Insider Terrorist Attack

Pakistani Army officer as suicide bomber:

According to reliable sources in the local police, a Pashtun army officer belonging to the elite Special Services Group, whose younger sister was reportedly among the 300 girls killed during the Pakistan Army's commando raid on the Lal Masjid in Islamabad between July 10 and 13, blew himself up during dinner at the SSG's headquarters mess at Tarbela Ghazi, 100 km south of Islamabad, on the night of September 13, killing 19 other officers.

There probably isn't any practicable way to prevent these sorts of attacks by trusted insiders.

Posted on September 19, 2007 at 1:24 PM • 45 Comments

Comments

JonathanSeptember 19, 2007 1:48 PM

"...whose younger sister was reportedly among the 300 girls killed during the Pakistan Army's commando"

The practical solution is blatantly apparent from the quoted text. The Pakistany Army created this terrorist.

derfSeptember 19, 2007 2:02 PM

That's the problem, isn't it?

"Trusted" insiders (i.e. your employees) have legitimate access to interact with your data on your own network. However, if that access isn't constantly patrolled, logged, and audited, you could easily find your company's dirty secrets explode across the internet for all to see just like MediaDefender.

Josh MoreSeptember 19, 2007 2:24 PM

It seems to me that the issue here is the "trusted" status. Specifically:

1) Initial attainment of trusted status
2) Continued maintenance of trusted status

From what I've seen in large business, most people are simply assigned trust once they're hired. In other words, there is a tacit assumption that, once a person has passed HR's hiring process, they're trustworthy. Thus, on their first day, they are assigned access to everything. This is analogous to the hard outside/chewy center network example.

In small business, on the other hand, a person is often given access after they've been interviewed by numerous people in the company. I suspect that this provides for higher assurance as to trustworthiness. (Perhaps this should be studied?)

From a maintenance perspective, I've seen a similar split between large and small companies. There are often changes in behavioral patterns that can indicate a change in trustworthiness. I suspect that these are easier to notice in smaller businesses, at least they have been in my experience.

The real question in this case is why the army officer wasn't being monitored more closely once his sister was killed. That's a knowable event that could result in compromise. It's analogous to an employee's personal circumstances impacting their work.

If people are paying attention, some of the risk can be mitigated.

sooth_sayerSeptember 19, 2007 2:25 PM

Indira Gandhi, a (worthless .. slimy..xxxx) Indian Prime-Minister was also gunned down by her own "special" guards (Sikhs) in 1984 -- presumably as an retaliation for her ordering an assault on a Sikh Temple to flush out terrorists hiding in it.

It's rather more amusing as:
-the terrorist leader she was trying to get at, were once supported by her
- When she stopped the support, they got help from Pakistani's, SSG/ISI Mashup - the gang who lives up there in Tarbela
- Musharaff himself belonged to this SSG group till he promoted himself to lead a bigger gang
- Lal Masjid gang was originally funded by Ayub Khan .. another Pakistani (good looking)dictator-general

My point is that most of these terrorists are bad guys created by politicians.
In some ways American's are suffering for siding with nut-jobs to defeat nuttier-jobs.

AaronSeptember 19, 2007 2:43 PM

Jonathan correctly points out the lesson here -- if you kill the little sisters of your trusted guards, your trusted guards turn against you.

The alternative is to constantly vet your trusted guards to find out if you've killed any of their family members lately.

If there's no practicable way to compare lists of those you've killed vs. those you trust, you're either killing too many or trusting too many.

Pat CahalanSeptember 19, 2007 2:57 PM

@ Josh

> From what I've seen in large business, most people are simply assigned trust once
> they're hired.

Identity management is hard, but it's starting to become more common in the financial industry as organizations get audited for SOX-compliance. Proper revocation of roles and user rights management are starting to be recognized as problems. It will probably be a while before other industries get into this, though, there are some pretty big barriers to entry.

AngusSeptember 19, 2007 3:13 PM

@sooth_sayer:
It may be ironic, but it is not amusing.

"No man is an island, entire of itself; every man is a piece of the continent, a part of the main; if a clod be washed away by the sea, Europe is the less...any man's death diminishes me, because I am involved in mankind..."

sooth_sayerSeptember 19, 2007 3:47 PM

@Angus .. "...any man's death diminishes me, because I am involved in mankind.."

