Friday, October 12, 2007

Countering Terrorist Networks and Technologies

The revolution in information technology, like all revolutions, can be used for good or evil. Anytime there is a shakeup in the way things work, there is an opportunity to better the world or make it worse.

With that in mind, it's interesting to review the recent RAND report entitled Network Technologies for Networked Terrorists. With RAND's usual thoroughness, the report outlines the potential ways that terrorist organizations can exploit new information technology and provides suggestions for addressing the threat.

There is, of course, good news and bad news:

Global consumer demand for new capabilities or products has fueled an explosion of new or enhanced technologies, many of which terrorists could use to make their operations more efficient or effective. However, technology can be a double-edged sword: As it boosts effectiveness or efficiency, it might also introduce new vulnerabilities.

Although these technologies can aid terrorist organizations by enabling military functions like command and control (see, for example, Whine, 1999), they can also provide capabilities that increase terrorists’ effectiveness in other necessary activities such as raising money or persuading people to join their causes.
One of my interests is in terrorist recruiting, which I perceive as presenting one of the more significant vulnerabilities of any terrorist group. Generally speaking, the conventional wisdom has been that successful terrorist recruiting involves one-on-one "grooming," bringing a potential recruit into the social sphere of the group and eventually cutting off ties with all other social groups. RAND argues, though, that advanced communication technologies can facilitate this process, making it easier to prime the pump and get recruits into the terrorist mindset at a distance and with more limited personal interaction:
Historically, recruiting for terrorist organizations has been a clandestine process. The need for security and secrecy heretofore has necessitated a low profile and often required that it be conducted face to face. ... Face-to-face recruiting limits the number of individuals who can be contacted. Moreover, small-scale recruiting coupled with the need for secrecy generally has meant a longer recruitment process, as the process must take place unobserved by security (often at a single site or in a few locations). Finally, recruitment into terrorist groups has frequently involved a lengthy proving period. In such circumstances, the technology available and the nature of the recruiting activity both worked to keep the cause local and the pool of potential recruits limited.

Today, forms of recruiting enabled by network technology greatly expand the scope, effectiveness, and efficiency of previous recruitment activities. First, recruiting can be done remotely. With recruiting materials on the Internet available from almost anywhere, face-to-face contact is not a necessity. This can facilitate recruiting by making a broad audience aware of a group’s existence and cause. Second, remote recruiting is efficient because a single recruiter can develop many candidates at the same time. Terrorist recruiters may now simultaneously work with audiences in many parts of a single country or in many far-flung countries, expanding the pool of potential recruits.
The idea is that recruiters can use distributed media (e.g., the Internet) for some recruiting purposes, generally early in the recruitment process, and then use other media (e.g., videos, which can be easily copied and shared) in a more personal context:
Recruiting normally involves employing a wide variety of communication methods—videos, pamphlets, Web sites, sermons, friendly news media, personal friends, and other influential people—in a number of locations: private homes, schools, religious sites, paramilitary camps, prisons, and so on. These aspects can be used to define two basic dimensions of recruiting:

Public versus private channel. Is the interaction taking place in or out of the public eye? The prevailing laws of the region, rules of the local institutions, and attitudes toward the group all will greatly affect where recruitment efforts fall on this spectrum.

Proximate versus mediated contact. Is the source of the recruitment effort physically close to the target audience? Cultural, technology, and economic circumstance are some of the variables that influence how the recruiting message can be passed to the intended target audience.

