Tuesday, January 26, 2010

Setback in Baghdad: Counter-Forensics and Counter-Terror

Counter-forensics has long been part of the terrorist playbook, so today’s attack on the central forensics lab in Baghdad is by no means unprecedented in the annals of terrorism.

CSI Belfast
According to Tony Geraghty’s fascinating The Irish War: The Hidden Conflict Between the IRA and British Intelligence the IRA was obsessed with preventing evidence from falling into the hands of British authorities. The developed extensive internal research and development capabilities to counter British forensic science and wrote manuals to train their members how not to leave evidence. The manuals get very detailed, including instructions about the dangers of incriminating particles and fibers in the hair and clothes of operatives.

The IRA had good reason to be concerned. British authorities found clothes and hair to be forensic bingo and actually ran an undercover operation operation disguised as a mobile valet service to gather forensic evidence.

The IRA found that a good offense was the best defense and ambushed the mobile valet unit in October 1972. They also bombed the Northern Ireland Forensic Laboratory – twice. The first time they faked and accident so that a car with a bomb planted inside would be taken into the forensics lab, where it detonated and destroyed substantial quantities of forensic evidence. Later, in September 1992, the IRA set off a 3,000 lb on the lab’s perimeter.

CSI Baghdad
In many cases the most sensitive nodes are people – killing key leaders or specialists can disable a movement or organization. At least some of the victims of the bombing were investigators and they will not be easy to replace. The specialized equipment will also be difficult to replace. But, if the IRA’s history is any example, the accumulated physical evidence could be the greatest loss for Iraq’s counter-terror efforts. In almost any kind of research quality data is everything.

Terrorists in Iraq are clearly ramping up activities, having carried out two terrible deadly attacks in as many days. Breaking clandestine networks requires the careful sifting of evidence, seeking clues and patterns. But now, the evidence is gone and the investigators are back to square one.

Today’s attack was a strategic one, reducing the government’s ability to defeat its enemies both in the short and long-term.

Thursday, January 21, 2010

Cited by the Bulletin of Atomic Scientists

A recent column in the highly regarded Bulletin of Atomic Scientists cites (favorably) an op-ed I co-authored with Jim Hendler in The Washington Times discussing realistic scenarios for cyber-war.

The column, by Joshua Pollack, a contributor to Arms Control Wonk - which also inspired the name of this blog - is titled Is the cyber threat a weapon of mass destruction?

The article discusses China's recent attack on Google, observing that placing aggressive cyber activity on a par with WMD is inaccurate. Overall China's activity is more akin to spying then to warfare. However, the article states:
The damage to goodwill has been considerable. It isn't shocking that one major power spies on another, or necessarily even intolerable. As the saying goes, "It's all in the game." But the game has never been friendly, and there's something breathtakingly crude about how it's being played today. The attempt to capture as many computers as possible is aggressive and indiscriminate, reaching into the lives of private citizens in the United States and beyond. In a particularly insidious turn, the spies have been known to take advantage of professional contacts between Americans and Chinese in order to assemble convincingly spoofed messages and to mine e-mail address books for targets.

Wednesday, January 20, 2010

Targeting Jordan

An important detail of the December 30 attack on the CIA Camp Chapman is that the Jordanian intelligence officer killed, Ali bin Zaid, was a relative to Jordanian King Abdullah II. It cannot be a coincidence that a cousin of the king was personally in charge of this highly sensitive portfolio. This illustrates broad points about how much of Middle Eastern politics is in fact a “family affair,” but it also has specific implications for the Kingdom of Jordan.

Clan Tectonics
Much of what passes for politics in the greater Middle East are in fact driven by family, clan, and tribal interests. There is a famous Arabic expression:

I against my brother;
I and my brothers against my cousins;
I and my brothers and my cousins against the world.
In other words, my family against another family, my clan against another clan, my tribe against another tribe and so forth. This is a fundamental organizing principle in the societies of the greater Middle East. (It has also existed in the West – consider Romeo and Juliet, the Guelphs and the Ghibellines, and the Hatfields and McCoys – but has been ameliorated by competing values and institutions.) Religious and political splits (such as the Sunni-Shia) are often based heavily on clan affairs – the real tectonic forces of the region.

These dynamics are excellently described in a short article The Arab World’s Travails: The Desert’s Burden by Gideon Kressel of Ben-Gurion University of the Negev. Prof Kressel writes:
The huge role of male lineage and tribes in the Middle East derives from the desert milieu….

The logic is simple: the power and status of a nomadic patrilineal group depends principally on the number of combatant men available. The larger an agnate group, the larger the territory it can protect against competing groups, and therefore the larger its camel herd and the greater its power. Feuds are the chief mechanism by which tribes effect changes in status...

One can go further and argue that the framework of feuding provides the backdrop for conflict between states. The Middle East's notoriously high incidence of fighting across international borders relates to this personal feuding; governments, like families, stress such matters as kinship, honor, and revenge. Most notably, these have been recent themes of the conflict between Iraq and its neighbors, Iran and Kuwait; northern and southern Yemen; and Morocco, Mauritania, and Libya. These themes were also critical in the delimitation of Saudi Arabia's borders with its neighbors.
These points are explained at greater length in Philip Carl Salzman’s Culture and Conflict in the Middle East. Another good short article on these themes is Stanley Kurtz’s Root Causes.

