Insider Terrorist Attack

Pakistani Army officer as suicide bomber:

According to reliable sources in the local police, a Pashtun army officer belonging to the elite Special Services Group, whose younger sister was reportedly among the 300 girls killed during the Pakistan Army’s commando raid on the Lal Masjid in Islamabad between July 10 and 13, blew himself up during dinner at the SSG’s headquarters mess at Tarbela Ghazi, 100 km south of Islamabad, on the night of September 13, killing 19 other officers.

There probably isn’t any practicable way to prevent these sorts of attacks by trusted insiders.

Posted on September 19, 2007 at 1:24 PM45 Comments


Jonathan September 19, 2007 1:48 PM

“…whose younger sister was reportedly among the 300 girls killed during the Pakistan Army’s commando”

The practical solution is blatantly apparent from the quoted text. The Pakistany Army created this terrorist.

derf September 19, 2007 2:02 PM

That’s the problem, isn’t it?

“Trusted” insiders (i.e. your employees) have legitimate access to interact with your data on your own network. However, if that access isn’t constantly patrolled, logged, and audited, you could easily find your company’s dirty secrets explode across the internet for all to see just like MediaDefender.

Josh More September 19, 2007 2:24 PM

It seems to me that the issue here is the “trusted” status. Specifically:

1) Initial attainment of trusted status
2) Continued maintenance of trusted status

From what I’ve seen in large business, most people are simply assigned trust once they’re hired. In other words, there is a tacit assumption that, once a person has passed HR’s hiring process, they’re trustworthy. Thus, on their first day, they are assigned access to everything. This is analogous to the hard outside/chewy center network example.

In small business, on the other hand, a person is often given access after they’ve been interviewed by numerous people in the company. I suspect that this provides for higher assurance as to trustworthiness. (Perhaps this should be studied?)

From a maintenance perspective, I’ve seen a similar split between large and small companies. There are often changes in behavioral patterns that can indicate a change in trustworthiness. I suspect that these are easier to notice in smaller businesses, at least they have been in my experience.

The real question in this case is why the army officer wasn’t being monitored more closely once his sister was killed. That’s a knowable event that could result in compromise. It’s analogous to an employee’s personal circumstances impacting their work.

If people are paying attention, some of the risk can be mitigated.

sooth_sayer September 19, 2007 2:25 PM

Indira Gandhi, a (worthless .. slimy..xxxx) Indian Prime-Minister was also gunned down by her own “special” guards (Sikhs) in 1984 — presumably as an retaliation for her ordering an assault on a Sikh Temple to flush out terrorists hiding in it.

It’s rather more amusing as:
-the terrorist leader she was trying to get at, were once supported by her
– When she stopped the support, they got help from Pakistani’s, SSG/ISI Mashup – the gang who lives up there in Tarbela
– Musharaff himself belonged to this SSG group till he promoted himself to lead a bigger gang
– Lal Masjid gang was originally funded by Ayub Khan .. another Pakistani (good looking)dictator-general

My point is that most of these terrorists are bad guys created by politicians.
In some ways American’s are suffering for siding with nut-jobs to defeat nuttier-jobs.

Aaron September 19, 2007 2:43 PM

Jonathan correctly points out the lesson here — if you kill the little sisters of your trusted guards, your trusted guards turn against you.

The alternative is to constantly vet your trusted guards to find out if you’ve killed any of their family members lately.

If there’s no practicable way to compare lists of those you’ve killed vs. those you trust, you’re either killing too many or trusting too many.

Pat Cahalan September 19, 2007 2:57 PM

@ Josh

From what I’ve seen in large business, most people are simply assigned trust once
they’re hired.

Identity management is hard, but it’s starting to become more common in the financial industry as organizations get audited for SOX-compliance. Proper revocation of roles and user rights management are starting to be recognized as problems. It will probably be a while before other industries get into this, though, there are some pretty big barriers to entry.

Angus September 19, 2007 3:13 PM

It may be ironic, but it is not amusing.