The rapid proliferation of network technology greatly increases the opportunity for interactions in mediated recruitment and for effective interactions in proximate recruiting efforts.
This can present challenges for prevention professionals:
Limiting a terrorist’s ability to recruit new members is already difficult. However, some technological advances might make countering terrorist organization recruiting harder still. Recruiting could be made more effective and efficient by the transfer of all or most of the indoctrination process into a virtual setting (e.g., online, videos). Although much recruiting may already be done virtually, indoctrination is more problematic, since many of the techniques used in indoctrination typically require immersion and proximity. Carrying out indoctrination processes through virtual channels would require that individuals be willing to isolate themselves, even in the absence of direct control over their actions by group leaders.
I think that last bolded bit is somewhat encouraging. Generally, a person who seeks to join a group (any group) is not looking for more isolation. They are looking for social interaction. They want to become a part of something. While it is possible that isolated immersion into a virtual world, with a virtual social sphere, could give a recruit this kind of social contact, from the perspective of a terrorist recruiter it may be simpler and more straightforward (albeit slower) to recruit the old fashioned way. The one-on-one, personal method also allow a recruiter to size up each recruit on an individual basis. Recruiting an online persona in a virtual world is riskier from the standpoint of operational security, because as the saying goes, "anyone on the Internet could be a dog."

Interestingly, RAND focuses on one potential avenue for distributed recruiting, the massively multiplayer online game (MMOG). "The SIMS" may be the best-known example of such a game.
The latest generations of computer-based, massively multiplayer online games (MMOGs), in which many individuals interact in a common virtual world, constitute a step toward the conditions in which such indoctrination might take place.

However, as intriguing as the games are and the possibility is that they could be used in ways to help in some serious applications such as reinforcing principles learned in conventional training situations, they represent a fairly modest enhancement to the terrorist repertoire of communication techniques. The communication enabled inside the game does not differ not significantly from other Internet-enabled communication,

A more interesting element of MMOGs, however, is that they might be a means by which groups may begin associations that they take offline, and thereby become a means of helping in recruiting processes.
Given the investment that has to take place to develop one of these games, my sense is that it's something of a long-shot to imagine terrorist groups making widespread use of them, especially when they would have to take their activities offline eventually anyway.

I'll briefly cover one other potential terrorist use of information technology - the planning of a terrorist attack. RAND points out that online information (as we all know) is generally not reliable enough to make final planning decisions. On-hand reconnaissance is necessary. This, of course, presents another vulnerability for any operational terrorist group.
Some useful planning information may be acquired from the Web, but recent studies indicate that, in most instances, it is not of sufficient resolution or reliability for terrorists to use it in final planning because of the risk from flawed or incomplete data to an operation’s success (Baker et al., 2004). It may, however, allow groups to focus their physical observations and thus lower the amount of exposure associated with reconnaissance.
In general, I agree with RAND's suggested strategy for countering the terrorist threat, which is to focus efforts on exploiting terrorist uses of information technology, rather than attempting to deny them the ability to use the technology. In a wired world, it's a lot harder to keep the technology out of their hands than it is to work in the background and exploit the vulnerabilities they expose themselves to, by virtue of using the technology:
The analysis suggests that the approach to countering terrorist groups’ use of network technology should focus primarily on the use of the technology as an efficiency-enhancing mechanism rather than one that allows dramatic new operational effects.

In developing such a strategy, security force decisionmakers should consider not only denial countermeasures—that is, measures that preclude the technology’s adoption, prevent its use, or degrade an adversary’s ability to use it as intended—but also exploitive countermeasures that enable security force operations that disrupt a terrorist organization more directly through offensive operations or arrests.

Security forces would do well to consider a countermeasure strategy based on terrorist organizations’ preference for exploiting the use of network technologies, rather than seeking to counter them directly. ... From a technical perspective, the approach suggested here, which can include allowing terrorists to use a given technology in order to exploit it, may seem counterintuitive, but may be the most effective (and practical) option in some circumstances.
Successful exploitation of a resource can also serve as a deterrent. If a terrorist group suspects that their information network has been compromised, they may give up use of that technology on their own. A well-known case of this is the abandonment of cell phones by al Qaeda operatives in Afghanistan when it became known that their calls could be monitored.
The best use of resources for those attempting to counter terrorist operations would seem to be developing ways to exploit the network technologies that terrorists will continue to use and that offer the highest payoff. ... Such exploitation can support direct action, such as arrests, and, because it threatens a key operational imperative of terrorist organizations, their security, it can also deter the use of the technology.

No comments: