by Jared Cohen
There are clear advantages to cyber attacks for extremist groups: little to no risk of personal bodily harm, minimal resource commitment, and opportunities to inflict a massive amount of damage. These attacks will be incredibly disorienting for their victims, due to the difficulty of tracing the origins of virtual attacks,1 as we noted earlier, and they will induce fear among the enormous pool of potential victims (which includes nearly everyone whose world relies on being connected). We believe terrorists will increasingly shift their operations into the virtual space, in combination with physical-world attacks. While the dominant fear will remain weapons of mass destruction (the porousness of borders making it far too easy to smuggle a suitcase-sized bomb into a country), a future 9/11 might not involve coordinated bombings or hijackings, but coordinated physical and virtual-world attacks of catastrophic proportions, each designed to exploit specific weaknesses in our systems.
An attack on America could begin with a diversion on the virtual side, perhaps a large-scale hacking into the air-traffic-control system that would direct a large number of planes to fly at incorrect altitudes or on collision paths. As panic sets in, another cyber attack could bring down the communication capabilities of many airport control towers, turning all attention to the skies and compounding the fear that this is the “big one” we’ve been fearing. Meanwhile, the real attack could then come from the ground—three powerful bombs, smuggled in through Canada, that detonate simultaneously in New York, Chicago and San Francisco. The rest of the country would watch as the first responders scrambled to react and assess damage, but a subsequent barrage of cyber attacks could cripple the police, the fire department and emergency-information systems in those cities. If that’s not terrifying enough, while urban emergency efforts slow to a crawl amid massive physical destruction and loss of life, a sophisticated computer virus could attack the industrial control systems around the country that maintain critical infrastructure like water, power and oil and gas pipelines. Commandeering these systems, called supervisory control and data acquisition (SCADA) systems, would enable terrorists to do all manner of things: shut down power grids, reverse waste-water treatment plants, disable the heat-monitoring systems at nuclear power plants. (When the Stuxnet worm attacked Iranian nuclear facilities in 2012, it operated by compromising the industrial control processes in nuclear centrifuge operations.) Rest assured that it would be incredibly, almost unthinkably difficult to pull off this level of attack—commandeering one SCADA system alone would require detailed knowledge of the internal architecture, months of coding and precision timing. But some kind of coordinated physical and cyber attack is inevitable.
Few terror groups will possess the level of skill or the determination to carry out attacks on this scale in the coming decades. Indeed, because of the vulnerabilities that technology introduces for them, there will be fewer terrorist masterminds altogether. But those that do exist will be even more dangerous. What gives terror groups in the future an edge may not be their members’ willingness to die for the cause; it might be how good their command of technology is.
Various platforms will aid extremist groups in planning, mobilization, execution and, more important, as we’ve already pointed out, recruitment. There may not be many caves online, but those blind spots where all manner of nefarious dealings occur, including child pornography and terrorist chat rooms, will continue to exist in the virtual world. Looking ahead, future terror groups will develop their own sophisticated and secure social platforms, which could ultimately serve as digital training camps as well. These sites will expand their reach to potential new recruits, enable information-sharing among disparate cells and serve as an online community for like-minded individuals. These virtual safe houses will be invaluable to extremists, provided that there are no double agents and that the digital encryption is strong enough. Antiterrorism units, law enforcement and independent activists will try to shut down or infiltrate these sites but will be unable to. It’s just too easy to relocate or change the encryption keys in boundless virtual space and keep the platform alive.
Media savvy will be among the most important attributes for future transnational terrorists; recruitment, among other things, will rely on it. Most terrorist organizations have already dipped a toe into the media marketing business, and what once seemed farcical—al-Qaeda’s website heavy with special effects, Somalia’s al-Shabaab insurgent group on Twitter—has given way to a strange new reality. The infamous case of Anwar al-Awlaki, the late American-born extremist cleric affiliated with al-Qaeda in Yemen, provides a compelling example. His high profile was largely a result of his own self-promotion—he used viral videos and social networks to disseminate his charismatic sermons internationally. As the first major terrorist YouTube sensation, Awlaki’s influence is undeniable—several successful and would-be terrorists cited him as an inspiration—and his prominence earned him a spot on the U.S. government’s list of high-value targets. He was killed by a drone strike in September 2011.
Awlaki’s social media mastery impressed the billionaire investor and reformist Saudi prince Alwaleed bin Talal al-Saud, who sees this as part of a broad trend across the region. “Even the most anti-Western religious figures in Saudi Arabia are now almost all using technology,” he told us, adding that “a number of them are even using mobile devices and increasingly social networks to issue fatwas”—Islamic edicts. As Middle East observers know, this is a profound change, particularly in Saudi Arabia, where the clerical establishment is notoriously slow to accept technology. The trend will only continue.
