Crowdsourcing Jihad: IS and al-Qa‘ida’s Use of the Internet and Social Media – Part IV

IS: Your Grandpa’s al-Qa‘ida This Ain’t

It is of no doubt that IS is the most advanced and effective terrorist organization that the world has ever seen. It is the very best at recognizing these previously discussed technological paradigm shifts, adjusting their narratives accordingly and taking advantage of the situation. Geography is of no consequence; their objective is world wide, global domination.

Al-Qa‘ida was a discreet structure and element; they tried to migrate their philosophies to others, but the organization was almost contained and the United States government was able to make a lot of progress against them. IS represents the very worst in development. IS is a phenomenon that has snowballed in terms of resonance and appeal. And they have been very successful at generated a lot of resonance and appeal in states such as Iraq, Syria, Saudi Arabia, Algeria, Nigeria, Yemen, Libya, South Asia and Egypt.

In the United States it is apparent that IS is targeting its propaganda machine at the emotional needs of young Americans, regardless of their social or economic backgrounds. They implore people to engage and speak with the youth of America about their hopes, dreams, religious questions, etc. Federal Bureau of Investigation Director James Comey elaborated on the novelty of IS social media use:

Your grandfather’s al Qaeda, if you wanted to get propaganda, you had to go find it. Find where Inspire magazine was and read it. If you want to talk to a terrorist, you had to send an email into Inspire magazine and hope that Anwar al Awlaki would email you back. Now all that’s in your pocket. All that propaganda is in your pocket, and the terrorist is in your pocket. You can have direct communication with a terrorist in Syria all day and night, and so the effect of that – especially on troubled minds and kids – it works! It’s buzz, buzz, buzz, buzz, buzz. It’s the constant feed, the constant touching, so it’s very, very different and much more effective at radicalizing that your grandfather’s al Qaeda model.

Director Comey is touching upon what is categorized in this paper as the bio-digital evolution. As discussed, the youth and population in general experiencing the preliminary effects of how increased technological capabilities and continuous access to the Internet are affecting everyday lives. Reducing the schism between human biology and our technological machinery, between our physical reality and the networked virtual reality. As this divide becomes smaller and smaller, and in some instances has begun to intersect and overlap, people are able to exchange more information faster, not just with machines, but also with other people; this is a bio-digital, integration evolution. And Islamic extremists around the world are recognizing these paradigm shifts, adjusting their narratives accordingly and taking advantage of new opportunities.

Policy Memo: Mobile Device Security Update Amendment to NIST Cybersecurity Framework

1. Overview

Since the inception of cloud computing, the number of publicly available cloud services has and will continued to increase exponentially. The rising trend of bring your own device (BYOD) expands the landscape of organizational IT (Information Technology) by enabling employees to use their personal devices and access a wealth of cloud applications to increase their productivity at work. However, wireless devices like cell phones and iPads can access cloud applications without going through the data center fire walls and pose a major exposure for the introduction of malware. While application vendors will provide patches for malware or vulnerabilities that are identified, each application that is not properly updated by the user or that is not automatically updated by the host company with security patches, represents a vulnerability to the enterprise that can be exploited by hackers.

2. Purpose

The purpose of this policy is to address the commercial app vulnerabilities that are introduced to organizations by personal mobile devices, which are not under datacenter controls. The NIST (National Institute of Standards and Technology) Framework for Improving Critical Infrastructure Cybersecurity provides a systematic process for identifying, assessing, and managing cyber security risk. Under the section of this framework, which refers to Risk Mitigation (RS.MI-2), there is a NIST policy SP 800-53 Rev. 4 IR-4 that should be updated with an additional section title “IR-4 (11) Incident Handling: Mobile Device Security Updates” that addresses the need for app vendors to periodically send out automatic application updates that combat newly identified software vulnerabilities. Since mobile devices access public cloud applications outside of the control of the data center, one cannot ensure that security updates are implemented unless the application provider automatically pushes them to the device.

