Entries Tagged "al Qaeda"

Page 4 of 7

The Effectiveness of Political Assassinations

This is an excellent read:

I wouldn’t have believed you if you’d told me 20 years ago that America would someday be routinely firing missiles into countries it’s not at war with. For that matter, I wouldn’t have believed you if you’d told me a few months ago that America would soon be plotting the assassination of an American citizen who lives abroad.

He goes on to discuss Obama’s authorization of the assassination of Anwar al-Awlaki, an American living in Yemen. He speculates on whether or not this is illegal, but spends more time musing about the effectiveness of assassination, referring to a 2009 paper from Security Studies: “When Heads Roll: Assessing the Effectiveness of Leadership Decapitation“: “She studied 298 attempts, from 1945 through 2004, to weaken or eliminate terrorist groups through ‘leadership decapitation’—eliminating people in senior positions.”

From the paper’s conclusion:

The data presented in this paper show that decapitation is not an effective counterterrorism strategy. While decapitation is effective in 17 percent of all cases, when compared to the overall rate of organizational decline, decapitated groups have a lower rate of decline than groups that have not had their leaders removed. The findings show that decapitation is more likely to have counterproductive effects in larger, older, religious, and separatist organizations. In these cases decapitation not only has a much lower rate of success, the marginal value is, in fact, negative. The data provide an essential test of decapitation’s value as a counterterrorism policy.

There are important policy implications that can be derived from this study of leadership decapitation. Leadership decapitation seems to be a misguided strategy, particularly given the nature of organizations being currently targeted. The rise of religious and separatist organizations indicates that decapitation will continue to be an ineffective means of reducing terrorist activity. It is essential that policy makers understand when decapitation is unlikely to be successful. Given these conditions, targeting bin Laden and other senior members of al Qaeda, independent of other measures, is not likely to result in organizational collapse. Finally, it is essential that policy makers look at trends in organizational decline. Understanding whether certain types of organizations are more prone to destabilization is an important first step in formulating successful counterterrorism policies.

Back to the article:

Particularly ominous are Jordan’s findings about groups that, like Al Qaeda and the Taliban, are religious. The chances that a religious terrorist group will collapse in the wake of a decapitation strategy are 17 percent. Of course, that’s better than zero, but it turns out that the chances of such a group fading away when there’s no decapitation are 33 percent. In other words, killing leaders of a religious terrorist group seems to increase the group’s chances of survival from 67 percent to 83 percent.

Of course the usual caveat applies: It’s hard to disentangle cause and effect. Maybe it’s the more formidable terrorist groups that invite decapitation in the first place—and, needless to say, formidable groups are good at survival. Still, the other interpretation of Jordan’s findings—that decapitation just doesn’t work, and in some cases is counterproductive—does make sense when you think about it.

For starters, reflect on your personal workplace experience. When an executive leaves a company—whether through retirement, relocation or death—what happens? Exactly: He or she gets replaced. And about half the time (in my experience, at least) the successor is more capable than the predecessor. There’s no reason to think things would work differently in a terrorist organization.

Maybe that’s why newspapers keep reporting the death of a “high ranking Al Qaeda lieutenant”; it isn’t that we keep killing the same guy, but rather that there’s an endless stream of replacements. You’re not going to end the terrorism business by putting individual terrorists out of business.

You might as well try to end the personal computer business by killing executives at Apple and Dell. Capitalism being the stubborn thing it is, new executives would fill the void, so long as there was a demand for computers.

Of course, if you did enough killing, you might make the job of computer executive so unattractive that companies had to pay more and more for ever-less-capable executives. But that’s one difference between the computer business and the terrorism business. Terrorists aren’t in it for the money to begin with. They have less tangible incentives—and some of these may be strengthened by targeted killings.

Read the whole thing.

I thought this comment, from former senator Gary Hart, was particularly good.

As a veteran of the Senate Select Committee to Investigate the Intelligence Services of the U.S. (so-called Church committee), we discovered at least five official plots to assassinate foreign leaders, including Fidel Castro with almost demented insistence. None of them worked, though the Diem brothers in Vietnam and Salvador Allende in Chile might argue otherwise. In no case did it work out well for the U.S. or its policy. Indeed, once exposed, as these things inevitably are, the ideals underlying our Constitution and the nation’s prestige suffered incalculable damage. The issue is principle versus expediency. Principle always suffers when expediency becomes the rule. We simply cannot continue to sacrifice principle to fear.

Additional commentary from The Atlantic.

EDITED TO ADD (4/22): The Church Commmittee’s report on foreign assassination plots.

EDITED TO ADD (5/13): Stratfor

Is MI5 playing a joke on us?

