leave a comment »

SAMSUNG DIGITAL CAMERA

XXXXXXXXXXXXXXXXXXXX

Digital Natives

Last week Josh Corman was at a conference and live tweeting commentary and thoughts online about INFOSEC and around the ideas of Cyberwar. At one point he mentioned the idea of “Digital Natives” against the backdrop of nation states and it struck me again as something I needed to expand upon. Though Josh had said he wanted a chance to explain further to me his ideas before I posted I don’t feel like I think that differently than he does about the topic. Though perhaps I do, I am not sure as I have yet to hear his ideas in full but I wanted to get this out of my head now so here it is.

Digital natives as a term has been around since 2001 when Marc Prensky coined the term in his work “Digital Natives, Digital Immigrants” was published. In this article he explains the basis of the idea that since kids from 2000 on (I would say earlier for some of us) have grown up with computers and the internet as a ubiquitous appliance/medium they tend to be greatly different in thinking, acting, and general attitudes than their parents and older generations. These people who did not grow up with the technology always around them and used by them are termed to be “Digital Migrants” and have emigrated to the use of the Internet and technologies. As such, these immigrants are often seen as foreigners in the digital world with antiquated ideas on how things should work and methods of doing things. The article (see below link) also goes into some detail on the cognitive differences as well as social differences that Presnky was seeing in the studies he was conducting.

Prensky; Digital Natives, Digital Immigrants

Prensky; The Emerging Online Life of Digital Natives

Another paper that Prensky wrote was on the emerging online lives of these “digital natives” in that you could see the emergent behaviors progressing as online life (Web2.0 and Social Media for example) expanded to allow for more connectivity and social malleability. In both though the idea is put forth that we now have a generation or a couple really, that are inherently living their lives in a completely different way than their parents and all of it predicated on rapidly changing technology. This idea lends itself to the problems we face today as INFOSEC ptactitioners, governments, law enforcement agencies, and as parents to children who on the face of it are cognitively different than we are. Add to this the problem that much of our lives are now greatly affected by these technologies (banks, power, credit, reputations etc) that this generation or two now can control at very young ages for good or for ill and we have a problem that we must understand in order to manage.

Digital Immigrants

Moving on we have the Digital Immigrants, those who have moved into the digital space with smart phones, PC’s, Laptops, Ipads, and the like. Many do not leverage these devices in the ways that the natives do and in fact do not understand them on the whole. Outside of the people in the business of creating these wonders and creating their infrastructure the bulk of the populace older than 30 on average have little cognition of how things really work. I know this is a gross generality but just go with me on this and let’s not quibble ok? So, we have all these people who still use paper books and write things on pads and the natives think on the whole that they are a foreign species according to Prensky.

What really shakes out for me is that on the whole the LEA’s, the Gov, The Generals, and corporate execs of the world are all pretty much on the whole not of the Z or iGeneration (Natives) This means that they are all immigrants and by the terms of the idea not really connected to the ideals, attitudes, and cognitive changes that the iGen’s have in place. Add to this that aforementioned inability to really understand the technology itself nor how it could be leveraged and we have a pretty big problem with the world don’t we? Look at all this talk over cyberwar today and the outmoded modalities that are being used to try and grapple with the problems. How many times have you had the experience gentle reader with your boss or some other person as you try to explain to them the security problems with technology just to get a blank look back? …You get my point…

So we have the digital natives on average running circles around the immigrants (kids vs. parents, iGen vs. those in power) and friction occurs. All you really need look to are the cases of Aaron Swartz and Weev to see it play out in the media and the courthouse. What we commonly see as nothing really wrong the immigrants see as abhorrent, illegal, and immoral. The fact that say Weev just wrote a script to enumerate pages to us is nothing while in the eyes of the corporate types and the law it is an offense worthy of going to jail for 3.5 years and a lot of money in recompense to the corporation that was enumerated. Until such time as the immigrants are all gone and only the natives inhabit the net and the meatspace we will not have substantive cognition of the new generations mores and means of living with the technologies and how the laws can be changed to make a little more sense about offenses online as well as problems like cyber-warfare. It will take a at least another generation until parity is reached.

Digital Exo Nationals

While I think that the ideas of Digital Natives and Immigrants was what Josh had in mind as the core to his statement I also think he was alluding to those natives as being their own state. This is an idea that has been brought about by Anonymous and I think could be termed as “Digital Exo-Nationals” Those out there who feel that the net is a stateless space where no one state rules them (nation) nor do the mores of meatspace apply within the electronic world they live in. A group like Anonymous can claim to be truly stateless and on the face of it they can be on one level, but I think that on  the whole anyone who is not persistently living just online (meaning they reside inside of a computer network) is in fact affected greatly by where they were raised, by whom, and are the product of their upbringing. This fact will always color people’s reactions and there will always be some form of nationalism to them as they interact online or take up arms in defense of some ideal.

With that said though I think it is nominally an idea that has merit. I believe in many ways the deizens of the net (i.e. the iGen/Natives) think of themselves as apart from the “real world’ that they physically inhabit when they are online, which today is pretty persistent at a connectivity level. This cognitive dissonance creates quite the dichotomy of perceptions for the natives. Once offline they must generally adhere to the structures of the “old world” as opposed to the pretty much wild west of the Internet and on average they manage to separate the two lives much like the quote from “The Matrix” by Agent Smith;

Agent Smith: It seems that you’ve been living two lives. One life, you’re Thomas A. Anderson, program writer for a respectable software company. You have a social security number, pay your taxes, and you… help your landlady carry out her garbage. The other life is lived in computers, where you go by the hacker alias “Neo” and are guilty of virtually every computer crime we have a law for. One of these lives has a future, and one of them does not. 

This is pretty much the perception for the immigrants right? While on the other side Neo would consider himself a freedom fighter or a seeker looking for a basic truth that the old system (i.e. The Matrix) is trying to prevent him from seeing. Think about this idea for a minute while reflecting on Anonymous today in the Wikileaks age. I think you will see the parable here and this is a core issue between Immigrant culture versus the new Native one. It is interesting to note though, that in the case of the Matrix, the natives are in fact both Neo and Smith in one sense but only Neo resides in a corporeal way… But I digress into philosophy here and before I break out my copy of “Simulacra and Simulation” on you I will stop.

Ok back to the issue at hand. We have digital natives now that perceive themselves as “Exo-Nationals” the net is their country and it is outside of the corporeal world. Their rules are not the rules of the real world and their mores are different. Their culture is one that is new and evolving and unfortunately the world they inhabit is not really theirs to control. Since the backbone of the infrastructure is owned by corporations and governments they’re really only renting if not actually squatting in their exo-national domain. This fact however does not stop them from trying to control the networks and in many ways they are able to through hacking and the use of good OPSEC. You see, in reality the natives who consider themselves Exo-Nationals are in fact guerrilla’s for the most part to my thinking.

 The Digital Lord of The Flies

No matter the dialectic, there are issues to the dichotomy between the natives and the immigrants that can beget darker things. Since on average the common kid today can bypass most protections a parent my try to purchase for their home computers, that is if they are even cognizant enough to try, we have a generation that pretty much can run amok online. Without oversight the digital natives pretty much run the show. This has been touched upon by sociologists studying 4chan and Anonymous in the past and is quite valid a point. The mores of the natives are greatly different within the online world than those that we would teach them in the offline one. All of this is really predicated on the idea that once online the native is “anonymous” by use of technological means in the extreme or just the perception thereof by those who do not cognitively understand it (younger natives still learning)

Generally though the natives learn quickly that they can do many more things online that parents and others would find frightful offline and in public. It is this “disinhibition effect” through percieved or technical anonymity that allows for this behavior to evolve and thus gives rise to what I call the “Digital Lord of The Flies” effect. In essence the children have been left to their own devices on a digital island and those more powerful take over and rule rather mercilessly. In the last few days I got a first hand view of this effect with regard to teens and twenty somethings in the gamer/Xbox verse. Where gaming had become banal some of these “crews” or “Teams” began upping the ante by hacking, carding, and what they call GT (gamer tag) “Jacking” All criminal activities that are perceived by these kids as ok because they are not doing these things to people in reality (and by reality I mean in person in front of them)

There seems to be a disconnect within the psyche for these kids where their actions are just not real because it happens online. Some of these kids that I tracked online due to recent events with the attacks on Brian Krebs that leads me to believe some of them may in fact be on the road to sociopathy. This though is not the case for all of them of course so one has to ask how is it that they feel so moved to carry out these deeds online and not feel the least bit of remorse about them? It is this disconnect that fascinates me really and I will be looking further at it in the future. As more and more generations move into the natives category being born into a world with prevalent technologies we will only see more of these problems until that parity I spoke of happens. When the parents of all these kids are just as savvy about the net as their kids are, then we will be able to teach them.. Of course in thinking about this it comes to me that perhaps that will only shift to natives teaching natives the same behaviors…

Sigh…

Time will tell I guess.

K.

Written by Krypt3ia

2013/03/22 at 20:51

So APT Is China *snicker* Now What?

with 2 comments

icanhaz

zl’s egt amsk sbfmt kze kwcyfocggp ktlhiu!

Avanced? Persistent? Threat? 

