Wednesday, October 10, 2007

It's a Small World

When the Burmese government shut down all the Internet Service Providers in the country in an attempt to silence its virtual opposition, they may have actually done the opposition a long-term favor. How can shutting down the Internet help the virtual resistance? Even John Palfrey of the Berkman Center for Internet and Society at Harvard Law School described the Burmese shutdown as a "nuclear bomb" in an interview with MIT Technology Review

I've never seen anything like this cutoff to the Internet at such a broad scale so crudely and completely. They've taken the nuclear-bomb approach. We've witnessed what appear to be denial-of-service-type attacks during elections, for instance, but nothing so large-scale like this shutdown.

But in reality the Burmese military authorities could have done more damage to the virtual resistance by leaving the ISPs open. Those who rely on the Internet for comms should know that it is both a blessing and a curse. Although some jihadi theorists believe that the Internet provides a way to safely move information around control points dominated by the West, in reality the Internet also creates certain unique vulnerabilities. Some of those vulnerabilities became evident when the White House was accused of compromising the data mining efforts of the Search for International Terrorist Institute (SITE), a nonprofit organization which has been described as "monitoring terrorist and extremist websites and penetrating password-protected Al Qaeda linked sites [thereby providing] ... state-of-the-art intelligence service to both practitioners and analysts to understand the adversary." According to Washington Post an eager-beaver person at the Bush White House inadvertently revealed to the press that intelligence can be derived from monitoring al-Qaeda related sites.

A small private intelligence company that monitors Islamic terrorist groups obtained a new Osama bin Laden video ahead of its official release last month, and around 10 a.m. on Sept. 7, it notified the Bush administration of its secret acquisition. It gave two senior officials access on the condition that the officials not reveal they had it until the al-Qaeda release.

Within 20 minutes, a range of intelligence agencies had begun downloading it from the company's Web site. By midafternoon that day, the video and a transcript of its audio track had been leaked from within the Bush administration to cable television news and broadcast worldwide.

The founder of the company, the SITE Intelligence Group, says this premature disclosure tipped al-Qaeda to a security breach and destroyed a years-long surveillance operation that the company has used to intercept and pass along secret messages, videos and advance warnings of suicide bombings from the terrorist group's communications network. ...

Al-Qaeda supporters, now alerted to the intrusion into their secret network, put up new obstacles that prevented SITE from gaining the kind of access it had obtained in the past, according to Katz.

It would not be news to al-Qaeda that their sites are under continuous attack. Jihad Watch provides this excerpt from the Technical Mujahid Magazine. (Emphasis mine)


 

On November 28, 2006, the Al-Fajr Information Center released the first issue of the Technical Mujahid Magazine. The magazine discusses various technical topics, such as security for electronic data and databases, using GPS, and video editing and production. Some articles are aimed at professionals, and others for laymen.

The magazine's self-proclaimed purpose is "to help prevent acts of aggression against Muslims [in cyberspace], and to assist the mujahideen in their efforts." The introduction explains that "the Internet provides a golden opportunity... for the mujahideen to break the siege placed upon them by the media of the Crusaders and their followers in the Muslim countries, and to use [the Internet] for [the sake of] jihad and the victory of the faith." Since the Internet also renders the mujahideen vulnerable, however, the magazine deals with issues of computer and electronic data security....

Extracting information from Jihadi websites is an industry of unknown size. The Washington Post noted that SITE was hardly alone in this field. 

A small number of private intelligence companies compete with SITE in scouring terrorists' networks for information and messages, and some have questioned the company's motives and methods, including the claim that its access to al-Qaeda's network was unique. One competitor, Ben Venzke, founder of IntelCenter, said he questions SITE's decision -- as described by Katz -- to offer the video to White House policymakers rather than quietly share it with intelligence analysts.

However that may be, this glimpse into how Jihadi sites are analyzed explains why the "nuclear bomb" dropped by the Burmese authorities on their cyber-dissidents may paradoxically be far less destructive than the strategy tacitly adopted by the United States: that of infiltrating the enemy Internet sites and performing logical operations on them. The vulnerability of Jihadi Internet communications derives from two things -- among others. Anonymity and the Small World property of social networks. We all think that anonymity provides advantages in communication. "The term 'anonymous message' typically refers to message (which is, for example, transmitted over some form of a network) that does not carry any information about its sender and its intended recipient." But it's not all gravy. What is less obvious are the dangers inherent in anonymous communication. Anonymous communication inevitably creates the problem of authentication, without which anyone on the Internet could be a dog, or a staffer from the NSA. But since Jihadi networks must exchange messages, participants will eventually bite the bullet and communicate subject to some form of authentication.  In the end, authentication often boils down to the process of establishing trust relationships with other anonymous parties proceeding on that basis.  And that inevitably raises the question of spoofing, the danger that someone outside the trusted network can impersonate someone you trust, or gull you into trusting him.

