It's a Small World
When the Burmese government shut down all the Internet Service Providers in the country in an attempt to silence its virtual opposition, they may have actually done the opposition a long-term favor. How can shutting down the Internet help the virtual resistance? Even John Palfrey of the Berkman Center for Internet and Society at Harvard Law School described the Burmese shutdown as a "nuclear bomb" in an interview with MIT Technology Review.
I've never seen anything like this cutoff to the Internet at such a broad scale so crudely and completely. They've taken the nuclear-bomb approach. We've witnessed what appear to be denial-of-service-type attacks during elections, for instance, but nothing so large-scale like this shutdown.
But in reality the Burmese military authorities could have done more damage to the virtual resistance by leaving the ISPs open. Those who rely on the Internet for comms should know that it is both a blessing and a curse. Although some jihadi theorists believe that the Internet provides a way to safely move information around control points dominated by the West, in reality the Internet also creates certain unique vulnerabilities. Some of those vulnerabilities became evident when the White House was accused of compromising the data mining efforts of the Search for International Terrorist Institute (SITE), a nonprofit organization which has been described as "monitoring terrorist and extremist websites and penetrating password-protected Al Qaeda linked sites [thereby providing] ... state-of-the-art intelligence service to both practitioners and analysts to understand the adversary." According to Washington Post an eager-beaver person at the Bush White House inadvertently revealed to the press that intelligence can be derived from monitoring al-Qaeda related sites.
A small private intelligence company that monitors Islamic terrorist groups obtained a new Osama bin Laden video ahead of its official release last month, and around 10 a.m. on Sept. 7, it notified the Bush administration of its secret acquisition. It gave two senior officials access on the condition that the officials not reveal they had it until the al-Qaeda release.
Within 20 minutes, a range of intelligence agencies had begun downloading it from the company's Web site. By midafternoon that day, the video and a transcript of its audio track had been leaked from within the Bush administration to cable television news and broadcast worldwide.
The founder of the company, the SITE Intelligence Group, says this premature disclosure tipped al-Qaeda to a security breach and destroyed a years-long surveillance operation that the company has used to intercept and pass along secret messages, videos and advance warnings of suicide bombings from the terrorist group's communications network. ...
Al-Qaeda supporters, now alerted to the intrusion into their secret network, put up new obstacles that prevented SITE from gaining the kind of access it had obtained in the past, according to Katz.
It would not be news to al-Qaeda that their sites are under continuous attack. Jihad Watch provides this excerpt from the Technical Mujahid Magazine. (Emphasis mine)
On November 28, 2006, the Al-Fajr Information Center released the first issue of the Technical Mujahid Magazine. The magazine discusses various technical topics, such as security for electronic data and databases, using GPS, and video editing and production. Some articles are aimed at professionals, and others for laymen.
The magazine's self-proclaimed purpose is "to help prevent acts of aggression against Muslims [in cyberspace], and to assist the mujahideen in their efforts." The introduction explains that "the Internet provides a golden opportunity... for the mujahideen to break the siege placed upon them by the media of the Crusaders and their followers in the Muslim countries, and to use [the Internet] for [the sake of] jihad and the victory of the faith." Since the Internet also renders the mujahideen vulnerable, however, the magazine deals with issues of computer and electronic data security....
Extracting information from Jihadi websites is an industry of unknown size. The Washington Post noted that SITE was hardly alone in this field.
A small number of private intelligence companies compete with SITE in scouring terrorists' networks for information and messages, and some have questioned the company's motives and methods, including the claim that its access to al-Qaeda's network was unique. One competitor, Ben Venzke, founder of IntelCenter, said he questions SITE's decision -- as described by Katz -- to offer the video to White House policymakers rather than quietly share it with intelligence analysts.
However that may be, this glimpse into how Jihadi sites are analyzed explains why the "nuclear bomb" dropped by the Burmese authorities on their cyber-dissidents may paradoxically be far less destructive than the strategy tacitly adopted by the United States: that of infiltrating the enemy Internet sites and performing logical operations on them. The vulnerability of Jihadi Internet communications derives from two things -- among others. Anonymity and the Small World property of social networks. We all think that anonymity provides advantages in communication. "The term 'anonymous message' typically refers to message (which is, for example, transmitted over some form of a network) that does not carry any information about its sender and its intended recipient." But it's not all gravy. What is less obvious are the dangers inherent in anonymous communication. Anonymous communication inevitably creates the problem of authentication, without which anyone on the Internet could be a dog, or a staffer from the NSA. But since Jihadi networks must exchange messages, participants will eventually bite the bullet and communicate subject to some form of authentication. In the end, authentication often boils down to the process of establishing trust relationships with other anonymous parties proceeding on that basis. And that inevitably raises the question of spoofing, the danger that someone outside the trusted network can impersonate someone you trust, or gull you into trusting him.
This introduces us to another inherent vulnerability of the Internet communications: the Small World property. Although the world is a seemingly vast place, in terms of communications hops it a shockingly small place. This implies that anyone in the Cyber-Jihad has many network paths that lead to him and all those paths are extremely short.
The small world experiment comprised several experiments conducted by Stanley Milgram to investigate the Small World phenomenon by examining the average path length for social networks of people in the United States. The research was groundbreaking in that it revealed that human society is a small world type network characterized by shorter-than-expected path lengths. ... the Small World Project at Columbia University in New York, USA is currently conducting an email-based version of the same experiment, and has actually found average path lengths of about five on a worldwide scale.
A novice Jihadi, sitting in a Pakistani Internet cafe, is potentially only a few network nodes separated from Osama Bin Laden. If US communications warfare assets could penetrate a given cyberjihad site and, besides performing traffic analysis, alias categorization and other damaging things, was also able to spoof nodes -- that is to say impersonate someone -- the traffic flowing through that node would be endangered. The scale of potential damage to al-Qaeda would be enormous. The twin effects of anonymity and the small world phenomenon combine create an architecture with certain unavoidable vulnerabilities.
Whatever the effect on SITE by the disclosure of the Osama video might have been, shutting down an al-Qaeda website or changing passwords will not provide foolproof protection. Those reactions may simply compound the damage. Shutting down a site will shunt Jihadis to other sites (which may also be compromised) or force them acquire new passwords. And that may uncover more vulnerabilities in the process, induce more traffic that can be analyzed, re-routed and subverted. When the Burmese shut down all the ISPs they may have intended to harm the oppressed people of Burma; in some way they may have done them a favor.
It's a world of laughter
A world of tears
It's a world of hopes
And a world of fears
There's so much that we share
That it's time we're aware
It's a small world after all.
It's a small world after all
It's a small world after all
It's a small world after all
It's a small, small world.