As RSA comes to a close and the corridors of the hall stop ringing with the acronym APT bleated out by a megaphone from the Mandiant booth I find myself once again looking at the problem as opposed to the hype. Let me simplify this for you all a little bit here to start though. APT is not necessarily “advanced” as the Mandiant finally lets you all out there not in the secret squirrel club know. In fact the APT’s are often just outsmarting the average end user on a daily basis and you and I both know it does not take a mental genius to do that right? Seriously there is nothing overly advanced nowadays in sending phishing emails and doing recon to assess your targets. Sure there is some coding going on once inside that is novel but really, any good hacker will tell you that they can code some shit up to keep persistence or maybe just buy it on the black market if needed. This is not rocket science here.

On the persistence thing yes, yes they are. They are persistent not only in trying to keep their toehold but also in that they bombard companies with emails in order to have a signal to noise attack. This is nifty but really it’s not a new technique. So ok persistence means they keep trying but it is often our own failings that ALLOW their persistence. Everything from the #click_sheep who keep clicking on every god damned email they get that asking if they want a bigger penis to companies lack of controls over patching and other standard procedures that they should be carrying out on their infrastructure. So when really looking for someone to blame look in the mirror folks. Hey maybe you will look in the mirror and see that you are Chinese huh?

Finally the “threat” part well I think I just covered that huh? YOU are the real threat in this vector. The adversary is just leveraging that fact to obtain their goals. The threat is not Chinese, Russian, Israeli, or French. It’s us. We are the threat and this was the case even before computers and espionage came together. How do you think a lot of the information was stolen back in the day from governments and companies? That’s right kids! It was by people being paid off or being leveraged in some way by spies and spy agencies. Now though, we really don’t have to leverage people as much with compensation or threats. Instead we just leverage their human natures and boy oh boy does it work ever so well!

Our sloth, greed, and general cluelessness are our own undoing.

Is WHO Hacked You That Important?

So Mandiant puts out a report on our Chinese hackers and everyone is a twitter over the “revelations” As someone who has personally dealt with this type of activity in my work life I was pretty apathetic about the report and it’s being published outside of the “sekret squirrel” world. Sure, they probably set us all back some and certainly have set the stage for a great amount of douchery to come but really, what good comes from this report and the data it dropped? Hurriedly I have seen many glom onto the hashes and the techniques that the Comment Crew was using in order to fortify their environments since the drop. Of course this may be to no avail as soon I am sure the CC will be changing their ways but hey, it gives us all something to do huh?

Meanwhile people are nodding their heads and saying “BAD CHINA” while the government pops out 140 page draft resolutions on how to deal with China and their hacking of our IP. I for one see this as just a lot of smoke and mirrors that may in the end have no greater effect other than political gain but hey who am I right? Let’s let it roll as everyone gets their panties in a bind over China. Others though have piped in and said that maybe it’s not only China but all too often these voices are not enough to cut through the cacophony of stupid to make it to the reasoned ear. Guess what kids it’s not just China and it never has been and this is the problem of fixating on one target. You tend to lose the other and then they come up behind you and shoot you in the back of the head.

The upshot here? Who hacked you is NOT as important as WHY you got hacked and HOW you got hacked. The old WHO WHAT WHY WHEN & HOW are important equally and we unfortunately have collectively latched onto the WHO and this will be our downfall. At least Mandiant is looking at the how but I am not hearing much about how to remediate the problems that cause the problem to start with. Instead as we see with the government response they are going to the WHO and saying “cut it out” and anyone who thinks that that is going to make them stop is really biting too tightly on the crack pipe. So back to the point which should be plainly clear. We are the target and we are the problem. It is important to understand the who but you cannot leave out the WHAT, WHERE, WHEN, and WHY. If you do then you will never win the battle.

Know Thy Enemy.. Know Thyself…

It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.

Sun Tzu: Art of War

It’s a trite thing to some out there *looking at you Jericho* to quote Sun Tzu in any cyber context but in my case here it is absolutely correct to quote. The problem I am finding in much of the approaches to trying to defeat or lessen the APT problem focuses less on knowing the self (aka your network and your people) and more on blinky light solutions to stop them dead in their tracks as the vendor propaganda states. Some even go as far as to proclaim that security awareness is pointless which I called bullshit on before rather vociferously in the past. I find it to be one of the more reprehensible statements made up until yesterday’s revelations that a panel gave at RSA saying that “We are soon going to live in a post crypto world” and that crypto is pointless because the APT keeps avoiding it. This is one of the most idiotic statements I have heard in a while and it just makes me think people misunderstand APT even more than before. Everyone thinks they are unstoppable and that is not right. These attacks can be mitigated but it will take real work to do do not some blinky verndor solutions.

The point here is this; We need to carry out due diligence and we need to be vigilant in our security apparatus. We need to engage the end users and teach them about malware and phishing and keep teaching them over and over and over again. Wrote learning is the ONLY way that this will get into their collective heads. Sure, we can also use technologies to attempt to arrest the spear phishing attacks but if you have a 3 star general who is a #click_sheep well, you are pretty much fucked if you are not really paying attention to the network SIEM and other mitigations in place and even then, with creativity those too can be outwitted. These APT types use common traffic to hide within and that is the problem. The pivot is the key here, they are using your network to their advantage just like a Judo expert. Will you be able to stop them all? No. Will you be able to considerably cut the attack success down with holistic methods? I believe you can and I have seen it in action. Others have said much the same thing and I hope more people start paying attention.

I agree that knowing who is attacking is important but it is only important as long as you take the time to be introspective about what they are seeking from you and how they are getting it out of you. What flaws in your infrastructure and culture are they exploiting that is allowing them to rob you blind and how can you remedy them to stop them. These are the key questions that seem to be missing from so many vendor offers like Crowdstrike and others out there today offering offensive defense or active defense. Sure, if your org is working properly and you have security enlightened end users go for the disinformation honeypot things and other means of defense. However, if your people are a bunch of #click_sheeple then what is the point? You will be PWND and it will be all be moaning and wailing “woe is me” in the end …Trust me.

Oh, and a last word here on the #click_sheep thing. Why am I harping on it? Look at the reports again. 99.999 percent of the attacks are being performed via phishing and spear phishing STILL! We have known about this type of attack how long? Come on people! There’s a reason it is done this way. It’s because people are not being trained properly as well as their systems are not being patched up! I know what you are thinking “but there’s 0day!” Yes yes there is but that is only a small percentage of the attack surface at present.

CLICK CLICK PWN.

Behavior Modification Is Needed

Now that I have ranted a while let me just re-iterate the facts. We are to blame for the APT successes. The term was coined back in 2006 and though it’s been in the secret squirrel world it was a known quantity. In fact I would say that it was not only the APT but generally crackers who were using these techniques for the most part and the APT just went along with it and refined it. This is not new and now that it is all out in the open we need to really pay attention here and look at the problem from the macroverse level and not just the myopic microverse that we in the industry tend to have. This isn’t just a technical problem it’s a sociological and psychological problem that we have to work on. Many say that there is no defense to social engineering attack but I do not ascribe to that. With the proper security education and awareness training anyone can defeat SE attacks. It just takes training like that which Dave Aitel thinks is pointless.

9/11 pointed out to the intelligence community that an over-reliance on technology failed to detect and stop the 19 hijackers from AQ. This failure was remedied by adding record numbers of assets post 9/11 to carry out HUMINT (Human Intelligence) and what we learned most of all that technology in itself is useless against human nature and a healthy dose of avoiding tech. It was tradecraft that allowed the plot to succeed even when their phone conversations were being tapped. I make this analogy because once again we are facing the same problem within the INFOSEC community as well as the government and military’s. The adversary is relying on human nature and we are relying on technologies created by humans. It’s a bad mix really and it needs to be re-evaluated to include more introspection on the people creating, maintaining, and using the technologies today. So far I am not seeing too much of this ethos being bandied about in the community and I think it is at our own peril.

I feel like it should be a catch phrase akin to the GHW Bush era’s “It’s the economy stupid” In my case though its more along the lines of “It’s not just the technology stupid” We have been myopic and we need to cut that out. The next shiny whizbang appliance is not going to stop that 3 star #click_sheep from opening the email addressed to him with the misspellings about how he has a package from UPS and needs to install this .EXE file to get it.

Derp.

K.

Written by Krypt3ia

2013/02/28 at 15:31

Psychopathy Tweets: Too Much Statistics, Not Enough Proof of Concept

with 2 comments

On Sunday Defcon 20 had a talk that I had previously written about on the idea of using statistical analysis of word use to determine psychopathy in individuals online. As I sat through the talk and steadily watched people get up and leave I too had the urge to walk away as well. However, I had a mission and that was to confirm if there was any evidence that would say to me this was a viable means of detection for psychopaths.

What I came out with, after many slides of numbers, was “nope not really” Which, I pretty much had thought before. There are just too many variables to this type of venture and you would, in the end, need to have a trained psychoanalyst to talk to the individual to determine whether or not they are a true psychopath.

Sorry Sugg.. It was an interesting idea and I am wondering just where this will go if the author of the original paper tries to expand upon this process. You see, for this to work online possibly, is that the trained individual would chat with the “patient” or “UNSUB” as the case may be, to ask specific questions to elicit responses. See, that would work I think, but it is a manual process not a big data solution. So, while it was an interesting trip into what psychopathy is and possibly how to spot it in word use, it was a failed experiment in my book.

