Jeff and Christine's Homeland Security Blog

Homeland Security and Terrorism

Archive for the ‘Terrorism’ Category

Taking the Mystery Out of Terrorist Planning

leave a comment »

For those interested in detailed, substantive reading on terrorism, I heartily recommend Stratfor‘s recent article, Detection Points in the Terrorist Attack Cycle.  This article makes the important point that while terrorism is a serious threat, it can be understood and countered like any other security threat.

No matter how fanatic a group’s operatives may seem, terrorists can’t create devastating attacks without careful, down-to-earth planning.  These kinds of attacks require communication, funding, supplies, and meticulous preparation, often over months and years.  All these activities expose the terrorists to possible discovery by security agencies.

Read the article to see why and how.  We welcome your comments!

Written by Homeland Security

March 23, 2012 at 03:38

Posted in Terrorism

Tagged with

Technology marches on

with one comment

Technology doesn’t stand still in the Homeland Security field!  Several recent developments—from the fields of information technology, biometric engineering, and social psychology—are worth a closer look.  These are all available on the Homeland Security Newswire, which offers current reporting on technological developments in the security profession.

Frankenmalware

Many of us have probably felt our computers know more than we do at times, but we can still change and adapt, while they get obsolete, right?  Right… but there are now indications that snippets of programmed code have recombined in ways their creators never planned.  Unfortunately, these bits of code are malwareviruses and worms.  Viruses have been seen to accidentally make use of worms, propagating themselves more effectively in a “malware sandwich” or “Frankenmalware.”  According to a post at the Malware City blog, this is how it can happen:

Now, another “practice” has silently emerged: the file infector that accidentally parasites another e-threat. A virus infects executable files; and a worm is an executable file. If the virus reaches a PC already compromised by a worm, the virus will infect the exe files on that PC – including the worm. When the worm spreads, it will carry the virus with it. Although this happens unintentionally, the combined features from both pieces of malware will inflict a lot more damage than the creators of either piece of malware intended.

It may also be that in some cases, cleaning by antivirus programs may help altered malware escape detection.  Read more at http://www.malwarecity.com/blog/virus-infects-worm-by-mistake-1246.html/

Handy fingerprints?

Biometric systems are increasingly common.  However, the need for stationary equipment to read and process prints has limited its utility in some fields.  Now, researchers at Neurotechnology have developed an application which allows smartphones and other mobile devices to run scans almost anywhere.  The mobile products contain the same algorithms as the company’s PC-based versions of their products, which meet AFIS-level recognition standards.  Homeland Security Newswire explains that these devices can handle fingerprint or facial recognition quickly, with iris and voice capabilities on the way:

The company says that VeriFinger Embedded and VeriLook Embedded can process fingerprint or face images in less than one second using a device with a 1GHz or better processor. The first available release of the new MegaMatcher Embedded product includes VeriFinger and VeriLook fingerprint and face biometric algorithms, and versions incorporating iris and voice biometrics are planned in the coming months.

To find out how to keep your biometrics close at hand, see http://www.homelandsecuritynewswire.com/srbiometrics20120117-new-biometric-tools-for-android.

Happy, sad, silly, mad

Remember learning about smiles and frowns in preschool?  Actually, sorting out human facial expressions isn’t so simple, but researchers at King’s College London have isolated the characteristics of a face displaying anxiety.  Their research, published recently in in the Journal of Personality and Social Psychology, shows that the emotion we call anxiety is expressed by an environmental scanning look that appears to aid risk assessment:

The characteristics of the facial expression for anxiety comprised darting eyes and head swivels that echoed the risk assessment behavior of anxious rodents. These results suggest that the anxious facial expression in humans serves to increase information gathering and knowledge of the potentially threatening environment through expanding the individual’s visual and auditory fields. Therefore the anxious facial expression appears to have both functional and social components — its characteristics help assess our surrounding environment, and communicate to others our emotional state.

The lead author of the study, Dr. Adam Perkins, noted that the findings could help security personnel identify individuals engaged in wrongdoing by means of their anxious, risk assessing facial expression, as well as helping mental health professionals assess their patients.

For more on how anxiety is manifested in people’s expressions, see http://www.homelandsecuritynewswire.com/dr20120117-facial-expression-for-anxiety-identified.