This introduces us to another inherent vulnerability of the Internet communications: the Small World property. Although the world is a seemingly vast place, in terms of communications hops it a shockingly small place. This implies that anyone in the Cyber-Jihad has many network paths that lead to him and all those paths are extremely short.

The small world experiment comprised several experiments conducted by Stanley Milgram to investigate the Small World phenomenon by examining the average path length for social networks of people in the United States. The research was groundbreaking in that it revealed that human society is a small world type network characterized by shorter-than-expected path lengths. ... the Small World Project at Columbia University in New York, USA is currently conducting an email-based version of the same experiment, and has actually found average path lengths of about five on a worldwide scale.

A novice Jihadi, sitting in a Pakistani Internet cafe, is potentially only a few network nodes separated from Osama Bin Laden. If US communications warfare assets could penetrate a given cyberjihad site and, besides performing traffic analysis, alias categorization and other damaging things, was also able to spoof nodes -- that is to say impersonate someone -- the traffic flowing through that node would be endangered. The scale of potential damage to al-Qaeda would be enormous. The twin effects of anonymity and the small world phenomenon combine create an architecture with certain unavoidable vulnerabilities.

Whatever the effect on SITE by the disclosure of the Osama video might have been, shutting down an al-Qaeda website or changing passwords will not provide foolproof protection. Those reactions may simply compound the damage. Shutting down a site will shunt Jihadis to other sites (which may also be compromised) or force them acquire new passwords. And that may uncover more vulnerabilities in the process, induce more traffic that can be analyzed, re-routed and subverted. When the Burmese shut down all the ISPs they may have intended to harm the oppressed people of Burma; in some way they may have done them a favor.

It's a world of laughter
A world of tears
It's a world of hopes
And a world of fears
There's so much that we share
That it's time we're aware
It's a small world after all.

It's a small world after all
It's a small world after all
It's a small world after all
It's a small, small world.

17 Comments:

Blogger Teresita said...

Wretchard: According to Washington Post an eager-beaver person at the Bush White House inadvertently revealed to the press that intelligence can be derived from monitoring al-Qaeda related sites.

An eager-beaver person at the Bush White House also thought intelligence could be derived through stress positions, extreme temperatures, sleep-deprivation, waterboarding, and any other method that didn't result in organ failure, without considering that 1) anybody will say anything when the discomfort level is high enough, 2) the enemy could use the memo as basically the go-ahead to do the same techniques to our POWs, and 3) our allies in Afghanistan have and will let prisoners go free rather than allow them to fall into the hands of American interrogators.

10/10/2007 06:35:00 AM  
Blogger Alexis said...

teresita:

Those who have gone through fraternity hazing often refuse to perceive their own experiences as torture, with the effect that they can order torture of other people while honestly proclaiming that they don't torture. The basic attitude is "if it was done to me by my fraternity brothers, it can't possibly be torture".

It appears to me that critics of the Bush administration prefer to demonize our president rather than feel sorry him as a victim of torture. When apologists for torture proclaim that prisoner abuse is no worse than fraternity hazing, I am inclined to take them at their word. I would also be inclined to ask them what hazing they personally experienced that would be analogous to stress positions, extreme temperatures, sleep deprivation, and waterboarding. They may have some interesting information for those who are not faint of heart.

10/10/2007 08:20:00 AM  
Blogger nenhures said...

1) anybody will say anything when the discomfort level is high enough,
a) and any experienced interrogator will, obviously, believe him; fortunately there are some who only believe what captured terrorists say spontaneously.

2) the enemy could use the memo as basically the go-ahead to do the same techniques to our POWs,
a) yes, if the sheep haven't been devouring wolves for so long, it would neve have occured to the wolves that sheep are edible; on the other hand, any prisoner of Al Qaeda, when faced with beheading or something similar, would take waterboarding as an improvement.

3) our allies in Afghanistan have and will let prisoners go free rather than allow them to fall into the hands of American interrogators.
a) whose allies exactly? How much actual help have such allies given? Is it really impossible to fight islamofascism without the help of Luxembourg's, Andorra's, Liechtenstein's and San Marino's powerfull armies and secret services? Isn't it high time either to fight alone, unencubered by them, or to chose real allies, not enemies disguised as friends?

10/10/2007 08:26:00 AM  
Blogger LarryD said...

Since teresita has hijacked this comments thread onto the subject of "torture", I'll link to two articles on the WSJ yesterday.