Now, another twist on this idea might be to take the transcripts of anonymous and other IRC chats and wash that through your program… There’s a lot going on there mentally and might show some traits, but, are they really suffering from some sort of psychiatric illness or are they just maladjusted? This has been something I have written about before an the vernacular used as well as the mindset that seems to be prevalent warrants some looking at perhaps.

Maybe next year?

Overall though, I surely hope that the governments and law enforcement bodies out there do not take up this idea and begin to mine people’s chat logs for psychopathy

*shudder*

Ding Dong! It’s the forensic psychiatrist.. We saw your tweets and thought we’d have a chat? What? these cops? They’re just here to visit too!

K.

Written by Krypt3ia

2012/07/31 at 04:17

INFOPOCALYPSE: You Can Lead The World To The Security Trough.. But You Can’t Make Them Think.

leave a comment »

“Dark, profound it was, and cloudy, so that though I fixed my sight on the bottom I did not discern anything there”

(Dante Alighieri; The Inferno)

The current state of the Security “Industry”

It seems that once again people who I have acquaintance with in the security industry are wondering just how to interface with corporations and governments in order to build a base of comprehension about the need for information security. The problems though are myriad with these questions and the task to reach people can be a daunting one, never mind when you have groups of them in hierarchies that comprise some of the worst group think in the world (AKA corporations)

Added issues for the “industry” also surround the fact that it is one at all. Once something moves from an avocation to a profession, you have the high chance of it becoming industrialised. By saying something has been made industrialised, implies to many, the cookie cutter Henry Ford model really. In the security world, we have seen this from the perspective of magic boxes that promise to negate security vulnerabilities as well as teams of consultants who will “securitize” the company that is hiring them with magic tools and wizardry. The net effect here is that those paying for and buying into such products and services may as well be buying a handful of magic beans instead.

Now, not every company will be efficacious in their assessments nor live up to the promises they make for their hardware/software solutions. Many practitioners out there and companies really try to do the right thing and do so pretty well. However, just as in any other business, there are charlatans and a wide range of skilled and unskilled plying their arts as well. Frankly, all that can be said on this issue is “Caveat Emptor”  It’s a crap shoot really when it comes to goods and services for security solutions. The key is though, to be able to secure yourselves as a company/entity from the standpoint of BASIC security tenets up.

Often its the simple things that allow for complete compromise.. Not just some exotic 0day.

So we have a cacophony of companies out there vying for people’s dollars as well as a news cycle filled with FUD that, in some cases are directly lifted from the white papers or interviews with key players from those said same companies seeking dollars. It is all this white noise that some now, are lamenting and wondering just how do we reign things in and get a stable base to work from in an ethical way to protect companies and individuals from information security meltdowns. More so it seems lately, the question has been how do we reach these people in the first place? How do we actually get a meaningful dialogue with the corporate masters and have them come away with the fundamentals of security as being “important”

Unfortunately, I think that there are some major psychological and sociological hurdles to overcome to reach that point where we can evince the response we all would like to see out of those C level execs. I have written about them before, but I will touch on them again later in this piece. Suffice to say, we all have a tough row to hoe where this is concerned, so, I expect there to be no easy answer… Nor really, any satisfactory conclusions either.

“It is a tale Told by an idiot, full of sound and fury, Signifying nothing”

(Shakespeare; MacBeth)

Security Joan of Arc’s and their Security Crusade:

Joan De Arc was a woman ahead of her time. She wore men’s clothing and lead the French in battle against the English and to victory, all as a teen girl. She later was burned at the steak for heresy and just recently made a saint many years later. I give you this little history lesson (link included) to give you an idea of who you all are in the security industry lamenting over not being listened to. You too may be ahead of your time, but, just as she was, you too will not be listened to because your ideas (to the listeners) are “radical”

Now, radical is a term I am using to denote how the corporate types are seeing it. We, the security advocates, do not see these concepts as radical, but instead as common everyday things that should be practices (complex passwords, patching effectively, etc) They (the client) see these things as impediments to their daily lives, their bottom lines, and their agenda’s both personal and corporate. There are many players here, and all of them have agenda’s of their own. This is a truism that you must accept and understand before you rail against the system that is not listening to your advice.

Here’s a bit of a secret for you.. The more ardent you seem, the more likely you will be branded a “Joan” The perception will be that you are a heretic and should not be listened to. Instead you should be marginalised in favour of the status quo.. After all, they have gone about their business every day for years and they are just fine! The more you rail, or warn with dire tones, the more you will be placed at the back of the mind.

Think Richard Clarke (I heard that chuckle out there)

Though Joan inspired the French forces to battle on and win more than a few battles, she eventually was burned at the steak. Much of this was because of her unique nature and fervour. Much as yours may do the same to you… Without of course literally being burned at the steak and you all must learn this. I think you have to take a page from the hackers playbook really and use the axiom of being a “Ninja”

The subtle knife wins the battle.

 

“If the Apocalypse comes, beep me”

(Joss Whedon;Buffy the Vampire Slayer)

What’s the worst that could happen really?

The quote above really made me chuckle in thinking about this article and the problems surrounding the premise. This I think, is the epitome of some people’s attitudes on security. Most folks just go along their days oblivious to the basic security measures that we would like them to practice as security evangelists. The simple fact is that like other apocalypse scenarios, people just have not lived through them and been affected by them to change their behaviours accordingly. What solidified this for me recently was the snow storm last October here in New England that caught so many people flat footed. They simply had not ever really had to rely on their wits and whatever they had on hand before like this. When the government and the corporations (CL&P) failed to provide their services to the populace, the populace began to freak out.

Its the same thing for information security. Whether it is the government or the corporations that supply us all, both are comprised of people who all pretty much lack this perspective of being without, or having really bad things happen to them. 9/11 comes the closest, but, that only affected NYC and DC directly (i.e. explosions and nightmarish scenarios with high casualties) In the case of corporations, you have lawyers and layers of people to blame, so really, what are the risk evaluations here when it is easy to deflect blame or responsibility? For that matter, it was inconceivable to many in the government (lookin at you Condi) that terrorists would use planes as missiles… Even though a month before a report was handed out with that very scenario on the cover.

The core of the idea is this. Human nature on average, and a certain kind of psychology (normative) that says “This can’t happen to us” We all have it, just some of us are forward thinking and see the potentials. Those forward thinkers are likely security conscious and willing to go out of their way to carry out actions to insure their security. Things like storing extra food and water as well as other things that they might need in case of emergency. These can be life of death deal breakers.. Not so much for information security at your local Acme Widget Corp. In the corporate model, they have the luxury of “It’s somebody else’s problem” So, these things are usually not too important to them unless that person making the decision is cognisant of the issues AND responsible for them. Unfortunately, as we have learned these last 10 years or so, responsibility is not their strong suit.

So, on they go.. About their business after you, the security curmudgeon has told them that they need to store food for the winter..

But the grasshoppers, they don’t listen… Until they are at your door in the snow begging for food.

 

“More has been screwed up on the battlefield and misunderstood in the Pentagon because of a lack of understanding of the English language than any other single factor.

(John W. Vessey, Jr.)

How do we communicate and manipulate our elephants?

Back to the issue of how to communicate the things we feel important. This has been a huge issue for the security community for a couple of reasons.

  1. The whole Joan of Arc thing above
  2. The languages we speak are.. Well.. like Tamarian and theirs are corporate speak.

We, the security practitioners, often speak in metaphor and exotic language to the average corporate manager. You have all seen it before, when their eyes glaze over and they are elsewhere. We can go on and on about technical issues but we never really seem to get them to that trough in the title. Sometimes you can get them to the trough easily enough by hacking them (pentesting) but then they think;

“Well this guy is a hacker… No one else could do this! What are the chances this is going to really happen? Naaahhh forget it, it’s not likely”

So there is a bias already against doing the things that we recommend. Then comes the money, the time, and the pain points of having to practice due diligence. This is where they turn off completely and the rubric of it is that unless they are FORCED to carry out due diligence by law or mandate, they won’t. We all have seen it.. Admit it.. It’s human nature to be lazy about things and it is also human nature to not conceive that the bad things could happen to them, so it would be best to prepare and fight against them.

So, how do we communicate with these people and get them on the same page?

I have no answers save this;

“Some get it.. Some don’t”

That’s the crux.. You have to accept that you as the security practitioner will NEVER reach everyone. Some will just say thank you and good day… And you have to accept that and walk away. As long as you have performed the due diligence and told them of their problems.. You have done all you can. You can try and persuade or cajole them… But, in the end, only those who get it or have been burned before will actually listen and act on the recommendations you make.

“The greater our knowledge increases the more our ignorance unfolds”

(John F. Kennedy)

The Eternal Struggle

There you have it. This will always be the case and it will always be the one thing that others seeking to compromise corporations and governments will rely on. The foolishness of those who do not plan ahead will be their undoing..

Eventually.

All you can do sage security wonk, is calmly and professionally explain to them the issues and leave it to them to drink.

K.