Homeland Security and the Rise of Social Media

leave a comment »

Social media, such as Facebook and Twitter, are a growing factor in everything from marketing to politics, and Homeland Security is no exception. We see the rise of social media in several areas of professional concern:

  • Counterterrorism, in which we’re aware that terrorists increasingly use these technologies to reach out to potential recruits and communicate with operatives;
  • Emergency response, because social media are a fast and effective way to communicate information in a disaster situation;
  • Epidemic disease, in which people worldwide can report instances of disease outbreaks instantly, circumventing any effort their governments may make to contain the information.

Like any essential change in the way people communicate and get things done, social media have their drawbacks. First, it’s worth noting that only a small fraction of the world’s population uses them. Because this fraction tends to be young, well-informed, and activist, social media helped propel popular reactions in places like Iran and Egypt. Nonetheless, it will be a long time before social media catch up with Internet applications like e-mail and news sites, let alone with television, radio, and telephone communications.

Let’s look at some of the challenges Homeland Security professionals will need to consider as social media become more pervasive.

In the area of public security, there was an incident in Mexico in August 2011 in which two individuals, labeled the “Twitter Terrorists” in press reports, posted false information on Twitter and Facebook claiming that children had been abducted from a school in Veracruz by drug cartels. The posts allegedly led to traffic accidents as parents hurried to the school in a panic, and the two perpetrators were charged with terrorism.

The charges were later dropped, but the incident highlighted two important points. One was the degree to which people in Veracruz, an area hard-hit by narcoterror gangs, used social media for instant security-related information. Checking Twitter before leaving home, for example, allows residents to learn about gunfights or other hazards.

Another is the ease with which anyone could cause terror and even casualties by spreading false reports via Facebook or Twitter. As in this case, people might be injured in traffic or trampled at a public gathering based on such reports.

Epidemic disease, whether of natural origin or the result of WMD use, remains a fearsome threat to Homeland Security. In a November 3 article, Homeland Security Newswire explains that social media can sometimes lead to inaccurate information:

Social media sites like Facebook and Twitter have proven useful in quickly disseminating information, and raising awareness during disasters or disease outbreaks, but these tools can also be a double-edged sword. 

Global health officials warn that social media sites often spread rumors or false information that are difficult to correct.

Margaret Chan, the director-general of the World Health Organization (WHO), said, “I can assure you that with the rise of social media, the background noises for rumors have become much louder and making it so much harder to detect the really important segments.”

Keji Fukuda, the WHO’s assistant director-general, echoed Chan’s thoughts pointing to rumors circulating around the Internet on how to build immunity against the H1N1 swine flu during the 2009-2010 outbreak.

One of the rumors which started was that if you increase your salt intake it can help,” Fukuda said.

According to Fukuda, the agency was forced to correct the rumor, using social media, because taking in too much salt can be dangerous.

Emergency response is another area where the dissemination of inaccurate information could be a problem. However, the benefit of quickly spreading helpful information during a disaster makes it an option to expand, not squelch. Agencies like FEMA are already using social media to inform residents of what’s happening and what to do, and individuals use them on a personal level.

According to an article at Mashable.com, there’s room to make this role more formal:

However, according to new research from the American Red Cross, the Congressional Management Foundation and other organizations, social media could stand to play a larger and more formal role in emergency response. In fact, almost half the respondents in a recent survey said they would use social media in the event of a disaster to let relatives and friends know they were safe.

Students of Homeland Security are sure to see social media technologies grow in prevalence and power. You’ll likely confront new forms of communication yet to be imagined, so it’s worth considering how to make best use of these technologies in the public interest.

Graphic credit:  Mashable.com

Written by Homeland Security

November 3, 2011 at 19:31

Chat-downs: Behavioral Science at Work

with 2 comments

The Transportation Safety Agency (TSA) has a tough job, and it continues to look for ways to stop terrorists while minimizing inconvenience to legitimate travelers. Sometimes, the emphasis is on technology, but a successful pilot program involving focused questioning and observation by a trained officer shows that behavior analysis techniques work.