3. Scope

A key productivity driver of today is the use of mobile devices and the access that they grant to cloud services. Organizations are discovering that enterprise mobility can yield measurable operational and business improvements. These benefits come in the form of additional mobile assets that employees are already familiar with, thus reducing the barriers of training needed for many IT professionals to provide similar support and administration related to mobile devices. Employees use these devices for work without the organization having to spend any additional capital expenditures. This also raises employee job satisfaction by giving them the flexible working hour alternatives that they require.ii In addition, workers are using commercial apps to aid in enterprise activity. These software solutions would otherwise be unavailable, as the organizational IT department would never have the time or bandwidth to create these programs. These apps give the organization data solutions outside of their software infrastructure, thus giving the enterprise a competitive advantage. With these productivity benefits, the BYOD and commercial app landscape will continue to grow. This mobile landscape is, for the most part, a positive trend. Unfortunately, this evolving ecosystem opens up the enterprise to many new cyber security vulnerabilities. Contemporary security models and voluntary guidelines must be established to protect organizations data infrastructure.

4. Policy

Adopting no new policies for the evolving mobile and commercial app landscape would leave any organization highly vulnerable to cyber-attacks. With the growing prevalence of personal mobile devices and commercial apps, not adopting any new policy would make the question “if” the organization will be hacked, obsolete. Instead the question would be “when” the organization will be hacked. Not adapting to the evolving landscape with new cyber security policies is highly ill advised and impractical.

Furthermore it is not feasible to adapt a policy that requires no outside mobile devices and no implementation of commercial applications. It is an unfortunate reality that since the consumerization of IT, many workers now see their organizations IT department as the blocker that restricts their productivity. A strict policy that would require no outside mobile devices and no implementation of commercial applications would only further foster this internal conflict. More importantly, it would impede technological advancement of the business landscape and reduce productivity. The policing of this environment would also be difficult and would not only hinder productivity, but would probably end up costing the organization valuable resources and manpower. A well- defined and implemented mobility strategy can change this perception while still providing the overarching security framework that secures devices and commercial apps.

A potential solution for securing the mobile enterprise landscape is requiring mobile access management solutions (such as MobileIron, AirWatch, etc.) to be installed on every employee’s mobile device. These management solutions bring the devices within the controls of the datacenter, allowing for the ability to block commercial applications that have been categorized as “high-risk” or “compromised”. This policy however requires that every employee remember to check-in and download the mobile access management solution to every outside product that they have purchased.

Another potential policy solution would be for the commercial app vendor to require each individual app owner to apply the patch within a short window of time. If the patch is not applied to the individual mobile device, the app will be blocked from the user until the patch is downloaded and installed. This however could infringe upon the users tasks at hand. If the user is in the middle of a work related project and must reload the app, thereby losing all of the work, this is not an effective solution and is therefore not an efficient alternative.

When it comes to mobile landscape implementation, organizations need to consider the scalability and flexibility of their mobile platform, while being grounded by the underlying need for security. Keeping this in mind, the best security policy is for the individual public app vendor to automatically send out patches and update the application on each device. “IR-4 (11) Incident Handling: Mobile Device Security Updates” addresses the need for public cloud vendors to periodically send out automatic security updates to mobile devices to ensure that mobile devices have implemented the latest fixes or are blocked from using the application until the fix is applied. This solution recognizes and addresses the evolving mobile device and commercial landscape, while also not requiring additional access management solution software. It also gives the commercial app users the peace of mind that the work they are currently doing will not be damaged by software updates, and that they are using a secure app. App vendors that adhere to the NIST Framework for Improving Critical Infrastructure Cybersecurity will adopt this policy “IR-4 (11)” if this is added to the Risk Mitigation Section (RS.MI-2).

5. Policy Compliance

Protecting the evolving mobile and commercial app landscape requires a well-defined and implemented cyber security strategy. The NIST Cybersecurity Framework provides invaluable guidance to organizations. The Framework is a key blueprint for improving the cyber security of our Nation’s critical data infrastructure while increasing the cyber security posture of our Nation as a whole.