“No man is an island, entire of itself; every man is a piece of the continent, a part of the main; if a clod be washed away by the sea, Europe is the less…any man’s death diminishes me, because I am involved in mankind…”

sooth_sayer September 19, 2007 3:47 PM

@Angus .. “…any man’s death diminishes me, because I am involved in mankind..”

“The most amazing thing on this earth is that though men are born and die every day, those who live keep believing they will live forever” — Yudhishtar 🙂

No it is amusing .. not ironic, It would be ironic if “fate” (chance) made it happen, but these things are done by men(or women) after great contemplation.

It’s very amusing to me to see the guards turn on their ward — shows you the shallowness of the sacred cause(s) and the emptiness of promises of loyalty.

Jurgen Voorneveld September 19, 2007 3:53 PM


Its amazing that such simple things are not understood. The CIA has this term called ‘blowback’. Basicly; if you kill people’s friends and family they tend to dislike you for it.
The things people invent new terminology for is scary sometimes.

Anonymous September 19, 2007 4:01 PM

The one issue we as westerners will never understand is the tribal mentality with those associated with this group of terrorist.

Wyle_E September 19, 2007 4:17 PM

Er.. that should have been “…less like terrorism…” Kitty-on-the-keys just as I noticed the error, before I could correct it.

Roxanne September 19, 2007 4:57 PM

I’ve thought for a while now that it really annoys the anti-terrorist groups that the most effective terrorists in America prior to 9/11/2001 were blond, Caucasian conservatives (that is, Eric Robert Rudolph, the anti-abortionist, and Timothy McVeigh, Michigan Militia member). It’s really hard to track down terrorists when they look just like you.

Ian Mason September 19, 2007 5:05 PM

@Anonymous: “The one issue we as westerners will never understand is the tribal mentality with those associated with this group of terrorist.”

Erm, “having a sister” isn’t exactly a non-western, tribal thing y’know.

Mitch September 19, 2007 5:24 PM

@Bruce: “There probably isn’t any practicable way to prevent these sorts of attacks by trusted insiders.”

There is exactly no way to prevent these sorts of attacks.

Wait — It happened at dinner, so let’s ban dinners! At least that way we’ll look like we’re doing something about the problem. Oh, that’s right, we aren’t all politicians….

RC September 19, 2007 5:56 PM

Ways to prevent this kind of attack:

  1. on-going background checks to detect any changes such as the death of a family member
  2. screen trusted insiders for explosives
  3. do not put all of your officers in the same room
  4. limit the access of each trusted insider


sooth_sayer September 19, 2007 8:29 PM

When one nut kills another, I am not amused but ecstatic.

Have you any idea how many people those SSG cadets were going to kill? or how many Indira Gandhi was planning to? Their victims had (have) families and loved ones too. What won’t I give to gave back in time to get M’Atta & Co.

For your differing disposition, a visit to shrink is warranted.

sooth_sayer September 19, 2007 8:35 PM

@ anonymous –
“we westerners” not a tribe — wonderful

I wonder if germans were westerners? or stalin was ?

Nuts are nuts and you seem to be more in their image than “us” .. we have a tribe too .. and we don’t like your thoughts.

Lawrence D'Oliveiro September 19, 2007 9:31 PM

In what way was this a “terrorist” attack, somehow different from, say, the Georgia Tech shootings?

al-one September 19, 2007 9:36 PM

I don’t really blame him that much being more selfish though I probably would have tried to kill them all without being killed and there is no one waspier than me blood is always thicker than water .

djm September 19, 2007 10:52 PM

“There probably isn’t any practicable way to prevent these sorts of attacks by trusted insiders.”

Well, one could start by not killing their sisters.

supersnail September 20, 2007 1:41 AM

“The one issue we as westerners will never understand is the tribal mentality with those associated with this group of terrorist.”

Maybe it’s my tribal Scottish ancestors but I have no trouble sympathising with someone members family were murdered in a botched raid.

My only surprise is that given the tools at his disposal he limited himself to the humble hand grenade.

Perhaps the problem is that some westerners have become disassociated from the rest of humanity that they cannot appreciate even the most basic human emotions.

Anonymous September 20, 2007 2:11 AM

“The one issue we as westerners will never understand is the tribal mentality with those associated with this group of terrorist.”

If your sister is killed like that and you stay away from the “tribal mentality” about it. I am sure your family would not care for you much either.

German September 20, 2007 2:51 AM

there is a way to prevent such things from happening. But to be precise:
– inside terrorists are hard to detect and prevent, full ack
– but it is obvious: the Pakistani Army created that terrorist by following an insane and inhuman strategy. Brutally fighting terrorism, neglecting to be very careful in what you do leads to yourself become a terrorist killing innocent people thus creating new terrorists in return.

Thats what “we” Europeans are trying to get into peoples’ heads all the time – and for which we are being called “cowards”, “leftists” or “naive ideologists”. I call it “being wise and insightful”.

NOT meaning or intending to insult anyone!

Reasonable September 20, 2007 3:01 AM


There probably isn’t any practicable way to prevent these sorts of attacks

  1. No, but monitoring people whose sisters you killed is a good start.
  2. Saying you cannot prevent these occurrences is often murkying the water – there is no need to prevent these attacks, just limit their likelihood – they are an army after all, casualties happen. And angering someone is the likely result of fighting other hostile groups; this does not make the cost of the decision to (in this case, raid some group) wrong, as the serie (sigma of [expected value of] related costs) often converges pretty fast. So from the pov of the SSG, a 1/20 chance of a suicide bomber triggered by said raid just means +1 to the cost of making the raid.
    Still from the pov of the ssg, it would be wiser to monitor people you may have angered and implicitly revoke trust; that’s hard politically (the equivalent of you losing network access after you step into your boss’s office and asked for a raise) as it can cause even more resentment, so should be used judicially.

Also, from the pov of said suicide bomber, I can see him reacting back to his sister being killed. I even sympathize, on some level. But an important point is to remember which side you’re on. If you are on the SSG side, you should focus on stopping those attacks, not admiring the morality and sacrifice of your attackers.

Jan Egil Kristiansen September 20, 2007 3:10 AM

Well, we don’t have to trust insiders to enter the room without a security check. But that level of distrust is a lot of trouble, and a nasty message of distrust.

He could have been suspended once the death of his sister was known. On the other hand, that is a point in his life when treating him good is very important – if you throw him out, he is almost certain to join the other side.

Andreas September 20, 2007 3:48 AM

If a person you love gets killed, it is not unusal that you become depressive and suicidal. And that you turn against them, who killed your loved one.

So, trying not to kill so much (innocent) people (less collateral damage) could be a good way to decrease this kind of attacks.

This is not only true for members of the Pakistani army.

Dave September 20, 2007 6:18 AM

Andreas said: If a person you love gets killed, it is not unusal that you become depressive and suicidal. And that you turn against them, who killed your loved one.

Dave says:
What is the proper action to take when one of your trusted soldiers becomes less trustworthy ? Firing an already depressed, suicidal maniac isn’t going to improve your chances of survival. Keeping him in his trusted position isn’t much better. Therapy and counseling is expensive but may be the best option.

Of course, if we are simply using this as an analogy for computers or employees then the problem becomes a little more simple. Identify any changes in trustworthiness and modify trust accordingly. If this means you don’t trust him as an employee any more, firing him is the only logical move.

If your business model involves killing your employee’s sisters on a regular basis you may want to look into another line of work.

MathFox September 20, 2007 6:48 AM

About trusted insiders: Schiphol (Amsterdam) Airport is seriously investigating drugs smuggling; some results:
May: 9 arrests, 2 of them customs officers; all employees working at the airport; 78 kilo of cocaine confiscated.
September: 3 customs officers and another airport employee; again 78 kilo of cocaine.

(It looks like the investigation program is winding down, there were more arrests earlier this year.)

Nick Lancaster September 20, 2007 8:30 AM

I have always maintained that a significant threat in Pakistan is ‘one believer with a key.’

Tested, deployable nuclear weapons.

