Entries Tagged "Osama bin Laden"

Page 1 of 2

Bin Laden Maintained Computer Security with an Air Gap

From the Associated Press:

Bin Laden’s system was built on discipline and trust. But it also left behind an extensive archive of email exchanges for the U.S. to scour. The trove of electronic records pulled out of his compound after he was killed last week is revealing thousands of messages and potentially hundreds of email addresses, the AP has learned.

Holed up in his walled compound in northeast Pakistan with no phone or Internet capabilities, bin Laden would type a message on his computer without an Internet connection, then save it using a thumb-sized flash drive. He then passed the flash drive to a trusted courier, who would head for a distant Internet cafe.

At that location, the courier would plug the memory drive into a computer, copy bin Laden’s message into an email and send it. Reversing the process, the courier would copy any incoming email to the flash drive and return to the compound, where bin Laden would read his messages offline.

I’m impressed. It’s hard to maintain this kind of COMSEC discipline.

It was a slow, toilsome process. And it was so meticulous that even veteran intelligence officials have marveled at bin Laden’s ability to maintain it for so long. The U.S. always suspected bin Laden was communicating through couriers but did not anticipate the breadth of his communications as revealed by the materials he left behind.

Navy SEALs hauled away roughly 100 flash memory drives after they killed bin Laden, and officials said they appear to archive the back-and-forth communication between bin Laden and his associates around the world.

Posted on May 18, 2011 at 8:45 AMView Comments

Extreme Authentication

Exactly how did they confirm it was Bin Laden’s body?

Officials compared the DNA of the person killed at the Abbottabad compound with the bin Laden “family DNA” to determine that the 9/11 mastermind had in fact been killed, a senior administration official said.

It was not clear how many different family members’ samples were compared or whose DNA was used.

[…]

Also to identify bin Laden, a visual ID was made. There were photo comparisons and other facial recognition used to identify him, the official said. A second official said that in addition to DNA, there was full biometric analysis of facial and body features.

EDITED TO ADD (5/5): A better article.

Posted on May 5, 2011 at 12:52 PMView Comments

Bin Laden's Death Causes Spike in Suspicious Package Reports

It’s not that the risk is greater, it’s that the fear is greater. Data from New York:

There were 10,566 reports of suspicious objects across the five boroughs in 2010. So far this year, the total was 2,775 as of Tuesday compared with 2,477 through the same period last year.

[…]

The daily totals typically spike when terrorist plot makes headlines here or overseas, NYPD spokesman Paul Browne said Tuesday. The false alarms themselves sometimes get break-in cable news coverage or feed chatter online, fueling further fright.

On Monday, with news of the dramatic military raid of bin Laden’s Pakistani lair at full throttle, there were 62 reports of suspicious packages. The previous Monday, the 24-hour total was 18. All were deemed non-threats.

Despite all the false alarms, the New York Police Department still wants to hear them:

“We anticipate that with increased public vigilance comes an increase in false alarms for suspicious packages,” Kelly said at the Monday news conference. “This typically happens at times of heightened awareness. But we don’t want to discourage the public. If you see something, say something.”

That slogan, oddly enough, is owned by New York’s transit authority.

I have a different opinion: “If you ask amateurs to act as front-line security personnel, you shouldn’t be surprised when you get amateur security.”

People have always come forward to tell the police when they see something genuinely suspicious, and should continue to do so. But encouraging people to raise an alarm every time they’re spooked only squanders our security resources and makes no one safer.

Refuse to be terrorized,” people.

Posted on May 5, 2011 at 6:43 AMView Comments

The CIA and Assassinations

The former CIA general counsel, John A. Rizzo, talks about his agency’s assassination program, which has increased dramatically under the Obama administration:

The hub of activity for the targeted killings is the CIA’s Counterterrorist Center, where lawyers—there are roughly 10 of them, says Rizzo—write a cable asserting that an individual poses a grave threat to the United States. The CIA cables are legalistic and carefully argued, often running up to five pages. Michael Scheuer, who used to be in charge of the CIA’s Osama bin Laden unit, describes “a dossier,” or a “two-page document,” along with “an appendix with supporting information, if anybody wanted to read all of it.” The dossier, he says, “would go to the lawyers, and they would decide. They were very picky.” Sometimes, Scheuer says, the hurdles may have been too high. “Very often this caused a missed opportunity. The whole idea that people got shot because someone has a hunch­I only wish that was true. If it were, there would be a lot more bad guys dead.”