Implications for Jordan
For Westerners clan dynamics are abstract. For Jordanians the implications of the death of a royal at a CIA base at the hands of an al-Qaeda operative will be clear. It highlights the close relationship between Jordan’s royal family and the United State – an alliance that is not popular among many Jordanians. Emphasizing this partnership may spur greater opposition to the Jordanian regime. It a blow to Jordan’s vaunted intelligence service, which has been praised both within intelligence circles, in print, and on screen. The fact that a member of the royal family was killed is also a sign of weakness that may embolden the regime’s enemies.

A recent failed attack on Israeli diplomats in Jordan would, in this light, have been particularly disastrous. That attack would also have emphasized both regime weakness and the regime’s close relationship with an ally that is unpopular with the general public.

Besides being a reliable ally of the United States, Jordan has a particular significance. It, as much as any regime in the region, represents a viable, modernizing path. With its admittedly limited resources, the Hashemites have invested in education and science. By Western standards, Jordan is far from a liberal democracy, but within the Arab world it is towards the head of the pack for freedoms. Perhaps, most importantly, the Hashemites have attempted to build a legitimate regime that relies on more than force to hold power.

Threats to this regime are profound threats to American interests, but also to the future of the region.

Tuesday, January 19, 2010

Terror Taxonomy: Re-Emergence of al-Qaeda Prime

Since 9/11 there have been innumerable articles on the emergence of al-Qaeda 2.0 or 3.0. The attack in Afghanistan that killed several CIA officials along with a Jordanian intelligence officer, harks back to al-Qaeda prime – the disciplined organization that from the late 1990s to 9/11 carried out a series of sophisticated, meticulously planned, multi-pronged strikes against hard targets.

The attack on the CIA base in Afghanistan similarly involved a careful analysis of American systems and vulnerabilities and tremendous patience and tradecraft. And it did devastating damage to a particularly sensitive node – experienced CIA operatives are the products of decades of experience, they are not easy to replace. In addition procedures for vetting information and agents will become more cumbersome, further hampering operations.

Yemen Franchise
If the attack on the CIA in Afghanistan represents al-Qaeda Prime, the attacks emanating from Yemen are examples of al-Qaeda 2.0 and 3.0. While the attacks linked to Yemen have received far more press and drew more blood – they have not had the same level of sophistication. From a technical standpoint the attempted Christmas bombing was only a slight variation on a previously tried tactic – that has had only limited success in the past. The operational security was not sophisticated (which is why so many are in an uproar that US intelligence failed to intercept the bomber.) This is al-Qaeda 2.0, a regional affiliate operating independently and while not as capable as al-Qaeda prime, still possessing substantial capabilities.

The other two attacks in the U.S. linked to Yemen are indicative of al-Qaeda 3.0 – the self-starters and “lone wolves.” The two attacks are Nidal Hassan’s murderous spree at Ft. Hood, Texas and the June 1 shooting at an army recruiting center in Little Rock Arkansas that killed one soldier and wounded another (and has been lost in the shuffle of terrorism news.) Hassan received inspiration and justification from Yemen-based radical cleric Anwar al-Awlaki, while the Little Rock shooter had travelled to Yemen where he became radical (exactly what he was doing in Yemen is a matter of dispute).

Some have taken comfort in the relative lack of sophistication of the Yemen-based attacks. The lone-wolf attacks are tragic for the victims and their families, but not true strategic dangers to the United States. I stand by my own analysis that complex strategic attacks against the U.S. homeland remain difficult because of the barriers to moving trained operatives. Getting one past security is all too possible. But the more complicated the plan, the more operatives required and the greater probability of detection.

Nonetheless, there are causes for concern.

Blinking Red

Then director of Central Intelligence George Tenet told the 911 Commission that in the summer of 2001 “The system was blinking red.”

However, the previous successful al-Qaeda strikes (1998 embassy bombings and 2000 Cole bombing) were against U.S. targets abroad, thus the intelligence community focused on that possibility – missing the signs of 9/11.

Apparently, the same situation prevailed in late 2009 – a focus on al-Qaeda attacks abroad. Now, the Christmas bombing is driving the vast U.S. intelligence apparatus to re-focus its gaze on Islamist attempts to reach the U.S. While necessary to some extent, it could also prove a vast strategic distraction.

But given the inherent challenges of long-range strikes, as well as the growing capability to hit hard targets abroad – al-Qaeda may choose to focus its efforts on more useful targets closer to its operating theaters. While space may dilute the long-range effectiveness of al-Qaeda of the Arabian Peninsula, closer to home it is may show greater sophistication. The October attack on Saudi Prince Nayef foreshadowed the Christmas bombing technically, but operationally was more akin to the attack on the CIA base. The attacker reached the prince by claiming to be a terrorist prepared to surrender personally to Prince Nayef, who directs Saudi counter-terror efforts.

Al-Qaeda has also shown political/strategic sophistication in its targeting and there are an enormous number of hard targets in their operational strongholds – including U.S. Embassies and other installations, oil facilities, high-profile political targets in Pakistan, Saudi Arabia, Jordan and other U.S. allies, and the ultimate prize, Pakistan’s nuclear program (to name just a few.) Alternately, rather than going for “spectaculars” they may more attacks like the CIA bombing that effectively throw sand in the gears of American military organizational machinery.

Again, the system is blinking red, but are we monitoring the right gauges?