The post Cold War era has witnessed the information revolution with its global saturation of personal computing power. Previously unthinkable instant access to massive data warehouses of information has transcended the business and intelligence communities and is now a staple ingredient of the terrorist community. An important by-product of the Western world’s open society is that it is not only open to the West, but to all those that are ‘plugged in’ to its many portals of information flow.The global terrorist body has synthesized data from these open systems to alleviate its own knowledge gaps and shortcomings, in many cases jump starting violent initiatives by finally providing a planning road map where previously none existed. TEST FILE These roadmaps to terrorism are easily distributed to clandestine cells throughout the world in real time. Updates and scheduling changes appear with the tactical precision of any national central military command.
Hamas, Islamic Jihad and Hezbollah are avid and effective users of the global networks to help disseminate information. The content of this communication is readily available to the casual user of the internet and can contain information as straight forward as general data on the objectives of the movement, but has also been used effectively for raising funds from supporters which are dispersed and inhomogeneous.
The FBI suspected in early 2001 that Osama Bin Laden and his followers within Al-Qaida were communicating internationally through the use of a freely available tool which encrypts and embeds clandestine information in what would ordinarily appear to be innocuous information. This technique known as steganography or “steg” in the intelligence community has become the modern day equivalent of the “dead drop”.
Using steganography it is theorized that Al-Qaida would communicate in the open with cells throughout the world. One FBI agent disclosed to me that the suspected modus operandi would be for “managers” in the “company” as Al-Qaida referred to itself, to insert steg text messages embedded within the pornographic images which would be regularly picked up by user groups and websites that cater to the online porn community.
These images would potentially have a specific naming convention which could be searched for online using tools as simple as Yahoo! or Google. Once an image was located on the web it would be downloaded by the cell and “opened” using a password supplied under separate cover.
The opened steganographically modified image would then reveal the hidden text message intended only for that cell.
The National Security Agency has historically feared that these types of tools, if found in the wrong hands, could fully circumvent any attempt by the U.S Government to surveil suspected terrorist groups. In this particular case, it seems to be correct. Steganographic processing products are easily available on the internet and can be downloaded for ‘free trials’.
Maintaining an offensive asynchronous war against a target as broad and visible as the United States Government or its business infrastructure requires that the adversary use these real advantages effectively.
While Al-Qaida appears to be on the run and Hamas has focused their efforts on their own home front of Israel and the lands it occupied following the 1967 war, many senior United States government intelligence and counter terrorism specialists have voiced real concern for the possibility that Hezbollah (The Party of God) may be well placed to launch additional attacks against U.S interests in a more coordinated fashion than witnessed even to date.
Considering Hezbollah’s more entrenched infrastructure in Lebanon, Syria and Iran as well as state and support network funding, it is believed that its system of moles and cells may be well placed already throughout Western Europe and North America. With many successful attacks against American and Israeli military and industrial targets already under it’s belt, from the bombing of the American Marine Barracks in Beirut in 1982 through the 1992 Bombing of the Israeli Embassy and Cultural Center in Buenos Aires, Argentina, officials took the discovery in 2002 of Hezbollah using the cover of South America to hold high level strategy sessions as an important indication that the terrorist group is able to meet and function anywhere on the globe.
Hezbollah has been under relentless electronic surveillance for over 20 years by the United States and Israeli Military Intelligence systems. U.S satellites monitor the group’s known bases and headquarters 24/7. Its known operatives are the subject of continual physical monitoring through the use of on the ground operatives. While it is difficult for terrorist groups such as this to communicate in the open with telephones, fax machines or even satellite telephones and it is assumed that they do not posses the computing power or research capabilities to develop proprietary encryption algorithms, they have found it particularly easy to communicate with operatives using such simple technologies as chat rooms, i.e. AOL Instant Messenger, ICQ, Yahoo Instant Messenger and web logs (blogs).
In today’s world of instant and pervasive global communication, the task of monitoring network usage has become a mathematical impracticability. Notwithstanding American ISP’s (Internet Service Providers) coordinated reluctance to allow for government snoops to listen in on web traffic; the task itself would be monumental. Even with the removal of all privacy safeguards, which the constitution provides for the American public, the shear volume of daily network traffic would liken the task of building and maintaining a complete ‘listening system’ which actually works to that of assigning a government agent to each group of 10 Americans.
Bearing this in mind, government officials have needed to use a very tactical approach to selecting and investigating targets. Using new provisions in the U.S legal code as provided by Patriot Act (Signed by President Bush Oct. 26, 2001), the Justice Department now has the ability to effectively ‘plug in’ special tools which are reminiscent of the FBI’s Carnivore Program. This program monitors all internet traffic at an ISP relating to specific targets and is the equivalent of a telephone wiretap for the internet.