The Psychology of “Neo Jihad” Radicalization

with one comment

The Paradigm Pivot:

Soon after the attacks on 9/11 the US and other countries began a “War On Terror” that attempted to disrupt and destroy the Al Qaeda networks. The military and intelligence wars on AQ have been very successful in that they have splintered the group, cut its main lines of C&C, and forced them to scatter into the hills of Waziristan and other places. The intelligence war began with stepped up surveillance technically as well as, after much spin up, getting physical assets on the ground and inserted into the intelligence gathering apparatus. Once the networks were set up, and the AQ infrastructure fractured, it became apparent to the leaders of AQ that they needed to proselytize in a different way to get more “recruits” for the global jihad that they wanted.

Once the realization set in, the AQ leadership began to move online to communicate, radicalize, and recruit new jihadi’s to the cause. As time went by and more of the networks were broken, the ranks of jihad began to thin out. This became a real problem for Al Qaeda and it realized that it needed a new paradigm to reach the “Western” ummah that they could try to sway to jihad. With the creation of GIMF, and AQAP later on, the footprint of jihadi propaganda and radicalization took shape online. Since 2001, we have seen AQ and affiliates grapple with how to get their message across as well as create channels for those who are not in the 2 lands, to radicalize, and then come to jihad.

This post is about not only the means that AQ, AQAP, and others have come up with as a response to the problem, but also a profile of the GEN2 jihadi’s online that are being radicalized and who have acted in the past as well as those who may in the future.

Online Jihad: 10 Years of Internet Jihad

A plethora of sites on the internet have been set up over the years by AQ and its affiliates to propagandize and communicate. many of these sites at first were just simple file upload areas and small bulletin boards. Today we have many mass media style sites including videos, tutorials, online chat areas, and private messaging. The PHP bulletin boards set up on domain named sites or on servers (stealth) that have been hacked, have been the most popular of all. With these sites, the jihad radicalization goes on with postings within pass-worded group sites like Shamukh (AQ) or Ansar.com.

For the most part, these sites have only been partially successful in being a command and control mechanism for AQ. They have failed to gather the swelling support that they would have liked on the part of the Western ummah and it is this lack of fervor that has them vexed. I have personally seen this vexation in AQAP’s “Inspire Magazine” as they have been trying to become more “Hip and Western” to get a new audience. All of their efforts though, have had lackluster returns. This lack of response on the part of the young westernized groups that they are targeting is likely to a few factors;

  1. The radicalization process is not in person
  2. The western mindset of the targets is more secular in nature and separate from the core AQ groups experiences
  3. These youths are not living in lands where war is ongoing
So, the target populations that they are aiming at are hard to reach and likely not predisposed to radicalization online easily. However, there are others who they do reach. These are a smaller group of individuals who are outlined below in the GEN2.0 section of this post. First though, there needs to be an explanation of the psychology of radicalization that will backstop the three points above on why the jihad is missing the mark with the western youth.

The Psychology of Radicalization:

Radicalization: The process in which an individual changes from passiveness or activism to become more revolutionarymilitant or extremist. Radicalization is often associated with youthadversityalienationsocial exclusionpoverty, or the perception of injustice to self or others.

Much of the classic radicalizing that happens within movements such as Al Qaeda happens when the like minded get together under the penumbra of a stronger personality that leads them. In the case of Islamic Jihad, there have been many Imam’s and leaders who preach this type of thought within their right wing versions of Islam. This is the core of the idea behind raising the ummah army to fight a jihad, the radicalization of the parishioners through direct proselytizing. Since 9/11 though, much of the Muslim community has come under scrutiny from intelligence gathering groups seeking to find the next cell of terrorists being exhorted to jihad by an imam or another leader.

In other cases secular leaders may arise, this may take shape in the form of someone like Mohammad Atta, or the like who are within a circle of like minded people (What Dr. Marc Sageman calls “a group of guys” theory) who “self radicalize” and either make contact with core AQ, or, they decide to act on their own, using the internet as their guide to jihad techniques and ideals. This may happen with two or more individuals seeking like minded people, or, a leader may inculcate them into their particular brand of thought.

A third and seemingly rising type of radicalization seems to be the Lone Wolf or Loner. This is a person either seeking to belong to something greater than they are, or, someone mentally unbalanced and moving along the lines of their own particular mental illness. The Lone Wolves and the Loner’s are dangerous in that they are now one of the primary targets of AQ and their propaganda/radicalization drive other than the “group of guys” The reason for this is that all of these groups can “self radicalize” without having to step into a mosque by reading online and digitally relating with other like minded jihadi’s online. The major difference being that there is no direct contact and, for most, this method of contact and radicalizing lacks the added social element of being in person as a part of a group.

This is a key feature of radicalization that needs to be understood. Since we are social animals, we need to feel that kinship and the only real way to do this primarily is to be within a social dynamic structure that includes physically being there. Online it seems, just does not cut it for most. However, there are others, the mentally ill, and those who are so socially awkward, that online seems to be the only way that they can relate, that have become the next generation of jihobbyists. This in tandem with the fact that now it is rather hard to make contact with, and access the core AQ group physically (i.e. going to a training camp in Waziristan) has made the online radicalization process the pre-eminent way for the jihadi process to carry on.

Jihad GEN 2.0: Lone Wolves, Wolf Packs, & Loners

  • Lone Wolves: Single actors who radicalize either by self or online groups but act alone
  • Wolf Packs: “The Group of Guys” Who radicalize together as a unit and attempt jihad
  • Loners: The single player who radicalizes online and may have contacts with some but is not a team player
These terms above have been bandied about for a while now in the CT arena. The reason for this is two fold. One, we have been seeing these types radicalizing and acting out. Two, AQ has also seen this trend and they are trying to leverage these small groups or single individuals to action. As stated at the top of this post, the lines of communication and radicalization have had to change since the war on terror began. It is because we have so cornered AQ and their afiliates in the 2 lands, that they have resorted to these tactics, and, they are finding it hard to have any good results. This however, has not stopped them from trying and also trying to innovate new ways to radicalize the Western ummah.

Lone Wolves, or the “Lone Wolf” The most likely candidate for the lone wolf is a second generation immigrant who feels some sort of synergy with their parents homeland. There have been a spate of cases where Al Shebaab had converts sneak off from the US to Somalia to train with them. The majority of these lone wolves in this case, were kids in their teens or early twenties that took off to join the jihad there. The premise though, is that these are people who are not necessarily part of any one group but seek out the jihad on their own. They often connect with the core jihadi groups in some way (Malik Hassan and Anwar Al Awlaki) and then act on their own in a more constructed and supported way from the core AQ groups.

A number of these “lone wolves” were caught here in the US when they were intercepted by the FBI in sting operations. These operations mostly consisted of assets talking to the lone wolf and asking them what they would do for jihad. What operations would they like to pull off, and offer that wolf the means to carry out their intentions. This for some, treads the line of entrapment, but for me, I think it is fair game because either way, the individual, unless being held captive and tortured etc, is not suffering from “Stockholm Syndrome” and thus acting under their own will. Social dynamics aside, these actors sought out the jihad, and in my mind, already have instabilities and predispositions that will inevitably lead them to do something with or without the help of an agent provocateur.

Wolf Packs are groups of like minded individuals who have either come together and then radicalized, or, have formed due to a strong leader. These are the most dangerous of the groups because they tend to be groomed by core AQ and, as a group, not only self radicalize, but they re-enforce their belief and action as a social dynamic. Wolf packs have been seen as the more organized and thus more dangerous element in this behavior model. An example of the wolf pack would be the Lackawana 6 or others who banded together and eventually went to an AQ training camp. Though, in the case of the Lackawanna 6, it seems as though they came back from the trip decidedly lacking the motivation to carry out a mission. This is likely because of their Westernized mind set. They did however provide material support to the jihad, and were convicted of this.

Another wolf pack though are the 19 who carried out the attacks on 9/11. The Hamburg Cell, as they were called, came together in Germany where they self radicalized at a local mosque and eventually made contact with the core AQ group. This group would be considered the progenitor of the wolf pack jihad itself and are lauded by AQ for their success. They are the model for AQ’s blueprint originally on reaching a western audience.

Loners are the last type of jihadi that the AQ core are seeking to incite. The loner tends to be an individual who is socially inept to the degree that some have actually been diagnosed with Aspergers Syndrome. Still others have proven to be mentally ill individuals who latch onto the jihad for whatever reasons are driving their psyche. On average, the loner can be seen as the spree killer of the group that feeds the need of the jihad in that they sow fear and confusion while potentially taking out numbers of people. An example of a loner would be Nidal Malik Hassan (Ft. Hood Shooter) who clearly was mentally unstable and went on a shooting rampage injuring 30 and killing 13.

Loners tend to be more the spree killers with guns than they are bomb makers. Another loner type would be Faisal Shahzad, who attempted to make a propane bomb alone. His training was incomplete or he was inept, because the device failed to go off. In the case of Shahzad, he also spent time in Pakistan (from where he emigrated to the US) with the Pakistani Taliban. His radicalization went on unseen by others around him and his actions became more erratic as time went on. I have not seen a psych evaluation of him, but from all that I have seen, it may well be that he too is mentally unstable.

Another couple of reasons to worry more about the “loner” type of jihadi are these:

  • They are loners, thus unless someone in the family see’s whats going on, it will likely go unseen until its too late
  • They are often here in the US and with guns easily available, make their spree killing scenarios most likely to work
In all, these three types of jihadi’s are the main targets now for the AQ and other core groups to radicalize and energize. The jihad needs recruits to carry out their war and the Qaeda have learned that they need not be the devout and pious to do so. The weak minded and the socially inept will do just fine.

Online Radicalization: Propaganda, Congregation, Synergy & The Online Shadow War

As mentioned above, the radicalization process online has mainly consisted of websites that cater to the newbie to the jihad up to the hard core members. Primarily though, these sites have been a means to gain new recruits for the holy war. These sites had been for a long time, rather blatantly operating online because the governments had not caught up with the technology. Recently though, there has been a change going on within the online jihad. Due to many factors including actions on the part of the hacker community, the propaganda machine that has been the jihadi bulletin board system online has begun to go underground as well as redouble its propaganda efforts.

AQAP’s “Inspire Magazine” releases also have been slowed down and the core’s processes for distribution tightened because of tampering with the files in the past and the worries that they have been compromised as a network online. Spooks and hackers have been infiltrating their networks and websites for a while now and they have caught on. Of course in some ways, the assumption should always have been so. However, attacks on the AQ propaganda sites have increased over the last couple of years to include complete take downs of certain sites through DD0S as well as compromise and destruction of their back ends. Since these occurrences, the smarter of the group have decided that it was time to create a new propaganda jihad.

Abu Hafs alSunni alSunni, is an exemplar of this mindset. He espouses that the propaganda jihad needs to be more layered and secret. His proposal is to hide the online jihad in plain sight, by making pages that have stealth links (gateway sites) that will lead the knowing, to the real sites where content can be obtained and ideas shared. His ideas were a bit ahead of the curve for most on the boards, but now, post 2011, the administrators and the core AQ I think, are taking a closer look at this model. As online sites that are non secret become more and more targeted, it is only natural that they jihad would eventually have to go underground to continue and flourish from a command and control as well as radicalization standpoint. By locking down the content with gateways to it, those who are serious could congregate behind the digital curtain and carry on, while the digital bill boards call to all those thinking about joining the fray.

As the online jihad progresses technically, so too will their followers and this is a concern. With technologies such as TOR (The Onion Router) and their “Hidden Services” one can now easily hide all content behind a network that cannot be tracked or traced. Online chats can be had in total anonymity as well as files can be left within the confines of such networks for only those who have the right address to get them (net/net meet the new digital anonymous dead drops) and it is here that once again the pivot happens within the dynamic of online jihad. Once the technological skills of the jihadi’s come online, so too will the types of attacks online that could be carried out by them as well as the success rates of kinetic attacks because they are using solid methods to transmit and connect with each other to plan operations.

Already we have seen this movement happening on the forums and it really is only a matter of time until some of these guys read the man page on how to configure their own TOR node with hidden services turned on. It is clear that the technologies are making it easier for them to hide in plain site as well as behind the technical curtain, so, it is my proposition that the next iteration of the GWOT have a component of psychological operations more involved. Just as I have said about the Anonymous situation ongoing, the greater successes are likely to come about because we better understand the players motivations and psyche’s.

Countering The Threat:

In conclusion, I see a two pronged method of attack to fight the online jihad:

  1. Psyops: The idea that psychological operations has always been a part of the counter insurgency effort. However, in the digital world this has been more the spooks territory than the digital warfighter. Of course the digital war is new as is the online jihad so it is a natural progression to see this type of warfare as well as detective process being implemented.
  2. Technical Counter-Insurgency Operations: As the technological adroitness grows on the part of the jihadi’s so should the capabilities on the counter insurgency online. It is understood that the US has quite a bit of technical know how online so it is an easier supposition to make that we will be able to step up quickly. However, it is the melding of the two (psyops/pscyhology and technical ops) that must happen to wage this battle well.
We are going to have to step up our online activities to meet the challenge and as far as I have knowledge of, certain areas of law enforcement need to play catch up. The AQ core will continue to reach out to the lonely and dispossessed to radicalize the newcomers as well as use the technologies we have created (privacy/hacking utilities included) to effect the outcomes they desire and we need to be able to counter them.

APPENDIX A:US Cases of Terrorism since 9/11

2002

• José Padilla. José Padilla (32), a native U.S. citizen, convert to Islam, and al Qaeda

operative, was arrested upon his return from the Middle East to the United States.

Although there is no question of his al Qaeda connection, his mission remains unclear.

He was convicted for providing material support to al Qaeda and sentenced in 2008.

A co-defendant, Kifah Wael Jayyousi (40), a naturalized U.S. citizen from Jordan, was

also convicted.

• The Lackawanna Six. Six Yemeni-Americans—Sahim Alwar (26), Yahya Goba (25),

Yasein Taher (24), Faysal Galab (25), Shafal Mosed (23), all born in the United States,

and Muktar al-Bakri (21), a naturalized citizen—were arrested for training at an

al Qaeda camp in Afghanistan.

• The Portland Seven. Seven individuals—Patrice Lumumba Ford (31), Jeffrey Leon

Battle (31), October Martinique Laris (25), Muhammad Ibrahim Bilal (22), Ahmed

Ibrahim Bilal (24), all native U.S. citizens; Habis Abdulla al Saoub (37), a U.S. perma-

nent resident from Jordan; and Maher Hawash (38), a naturalized U.S. citizen from

Jordan—were arrested for attempting to join al Qaeda and the Taliban.

• Earnest James Ujaama. Earnest James Ujaama (36), a native U.S. citizen, was arrested

for providing support to the Taliban.

• Imran Mandhai. Imran Mandhai (20), a U.S. permanent resident from Pakistan, told

an FBI informant that he wanted to wage war against the United States. He planned

to assemble an al Qaeda cell and attack various targets in Florida, including electrical

substations, Jewish businesses, a National Guard armory, and also, improbably, Mount

Rushmore. Under surveillance for a long time, Mandhai was arrested and subsequently

convicted of conspiracy to destroy property.

• Anwar al-Awlaki. Anwar al-Awlaki (31), a U.S. citizen born in New Mexico, studied

engineering in college and motivation in graduate school, then became an increasingly

radical imam. After being questioned by the FBI several times, he left the United States

in 2002 and went to Yemen, where he is now a leading spokesperson for al Qaeda.

2003

• Adnan Gulshair el Shukrijumah. A provisional arrest warrant was issued for Adnan

Gulshair el Shukrijumah (27), a Saudi national and legal permanent resident, who grew

up and worked in the United States. Shukrijumah was suspected of involvement in a

number of terrorist plots. In 2010, he was indicted for his involvement in the 2009 Zazi

plot to blow up New York subways.

• Iyman Faris. Iyman Faris (34), a naturalized U.S. citizen from Pakistan, was arrested

for reconnoitering the Brooklyn Bridge for a possible al Qaeda attack.

• The Northern Virginia Cluster. Eleven men were arrested in June 2003 for training

at a jihadist training camp abroad, intending to join Lashkar-e-Toiba, and planning

terrorist attacks: Caliph Basha Ibn Abdur Raheem (28), a native U.S. citizen; Sabri

Benkhala (27), a native U.S. citizen; Randoll Todd Royer (39), a native U.S. citizen;

Ibrahim al-Hamdi (25), a Yemeni national; Khwaja Mahmood Hasan (27), a natural-

ized U.S. citizen from Pakistan; Muhammed Aatique (30), a legal permanent resident

from Pakistan; Donald T. Surratt (30), a native U.S. citizen; Masoud Ahmad Khan

(33), a naturalized U.S. citizen from Pakistan; Seifullah Chapman (31), a native U.S.

citizen; Hammad Abdur-Raheem (34), a U.S.-born citizen and Army veteran of the

first Gulf War; and Yong Ki Kwon (27), a naturalized U.S. citizen from Korea. Two

other individuals were also arrested in connection with the group: Ali al-Timimi (40), a

U.S.-born citizen, and Ali Asad Chandia (26), a citizen of Pakistan. Six of the accused

pleaded guilty, and another three were convicted. Benkhala was acquitted but was later

charged and convicted of making false statements to the FBI. Al-Timimi was convicted

in 2005. The case against Caliph Basha Ibn Abdur Raheem was dismissed.

• Uzair Paracha. Uzair Paracha (23), a legal permanent resident from Pakistan, was

indicted for attempting to help an al Qaeda operative enter the United States in order

to attack gas stations. He was convicted in 2005.

• Abdurahman Alamoudi. Abdurahman Alamoudi (51), a naturalized U.S. citizen from

Eritrea, was indicted in the United States for plotting to assassinate Saudi Arabia’s

Prince Abdullah.

• Ahmed Omar Abu Ali. Ahmed Omar Abu Ali (22), a native U.S. citizen, was arrested

by Saudi authorities and later extradited to the United States for providing support to

a terrorist organization and plotting to assassinate the president of the United States.

2004

• Mohammed Abdullah Warsame. Mohammed Abdullah Warsame (31), a legal perma-

nent resident from Somalia, was arrested for conspiring to support al Qaeda. He was

found guilty and sentenced in 2009.