"The most amazing thing on this earth is that though men are born and die every day, those who live keep believing they will live forever" -- Yudhishtar :-)

No it is amusing .. not ironic, It would be ironic if "fate" (chance) made it happen, but these things are done by men(or women) after great contemplation.

It's very amusing to me to see the guards turn on their ward -- shows you the shallowness of the sacred cause(s) and the emptiness of promises of loyalty.

Jurgen VoorneveldSeptember 19, 2007 3:53 PM

@Aaron

Its amazing that such simple things are not understood. The CIA has this term called 'blowback'. Basicly; if you kill people's friends and family they tend to dislike you for it.
The things people invent new terminology for is scary sometimes.

AnonymousSeptember 19, 2007 4:01 PM

The one issue we as westerners will never understand is the tribal mentality with those associated with this group of terrorist.

Wyle_ESeptember 19, 2007 4:17 PM

Er.. that should have been "...less like terrorism..." Kitty-on-the-keys just as I noticed the error, before I could correct it.

RoxanneSeptember 19, 2007 4:57 PM

I've thought for a while now that it really annoys the anti-terrorist groups that the most effective terrorists in America prior to 9/11/2001 were blond, Caucasian conservatives (that is, Eric Robert Rudolph, the anti-abortionist, and Timothy McVeigh, Michigan Militia member). It's really hard to track down terrorists when they look just like you.

Ian MasonSeptember 19, 2007 5:05 PM

@Anonymous: "The one issue we as westerners will never understand is the tribal mentality with those associated with this group of terrorist."

Erm, "having a sister" isn't exactly a non-western, tribal thing y'know.

MitchSeptember 19, 2007 5:24 PM

@Bruce: "There probably isn't any practicable way to prevent these sorts of attacks by trusted insiders."

There is exactly *no* way to prevent these sorts of attacks.

Wait -- It happened at dinner, so let's ban dinners! At least that way we'll look like we're doing *something* about the problem. Oh, that's right, we aren't *all* politicians....

RCSeptember 19, 2007 5:56 PM

Ways to prevent this kind of attack:

1. on-going background checks to detect any changes such as the death of a family member

2. screen trusted insiders for explosives

3. do not put all of your officers in the same room

4. limit the access of each trusted insider

etc.

sooth_sayerSeptember 19, 2007 8:29 PM

@angus
When one nut kills another, I am not amused but ecstatic.

Have you any idea how many people those SSG cadets were going to kill? or how many Indira Gandhi was planning to? Their victims had (have) families and loved ones too. What won't I give to gave back in time to get M'Atta & Co.

For your differing disposition, a visit to shrink is warranted.

sooth_sayerSeptember 19, 2007 8:35 PM

@ anonymous -
"we westerners" ..is not a tribe -- wonderful

I wonder if germans were westerners? or stalin was ?

Nuts are nuts and you seem to be more in their image than "us" .. we have a tribe too .. and we don't like your thoughts.

Lawrence D'OliveiroSeptember 19, 2007 9:31 PM

In what way was this a "terrorist" attack, somehow different from, say, the Georgia Tech shootings?

al-oneSeptember 19, 2007 9:36 PM

I don't really blame him that much being more selfish though I probably would have tried to kill them all without being killed and there is no one waspier than me blood is always thicker than water .

djmSeptember 19, 2007 10:52 PM

"There probably isn't any practicable way to prevent these sorts of attacks by trusted insiders."

Well, one could start by not killing their sisters.

supersnailSeptember 20, 2007 1:41 AM

"The one issue we as westerners will never understand is the tribal mentality with those associated with this group of terrorist."

Maybe it’s my tribal Scottish ancestors but I have no trouble sympathising with someone members family were murdered in a botched raid.

My only surprise is that given the tools at his disposal he limited himself to the humble hand grenade.

Perhaps the problem is that some westerners have become disassociated from the rest of humanity that they cannot appreciate even the most basic human emotions.

AnonymousSeptember 20, 2007 2:11 AM

"The one issue we as westerners will never understand is the tribal mentality with those associated with this group of terrorist."