However revealing the results of such surveillance may be, computer savvy terrorists will be aware of the monitoring methods employed by their adversaries and will look for new programs to counter their effectiveness.
Through the March 1, 2003 capture of Osama Bin Laden’s lieutenant Khalid Shaikh Mohammed, the U.S intelligence services gained an important foothold of understanding into the methods and systems used by Al-Qaida to communicate electronically. Mohammed, having been kept on the run in Pakistan between several safe houses, maintained a number of computer systems which were all successfully captured during the predawn raid.
Like the identities of the prisoners being held in Cuba, the findings of what was contained on the seized computer hard drives are classified as top secret. Yet it has been made clear by several operatives and investigators that the systems, along with other laptops, workstations and floppy discs collected in previous raids attempting to capture Mohammed have been enormously helpful in determining the location of previously unknown Al-Qaida cells and potential targets which the ‘company’ was examining for potential attack.
Currently, or in the near future, it is speculated that organized terrorist groups may use distributed denial of service attacks (DDOS attacks) to temporarily bring major parts of the U.S network dependent economy to a halt. These targets include the ATM network, the Electrical Grid and the financial clearing houses which manage the flow of electronic transfers through such systems as Star, Plus and Visa.
DDOS attacks enable an attacker to manage millions of simultaneous ‘hits’ on routers, servers and other network infrastructure components causing them to be overwhelmed by requests and thus causing them to either crash or cease being available.
Of more distant concern is the concept that terrorist groups may at some point in the near future have the capability to hijack networks such as newly emerging IP telephony systems and distributed wireless networks by planting anonymous web moles or “time bombs.” Designed as sophisticated viruses which will erupt simultaneously on tens of thousands of computers and/or hand held devises these moles and “time bombs” will be choreographed to coincide with an actual physical attack thereby causing even further panic and confusion and thwarting emergency or corrective response.
While most of the cyber terrorism scenarios thus contemplated have related to large system failures through a coordinated global or at best regional network attack, there is also concern for the terrorists’ ability to conduct attacks through the judicious use of only one system.
One such emerging vulnerability, centers on the Transportation Security Administration’s (TSA) recent decision to begin outfitting their national force of Air Marshals with Personal Digital Assistants (PDA). The TSA’s new system arms the Marshals with a Palm Tungsten which has been specially designed and tested to allow for the Air Marshall to properly respond to an onboard threat. Our internal resources have indicated that specific functions on the Tungsten include its ability to query databases of known or suspected terrorists in real time. Additionally, the unit has the ability to circumvent the cockpits exclusive communications channel with ground control and the air traffic control system. Should an emergency arise, the Air Marshall will have the ability to begin a two way type written chat session with ground control alerting them to the situation. Additionally, the Tungsten will have the ability to communicate directly with any potential F-16’s that are scrambled to track the plane.
It is expected that in a worst case scenario, it will be the Air Marshall who will give the “OK” to the F-16 to down the plane should a repeat of a 9/11 scenario be imminent.
The obvious concerns over potential vulnerabilities of such a system are staggering. When it is considered that the Air Marshall is armed with a gun aboard the plane and is further armed with a devise which may communicate without the involvement of the crew or captain of the aircraft the question begs, what happens when the devise falls into the wrong hands?
While there are numerous safeguards in place to protect the data on the Tungsten as well as it’s accessibility; there is well founded concern that should an Air Marshal be ‘turned’, (think Aldrich Ames and Robert Hansen) how long would we have before a lost, misplaced or switched or even worse hacked unit is used in the commission of a physical terrorist act?
The global hacking community has sufficiently shown that wireless security is a contradiction in terms. How then can we rely on several thousand wireless devices, in the hands of non-technical Air Marshals, to provide any more security than that afforded by the Pentagon’s own networks which have historically been hacked by 18 years olds and terrorists alike?
Computing power in the hands of terrorists is a given. Personal computers are inexpensive and the sophisticated programs which American businesses and government agencies rely on are readily available anywhere in the world through a network connection. The global interconnected networks are amorphous by design and must remain so for the networked economy and the information revolution to work.
No one system or technique will secure our nation from the abilities of terrorists who employ computing power in their arsenal. Just as the terrorists of today keep pressure on our defensive systems through asynchronous warfare, our best proactive position to engage in is “asynchronous defense”.
Maintaining this distributed vigilance to prevent what President Bush’s newly resigned Cyber Security Czar, Richard Clark called the “Digital Pearl Harbor” requires that industry, government and individuals work together to share information and communicate on emerging threats. The Government’s status quo of centralized control of the flow of information and top down response and management mechanisms may lead to further disasters in both the physical and cyber worlds.