An article in Business Week magazine explains that the program will soon be expanded to a second site:

Detroit Metropolitan Wayne County Airport joins Boston’s Logan International as a test site for the program, in which TSA employees briefly talk to passengers to assess whether they might be involved in terrorist activities. The technique has been called “chat-downs” by Representative Bennie Thompson of Mississippi, ranking Democrat on the House homeland security committee, who has questioned whether it works. “

While there have been a number of naysayers about this technique, my main question is, “What took them so long to implement this method!” Behavior detection is the way to go for TSA and I would like to see this spread to include many more airports. The chat only takes a minute or two, and it can be very revealing of individuals’ motivations, fears and worries. People involuntarily show physical and physiological reactions to a fear of being discovered, and when briefly interviewed by authority figures, anxiety is intensified– allowing officers to detect these reactions. While electronic detection equipment has its place, focused observation is more likely to lead to an individual’s motivations and intentions.

According to the TSA website,

“The Behavior Detection Officer (BDO) program utilizes non-intrusive behavior observation and analysis techniques to identify potentially high-risk passengers. BDOs are designed to detect individuals exhibiting behaviors that indicate they may be a threat to aviation and/or transportation security. The program is a derivative of other successful behavioral analysis programs that have been employed by law enforcement and security personnel both in the U.S. and around the world.”

Many of TSA’s techniques have been pioneered by the Israelis, who have been struggling with the terror threat for much longer than the US has.

Behavior detection is a risk-based approach which allows TSA to focus its limited resources on making a determination whether someone is really a risk or not. This saves time for travelers who are non-threats and who can pass through these checks with no problems. It is not profiling, since determinations are made based on a number of factors including body language and responses to questions, and not on the religious or ethnic make-up of travelers. This is smart, given the fact that terrorists come from different religious and ethnic backgrounds.

This isn’t a new method; in fact, it has been practiced by the airlines for many, many years. For international flights, it has been common for airline personnel to ask questions of travelers such as whether they were given anything to pack, or whether they packed their own bags. This allowed airline staff to gauge reactions and focus limited resources on possible threats rather than mindlessly subjecting everyone to the same level of scrutiny.

Behavior detection is a risk based approach which is much needed in TSA’s methodology and is, at last, a logical way to proceed.  Those who don’t support this method may be basing their opposition on a basic misunderstanding of what it entails, since it relies on established behavioral analysis techniques and avoids the privacy and profiling pitfalls of alternative measures.

A “Pre-crime” System?

with one comment

 

Is it possible to detect terrorists or criminals before they strike? That’s the premise of science-fiction films like Minority Report, but the Department of Homeland Security (DHS) is already experimenting with a “pre-crime” system it calls Future Attribute Screening Technology, or FAST. In an October 7, 2011, article, CNET News writer Declan McCullagh explores what FAST is intended to achieve.

Instead of relying on psychics to predict who will commit a dangerous act, FAST is designed to collect data surreptitiously on a subject’s heart rate, breathing, voice patterns, eye movements, ethnicity, occupation and gender. Algorithms will then determine which individuals may have malicious intent.

So far, FAST is still in the testing phase. In addition to testing on DHS employees who volunteered for the program, a field test was conducted in one northeastern US venue. How would it be used? DHS has suggested that FAST may be deployed at airports, but it might also be used at border crossings or public events where large crowds are present.

How about the science behind FAST? There’s no way to conclusively detect someone’s criminal or terrorist inclinations; that idea went out with phrenology in the 19th century. However, biological signs can betray a person’s anxiety, and someone who is about to commit a terrorist attack is likely to be under stress.

One problem is that while symptoms like an elevated heart rate or changes in voice patterns may indicate anxiety, they don’t offer insight into the cause of the anxiety. Someone displaying these symptoms may simply be nervous about missing a flight, or may be stressed at a sporting stadium because of misplaced car keys or even an adverse referee’s call.

There’s a parallel with “lie detectors.” Polygraph equipment can’t look into someone’s mind and determine that he is lying. All it can do is reveal biological symptoms which are associated with the anxiety or stress. Since stress accompanies deception for most psychologically normal people, it can indicate areas for questioning for investigators.

Because FAST won’t be able to “detect terrorists” in a simplistic and certain manner, we as Homeland Security professionals will need to consider how technologies like this should be used. There are clear privacy implications: how would collecting data from crowds of people square with the Fourth Amendment prohibition against unreasonable searches and seizures?  If a system like FAST does point out an individual with a suspicious profile, how should law enforcement or transportation security officers proceed?  Would it be sufficient grounds for probable cause, leading to further action?