Female homicide bombers are being fitted with exploding breast implants which are almost impossible to detect, British spies have reportedly discovered.

[…]

MI5 has also discovered that extremists are inserting the explosives into the buttocks of some male bombers.

“Women suicide bombers recruited by Al Qaeda are known to have had the explosives inserted in their breasts under techniques similar to breast enhancing surgery,” Terrorist expert Joseph Farah claims.

They’re “known to have” this? I doubt it. More likely, they could be:

Radical Islamist plastic surgeons could be carrying out the implant operations in lawless areas of Pakistan, security sources are said to warned.

They also could be having tea with their families. They could be building killer robots with lasers shooting out of their eyes.

I love the poor Photoshop job in this article from The Sun.

Perhaps we should just give up. When this sort of hysterical nonsense becomes an actual news story, the terrorists have won.

Posted on April 1, 2010 at 1:33 PMView Comments

Outguessing the Terrorists

Isn’t it a bit embarrassing for an “expert on counter-terrorism” to be quoted as saying this?

Bill Tupman, an expert on counter-terrorism from Exeter University, told BBC News: “The problem is trying to predict the mind of the al-Qaeda planner; there are so many things they might do.

“And it is also necessary to reassure the public that we are trying to outguess the al-Qaeda planner and we are in the process of protecting them from any threat.”

I think it’s necessary to convince the public to refuse to be terrorized. What frustrates me most about Abdulmutallab is that he caused terror even though his plot failed. I want us to be indomitable enough for the next attack to fail to cause terror, even if it succeeds. Remember: terrorism can’t destroy our country’s way of life; only our reaction to terrorism can.

Posted on February 9, 2010 at 6:07 AMView Comments

Al Qaeda Secret Code Broken

I would sure like to know more about this:

Top code-breakers at the Government Communications Headquarters in the United Kingdom have succeeded in breaking the secret language that has allowed imprisoned leaders of al-Qaida to keep in touch with other extremists in U.K. jails as well as 10,000 “sleeper agents” across the islands….

[…]

For six months, the code-breakers worked around the clock deciphering the code the three terrorists created.

Between them, the code-breakers speak all the dialects that form the basis for the code. Several of them have high-value skills in computer technology. The team worked closely with the U.S. National Security Agency and its station at Menwith Hill in the north of England. The identity of the code-breakers is so secret that not even their gender can be revealed.

“Like all good codes, the one they broke depended on substituting words, numbers or symbols for plain text. A single symbol could represent an idea or an entire message,” said an intelligence source.

The code the terrorists devised consists of words chosen from no fewer than 20 dialects from Afghanistan, Iran, Pakistan, Yemen and Sudan.

Inserted with the words ­ either before or after them ­ is local slang. The completed message is then buried in Islamic religious tracts.

EDITED TO ADD: Here’s a link to the story that still works. I didn’t realize this came from WorldNetDaily, so take it with an appropriate amount of salt.

Posted on November 23, 2009 at 7:24 AMView Comments

FBI/CIA/NSA Information Sharing Before 9/11

It’s conventional wisdom that the legal “wall” between intelligence and law enforcement was one of the reasons we failed to prevent 9/11. The 9/11 Comission evaluated that claim, and published a classified report in 2004. The report was released, with a few redactions, over the summer: “Legal Barriers to Information Sharing: The Erection of a Wall Between Intelligence and Law Enforcement Investigations,” 9/11 Commission Staff Monograph by Barbara A. Grewe, Senior Counsel for Special Projects, August 20, 2004.

The report concludes otherwise:

“The information sharing failures in the summer of 2001 were not the result of legal barriers but of the failure of individuals to understand that the barriers did not apply to the facts at hand,” the 35-page monograph concludes. “Simply put, there was no legal reason why the information could not have been shared.”

The prevailing confusion was exacerbated by numerous complicating circumstances, the monograph explains. The Foreign Intelligence Surveillance Court was growing impatient with the FBI because of repeated errors in applications for surveillance. Justice Department officials were uncomfortable requesting intelligence surveillance of persons and facilities related to Osama bin Laden since there was already a criminal investigation against bin Laden underway, which normally would have preempted FISA surveillance. Officials were reluctant to turn to the FISA Court of Review for clarification of their concerns since one of the judges on the court had expressed doubts about the constitutionality of FISA in the first place. And so on. Although not mentioned in the monograph, it probably didn’t help that public interest critics in the 1990s (myself included) were accusing the FISA Court of serving as a “rubber stamp” and indiscriminately approving requests for intelligence surveillance.

In the end, the monograph implicitly suggests that if the law was not the problem, then changing the law may not be the solution.