OptionsAnalysis

Crowdsourcing Jihad: IS and al-Qa‘ida’s Use of the Internet and Social Media – Part III

Al-Qa‘ida Loves the Internet

Since the Internet gained a substantial, international users base in the 1990s, Islamic extremists have frequently exploited the networked infrastructure.

Due to his privileged family heritage, élite education and Arab cultural upbringing, it is no surprise that from the beginning usāmah bin lādin (UBL) was cognizant of the power of public relations and the media. Al-Qa‘ida from its beginning, knew the value of computers, using them to store data, provided coded instructions, create false documents, obtain information, and setup Websites.

Al-Qa‘ida was the first of its kind with the protean ability to transform itself from a physical to a virtual organization. It meticulously planned events that would cause mass casualties and has a global reach. It is safe to say that al-Qa‘ida loves the Internet. Before 9/11, instant messaging and emails allowed al-Qa‘ida to give and receive operational information for surveillance and attacks when phone or even person-to-person contact seemed too hazardous. In late 2001 a treasure trove of evidence emerged when Alan Cullison of the Wall Street Journal was able to purchase 2 computers used by UBL. Both of UBL’s computers contained diverse sets of communications between al-Qa‘ida members. Although the saved emails that Mr. Cullison was able to access did not look like they were communicating about any operations against the United States, they could have coded instructions for future operations worldwide. Al-Qa‘ida’s secrecy concerns led the organization to utilize heavily coded language, concealing coded messages and information within other nonsecret text, this technique is called steganography. Cullison notes:

As Al Qaeda established itself in Afghanistan in the late 1990s and began managing international operations of ever increasing complexity and audacity, the group focused on ensuring the secrecy of its communications. It discouraged the use of email and telephone and recommended faxes and couriers. The electronic files reflect the global nature of the work being done; much of the correspondence was neatly filed by country name. Messages were usually encrypted and often couched in language mimicking that of a multinational corporation; thus Osama Bin Laden was sometimes “the contractor,” acts of terrorism became “trade,” Mullah Omar and the Taliban became the “Omar Brothers Company,” the security services of the United States and Great Britain became “foreign competitors,” and so on. Especially sensitive messages were encoded with simple but reliable cryptographic system that had been used by both Allied and Axis powers during World War II.

A sample of what Mr. Cullison is describing can be found in an email communication sent on February 1, 1999 from Ayman al-Zawahiri, at that time UBL’s chief deputy, to al-Qa‘ida cell members in Yemen:

I would like to clarify the following with relation to the birthday [probably an unspecified attack]:

a) Don’t think of showering as it may harm your health.

b) We can’t make a hotel reservation for you, but they usually don’t mind making reservations for guests. Those who wish to make a reservation should go to Quwedar [a famous pastry shop in Cairo].

c) I suggest that each of you takes a recipient to Quwedar to buy sweets, then make the hotel reservation. It is easy. After you check in, walk to Nur. After you attend the birthday go from Quwedar to Bushra St., where you should buy movie tickets to Za’bolla movie theater.

d) The birthday will be in the third month. How do you want to celebrate it in the seventh? Do you want us to change the boy’s birth date? There are guests awaiting the real date to get back to their work.

e) I don’t have any gravel [probably ammunition or bomb-making material].

Al-Qa‘ida used encrypted messaging. The coded language that al-Qa‘ida used, mimicked that of a multinational corporation (MNC), which is interesting because they also physically acted like an MNC. An example of this is when al-Qa‘ida affiliates actually physically went to South East Asia, like an international corporation for recruitment and discussions. This is the old way of doing “business”.

Crowdsourcing Jihad: IS and al-Qa‘ida’s Use of the Internet and Social Media – Part II

Exponential Technological Advancement & Paradigm Shifts: Increasing Empowerment Given to the Nodes “fi sabilillah

In 1965, the then director of research and development at Fairchild Semiconductor, Dr. Gordon Moore, hypothesized that the number of components (transistors, resistors, diodes or capacitors) in a dense integrated circuit would double approximately every two years, equating to an exponential growth in digital and technological capabilities. In the three decades since 1970 the power of microprocessors has increased by a factor of 7,000. “Moore’s Law” is of course, not a natural or physical law, it is just one of many other projections for technological advancement. And as technology advances, becoming smaller, more powerful and easier to use, the more seamlessly integrated it is into our everyday lives. The entire concept of a user interface is changing; it is becoming ubiquitous.