Sometimes, as Rizzo recalls, the evidence against an individual would be thin, and high-level lawyers would tell their subordinates, “You guys did not make a case.” “Sometimes the justification would be that the person was thought to be at a meeting,” Rizzo explains. “It was too squishy.” The memo would get kicked back downstairs.

The cables that were “ready for prime time,” as Rizzo puts it, concluded with the following words: “Therefore we request approval for targeting for lethal operation.” There was a space provided for the signature of the general counsel, along with the word “concurred.” Rizzo says he saw about one cable each month, and at any given time there were roughly 30 individuals who were targeted. Many of them ended up dead, but not all: “No. 1 and No. 2 on the hit parade are still out there,” Rizzo says, referring to “you-know-who and [Ayman al-] Zawahiri,” a top Qaeda leader.

And the ACLU Deputy Legal Director on the interview:

What was most remarkable about the interview, though, was not what Rizzo said but that it was Rizzo who said it. For more than six years until his retirement in December 2009, Rizzo was the CIA’s acting general counsel—the agency’s chief lawyer. On his watch the CIA had sought to quash a Freedom of Information Act lawsuit by arguing that national security would be harmed irreparably if the CIA were to acknowledge any detail about the targeted killing program, even the program’s mere existence.

Rizzo’s disclosure was long overdue—the American public surely has a right to know that the assassination of terrorism suspects is now official government policy ­ and reflects an opportunistic approach to allegedly sensitive information that has become the norm for senior government officials. Routinely, officials insist to courts that the nation’s security will be compromised if certain facts are revealed but then supply those same facts to trusted reporters.

Posted on April 11, 2011 at 6:33 AMView Comments

Causing Terror on the Cheap

Total cost for the Yemeni printer cartridge bomb plot: $4200.

“Two Nokia mobiles, $150 each, two HP printers, $300 each, plus shipping, transportation and other miscellaneous expenses add up to a total bill of $4,200. That is all what Operation Hemorrhage cost us,” the magazine said.

Even if you add in costs for training, recruiting, logistics, and everything else, that’s still remarkably cheap. And think of how many times that we spent in security in the aftermath.

As it turns out, this is bin Laden’s plan:

In his October 2004 address to the American people, bin Laden noted that the 9/11 attacks cost al Qaeda only a fraction of the damage inflicted upon the United States. “Al Qaeda spent $500,000 on the event,” he said, “while America in the incident and its aftermath lost—according to the lowest estimates—more than $500 billion, meaning that every dollar of al Qaeda defeated a million dollars.”

The economic strategy of jihad would go through refinement. Its initial phase linked terrorist attacks broadly to economic harm. A second identifiable phase, which al Qaeda pursued even as it continued to attack economic targets, is what you might call its “bleed-until-bankruptcy plan.” Bin Laden announced this plan in October 2004, in the same video in which he boasted of the economic harm inflicted by 9/11. Terrorist attacks are often designed to provoke an overreaction from the opponent and this phase seeks to embroil the United States and its allies in draining wars in the Muslim world. The mujahideen “bled Russia for 10 years, until it went bankrupt,” bin Laden said, and they would now do the same to the United States.

[…]

The point is clear: Security is expensive, and driving up costs is one way jihadists can wear down Western economies. The writer encourages the United States “not to spare millions of dollars to protect these targets” by increasing the number of guards, searching all who enter those places, and even preventing flying objects from approaching the targets. “Tell them that the life of the American citizen is in danger and that his life is more significant than billions of dollars,” he wrote. “Hand in hand, we will be with you until you are bankrupt and your economy collapses.”

None of this would work if we don’t help them by terrorizing ourselves. I wrote this after the Underwear Bomber failed:

Finally, we need to be indomitable. The real security failure on Christmas Day was in our reaction. We’re reacting out of fear, wasting money on the story rather than securing ourselves against the threat. Abdulmutallab succeeded in causing terror even though his attack failed.

If we refuse to be terrorized, if we refuse to implement security theater and remember that we can never completely eliminate the risk of terrorism, then the terrorists fail even if their attacks succeed.

Posted on November 29, 2010 at 6:52 AMView Comments

The Effectiveness of Political Assassinations

This is an excellent read:

I wouldn’t have believed you if you’d told me 20 years ago that America would someday be routinely firing missiles into countries it’s not at war with. For that matter, I wouldn’t have believed you if you’d told me a few months ago that America would soon be plotting the assassination of an American citizen who lives abroad.