First, The Dangers of Defining Torture Down:

These distinctions are not "legal sophistries," as the Times would have it. They are a juridical necessity to ensure that our definition of torture does not become so diluted as to render its prohibition unenforceable. But the abuse of the word does have its rhetorical uses: As with the militant anti-abortion movement, which believes that every abortion is murder and thus that every abortionist is a "murderer," the Times editorialists and their fellow travelers would characterize anyone who favors so much as touching a hair on 9/11 mastermind Khalid Sheikh Mohammed's head as "pro-torture." This isn't argument. It's moral bullying.

For the record, count me as one who does not object to the interrogation to which KSM was reportedly subjected, including waterboarding. This is not because I take the use of waterboarding lightly (although I have a hard time concluding that a technique, however terrifying, to which CIA officers are willing to subject themselves experimentally can properly be counted as torture). It's because I take the threat posed by KSM seriously.

That makes it difficult for me to subscribe to the "So be it" line of reasoning. Taken seriously, it says that the civilized world would be better off sustaining a nuclear 9/11 than tarnishing its good name, that righteous victimhood is a finer thing than an innocent life saved through morally compromised methods, and that self-preservation is not the most fundamental requirement of democratic life.

Second, Tortured Arguments:

As it stands now, the scolds in Congress and the Beltway press have decided to impose their view that no pressure tactics are ever necessary or justified. But if Congress and the press are going to take over the design of the war on terror, how can they justify walking away from any responsibility to make clear what is permissible?

The notion that the U.S. goes around unnecessarily "torturing" people without any rationale whatsoever is so absurd that it is almost never stated explicitly. But it is equally awkward for the Administration's critics to admit that the "coercive" methods listed in these memos to induce cooperation from al Qaeda operatives may actually work. Former CIA Director George Tenet has said explicitly that they do work and have saved American lives. But rather than face these hard issues directly, the scolds fall back on generalities about our "values."

If Congress doesn't want to wade into the difficult business of approving this pressure technique while forbidding that one, or making clear which methods can and can't be used in combination, then it should understand that the course it is on now will help al Qaeda operatives resist interrogation.

Congress wants the OLC memos made public, but the reason to keep them secret is so enemy combatants can't use them as a resistance manual. If they know what's coming, they can psychologically prepare for it. We know al Qaeda training often involves its own forms of resistance training, and publicly describing the rules offers our enemies a road map for resistance.

10/10/2007 09:06:00 AM  
Blogger Beyond The Rim... said...

Small world social networks are a major factor in investigations and are the supporting factor in the success of software used to analyze those linkages, such as Visual Links, a tool I am intimately familiar with.

http://www.visualanalytics.com/products/visuaLinks/index.cfm

The large scale application of such data analysis software is changing the way counter terrorist investigators (as well as those attacking gangs and criminal enterprises) approach their job. This is more than 24 and Jack Bauer hype. It works. It is especially effective with financial and telecommunication data.

10/10/2007 09:31:00 AM  
Blogger David M said...

Trackbacked by The Thunder Run - Web Reconnaissance for 10/10/2007
A short recon of what’s out there that might draw your attention, updated throughout the day...so check back often.

10/10/2007 10:10:00 AM  
Blogger herb said...

Most interesting. Anybody who's ever hunted quail know that to find them you have to spook them. Could the release of the extent of the surveillance have been deliberate? to spook the covey?

BTW Wretchard, Why'd you quote that song?? Ill spend a couple of days getting it back out of my head.

10/10/2007 11:03:00 AM  
Blogger Peter Grynch said...

At one time the common superstitious belief was that if somebody ever learns your True Name they can magically exercise power over you.

Now, in an age of cyber-pseudonyms this superstitious belief has become reality.

Imagine being able to turn a Pakistani Taliban financier into a CIA asset simply by backtracking the screen name he posts his jihadi contacts under and threatening to reveal the info to the Pakistani government.

Did Al Gore envision this when he invented the Internet?

10/10/2007 03:24:00 PM  
Blogger wretchard said...

This is an area where counterterrorism victories are going to be purposely unheralded. However, anyone who is up somewhat conversant with information technology can figure out what the basic possibilities are.

I have to say that the Internet isn't immune from that basic law of historical warfare: the arms race never stops. It's a constant struggle for ascendancy. But as things heat up then the resources needed to stay on the cutting edge grow so large that poorly resourced combatants drop out.

Ultimately the Jihadis may discover that cyberwarfare is no different from the armored and aerial warfare in which they eventually fared so poorly. No magic bullet.

So what's the key to the Muslim and Arab world's quest to regain it's dignity? I think the best route would be to invest in education and economic development. They have vast human and natural resources. In that respect the real usefulness of the cyberjihad may be to turn the Internet into a vehicle for economic endeavor and human development.