Chronology of the Cases

• Ilyas Ali. Ilyas Ali (55), a naturalized U.S. citizen from India, pleaded guilty to provid-

ing material support to the Taliban and al Qaeda. He attempted to sell hashish and

heroin in return for Stinger missiles, which he then planned to sell to the Taliban. Two

other defendants, Muhammed Abid Afridi and Syed Mustajab Shah, both Pakistani

nationals, were also convicted in the case.

• Amir Abdul Rashid. Ryan Gibson Anderson (26)—a native U.S. citizen and convert to

Islam who called himself Amir Abdul Rashid—was a soldier in the U.S. Army at Fort

Lewis, Washington, when he was arrested in February 2004 for contacting Islamic

websites related to al Qaeda and offering information about the U.S. Army.

• Mark Robert Walker. A Wyoming Technical Institute student, Mark Robert Walker

(19), a native U.S. citizen who, according to reports, became obsessed with jihad, was

charged with attempting to assist the Somali-based group, Al-Ittihad al Islami. He

planned to provide the group with night-vision devices and bulletproof vests.

• Mohammed Junaid Babar. Mohammed Junaid Babar (31), a naturalized U.S. citizen

from Pakistan, was arrested in New York for providing material support to al Qaeda.

• The Herald Square Plotters. Shahawar Martin Siraj (22), a Pakistani national, and

James Elshafy (19), a U.S.-born citizen, were arrested for plotting to carry out a terrorist

attack on New York City’s Herald Square subway station.

• The Albany Plotters. Yassin Aref (34), an Iraqi refugee in the United States, and

Mohammad Hossain (49), a naturalized U.S. citizen from Bangladesh, two leaders of a

mosque in Albany, New York, were arrested for attempting to acquire weapons in order

to assassinate a Pakistani diplomat.

• Adam Yahiye Gadahn. Adam Yahiye Gadahn (26), a native U.S. citizen and convert to

Islam, moved to Pakistan in 1998. By 2004, he was identified as a member of al Qaeda

planning terrorist attacks in the United States, and he subsequently became one of

al Qaeda’s principal spokesmen. He was formally indicted in 2006.

• The Abdi Case. Nuradin Abdi (32), a Somali national granted asylum in the United

States, was indicted in June 2004 for plotting with Iyman Faris to blow up a Colum-

bus, Ohio, shopping mall. (He was arrested in November 2003.)

• Gale Nettles. Gale Nettles (66), a native U.S. citizen and ex-convict, was arrested in

August in an FBI sting for plotting to bomb the Dirksen Federal Building in Chi-

cago and for attempting to provide al Qaeda with explosive material. His motive was

revenge for his conviction as a counterfeiter, but he wanted to connect with al Qaeda,

which he figured would pay him for his excess explosive materials. He was convicted

on the terrorist charge in 2005.

• Carpenter and Ransom. Two New Orleans men, Cedric Carpenter (31), a convicted

felon, and Lamont Ransom (31), both native U.S. citizens, intended to sell fraudulent

identity documents to the Philippine jihadist terrorist group Abu Sayyaf in return for

cash and heroin. Ransom, who had previously served in the U.S. Navy, was familiar

with the group. Both were convicted and sentenced in 2005.

2005

• The New York Defendants. Three defendants—Mahmud Faruq Brent (32), a U.S.-

born citizen who had attended a training camp in Pakistan run by Lashkar-e-Toiba;

Rafiq Abdus Sabir (50), a U.S.-born citizen and medical doctor who volunteered to pro-

vide medical treatment to al Qaeda terrorists; and Abdulrahman Farhane (52), a natu-

ralized U.S. citizen from Morocco who agreed to assist in fundraising for the purchase

of weapons for insurgents in Chechnya and Afghanistan—were linked to defendant-

turned-informant Tarik Shah (42), a U.S.-born citizen who was arrested in May 2005

for offering to provide training to insurgents in Iraq. Shah identified his co-defendants,

and all four were convicted.

• The Lodi Case. Hamid Hayat (22), a native-born U.S. citizen, and his father, Umar

Hayat, a naturalized U.S. citizen from Pakistan, were arrested in June 2005 for secretly

attending a terrorist training camp in Pakistan. Umar Hayat ultimately pleaded guilty

of lying to federal authorities.

• The Torrance Plotters. Kevin James (29), Levar Washington (21), and Gregory

Patterson (25), all native U.S. citizens and converts to Islam, and Hammad Riaz Samana

(21), a permanent resident from Pakistan, were charged in August 2005 with planning

to carry out terrorist attacks on National Guard armories, a U.S. military recruiting

center, the Israeli consulate, and Los Angeles International airport. (This case is some-

times referred to as the Sacramento Plot.)

• Michael Reynolds. Michael Reynolds (47), a native U.S. citizen, acquired explosives

and offered them to an informant whom he believed was an al Qaeda official to blow

up the Alaska Pipeline in return for $40,000.

• Ronald Grecula. Ronald Grecula (70), a native U.S. citizen, was arrested in Texas in

May 2005 for offering to build an explosive device for informants he believed to be

al Qaeda agents. He pleaded guilty to the charge in 2006.

2006

• The Liberty City Seven. Seven men—Narseal Batiste (32), a native U.S. citizen;

Patrick Abraham (39), a Haitian national illegally in the United States after over-

staying his visa; Stanley Grunt Phanor (31), a naturalized U.S. citizen; Naudimar

Herrera (22), a native U.S. citizen; Burson Augustin (21), a native U.S. citizen; Rothschild

Augustin (26), a native U.S. citizen; and Lyglenson Lemorin (31), a legal permanent resi-

dent from Haiti—were charged in June 2006 with plotting to blow up the FBI build-

ing in Miami and the Sears Tower in Chicago. Herrera and Lemorin were acquitted.

Chronology of the Cases

• Syed Hashmi. Syed “Fahad” Hashmi (30), a Pakistani-born U.S. citizen, was arrested

in London on charges of providing material support to al Qaeda.

• Derrick Shareef. Derrick Shareef (22), a native U.S. citizen and convert to Islam, was

arrested for planning a suicide attack on an Illinois shopping mall. He intended to

place hand grenades in garbage cans, but the plot also involved handguns.

• The Fort Dix Plotters. Six men—Mohammad Ibrahim Shnewer (22), a naturalized

U.S. citizen from Jordan; Serdar Tatar (23), a legal permanent resident from Turkey;

Agron Abdullahu (24), a U.S. permanent resident from Kosovo; and Dritan Duka (28),

Shain Duka (26), and Elljvir Duka (23), three brothers from Albania living in the

United States illegally—were charged with plotting to carry out an armed attack on

soldiers at Fort Dix, New Jersey.

• The Toledo Cluster. Mohammad Zaki Amawi (26) and Marwan El-Hindi (43), both

naturalized U.S. citizens from Jordan, and Wassim Mazloum (25), a legal permanent

resident from Lebanon, were arrested in Toledo, Ohio, for plotting to build bombs to

use against American forces in Iraq. Two additional persons were also charged in this

case: Zubair Ahmed (26), a U.S.-born citizen, and his cousin Khaleel Ahmed (25), a

naturalized U.S. citizen from India.

• The Georgia Plotters. Syed Harris Ahmed (21), a naturalized U.S. citizen, and Ehsanul

Islam Sadequee (20), a U.S.-born citizen from Atlanta, Georgia, were arrested in April

2006 for discussing potential targets with terrorist organizations and receiving instruc-

tion in reconnaissance.

• Daniel Maldonado. Daniel Maldonado (27), a native U.S. citizen and convert to

Islam, was arrested for joining a jihadist training camp in Somalia. He was captured

by the Kenyan armed forces and returned to the United States.

• Williams and Mirza. Federal authorities charged two students at Houston Commu-

nity College—Kobie Diallo Williams (33), a native U.S. citizen and convert to Islam,

and Adnan Babar Mirza (29), a Pakistani national who had overstayed his student

visa—with aiding the Taliban. According to the indictment, the two planned to join

and train with the Taliban in order to fight U.S. forces in the Middle East.

• Ruben Shumpert. Ruben Shumpert (26), also known as Amir Abdul Muhaimin, a

native U.S. citizen who had been convicted for drug trafficking, converted to Islam

shortly after his release from prison. When the FBI came looking for him in 2006, he

fled to Somalia and joined al-Shabaab. He was reportedly killed in Somalia in Decem-

ber 2008.

2007

• Hassan Abujihaad. Hassan Abujihaad (31), formerly known as Paul R. Hall, a native

U.S. citizen and convert to Islam who had served in the U.S. Navy, was arrested in

April 2007 for giving the locations of U.S. naval vessels to an organization accused of

supporting terrorists.

• The JFK Airport Plotters. Russell Defreitas (63), a naturalized U.S. citizen from

Guyana; Abdul Kadir (55) a Guyanese citizen; Kareem Ibrahim (56), a Trinidadian;

and Abdal Nur (57), another Guyanese citizen, were charged in June 2007 with plot-

ting to blow up aviation fuel tanks at John F. Kennedy Airport in New York. Defreitas

was arrested in Brooklyn. The other three plotters were arrested in Trinidad and extra-

dited to the United States.

• Ahmed Abdellatif Sherif Mohamed. Ahmed Abdellatif Sherif Mohamed (26), a U.S.

permanent resident from Egypt, was arrested for providing material support to terror-

ists by disseminating bomb-making instructions on YouTube. He pleaded guilty to the

charge.