Given the importance of digital marketing for future terrorists, we anticipate that they will increasingly look to infiltrate mobile and Internet companies. Some Islamist groups have already tried to do this. Maajid Nawaz, a former leader in Hizb ut-Tahrir (HT)—a global extremist group that seeks the overthrow of Muslim-majority governments through military coups and the creation of a worldwide Islamist superstate—told us his organization had a policy of recruiting from mobile-phone companies. “We pitched propaganda stalls outside the Motorola offices in Pakistan, then we recruited some Motorola staff, who proceeded to leak the numbers of Pakistan’s national newspaper editors,” he said. Members of HT would bombard these editors with text messages full of propaganda, talking points and even threats. The recruited Motorola staff further helped HT, according to Nawaz, by concealing its members’ identities when they signed up for phone service, allowing them to operate undetected.
If extremist groups don’t target the mobile companies themselves, they will find other ways to wield influence on these powerful platforms. Groups like Hamas and Hezbollah tend to gain community support by providing services that the state is unwilling or unable to deliver adequately. Services, support and entertainment all serve to strengthen the credibility of the group and the loyalty of its base. Hamas could develop a family of apps for the cheap smart phones everyone uses, offering everything from health-care information to mobile money exchanges to games for children. This infinitely valuable platform would be built and serviced by Hamas members and sympathizers. Even if the Apple store blocked their applications under order of the U.S. government, or the U.N. took similar action, it would be possible to build apps without any official tie to Hamas and then promote them through word of mouth. The impact this could have on a young generation would be immense.
As global connectivity renders extremist groups more dangerous and more capable, traditional solutions will appear increasingly ineffective. In many parts of the world, simply imprisoning terrorists will have little effect on their network or their ability to influence it. Smuggled handsets will enable extremists to run command-and-control centers from inside prison walls, and the task of confiscating or otherwise limiting the power of these devices will only get harder as the basic components of smart phones—the processors, SIM cards (memory cards used in mobile phones that can carry data from one phone to another) and the rest—get smaller and more powerful.
Such practices h
ave already begun, sometimes in farcical fashion. In 2011, Colombian prison officials stopped an eleven-year-old girl en route to visiting an incarcerated relative in Medellín because of the odd shape of her sweater; they found seventy-four mobile phones and a revolver taped to her back. In Brazil, inmates trained carrier pigeons to fly in phone components, and at least one local gang hired a teenager to launch phones over the prison walls with a bow and arrow. (The boy was caught when one of his arrows struck an officer.)
This is not just taking place in the developing world. A former member of a South Central Los Angeles gang told us that the going rate for a contraband smart phone hovers around $1,000 in American prisons today. Even tablets can be obtained for the right price. He further described how these devices enable well-connected inmates to maintain their illicit business ties from behind bars through popular social-network platforms. In 2010, when inmates in at least six prisons in the U.S. state of Georgia simultaneously went on strike to protest their conditions, their protest was organized almost entirely through a network of illicit mobile phones.
The most compelling (and successful) example of prison activities comes from Afghanistan, a country with one of the lowest rates of connectivity in the world. The Pul-e-Charkhi prison on the outskirts of Kabul is the country’s largest prison and among its most notorious. Commissioned in the 1970s and completed during the Soviet occupation, in its initial years tens of thousands of political prisoners were killed there annually and many more were tortured for anti-Communist sentiments. The prison earned a new distinction during the American occupation as a terrorist nerve center. Following a violent riot in 2008 in the prison’s Cell Block Three, Afghan authorities discovered a fully operational terror cell—in both senses of the word—that had been used by inmates to coordinate deadly attacks outside the prison walls. The back door to the cell block was covered in live electrical wires, woven through the bars like vines and emitting a soft red glow in the corridor, and the walls were painted with swords and verses from the Koran. Cell Block Three had been taken over by its Taliban and al-Qaeda inmates years earlier, and through a combination of effective smuggling of phones and radios, savvy recruitment within the prison population and threats to the guards and their families, these radicalized inmates had transformed their environment into a prison without walls—a secure perch (safe from aerial drones and other dangers) from which they could expand their organization, run extortion schemes and coordinate terrorist attacks in a city twenty miles away. They recruited petty thieves, heroin addicts and Christians (inmates whose pariah status in Afghan society made them ripe for radicalization) with money or the threat of violence.
After the 2008 riot, relocation of these inmates to different cell blocks was thought to have ended their terror network, or at least severely curtailed its functionality. Yet two years later, following a string of attacks in Kabul, prison officials admitted publicly that the terror cells had re-formed within Pul-e-Charkhi almost immediately, and authorities’ attempts to limit their operational capacity by sporadic jamming (to render their contraband mobile phones useless) had largely failed. Pul-e-Charkhi housed many of Afghanistan’s high-value inmates, and it was run by the Afghan military with American advisors, yet no one seemed capable of controlling the mobile networks. When Jared accompanied the late special envoy to Afghanistan Richard Holbrooke on a trip to Kabul, he visited the prison and met with one of the incarcerated former ringleaders of Cell Block Three, an extremist leader named Mullah Akbar Agie, to assess how conditions in the prison had changed after the post-riot crackdown. Agie responded to a joking request for his phone number by reaching into his robe and pulling out a late-model feature phone. He proudly jotted down his name and phone number on a slip of paper: 070-703-1073.