If your sister is killed like that and you stay away from the "tribal mentality" about it. I am sure your family would not care for you much either.

GermanSeptember 20, 2007 2:51 AM

there *is* a way to prevent such things from happening. But to be precise:
- inside terrorists are hard to detect and prevent, full ack
- but it is obvious: the Pakistani Army created that terrorist by following an insane and inhuman strategy. Brutally fighting terrorism, neglecting to be very careful in what you do leads to yourself become a terrorist killing innocent people thus creating *new* terrorists in return.

Thats what "we" Europeans are trying to get into peoples' heads all the time - and for which we are being called "cowards", "leftists" or "naive ideologists". I call it "being wise and insightful".

*NOT* meaning or intending to insult anyone!
Yours,
G.

ReasonableSeptember 20, 2007 3:01 AM

@bruce
>> There probably isn't any practicable way to prevent these sorts of attacks

1. No, but monitoring people whose sisters you killed is a good start.
2. Saying you cannot prevent these occurrences is often murkying the water - there is no need to prevent these attacks, just limit their likelihood - they are an army after all, casualties happen. And angering someone is the likely result of fighting other hostile groups; this does not make the cost of the decision to (in this case, raid some group) wrong, as the serie (sigma of [expected value of] related costs) often converges pretty fast. So from the pov of the SSG, a 1/20 chance of a suicide bomber triggered by said raid just means +1 to the cost of making the raid.
Still from the pov of the ssg, it would be wiser to monitor people you may have angered and implicitly revoke trust; that's hard politically (the equivalent of you losing network access after you step into your boss's office and asked for a raise) as it can cause even more resentment, so should be used judicially.

Also, from the pov of said suicide bomber, I can see him reacting back to his sister being killed. I even sympathize, on some level. But an important point is to remember which side you're on. If you are on the SSG side, you should focus on stopping those attacks, not admiring the morality and sacrifice of your attackers.

Jan Egil KristiansenSeptember 20, 2007 3:10 AM

Well, we don't have to trust insiders to enter the room without a security check. But that level of distrust is a lot of trouble, and a nasty message of distrust.

He could have been suspended once the death of his sister was known. On the other hand, that is a point in his life when treating him good is very important - if you throw him out, he is almost certain to join the other side.

AndreasSeptember 20, 2007 3:48 AM

If a person you love gets killed, it is not unusal that you become depressive and suicidal. And that you turn against them, who killed your loved one.

So, trying not to kill so much (innocent) people (less collateral damage) could be a good way to decrease this kind of attacks.

This is not only true for members of the Pakistani army.

DaveSeptember 20, 2007 6:18 AM

Andreas said: If a person you love gets killed, it is not unusal that you become depressive and suicidal. And that you turn against them, who killed your loved one.

Dave says:
What is the proper action to take when one of your trusted soldiers becomes less trustworthy ? Firing an already depressed, suicidal maniac isn't going to improve your chances of survival. Keeping him in his trusted position isn't much better. Therapy and counseling is expensive but may be the best option.

Of course, if we are simply using this as an analogy for computers or employees then the problem becomes a little more simple. Identify any changes in trustworthiness and modify trust accordingly. If this means you don't trust him as an employee any more, firing him is the only logical move.

If your business model involves killing your employee's sisters on a regular basis you may want to look into another line of work.

MathFoxSeptember 20, 2007 6:48 AM

About trusted insiders: Schiphol (Amsterdam) Airport is seriously investigating drugs smuggling; some results:
May: 9 arrests, 2 of them customs officers; all employees working at the airport; 78 kilo of cocaine confiscated.
September: 3 customs officers and another airport employee; again 78 kilo of cocaine.

(It looks like the investigation program is winding down, there were more arrests earlier this year.)

Nick LancasterSeptember 20, 2007 8:30 AM


I have always maintained that a significant threat in Pakistan is 'one believer with a key.'

Tested, deployable nuclear weapons.

Guarded by trusted insiders.