The same year Dr. Moore published his projections; the Control Data Corporation (CDC) delivered what is generally thought to be the world’s first supercomputer, the CDC 6600, to the European Organization for Nuclear Research or CERN laboratory near Geneva, Switzerland. This and many of the other supercomputers sold after were primary used to perform nuclear study analyses. The CDC 6600 was about the size of a large room, had performance of up to 3 megaFLOPS and was not connected to the Internet because the Internet did not exist yet. Today, most people carry around a smartphone, which is about the size of a wallet, has performance of up to 115.2 gigaFLOPS and is connected to the Internet, a global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to link billions of devices worldwide.

Currently high-powered computers and the Internet are easily accessible by nearly half the world’s population. And by 2020, Google’s executive chairman Eric Schmidt projects that everyone in the world will be connected to the Internet. Furthermore, in January 2015, at the end of a panel discussion at the World Economic Forum in Davos, Switzerland, Dr. Schmidt predicted the end of the Internet:

I will answer very simply that the Internet will disappear. There will be so many IP (Internet Protocol) addresses… so many devices sensors, things that you are wearing, things that you are interacting with that you won’t even sense it. It will be part of your presence all the time. A highly personalized, highly interactive and very, very interesting world emerges.

A fascinating, bold new world with technologically advanced security concerns.

We are now experiencing the preliminary effects of how increased technological capabilities and continuous access to the Internet are affecting our everyday lives. The emergence of the Internet of Things (IoT) is reducing the schism between human biology and our technological machinery, between our physical reality and the networked virtual reality. As this divide becomes smaller and smaller, and in some instances has begun to intersect and overlap, we are able to exchange more information faster, not just with our machines, but also with other people; this is a bio-digital, integration evolution. We are becoming part of the IoT and Islamic extremists around the world are recognizing these paradigm shifts, adjusting their narratives accordingly and taking advantage of new opportunities. However an interesting additional point is that potential recruits and people curious about Islamism do not have to search for new content and information about these groups.

In a number of cases, individuals joining the jihad and taking up arms were indoctrinated via legacy data; meaning much value is still being extracted by potential extremists from old content that could be extremely difficult, if not impossible to deleted from the Internet. For instance, videos of Anwar al-Awlaki, who was killed by a United States unmanned aerial system (drone) strike in 2011, are extremely common amongst the new generations of recruits to both IS and al-Qa‘ida. With a blog, a Facebook page, the al-Qa‘ida magazine Inspire and many YouTube videos, Anwar al-Awlaki was described by Saudi news station Al Arabiya as the “bin Laden of the Internet.” Now we see one of the great issues: once digital content is created on the Internet, it is nearly impossible to delete.

The Internet never forgets. At first, some tried manipulating the Web results on their own, by doing things like manually deleting photos from Flickr, revising Facebook pages and asking bloggers to remove offending posts. But like a metastasized cancer, the incriminating data had embedded itself in to the nether reaches of cyberspace, etching into archives, algorithms and a web of hyperlinks.

“Technology gives us power, but it does not and cannot tell us how to use that power. Thanks to technology, we can instantly communicate across the world, but it still doesn’t help us know what to say.”

 ~ Jonathan Sacks

As technology continues to advance at an exponential rate and becomes more and more part of our physical lives, terrorists will seek to exploit this interconnectedness to spread their extremist ideologies, recruit, raise money, perform illegal activities, etc. We are seeing only the very beginnings of this phenomenon globally as many nation states are under attack by individuals that are identifying with sub-national groups, empowering the nodes and calling the principles of Westphalia sovereignty into question.

Below is a map highlighting the worldwide attacks inspired or directed by IS:

GlobalAttackMap

Obviously, the Westphalia definition of sovereignty is of little concern to an Islamic extremist ideology whose goal is world domination. And as technology continues to accelerate and become ubiquitous, even sub-national group networked affiliation will not be required. The individuals will be inspired on their own, through their own access and use of the Internet. This trend is now evidenced by increased lone wolf attacks.