On the day Muslims, through their own endeavors, stand equal in per capita wealth with Israel and Europe they will have "won". They can compete at anything. The real victory parade should consist of Muslim families going to amusement parks in Israel as tourists, on money they earned from non-oil sources. However, the probable consequence of becoming economically developed is a loss of interest in the destruction of Israel. That will no longer be necessary for "dignity". It will just be bad business.

What does a temporal victory for the Jihad look like? It looks like millions of Muslims holding productive jobs and living useful lives. Ironically victory for the Jihad consists in ditching their antiquated cut-his-head off approach and adopting these principles:

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.

10/10/2007 03:54:00 PM  
Blogger Utopia Parkway said...

A novice Jihadi, sitting in a Pakistani Internet cafe, is potentially only a few network nodes separated from Osama Bin Laden.

From this one could conclude that OBL isn't on the net. Otherwise he would have been captured by now. OTOH have any AQ been captured based on net analysis? None that I know of but perhaps we haven't been told about it.

I guess that the terrorists maintain security against the small-world problem by only communicating with those that they know in person. It's known from captured laptops that they use PGP and email for communications. I assume they only exchange their PGP keys with someone they really know. Of course it requires a lot of discipline to maintain this kind of security absolutely.

10/10/2007 04:34:00 PM  
Blogger RDS said...

teresita: 1) anybody will say anything when the discomfort level is high enough,

That argument really only applies if one is trying to get a confession, in order to obtain a criminal conviction.

Yes, clearly, coerced confessions are bad policy for a fair justice system.

However in this case we are trying to obtain acitonable intelligence to save lives, and the potential wild goose chase of investigating a fantasy story is more than outweighed by any successfully averted attack from true information -- surely one must admit that true information to be extracted can exist, and that it can come out, along with the false, from coerced interrogation.

Apparently it has been found useful, in spite of the "noise" of false stories.

Corroboration is how it works.

These are not criminal confessions; convictions are not the point.

10/10/2007 04:37:00 PM  
Blogger wretchard said...

About 9 hours ago I was on a blogger round-table with Gen Bergner and (transcript here) and he mentioned (on page 3) how they recently bagged a guy and got literally terabytes of information files. Now a lot of that might be video. But the terabytes of data got there somehow, so they must have a sandalnet, darknet or something that pumps stuff into that node, unless it was video and they had a production house. But I don't think so because it had scads of operational data, including phone numbers, names, biographical information, passport numbers, accounting information, routes, expense reports, etc. The thing had a friggin database on it, more like an "enterprise critical" application.

Again I wonder how the heck those terabytes of data got there. However it did, it's in coalition possession now. What else has been scooped up that we don't know about?

10/10/2007 04:45:00 PM  
Blogger RattlerGator said...

Events are beginning to cascade in favor of the good guys again, thank goodness.

Wretchard: What does a temporal victory for the Jihad look like? It looks like millions of Muslims holding productive jobs and living useful lives. Ironically victory for the Jihad consists in ditching their antiquated cut-his-head off approach and adopting these principles:

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.


Ain't that a bitch?

So universally true and irresistible that it is supremely subversive.

10/10/2007 05:39:00 PM  
Blogger Teresita said...

rds: ...surely one must admit that true information to be extracted can exist, and that it can come out, along with the false, from coerced interrogation...

Matthew 25:36 Naked, and ye clothed me: I was sick, and ye visited me: I was in prison, and ye came unto me.

Jesus said we must visit the prisoners. Not visit them with agony. As a citizen of the Kingdom of God, I cannot condone any form of torture, no matter how great the benefit. And as a citizen of the United States I will vote in such a way as to restore the United States to the paragon of human rights it used to be before its leaders fell under the allure of torture.

10/10/2007 06:18:00 PM  
Blogger Dr. Scott said...

Vote any way you want, of course. But you really should stop bearing false witness against your neighbor. Our leaders haven't ordered any torture, fallen under its allure, etc.

10/11/2007 08:22:00 AM  
Blogger Mike H. said...

Think of the expertise in system security al-Qaeda has in order to operate on a net that potentially puts every datagram in the hands of the enemy. Think of all the cover that the opponents of the NSA programs are giving them.

10/11/2007 11:29:00 AM  
Blogger tlear said...

Jihadis use alot of wesbites for pure propaganda. Why not launch continuous dos attacks on them? We have enough assets to make countering such attack incredibly difficult and time consuming..

10/11/2007 01:24:00 PM  

Post a Comment

Links to this post:

Create a Link

<< Home


Powered by Blogger