• Omar Hammami. Now known as Abu Mansour al-Amriki, Omar Hammami

(23), a native-born U.S. citizen, left Alabama some time not later than 2007 to join

al-Shabaab in Somalia. He later appeared in the group’s recruiting videos. Hammami

was indicted in 2010 for providing support to al-Shabaab.

• Jaber Elbaneh. Jaber Elbaneh (41), a naturalized U.S. citizen from Yemen, was con-

victed in absentia by a Yemeni court for plotting to attack oil and gas installations in

Yemen. He had previously been charged in the United States with conspiring with the

Lackawanna Six. He was one of a number of al Qaeda suspects who escaped from a

Yemeni prison in 2006. He subsequently turned himself in to Yemeni authorities.

• The Hamza Case. Federal authorities charged the owner and several officials of Hamza,

Inc., a financial institution, for money laundering and secretly providing money to

al Qaeda. Those charged included Saifullah Anjum Ranjha (43), a legal permanent U.S.

resident from Pakistan; Imdad Ullah Ranjha (32), also a legal permanent resident from

Pakistan; and Muhammed Riaz Saqi, a Pakistani national living in Washington, D.C.

Also charged in the case were three Pakistani nationals living in Canada and Spain.

2008

• Christopher Paul. Christopher “Kenyatta” Paul (43), a native U.S. citizen and convert

to Islam living overseas, was arrested upon his return to the United States in April 2008

for having plotted terrorist attacks on various U.S. targets. He later pleaded guilty.

• Bryant Vinas. Bryant Vinas (26), a native U.S. citizen and convert to Islam, was

arrested in Pakistan and extradited to the United States for having joined al Qaeda in

Pakistan. He also provided al Qaeda with information to help plan a bombing attack

on the Long Island Rail Road.

• Somali Recruiting Case I. As many as a dozen Somalis may have been recruited in

the Minneapolis, Minnesota, area by Shirwa Ahmed (26), a naturalized U.S. citizen

Chronology of the Cases from Somalia, to fight in Somalia. Ahmed subsequently was

killed in a suicide bomb- ing in Somalia.

• Sharif Mobley. Sharif Mobley (26), a native U.S. citizen of Somali descent, moved

to Yemen in 2008, ostensibly to study Arabic and religion, but in reality, authorities

believe, to join a terrorist organization. He was later arrested by Yemeni authorities in

a roundup of al Qaeda and al-Shabaab militants. In March 2010, he killed one guard

and wounded another in an attempt to escape.

2009

• The Riverdale Synagogue Plot. Native U.S. citizens James Cromite (55), David

Williams (28), Onta Williams (32), and Laguerre Payen (27), a Haitian national, all con-

verts to Islam, were arrested in an FBI sting in New York in May 2009 for planning to

blow up synagogues.

• Abdulhakim Mujahid Muhammad. In June 2009, Abdulhakim Mujahid

Muhammad (23), also known as Carlos Bledsoe, a native U.S. citizen and Muslim con-

vert, killed one soldier and wounded another at an Army recruiting station in Arkansas.

• The North Carolina Cluster. Daniel Boyd (39), a native U.S. citizen and convert to

Islam who fought against the Soviets in Afghanistan in the late 1980s, was arrested

in July 2009 along with his two sons, Zakarlya Boyd (20) and Dylan Boyd (22), also

converts to Islam, and four others, including three U.S. citizens—Anes Subasic (33), a

naturalized U.S. citizen from Bosnia; Mohammad Omar Aly Hassan (22), a U.S.-born

citizen; and Ziyad Yaghi (21), a naturalized U.S. citizen—and Hysen Sherifi (24), a

legal U.S. resident from Kosovo, for plotting terrorist attacks in the United States and

abroad. Jude Kenan Mohammad (20), a U.S.-born citizen, was also a member of the

group. He was arrested by Pakistani authorities in 2008. Boyd reportedly reconnoi-

tered the Marine Corps base at Quantico, Virginia.

• Betim Kaziu. Betim Kaziu (21), a native U.S. citizen, was arrested in September

2009 for traveling overseas to join al-Shabaab or to attend a terrorist training camp in

Somalia.

• Ali Saleh Kahlah al-Marri. Ali Saleh Kahlah al-Marri (38), a U.S. permanent resi-

dent and dual national of Qatar and Saudi Arabia, was charged with attending an

al Qaeda training camp in Pakistan. He pleaded guilty to providing material support

to a terrorist group.

• Michael Finton. Michael Finton (29), a native U.S. citizen and convert to Islam, was

arrested in September 2009 in an FBI sting for planning to blow up a federal court-

house in Springfield, Illinois.

• Hosam Maher Smadi. Hosam Maher Smadi (19), a Jordanian citizen living in the

United States, was arrested in September 2009 in an FBI sting for planning to blow up

an office building in Dallas, Texas.

• Najibullah Zazi. Najibullah Zazi (25), a permanent U.S. resident from Afghanistan,

was arrested in September 2009 for receiving training in explosives at a terrorist train-

ing camp in Pakistan and buying ingredients for explosives in preparation for a ter-

rorist attack in the United States. Indicted with Zazi were his father, Mohammed Zazi

(53), a naturalized U.S. citizen from Afghanistan, and Ahmad Afzali (38), a U.S. per-

manent resident from Afghanistan, both for making false statements to federal inves-

tigators; neither was involved in the terrorist plot. In January 2010, authorities arrested

Adis Medunjanin (24), a naturalized U.S. citizen from Bosnia, and Zarein Ahmedzay

(25), a naturalized U.S. citizen from Afghanistan, and charged them with participat-

ing in the plot.

• Tarek Mehana. In October 2009, federal authorities in Massachusetts arrested Tarek

Mehana (27), a dual citizen of the United States and Egypt, for conspiring over a seven-

year period to kill U.S. politicians, attack American troops in Iraq, and target shopping

malls in the United States. Two other individuals, including Ahmad Abousamra (27), a

U.S. citizen, were allegedly part of the conspiracy. Abousamra remains at large.

• David Headley. In an increasingly complicated case, David Headley (49), a U.S.-born

citizen of Pakistani descent and resident of Chicago, was arrested in October 2009

along with Tahawar Rana (48), a native of Pakistan and a Canadian citizen, for plan-

ning terrorist attacks abroad. Headley was subsequently discovered to have partici-

pated in the reconnaissance of Mumbai prior to the November 2008 attack by the ter-

rorist group Lashkar-e-Toiba. He pleaded guilty in March 2010.

• Colleen Renee LaRose. Calling herself “Jihad Jane” on the Internet, Colleen Renee

LaRose (46), a native U.S. citizen and convert to Islam, was arrested in October 2009

for plotting to kill a Swedish artist whose drawings of Muhammad had enraged Mus-

lims and for attempting to recruit others to terrorism. Her arrest was concealed until

March 2010. LaRose pleaded guilty to the charges.

• Nidal Hasan. In November 2009, Nidal Hasan (38), a native U.S. citizen and Army

major, opened fire on fellow soldiers at Fort Hood, Texas, killing 13 and wounding 31.

• The Pakistan Five. In November 2009, five Muslim Americans from Virginia—

Umar Farooq (25), a naturalized U.S. citizen from Pakistan; Ramy Zamzam (22), who

was born in Egypt, immigrated to the United States at the age of two, and became a

citizen by virtue of his parents becoming citizens; Waqar Hassan Khan (22), a natu-

ralized U.S. citizen from Pakistan; Ahmad Abdullah Mimi (20), a naturalized U.S.

citizen from Eritrea; and Aman Hassan Yemer (18), a naturalized U.S. citizen from

Ethiopia—were arrested in Pakistan for attempting to obtain training as jihadist guer-

rillas. Khalid Farooq, Umar Farooq’s father, was also taken into custody but was later

released. The five were charged by Pakistani authorities with planning terrorist attacks.

• Somali Recruiting Case II. In November 2009, federal authorities indicted eight

men for recruiting at least 20 young men in Minnesota for jihad in Somalia and rais-

ing funds on behalf of al-Shabaab. By the end of 2009, a total of 14 indictments had

been handed down as a result of the ongoing investigation. Those indicted, all but

one of whom are Somalis, were Abdow Munye Abdow, a naturalized U.S. citizen from

Somalia; Khalid Abshir; Salah Osman Ahmad; Adarus Abdulle Ali; Cabdulaahi Ahmed

Faarax; Kamal Hassan; Mohamed Hassan; Abdifatah Yusef Isse; Abdiweli Yassin Isse;

Zakaria Maruf; Omer Abdi Mohamed, a legal permanent resident from Somalia; Ahmed

Ali Omar; Mahanud Said Omar; and Mustafa Salat. No age information is available.

• Abdul Tawala Ibn Ali Alishtari. Abdul Tawala Ibn Ali Alishtari (53), also known as

Michael Mixon, a native U.S. citizen, was indicted and pleaded guilty to attempting to

provide financing for terrorist training in Afghanistan.

2010

• Raja Lahrasib Khan. Raja Lahrasib Khan (57), a naturalized U.S. citizen from Paki-

stan, was charged with sending money to Ilyas Kashmiri, an al Qaeda operative in

Pakistan, and for discussing blowing up an unidentified stadium in the United States.