James Bamford comes to much the same conclusion in his book, The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America: there was no legal wall that prevented intelligence and law enforcement from sharing the information necessary to prevent 9/11; it was inter-agency rivalries and turf battles.

Posted on November 12, 2009 at 2:26 PMView Comments

Terrorist Havens

Good essay on “terrorist havens”—like Afghanistan—and why they’re not as big a worry as some maintain:

Rationales for maintaining the counterinsurgency in Afghanistan are varied and complex, but they all center on one key tenet: that Afghanistan must not be allowed to again become a haven for terrorist groups, especially al-Qaeda.

[…]

The debate has largely overlooked a more basic question: How important to terrorist groups is any physical haven? More to the point: How much does a haven affect the danger of terrorist attacks against U.S. interests, especially the U.S. homeland? The answer to the second question is: not nearly as much as unstated assumptions underlying the current debate seem to suppose. When a group has a haven, it will use it for such purposes as basic training of recruits. But the operations most important to future terrorist attacks do not need such a home, and few recruits are required for even very deadly terrorism. Consider: The preparations most important to the Sept. 11, 2001, attacks took place not in training camps in Afghanistan but, rather, in apartments in Germany, hotel rooms in Spain and flight schools in the United States.

In the past couple of decades, international terrorist groups have thrived by exploiting globalization and information technology, which has lessened their dependence on physical havens.

By utilizing networks such as the Internet, terrorists’ organizations have become more network-like, not beholden to any one headquarters. A significant jihadist terrorist threat to the United States persists, but that does not mean it will consist of attacks instigated and commanded from a South Asian haven, or that it will require a haven at all. Al-Qaeda’s role in that threat is now less one of commander than of ideological lodestar, and for that role a haven is almost meaningless.

Posted on September 21, 2009 at 6:46 AMView Comments

Eighth Anniversary of 9/11

On September 30, 2001, I published a special issue of Crypto-Gram discussing the terrorist attacks. I wrote about the novelty of the attacks, airplane security, diagnosing intelligence failures, the potential of regulating cryptography—because it could be used by the terrorists—and protecting privacy and liberty. Much of what I wrote is still relevant today:

Appalled by the recent hijackings, many Americans have declared themselves willing to give up civil liberties in the name of security. They’ve declared it so loudly that this trade-off seems to be a fait accompli. Article after article talks about the balance between privacy and security, discussing whether various increases of security are worth the privacy and civil-liberty losses. Rarely do I see a discussion about whether this linkage is a valid one.

Security and privacy are not two sides of a teeter-totter. This association is simplistic and largely fallacious. It’s easy and fast, but less effective, to increase security by taking away liberty. However, the best ways to increase security are not at the expense of privacy and liberty.

It’s easy to refute the notion that all security comes at the expense of liberty. Arming pilots, reinforcing cockpit doors, and teaching flight attendants karate are all examples of security measures that have no effect on individual privacy or liberties. So are better authentication of airport maintenance workers, or dead-man switches that force planes to automatically land at the closest airport, or armed air marshals traveling on flights.

Liberty-depriving security measures are most often found when system designers failed to take security into account from the beginning. They’re Band-aids, and evidence of bad security planning. When security is designed into a system, it can work without forcing people to give up their freedoms.

[…]

There are copycat criminals and terrorists, who do what they’ve seen done before. To a large extent, this is what the hastily implemented security measures have tried to prevent. And there are the clever attackers, who invent new ways to attack people. This is what we saw on September 11. It’s expensive, but we can build security to protect against yesterday’s attacks. But we can’t guarantee protection against tomorrow’s attacks: the hacker attack that hasn’t been invented, or the terrorist attack yet to be conceived.

Demands for even more surveillance miss the point. The problem is not obtaining data, it’s deciding which data is worth analyzing and then interpreting it. Everyone already leaves a wide audit trail as we go through life, and law enforcement can already access those records with search warrants. The FBI quickly pieced together the terrorists’ identities and the last few months of their lives, once they knew where to look. If they had thrown up their hands and said that they couldn’t figure out who did it or how, they might have a case for needing more surveillance data. But they didn’t, and they don’t.

More data can even be counterproductive. The NSA and the CIA have been criticized for relying too much on signals intelligence, and not enough on human intelligence. The East German police collected data on four million East Germans, roughly a quarter of their population. Yet they did not foresee the peaceful overthrow of the Communist government because they invested heavily in data collection instead of data interpretation. We need more intelligence agents squatting on the ground in the Middle East arguing the Koran, not sitting in Washington arguing about wiretapping laws.