Crowdsourcing Jihad: IS and al-Qa‘ida’s Use of the Internet and Social Media – Part I

“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”

~ Bruce Schneier

 

On December 2, 2015, 14 people were killed and 24 injured during a Christmas party at the Inland Regional Center in San Bernardino, California. The perpetrators were an American born, United States citizen of Pakistani-descent, Syed Rizwan Farook and his Pakistani wife Tashfeen Malik, a married couple living in the city of Redlands. Since there are currently no known links to any terrorist cell, this attack appears to have been an Islamic extremist (i.e. Islamist) inspired, lone wolf terrorist attack, which was crowdsourced through the Internet. This was the third deadliest terrorist attack on United States soil since September 11, 2001.

Two weeks later, the San Bernardino attack influenced the shut down of the entire Los Angeles school district when they received a bomb threat that had been emailed to the two largest school districts in the US: New York and Los Angeles. New York chose not to respond mostly because of the lack of proximity of the San Bernardino event. It is important to note however that this threat could have been a physical world penetration test, meant to gauge the emergency action protocols for both districts in order to help plan for future terrorist plots.

Since the Internet gained almost global usage in the 1990s, Islamists have exploited its networks. Islamist propaganda and recruitment attempts are pervasive on the Internet, both via indexed and non-indexed sources. This allows Islamists to easily and effectively spread their violent extremist ideology worldwide, to potentially every node/person on the global network. With the ability to access the Internet, Islamic extremists are able to utilize all of the social media tools that allow people to create, share or exchange information, ideas and pictures/videos in virtual communities and networks. However the Internet is not just used for publicizing their extremist narratives or indoctrinating new jihadists. Islamic terrorists from all areas of the world use the Internet as a median to gather intelligence, coordinate logistics, conduct reconnaissance (“footprinting” when gathering information about computer systems), mapping targeted locations, flight training, improvised explosive devise (IED) assembly training and the list goes on and on. The Internet is also used to train, fundraise and recruit.

The so-called Islamic State (IS) and al-Qa‘ida are increasingly using the Internet and social media as a platform to broaden their audience and to indoctrinate/convert more people to their extremist ideologies.

DHS Cybersecurity Internship Program

The Cybersecurity Internship Program is designed to give current students an opportunity to work alongside cyber leaders with the U.S. Department of Homeland Security (DHS). Interns are recruited from the nation’s top undergraduate and graduate programs to put their academic achievements and intellect to use during a critical time in American history. Interns will have the opportunity to apply concepts, protocols and tools acquired through coursework in the real world by working side by side with experts in cybersecurity. Internships focus on mission areas such as identification and analysis of malicious code, forensics analysis, incident handling, intrusion detection and prevention, and software assurance. Interns will have the opportunity to be selected into the bachelor’s or master’s-based Cyber Fellows Program within the DHS Secretary’s Honors Program after graduation.

For more information about internship opportunities at DHS, please click here.

EWI’s Global Cooperation in Cyberspace Initiative

Global Cooperation in Cyberspace Initiative

EWI Releases 2014-2015 Action Agenda

The EastWest Institute’s Global Cooperation in Cyberspace Initiative has released its Action Agenda for 2014-2015. The Agenda highlights the initiative’s objectives—to reduce conflict, crime and other disruptions in cyberspace and to promote stability, innovation and inclusion. It marks the initiative’s accomplishments during 2014 and presents a road map for 2015.
We are here to help make the Internet a vehicle for a safer, more peaceful, more secure, more open world—where the creative human spirit can thrive,”EWI Senior Vice President Bruce McConnell said. 
The Action Agenda summarizes the work of the initiative’s seven breakthrough groups essential to achieving its objectives. The report also features coverage of the initiative’s working roundtable held last June in San Francisco and its Global Cyberspace Cooperation Summit V held in Berlin last December. Global Cyberspace Cooperation Summit VI will be held in New York on September 9-10, 2015.
Click here for the full report.