Guarded by trusted insiders.

Doesn’t need to be a grand conspiracy, just one guy in the right place to look the wrong way, leave a door open, etc.

youbunchofdopes September 20, 2007 8:31 AM

First of all, the status of women in India and, most particularly in islamic countries, is less than a dog. Based on this, I find the argument that this “insider” killed all his compatriots because of the death of his sister less than compelling. The fact that his sister we holed up inside a mosque that supported and encouraged islamic extremism indicates that, in fact, she was a terrorist. It is hardly surprising that her brother would follow the same ideology and the fact he blew up the mess hall has more to do with his (and her) form of islamofascism than it has to do with revenge for his sister’s death. This is what these people do, after all.

Fraud Guy September 20, 2007 8:59 AM

Jurgen Voorneveld:

“The things people invent new terminology for is scary sometimes.”

Then there’s one of the originals–decimation–the killing of one in every ten people in a group. Those Romans, what a fun-loving Empire they had!

Bryan Feir September 20, 2007 9:41 AM

@Fraud Guy:

Well, Voltaire in Candide made a comment that describes pretty much exactly why decimation was done. ‘Dans ce pays-ci, il est bon de tuer de temps en temps un amiral pour encourager les autres.’ (In this country, it is good to kill an admiral from time to time to encourage the others.)

‘Pour encourager les autres’ has become a reasonably common term since then for a ‘see what happens when you don’t do your job’ demonstration…

Avery September 20, 2007 11:51 AM

@ anonymous –

Tribal mentality? So if someone shot your sister, it would mean no more or less to you than someone shoot a guy you never met on the other side of town?

I’m seeing an incomprehensible mentality here but it’s not the suicide bomber’s.

Adam September 20, 2007 2:11 PM

It all boils down to a Prisoner’s Dilemma.
players: Army vs People

Fill in the sections yourself and there are MANY practical ways to solve without it ended in bombs.

ed dickson September 21, 2007 8:15 AM

My father was one of the engineers, who designed Tarbela Dam, where this occurred.

I spent a lot of my youth in Pakistan.

Tarbela is the largest earth-filled dam in the world and if it were attacked by terrorists, the results could be pretty devastating. It produces a large portion of the electricity and irrigation resources for Pakistan.

If the dam were breached the resulting flood would cause mass havoc, also.

The entire area of Tarbela has always been kept pretty secure by the Pakistani government because of this. I can understand why a lot of this story seems to be being kept pretty quiet.

Notably, Tarbela is also right next to what many consider the tribal areas, which historically haven’t ever been completely controlled by any government. This would include the British, who were there until 1947.

The fact that the Pakistani government can’t control them now is nothing new.

One item that was wrong in the article is that Tarbela is actually about 100 km North (not South) of Islamabad.

wm September 26, 2007 7:34 AM

@Jan Egil Kristiansen: “Well, we don’t have to trust insiders to enter the room without a security check.”

But who are you going to get to do the security check…?

UNTER October 2, 2007 3:00 PM

“There probably isn’t any practicable way to prevent these sorts of attacks by trusted insiders.”

Really Bruce? Haven’t had your second cup of coffee yet? Or just don’t want to go there?

Well, of course there’s no way to have 100% security against ANYTHING. But basically, you reap what you sow. You join the mob, you have problems with informers. You join an aggressive military unit which has used terroristic tactics in the past, you get it in your face, and then THEY get it in their faces, ad infinitum. You’re part of a cynical and narcissistic corporate culture, you get robbed by the IT guy whose health insurance you just got by 50% to boost quarterly earnings.

There is a way to mitigate. Be trustworthy yourself. Find common interest with those you trust and who trust you. Build up reciprocity.

“Love your neighbor”. “Be good to each other”.

It’s childishly obvious, propagated by childish platitudes. Not a “security” issue really at all, just plain, old-fashioned, taught to small children morality. Proven by a million years of human existence and burned into our genome.

Be a bastard and sooner or later you’ll get your comeuppance. Be a bystander to bastard behavior and get caught in the cross-fire.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.