Recent efforts by governments to weaken encryption, introduce exploitable vulnerabilities into applications, and to develop Nation-state dragnet surveillance programs will do little to stymie the rise in terrorist attacks. These efforts will be a detriment to national security and only further exhaust law enforcement resources and obfuscate adversary communiqués within a massive cloud of noise.
Backdoors for the Good Guys, Means Backdoors for the Bad Guys
Cyber-insecurity is not a natural problem; it is unintentionally caused by a combination of the negligence, naivety, and ignorance of irresponsible data managers or it is intentionally resultant of the actions of malicious insiders, unknown threat actors, or reckless data stewards. Cybersecurity does not follow the laws of the physical world. For instance, the public relies on the government to protect it from or respond to floods, earthquakes, or other natural disasters. The public relies on government for defense from military excursions. Where the government cannot directly prevent or respond to a disaster, the public depends on the government to responsibly regulate protections; as is the case with building security and other regulations. Meanwhile, in the realm of cybersecurity, the public is increasingly reliant on private businesses to responsibly protect data and freedoms, even though those same organizations have repeatedly failed to do so in the past because repeated government legislative efforts critically jeopardize the security and privacy of the public. Recently, state agencies have begun initiatives to inject backdoors, weaken encryption, and exploit discovered or implanted system vulnerabilities in attempts to identify early indicators of terrorist activity, to locate and apprehend suspected criminals, and to dismantle adversarial networks or disable dangerous technology. Requirements to weaken encryption or intentionally hobble an otherwise secure application primarily impact consumers (whose data is stolen and abused) and small and medium businesses and non-profits (who cannot afford cyber-insurance or the lawsuits resulting from a breach) . Further, the establishment and expansion of dragnet surveillance capabilities presuppose an intentionally permanent instability of national and global communication networks. System vulnerabilities are unanimously exploitable by script kiddies, cybercriminals, techno-jihadists, digital mercenaries, nation-state advanced persistent threats (APTs) and the agencies which introduce or require the vulnerability in the first place. Governments are thereby complicit in every attack that leverages that flaw.
The Rise of the Lone-Wolf Threat & Ease of Cyber Jihad
Self-polarized lone wolf threat actors are the new profile of terrorists (of all varieties and denominations) across the globe. Before the internet, troubled individuals often did not radicalize to the point of action because in order to do so they had to physically identify, locate, and connect with a tangible local congregation of like-minded individuals. Now on the Internet, radicalization can occur instantly and anonymously within significantly larger and more geographically distributed groups. Statistically, physical membership in hate groups has actually diminished because troubled lone wolves can instantly gratify and cultivate their radical beliefs, they can remotely plan their assaults with online resources (Google Maps, etc.), and they can consume propagandist narratives to model their campaigns around and to assure them that their purpose is worth serving and that their sacrifice will be remembered.
Michael Mauboussin: Here’s what active managers can do
Lone wolf threat actors feel isolated and turn to the internet for community and purpose. Their online accounts exhibit behaviors of seeking attention, polarization, and further isolation as those that they interact with subjugate them or disagree with their adopted ideology. Once they feel that they can no longer communicate with the online communities of their past, their only outlet becomes the radicalization network which capitalizes on their seclusion and desire for attention, renown, or purpose. Social media recruitment channels and keywords, such as Twitter hashtags, can be used to track radicalization efforts or dismantled to diminish the propagation of recruitment materials. Identifying, monitoring, and apprehending recruiters, potential recruits, and radicals can preempt attacks, but it will only delay the overall campaign as no individual is indispensable to the network.
In every country targeted by self-radicalized lone wolves, Law enforcement is overexerted and under-resourced. National or global dragnet surveillance initiatives will only further exhaust agencies resources and further obfuscate adversary communiqués within a massive cloud of noise. Instead, law enforcement should concentrate on monitoring Deep Web forums and on dismantling the distribution channels and generation resources of radicalization propaganda materials. Lone wolf threat actors research, recruit, and discuss their plans, within radical online communities prior to actually launching the physical attack because, at their root, they desire recognition and a like-minded community more than they believe in their actions. These are troubled individuals who want to be remembered for something, and they often seek affirmation that someone in some online community will remember their narrative. The polarizing publications distributed on the open Internet and Deep Web contain radicalization campaigns, intended attacks blueprints, choice targets, etc. and they are pivotal in terrorist campaigns. For instance, in November 2016, ISIS’s publication Rumiyah, published articles urging Western readers to utilize rented trucks and handheld weapons in multi-stage public attacks. The article included infographics and characteristics of vehicles and physical weapons to avoid. This template almost definitely influenced the London Bridge and other recent campaigns. Other publications include Kybernetiq and Dabiq. The magazines regularly include spreads detailing “hagiographies of mujahids” who died in Western assaults. The profiles appeal to vulnerable and susceptible individuals and are extremely influential in the radicalization process because they promise infamy and purpose to those who have none.
Nation-state dragnet surveillance of the open and free Internet will be more detrimental to global populations than sophisticated Intelligence and Counter-Intelligence efforts that precisely monitor and target recruitment channels. Adversaries can always find new message boards, encrypted messengers, etc. to utilize in their terror campaigns. Average citizens cannot. In fact, no national or global effort to surveil civilian web traffic can map, control, or monitor Deep Web, where most nefarious activity occurs. Even tracking sophisticated adversaries who rely on multiple jump boxes or VPNs would be difficult or impossible. Every effort that reduces freedoms or invades privacy is in a way, a secondary adversarial victory because it is a self-inflicted social harm on the free world without significantly impeding adversarial campaigns. Radicals have little or no switching costs in their communication and recruitment mediums. It costs them nothing but time and human resources to create more Twitter accounts or set up a new Deep Web site. A greater impact can be achieved by surveilling specific communications, identifying code words, etc. than on mass surveilling entire populations and attempting to discern radical rhetoric through the noise. Instead of targeting disposable assets, resources would be more effectively spent targeting key figures and infrastructure in the propaganda machine. Consider the publications used to polarize many lone wolf actors are pretty professional. There cannot be many graphic designers or publishers within ISIL.
The retraction of civilian freedoms is a knee-jerk reaction that only benefits adversaries in the long-term because they can adapt and utilize unconventional mechanisms; whereas average civilians cannot. Even the repeated campaigns to backdoor or decrypt WhatsApp missives, if successful, would deprive citizens of private and secure messaging while adversaries could transition to Deep Web communication mechanisms or even to unconventional channels such as mobile game chat rooms. Any effort to monitor all Internet traffic or to censor particular dialogues is a dangerous slippery slope that will inevitably inflict societal harm far exceeding any transitory advantage over radical adversaries. Any and every freedom sacrificed out of fear of a threat is nothing but a concession to their cause and an affirmation that they should continue their efforts .
Article by ICIT
See the full PDF below.