He goes on to discuss Obama’s authorization of the assassination of Anwar al-Awlaki, an American living in Yemen. He speculates on whether or not this is illegal, but spends more time musing about the effectiveness of assassination, referring to a 2009 paper from Security Studies: “When Heads Roll: Assessing the Effectiveness of Leadership Decapitation“: “She studied 298 attempts, from 1945 through 2004, to weaken or eliminate terrorist groups through ‘leadership decapitation’—eliminating people in senior positions.”

From the paper’s conclusion:

The data presented in this paper show that decapitation is not an effective counterterrorism strategy. While decapitation is effective in 17 percent of all cases, when compared to the overall rate of organizational decline, decapitated groups have a lower rate of decline than groups that have not had their leaders removed. The findings show that decapitation is more likely to have counterproductive effects in larger, older, religious, and separatist organizations. In these cases decapitation not only has a much lower rate of success, the marginal value is, in fact, negative. The data provide an essential test of decapitation’s value as a counterterrorism policy.

There are important policy implications that can be derived from this study of leadership decapitation. Leadership decapitation seems to be a misguided strategy, particularly given the nature of organizations being currently targeted. The rise of religious and separatist organizations indicates that decapitation will continue to be an ineffective means of reducing terrorist activity. It is essential that policy makers understand when decapitation is unlikely to be successful. Given these conditions, targeting bin Laden and other senior members of al Qaeda, independent of other measures, is not likely to result in organizational collapse. Finally, it is essential that policy makers look at trends in organizational decline. Understanding whether certain types of organizations are more prone to destabilization is an important first step in formulating successful counterterrorism policies.

Back to the article:

Particularly ominous are Jordan’s findings about groups that, like Al Qaeda and the Taliban, are religious. The chances that a religious terrorist group will collapse in the wake of a decapitation strategy are 17 percent. Of course, that’s better than zero, but it turns out that the chances of such a group fading away when there’s no decapitation are 33 percent. In other words, killing leaders of a religious terrorist group seems to increase the group’s chances of survival from 67 percent to 83 percent.

Of course the usual caveat applies: It’s hard to disentangle cause and effect. Maybe it’s the more formidable terrorist groups that invite decapitation in the first place—and, needless to say, formidable groups are good at survival. Still, the other interpretation of Jordan’s findings—that decapitation just doesn’t work, and in some cases is counterproductive—does make sense when you think about it.

For starters, reflect on your personal workplace experience. When an executive leaves a company—whether through retirement, relocation or death—what happens? Exactly: He or she gets replaced. And about half the time (in my experience, at least) the successor is more capable than the predecessor. There’s no reason to think things would work differently in a terrorist organization.

Maybe that’s why newspapers keep reporting the death of a “high ranking Al Qaeda lieutenant”; it isn’t that we keep killing the same guy, but rather that there’s an endless stream of replacements. You’re not going to end the terrorism business by putting individual terrorists out of business.

You might as well try to end the personal computer business by killing executives at Apple and Dell. Capitalism being the stubborn thing it is, new executives would fill the void, so long as there was a demand for computers.

Of course, if you did enough killing, you might make the job of computer executive so unattractive that companies had to pay more and more for ever-less-capable executives. But that’s one difference between the computer business and the terrorism business. Terrorists aren’t in it for the money to begin with. They have less tangible incentives—and some of these may be strengthened by targeted killings.

Read the whole thing.

I thought this comment, from former senator Gary Hart, was particularly good.

As a veteran of the Senate Select Committee to Investigate the Intelligence Services of the U.S. (so-called Church committee), we discovered at least five official plots to assassinate foreign leaders, including Fidel Castro with almost demented insistence. None of them worked, though the Diem brothers in Vietnam and Salvador Allende in Chile might argue otherwise. In no case did it work out well for the U.S. or its policy. Indeed, once exposed, as these things inevitably are, the ideals underlying our Constitution and the nation’s prestige suffered incalculable damage. The issue is principle versus expediency. Principle always suffers when expediency becomes the rule. We simply cannot continue to sacrifice principle to fear.

Additional commentary from The Atlantic.

EDITED TO ADD (4/22): The Church Commmittee’s report on foreign assassination plots.

EDITED TO ADD (5/13): Stratfor blog since 2004, and in my monthly newsletter since 1998. I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc. This personal website expresses the opinions of none of those organizations.

Latest Book

A Hacker's Mind

More Books