People are willing to give up liberties for vague promises of security because they think they have no choice. What they’re not being told is that they can have both. It would require people to say no to the FBI’s power grab. It would require us to discard the easy answers in favor of thoughtful answers. It would require structuring incentives to improve overall security rather than simply decreasing its costs. Designing security into systems from the beginning, instead of tacking it on at the end, would give us the security we need, while preserving the civil liberties we hold dear.

Some broad surveillance, in limited circumstances, might be warranted as a temporary measure. But we need to be careful that it remain temporary, and that we do not design surveillance into our electronic infrastructure. Thomas Jefferson once said: “Eternal vigilance is the price of liberty.” Historically, liberties have always been a casualty of war, but a temporary casualty. This war—a war without a clear enemy or end condition—has the potential to turn into a permanent state of society. We need to design our security accordingly.

Posted on September 11, 2009 at 6:26 AMView Comments

Second SHB Workshop Liveblogging (9)

The eighth, and final, session of the SHB09 was optimistically titled “How Do We Fix the World?” I moderated, which meant that my liveblogging was more spotty, especially in the discussion section.

David Mandel, Defense Research and Development Canada (suggested reading: Applied Behavioral Science in Support of Intelligence Analysis, Radicalization: What does it mean?; The Role of Instigators in Radicalization to Violent Extremism), is part of the Thinking, Risk, and Intelligence Group at DRDC Toronto. His first observation: “Be wary of purported world-fixers.” His second observation: when you claim that something is broken, it is important to specify the respects in which it’s broken and what fixed looks like. His third observation: it is also important to analyze the consequences of any potential fix. An analysis of the way things are is perceptually based, but an analysis of the way things should be is value-based. He also presented data showing that predictions made by intelligence analysts (at least in one Canadian organization) were pretty good.

Ross Anderson, Cambridge University (suggested reading: Database State; book chapters on psychology and terror), asked “Where’s the equilibrium?” Both privacy and security are moving targets, but he expects that someday soon there will be a societal equilibrium. Incentives to price discriminate go up, and the cost to do so goes down. He gave several examples of database systems that reached very different equilibrium points, depending on corporate lobbying, political realities, public outrage, etc. He believes that privacy will be regulated, the only question being when and how. “Where will the privacy boundary end up, and why? How can we nudge it one way or another?”

Alma Whitten, Google (suggested reading: Why Johnny can’t encrypt: A usability evaluation of PGP 5.0), presented a set of ideals about privacy (very European like) and some of the engineering challenges they present. “Engineering challenge #1: How to support access and control to personal data that isn’t authenticated? Engineering challenge #2: How to inform users about both authenticated and unauthenticated data? Engineering challenge #3: How to balance giving users control over data collection versus detecting and stopping abuse? Engineering challenge #4: How to give users fine-grained control over their data without overwhelming them with options? Engineering challenge #5: How to link sequential actions while preventing them from being linkable to a person? Engineering challenge #6: How to make the benefits of aggregate data analysis apparent to users? Engineering challenge #7: How to avoid or detect inadvertent recording of data that can be linked to an individual?” (Note that Alma requested not to be recorded.)

John Mueller, Ohio State University (suggested reading: Reacting to Terrorism: Probabilities, Consequences, and the Persistence of Fear; Evaluating Measures to Protect the Homeland from Terrorism; Terrorphobia: Our False Sense of Insecurity), talked about terrorism and the Department of Homeland Security. Terrorism isn’t a threat; it’s a problem and a concern, certainly, but the word “threat” is still extreme. Al Qaeda isn’t a threat, and they’re the most serious potential attacker against the U.S. and Western Europe. And terrorists are overwhelmingly stupid. Meanwhile, the terrorism issue “has become a self-licking ice cream cone.” In other words, it’s now an ever-perpetuating government bureaucracy. There are virtually an infinite number of targets; the odds of any one target being targeted is effectively zero; terrorists pick targets largely at random; if you protect target, it makes other targets less safe; most targets are vulnerable in the physical sense, but invulnerable in the sense that they can be rebuilt relatively cheaply (even something like the Pentagon); some targets simply can’t be protected; if you’re going to protect some targets, you need to determine if they should really be protected. (I recommend his book, Overblown.)

Adam Shostack, Microsoft (his blog), pointed out that even the problem of figuring out what part of the problem to work on first is difficult. One of the issues is shame. We don’t want to talk about what’s wrong, so we can’t use that information to determine where we want to go. We make excuses—customers will flee, people will sue, stock prices will go down—even though we know that those excuses have been demonstrated to be false.

During the discussion, there was a lot of talk about the choice between informing users and bombarding them with information they can’t understand. And lots more that I couldn’t transcribe.