Trends in Terrorism: the Threat from Domestic Extremists

with one comment

For students of Homeland Security, it is important that we remain focused on the changing trends in terrorism in the US. In a recent article, FBI Intelligence analyst Lauren O’Brien makes a good case that the terrorist enemy is now more diverse and adaptable, which makes focusing on the enemy just that more difficult than prior to 9/11.

As she noted in this article http://www.fbi.gov/stats-services/publications/law-enforcement-bulletin/september-2011/the-evolution-of-terrorism-since-9-11: “Following 9/11, the United States faced a threat from Al Qaeda not only as an organization but also as an ideology. A new global jihadist movement composed of al Qaeda-affiliated and -inspired groups and individuals began to unfold. Although these groups threatened U.S. interests overseas, they did not rival al Qaeda in the threat they posed to the homeland. However, over time, the spread of this decentralized, diffuse movement has increased the threats to U.S. interests at home and abroad.”

While we cannot discount the threat posed by Islamic extremism and the domestic threat posed by homegrown Islamic extremists, the FBI has reported that roughly two-thirds of terrorism in the US was conducted by non-Islamic American extremists from 1980-2001; and from 2002-2005, the figure went up to 95 percent.

One of the factors in these statistics is that the Patriot Act of 2001 expanded the legal definition of “terrorism” to include domestic terrorism as well as international terrorism. Naturally, this would increase FBI statistics on domestic terrorism cases. However, the government is confronting a notable problem in classifying cases as domestic terrorism and violent extremism: the lack of a comprehensive definition. This lack of uniformity in defining domestic terrorism is reflected in the way domestic terrorists are prosecuted and their final sentencing.

This is noted in an excellent article published by the Council on Foreign Relations and written by Jonathan Masters: http://www.cfr.org/terrorist-organizations/militant-extremists-united-states/p9236

Mr. Masters noted this lack of agreement on what constitutes domestic terrorism, and what distinguishes it from other crimes. Here’s an excerpt from his study: “a Syracuse University-sponsored watchdog organization, when it compared the number of terrorism cases listed by three entities–the courts (310), the prosecutors (508), and the National Security Division (253)– it found that from 2004-2009 only 4 percent of the cases were classified as terrorism on all three lists.” This suggests that the agency that made the designation, not the facts of the case, determined whether a suspect was prosecuted as a terrorist and, therefore, may have received a harsher sentence.

In discussing domestic extremists, the FBI uses four broad categories: left-wing, right-wing, single issue groups, and homegrown Islamic.

Mr. Masters further notes that Lone Offenders may pose the most immediate threat in the US. “According to an FBI report on terrorism, the lone wolf label refers to individuals “who commit acts of violence outside of the auspices of structured terrorist organizations or without the prior approval or knowledge of these groups’ leaders.” A Department of Homeland Security study found that attacks by individuals constituted one-third of all extremist acts of violence since 1995, up from just 6.5 percent in the twenty-five years prior. Recent high-profile cases of these attacks include those by Jared Lee Loughner, James von Brunn, and Abdulhakim Mujahid Muhammad. Because of their isolation from organized extremist groups, lone wolves are particularly hard to track for intelligence agencies. However, their independence often makes them less effective than members who are well connected to large networks.

In the United States, left-wing violence has been characterized in recent decades by a decline since the fall of the Soviet Union in 1991 and a very successful mid-1980s FBI infiltration campaign. From 1960 to the mid-1980s, most domestic extremist violence was committed by leftist factions, but this is no longer the prevailing trend.

Mr. Masters further discusses single-issue groups where “extremists attack targets that embody distinct political issues like environmental degradation, abortion, genetic engineering, or animal abuse. These groups are usually composed of small, autonomous cells that are hard to infiltrate because of rigid secrecy. According to the FBI, so-called eco-terrorists and animal rights groups like the Earth Liberation Front have committed over two thousand crimes and caused losses of over $110 million since 1979. Ecological extremism gained particular notoriety in the 1990s, and in 2004 the FBI declared these groups the No. 1 domestic terrorism threat. Anti-abortion extremists are responsible for seven murders, forty-one bombings, and 173 acts of arson in the U.S. and Canada since 1977, according to the National Abortion Federation, an abortion rights group. While much of this violence peaked in the 1990s (PDF), the 2009 murder of Dr. George Tiller served as a reminder of the threat still posed by these factions.