Doesn't need to be a grand conspiracy, just one guy in the right place to look the wrong way, leave a door open, etc.

youbunchofdopesSeptember 20, 2007 8:31 AM

First of all, the status of women in India and, most particularly in islamic countries, is less than a dog. Based on this, I find the argument that this "insider" killed all his compatriots because of the death of his sister less than compelling. The fact that his sister we holed up inside a mosque that supported and encouraged islamic extremism indicates that, in fact, she was a terrorist. It is hardly surprising that her brother would follow the same ideology and the fact he blew up the mess hall has more to do with his (and her) form of islamofascism than it has to do with revenge for his sister's death. This is what these people do, after all.

Fraud GuySeptember 20, 2007 8:59 AM

Jurgen Voorneveld:

"The things people invent new terminology for is scary sometimes."

Then there's one of the originals--decimation--the killing of one in every ten people in a group. Those Romans, what a fun-loving Empire they had!

Bryan FeirSeptember 20, 2007 9:41 AM

@Fraud Guy:

Well, Voltaire in Candide made a comment that describes pretty much exactly why decimation was done. 'Dans ce pays-ci, il est bon de tuer de temps en temps un amiral pour encourager les autres.' (In this country, it is good to kill an admiral from time to time to encourage the others.)

'Pour encourager les autres' has become a reasonably common term since then for a 'see what happens when you don't do your job' demonstration...

AverySeptember 20, 2007 11:51 AM

@ anonymous -

Tribal mentality? So if someone shot your sister, it would mean no more or less to you than someone shoot a guy you never met on the other side of town?

I'm seeing an incomprehensible mentality here but it's not the suicide bomber's.

AdamSeptember 20, 2007 2:11 PM

It all boils down to a Prisoner's Dilemma.
players: Army vs People
strategies:
rules:
outcomes:
payoffs:

Fill in the sections yourself and there are MANY practical ways to solve without it ended in bombs.

Davi OttenheimerSeptember 20, 2007 2:48 PM

Reminds me of the stories about the "White Israeli Union" (http://www.haaretz.com/hasen/pages/ShArt.jhtml?itemNo=296114&sw=neo-Nazi) and more recent news about the alleged Israeli neo-Nazis who were arrested after attacking (fellow) Jews.

Surprised that these reports never seem to refer to (tribal) terrorists, just frustrated and "suffering" youth.

http://english.aljazeera.net/NR/exeres/...

ed dicksonSeptember 21, 2007 8:15 AM

My father was one of the engineers, who designed Tarbela Dam, where this occurred.

I spent a lot of my youth in Pakistan.

Tarbela is the largest earth-filled dam in the world and if it were attacked by terrorists, the results could be pretty devastating. It produces a large portion of the electricity and irrigation resources for Pakistan.

If the dam were breached the resulting flood would cause mass havoc, also.

The entire area of Tarbela has always been kept pretty secure by the Pakistani government because of this. I can understand why a lot of this story seems to be being kept pretty quiet.

Notably, Tarbela is also right next to what many consider the tribal areas, which historically haven't ever been completely controlled by any government. This would include the British, who were there until 1947.

The fact that the Pakistani government can't control them now is nothing new.

One item that was wrong in the article is that Tarbela is actually about 100 km North (not South) of Islamabad.

wmSeptember 26, 2007 7:34 AM

@Jan Egil Kristiansen: "Well, we don't have to trust insiders to enter the room without a security check."

But who are you going to get to do the security check...?

UNTEROctober 2, 2007 3:00 PM

"There probably isn't any practicable way to prevent these sorts of attacks by trusted insiders."

Really Bruce? Haven't had your second cup of coffee yet? Or just don't want to go there?

Well, of course there's no way to have 100% security against ANYTHING. But basically, you reap what you sow. You join the mob, you have problems with informers. You join an aggressive military unit which has used terroristic tactics in the past, you get it in your face, and then THEY get it in their faces, ad infinitum. You're part of a cynical and narcissistic corporate culture, you get robbed by the IT guy whose health insurance you just got by 50% to boost quarterly earnings.

There is a way to mitigate. Be trustworthy yourself. Find common interest with those you trust and who trust you. Build up reciprocity.

"Love your neighbor". "Be good to each other".

It's childishly obvious, propagated by childish platitudes. Not a "security" issue really at all, just plain, old-fashioned, taught to small children morality. Proven by a million years of human existence and burned into our genome.

Be a bastard and sooner or later you'll get your comeuppance. Be a bystander to bastard behavior and get caught in the cross-fire.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..