The experience at Pul-e-Charkhi suggests the danger of mixing gangs, religious extremists, drug traffickers and criminals in the prisons during the digital age. Outside prison walls, these different networks at times overlap and use the same technological platforms, but when they are put in close proximity inside prisons, with the help of contraband devices they can become dangerous, united nodes. A band of narco-traffickers from a Mexican cartel might share valuable information about cross-border weapon-smuggling networks with an Islamist extremist in exchange for money or a foothold in a new market for the cartel. When both parties reach a mutually beneficial arrangement, each could use his mobile phone to inform his organization of the new collaboration. Deals struck in prison and then followed through in open society will be difficult to intercept, because short of placing all inmates in isolation cells (unrealistic) or shutting down the mobile contraband trade (equally unlikely, despite enormous effort), prison authorities will have limited success in preventing cases like these from materializing.
So if we take it as a given that prison contraband networks will generally outsmart the officials charged with shutting them down, and that mobile phones will remain in high demand for inmates, what options remain to thwart the Pul-e-Charkhi scenario from playing out elsewhere? The most obvious solution is simply cutting off access, jamming the networks so that inmates’ illicit phones become little more than expensive platforms for playing Tetris. But it stands to reason that someone could figure out a way to get over that hurdle. Perhaps live pigeons won’t work, but small drones designed to look like pigeons and act as mobile Wi-Fi hot spots might.
Monitoring and tapping the mobile activity among prisoners is another option for law enforcement. The intelligence gathered from listening in could, among other things, shed light on how illicit networks operate. A more subversive solution could be to intentionally co-opt the contraband networks by getting devices into prisoners’ hands that are actually filled with traps to inadvertently give up information. Loaded with malware that will allow activity on each phone to be traced, these phones would be designed to give up secrets easily without inmates’ knowledge. This may ultimately prove more effective than human informants, and safer, too.
Some societies will ensure that a prisoner disappears from the Internet entirely while behind bars. By court order his virtual identity would be frozen, laws would prevent anyone from trying to contact, interact with or even advertise to his frozen profile, and once he was released, he would be required to provide his probation officer with access rights to his online accounts. The digital-age equivalent of an ankle bracelet will be government-imposed software that tracks and restricts online activity, not just for the obvious cases like child molesters (whose Internet activity is sometimes restricted as a condition of probation) but for all convicted criminals for the duration of their probation.2 Someone found guilty of insider trading could be temporarily barred from all forms of e-commerce: no trading, online banking or buying things on the Internet. Or someone subjected to a restraining order would be restricted from visiting the social-networking profiles of the targeted person and his or her friends, or even searching for his or her name online.
Alas, many of these solutions will be circumvented in the age of cyber terrorism, as more and more criminals operate invisibly.
The Rise of Terrorist
Hackers
How serious someone considers the threat of cyber terrorism likely depends on that person’s view of hacking. For some, the image of a basement-dwelling teenager commandeering phone systems for a joyride endures, but hacking has developed considerably in the past decade, transformed from a hobby into a controversial mainstream activity. The emergence of “hacktivists” (politically or socially motivated hackers) and groups like the hacking collective Anonymous signals a maturation of message and method and hints at what we can expect in the coming years. Increasingly, hackers will find ways to organize themselves around common causes. They will conduct sophisticated attacks on whomever they deem a proper target and then publicize their successes widely. These groups will continue to demand attention from the governments and institutions they attack, and their threats may come to be taken more seriously than one might expect judging from tod
ay’s activities, which mostly seem like stunts. The story of WikiLeaks, the secrets-publishing website we discussed earlier, and its sympathetic hacker allies is an illustrative example.
The arrest of WikiLeaks’ cofounder Julian Assange in December 2010 sparked flurries of outrage around the world, particularly among the many activists, hackers and computer experts who believed his indictment on sexual-assault charges was politically motivated. Shortly thereafter, a series of cyber attacks crippled, among others, the websites for Amazon, which had revoked WikiLeaks’ use of its servers, and MasterCard and PayPal, which had both stopped processing donations for WikiLeaks.
This campaign, officially titled Operation Avenge Assange, was coordinated by Anonymous, a loosely knit collective of hackers and activists already responsible for a string of prominent DDoS attacks against the Church of Scientology and other targets. During Operation Avenge Assange, the group vowed to take revenge on any organization that lined up against WikiLeaks: “While we don’t have much of an affiliation with WikiLeaks, we fight for the same reasons. We want transparency and we counter censorship. The attempts to silence WikiLeaks are long strides closer to a world where we cannot say what we think and are unable to express our opinions and ideas. We cannot let this happen.… This is why we intend to utilize our resources to raise awareness, attack those against and support those who are helping lead our world to freedom and democracy.” The corporate websites were back online within several hours, but their disabling was very public and could have affected millions of customers. Most of those customers had no idea the websites were vulnerable in the first place. In other words, the hacktivists made their point. A string of global investigations followed, leading to the arrest of dozens of suspected participants in the Netherlands, Turkey, the United States, Spain and Switzerland, among other states.