And that’s it. SHB09 was a fantastic workshop, filled with interesting people and interesting discussion. Next year in the other Cambridge.

Adam Shostack’s liveblogging is here. Ross Anderson’s liveblogging is in his blog post’s comments. Matt Blaze’s audio is here.

Posted on June 12, 2009 at 4:55 PMView Comments

Why Is Terrorism so Hard?

I don’t know how I missed this great series from Slate in February. It’s eight essays exploring why there have been no follow-on terrorist attacks in the U.S. since 9/11 (not counting the anthrax mailings, I guess). Some excerpts:

Al-Qaida’s successful elimination of the Twin Towers, part of the Pentagon, four jetliners, and nearly 3,000 innocent lives makes the terror group seem, in hindsight, diabolically brilliant. But when you review how close the terrorists came to being exposed by U.S. intelligence, 9/11 doesn’t look like an ingenious plan that succeeded because of shrewd planning. It looks like a stupid plan that succeeded through sheer dumb luck.

[…]

Even when it isn’t linked directly to terrorism, Muslim radicalism seems more prevalent—and certainly more visible—inside the United Kingdom, and in Western Europe generally, than it is inside the United States.

Why the difference? Economics may be one reason. American Muslims are better-educated and wealthier than the average American.

[…]

According to [one] theory, the 9/11 attacks were so stunning a success that they left al-Qaida’s leadership struggling to conceive and carry out an even more fearsome and destructive plan against the United States. In his 2006 book The One Percent Doctrine, journalist Ron Suskind attributes to the U.S. intelligence community the suspicion that “Al Qaeda wouldn’t want to act unless it could top the World Trade Center and the Pentagon with something even more devastating, creating an upward arc of rising and terrible expectation as to what, then, would follow.”

[…]

From a broader policy viewpoint, the Bush administration’s most significant accomplishment, terrorism experts tend to agree, was the 2001 defeat of Afghanistan’s Taliban regime and the destruction of Bin Laden’s training camps. As noted in “The Terrorists-Are-Dumb Theory” and “The Melting Pot Theory,” two-thirds of al-Qaida’s leadership was captured or killed. Journalist Lawrence Wright estimates that nearly 80 percent of al-Qaida’s Afghanistan-based membership was killed in the U.S. invasion, and intelligence estimates suggest al-Qaida’s current membership may be as low as 200 or 300.

[…]

The departing Bush administration’s claim that deposing Saddam Hussein helped prevent acts of terror in the United States has virtually no adherents, except to the extent that it drew some jihadis into Iraq. The Iraq war reduced U.S. standing in the Muslim world, especially when evidence surfaced that U.S. military officials had tortured and humiliated prisoners at the Abu Ghraib prison.

[…]

When Schelling, Abrams, and Sageman argue that terrorists are irrational, what they mean is that terror groups seldom realize their big-picture strategic goals. But Berrebi says you can’t pronounce terrorists irrational until you know what they really want. “We don’t know what are the real goals of each organization,” he says. Any given terror organization is likely to have many competing and perhaps even contradictory goals. Given these groups’ inherently secret nature, outsiders aren’t likely to learn which of these goals is given priority.

Read the whole thing.

Posted on June 3, 2009 at 1:35 PMView Comments

How Not to Carry Around Secret Documents

Here’s a tip: when walking around in public with secret government documents, put them in an envelope.

A huge MI5 and police counterterrorist operation against al-Qaeda suspects had to be brought forward at short notice last night after Scotland Yard’s counter-terrorism chief accidentally revealed a briefing document.

[…]

The operation was nearly blown when Assistant Commissioner Bob Quick walked up Downing Street holding a document marked “secret” with highly sensitive operational details visible to photographers.

The document, carried under his arm, revealed how many terrorist suspects were to be arrested, in which cities across the North West. It revealed that armed members of the Greater Manchester Police would force entry into a number of homes. The operation’s secret code headed the list of action that was to take place.

Now the debate begins about whether he was just stupid, or very very stupid:

Opposition MPs criticised Mr Quick, with the Liberal Democrats describing him as “accident prone” and the Conservatives condemning his “very alarming” lapse of judgement.

But former Labour Mayor of London Ken Livingstone said it would be wrong for such an experienced officer to resign “for holding a piece of paper the wrong way”.

It wasn’t just a piece of paper. It was a secret piece of paper. (Here’s the best blow-up of the picture. And surely these people have procedures for transporting classified material. That’s what the mistake was: not following proper procedure.

He resigned.

Posted on April 10, 2009 at 7:06 AMView Comments

1 2 3 4 5 6 7

Sidebar photo of Bruce Schneier by Joe MacInnis.