• Times Square Bomber. Faisal Shazad (30), a naturalized U.S. citizen from Pakistan,

had studied and worked in the United States since 1999. In 2009, he traveled to Paki-

stan and contacted the TTP (Pakistan Taliban), who gave him instruction in bomb-

building. Upon his return to the United States, he built a large incendiary device

in a sport utility vehicle (SUV) and attempted unsuccessfully to detonate it in New

York City’s Times Square. He was arrested in May 2010. Three other individuals were

arrested in the investigation but were never charged with criminal involvement in the

case.

• Jamie Paulin-Ramirez. The arrest of Colleen R. LaRose (“Jihad Jane”) in 2009 led to

further investigations and the indictment of Jamie Paulin-Ramirez (31), also known as

“Jihad Jamie.” Paulin-Ramirez, a native-born U.S. citizen and convert to Islam, alleg-

edly accepted an invitation from LaRose to join her in Europe in order to attend a

training camp there. According to the indictment, she flew to Europe with “the intent

to live and train with jihadists.” She was detained in Ireland and subsequently returned

to the United States, where she was arraigned in April 2010.

Wesam el-Hanafi and Sabirhan Hasanoff. Wesam el-Hanafi (33), also known

as “Khaled,” a native-born U.S. citizen, and Sabirhan Hasanoff (34), also known as

“Tareq,” a dual U.S.-Australian citizen, were indicted for allegedly providing material

In September 2010, Sami Samir Hassoun (22), was arrested in an FBI sting in Chicago

for attempting to carry out a ter-rorist bombing. Hassoun expressed anger at Chicago

Mayor Richard Daley. It is not clear that the case is jihadist-related.

In December 2010, Awais Younis (26), a naturalized U.S. citizen from Afghanistan, was

arrested for threatening to bomb the Washington, D.C., Metro system. He made the threat on

Facebook, and it was reported to the authorities. Neither of these cases is included in the chronology.

support to a terrorist group. The two men, one of whom traveled to Yemen in 2008,

provided al Qaeda with computer advice and assistance, along with other forms of aid.

• Khalid Ouazzani. Khalid Ouazzani (32) pleaded guilty in May to providing material

support to a terrorist group. Ouazzani, a Moroccan-born U.S. citizen, admitted to rais-

ing money for al Qaeda through fraudulent loans, as well as performing other tasks at

the request of the terrorist organization between 2007 and 2008.

• Mohamed Mahmood Alessa and Carlos Eduardo Almonte. Two New Jersey men,

Mohamed Mahmood Alessa (20), a native U.S. citizen, and Carlos Eduardo Almonte

(24), a naturalized citizen from the Dominican Republic and convert to Islam, were

arrested in June at New York’s JFK Airport for conspiring to kill persons outside the

United States. The two were on their way to join al-Shabaab in Somalia.

• Barry Walter Bujol, Jr. Barry Walter Bujol, Jr. (29), a native U.S. citizen and convert

to Islam, was arrested as he attempted to leave the United States to join al Qaeda in

Yemen. He had been under investigation for two years and was in contact with an

undercover agent he believed to be an al Qaeda operative.

• Samir Khan. In June 2010, the Yemen-based affiliate of al Qaeda began publishing

Inspire, a slick, English-language online magazine devoted to recruiting Western youth

to violent jihad. The man behind the new publication was Samir Khan (24), a Saudi-

born naturalized U.S. citizen who moved to the United States with his parents when

he was seven years old. He began his own journey to violent jihad when he was 15. He

reportedly left the United States in late 2009, resurfacing in Yemen in 2010.

• Rockwood’s Hitlist. Paul Rockwood (35), a U.S. citizen who served in the U.S. Navy

and converted to Islam while living in Alaska, was convicted in July 2010 for lying

to federal authorities about drawing up a list of 15 targets for assassination; they were

targeted because, in his view, they offended Islam. He was also accused of research-

ing how to build the explosive devices that would be used in the killings. His wife,

Nadia Rockwood (36), who has dual UK-U.S. citizenship, was convicted of lying to

authorities.

• Zachary Chesser. Zachary Chesser (20), a native U.S. citizen and convert to Islam, was

arrested for supporting a terrorist group in July as he attempted to board an airplane to

fly to Somalia and join al-Shabaab. Chesser had earlier threatened the creators of the

television show South Park for insulting Islam in one of its episodes.

• Shaker Masri. A U.S. citizen by birth, Shaker Masri (26) was arrested in August 2010,

allegedly just before he planned to depart for Afghanistan to join al Qaeda or Somalia

to join al-Shabaab.

• Somali Recruiting Case III. As part of a continuing investigation of recruiting and

funding for al Qaeda ally al-Shabaab, the U.S. Department of Justice announced four

indictments charging 14 persons with providing money, personnel, and services to the

terrorist organization. In Minnesota, 10 men were charged with terrorism offenses for

leaving the United States to join al-Shabaab: Ahmed Ali Omar (27), a legal permanent

resident; Khalid Mohamud Abshir (27); Zakaria Maruf (31), a legal permanent resident;

Mohamed Abdullahi Hassan (22), a legal permanent resident; Mustafa Ali Salat (20), a

legal permanent resident; Cabdulaahi Ahmed Faarax (33), a U.S. citizen; and Abdiweli

Yassin Isse (26). Three were new on the list and had been the subject of previous indict-

ments: Abdikadir Ali Abdi (19), a U.S. citizen; Abdisalan Hussein Ali (21), a U.S. citi-

zen; and Farah Mohamed Beledi (26). A separate indictment named Amina Farah Ali

(33) and Hawo Mohamed Hassan (63), both naturalized U.S. citizens, for fundraising

on behalf of al-Shabaab. A fourth indictment charged Omar Shafik Hammami (26),

a U.S. citizen from Alabama, and Jehad Sherwan Mostafa (28) of San Diego, Califor-

nia, with providing material support to al-Shabaab. (Hammami’s involvement is listed

in this chronology under the year 2007, when he first left the United States to join

al-Shabaab; Mostafa is listed separately in the next entry.)

• Jehad Serwan Mostafa. In August 2010, Jehad Serwan Mostafa (28), a native U.S.

citizen, was indicted for allegedly joining al-Shabaab in Somalia. He reportedly left

the United States in December 2005 and was with al-Shabaab between March 2008

and June 2009.

• Abdel Hameed Shehadeh. Abdel Hameed Shehadeh (21), a U.S.-born citizen of Pal-

estinian origin, was arrested in October for traveling to Pakistan to join the Taliban

or another group to wage jihad against U.S. forces. Denied entry to Pakistan, then

Jordan, Shehadeh returned to the United States and subsequently attempted to join

the U.S. Army. He allegedly hoped to deploy to Iraq, where he planned to desert and

join the insurgents. When that did not work out, he tried again to leave the country

to join the Taliban.

• Farooque Ahmed. Farooque Ahmed (34), a naturalized U.S. citizen from Pakistan, was

arrested in October for allegedly plotting to bomb Metro stations in Washington, D.C.

FBI undercover agents learned of Ahmed’s intentions by posing as al Qaeda operatives.

• Shabaab Support Network in San Diego. Saeed Moalin (33), a naturalized U.S. cit-

izen from Somalia, Mohamed Mohamed Mohamud (38), born in Somalia, and Issa

Doreh (54), a naturalized U.S. citizen from Somalia, all residents of San Diego, were

arrested for allegedly providing material support to al-Shabaab. The investigation of

this network is continuing, and a fourth man from Southern California, Ahmed Nasir

Taalil Mohamud (35), was subsequently indicted.

• Al-Shabaab Fundraising II. In November, federal authorities arrested Mohamud

Abdi Yusuf (24), a St. Louis resident, and Abdi Mahdi Hussein (35) of Minneapolis,

both immigrants from Somalia. The two are accused of sending money to al-Shabaab

in Somalia. A third person, Duane Mohamed Diriye, believed to be in Africa, was also

indicted.

• Nima Ali Yusuf. Nima Ali Yusuf (24), a legal permanent resident originally from Soma-

lia, was arrested in November for allegedly providing material support to a terrorist

group. She was accused of attempting to recruit fighters and raise funds for al-Shabaab.

• Mohamed Osman Mohamud. Mohamed Osman Mohamud (19), a naturalized U.S.

citizen originally from Somalia, was arrested in December for attempting to detonate

what he believed to be a truck bomb at an outdoor Christmas-tree-lighting ceremony

in Portland, Oregon. He reportedly had wanted to carry out some act of violent jihad

since the age of 15. His bomb was, in fact, an inert device given to him by the FBI,

which set up the sting after it became aware of his extremism through a tip and subse-

quent monitoring of his correspondence on the Internet.

• Antonio Martinez. Antonio Martinez (21), also known as Muhaamed Hussain, a nat-

uralized U.S. citizen and convert to Islam, was arrested in December for allegedly plot-

ting to blow up the Armed Forces Career Center in Catonsville, Maryland. The car

bomb he used to carry out the attack was a fake device provided to him by the FBI,

which had been communicating with him for two months.

APPENDIX B: Research Materials

1302002992ICSRPaper_ATypologyofLoneWolves_Pantucci

12Sageman

Wk 6-3 Terrorism background psychology Sageman

20091007.Sageman.ConfrontingalQaeda

208551