Interestingly, Mr Masters notes that “the most recent swell of extremist violence began to emerge from right-wing militants in the late-1980s and 1990s. According to a 2005 FBI report on terrorism, these groups, which are “primarily in the form of domestic militias and conservative special interest causes, began to overtake left-wing extremism as the most dangerous, if not the most prolific, domestic terrorist threat to the country.” Right-wing extremists champion a wide variety of causes, including racial supremacy, hatred and suspicion of the federal government, and fundamentalist Christianity. The Southern Poverty Law Center, which tracks the activities of hate groups, suggests militia groups declined every year since 1996 but have seen a dramatic resurgence since 2008.”

Complacency Is Not an Option

with 2 comments

 

While many Americans rejoice and are relieved that Osama bin Mohammed bin Awad bin Laden was killed by US forces in Pakistan, we need to be careful that our vigilance against terrorism is not decreased. In an article published in the FBI‘s Law Enforcement Bulletin (September 2011), <LINK> FBI Intelligence analyst Lauren O’Brien provides her thoughts on the state of terrorism today.

Her opinion is that in the last 10 years, while the US faces a more diverse enemy, the threat still exists and is just as formidable as it was in 2001. The enemy is now more adaptive and changing which makes focusing on the enemy just that more difficult. Ms. O’Brien goes on to provide a good understanding of how terrorism trends have evolved in the last 10 years.

In particular, Ms O’Brien is spot on when she states that, “Following 9/11, the United States faced a threat from al Qaeda not only as an organization but also as an ideology. A new global jihadist movement composed of al Qaeda-affiliated and -inspired groups and individuals began to unfold. Although these groups threatened U.S. interests overseas, they did not rival al Qaeda in the threat they posed to the homeland. However, over time, the spread of this decentralized, diffuse movement has increased the threats to U.S. interests at home and abroad.” This makes our (US) efforts against potential terrorists just that much harder and expensive.

We can see some of the more visible results in the Boko Haram movement in the West African country of Nigeria (the source of around 11% of oil imported into the US) and Al-Qaeda in the Islamic Maghreb (AQIM).

Ms. O’Brien correctly concludes that the US must continue to enhance its relationship with intelligence and law enforcement partners. The FBI (and other government agencies) need to adapt their techniques to confront the ever changing threat of terrorism. Complacency is not an option.

Written by Homeland Security

September 22, 2011 at 19:34

“Open Source” Terrorism and the Internet: What Do You Think?

leave a comment »

ASIS, the leading industry organization in our field, just held its annual conference in Orlando. A keynote topic of conversation was terrorist use of the Internet. According to a 20 September 2011 Homeland Security Newswire article, terrorists make use of cyberspace for a range of activities, including recruitment and planning:

Jeff Bardin, the chief security strategist of Treadstone 71, a presenter at this year’s ASIS conference on cyber jihad, argues in a report that “Cyber jihadist groups have adopted the power of modern communications technology for planning, recruiting, propaganda purposes, enhancing communications, command and control, fund raising and funds transfer, information gathering, and as a method for winning the hearts of minds of the global insurgency.”

Terrorists have been on the Internet as long as it’s been around, of course. It’s another tool that they can use– and we can use against them. Much of the conversation at ASIS was about how best to use the Internet to investigate and undermine terrorism.

To me, one of the most significant parts of the discussion was the concept of “open source Jihad.” In the information technology world, open-source code means that software writers are free to use the building blocks of a computer platform to create programs and applications without asking, or paying, a big firm like Apple or Microsoft. In the same way, open source Jihad encourages would-be terrorists to operate independently while building on the work of others. Here’s how the Newswire describes al-Qa’ida’s role in facilitating terrorism by individuals and small groups which are not part of its formal structure:

Most notably, al Qaeda uses the Internet to publish Inspire, the organization’s own magazine. The group describes its publication as “Open Source Jihad,” writing that it is a “resource manual for those who loathe the tyrants; includes bomb making techniques, security measures, guerilla tactics, weapons training, and all other Jihad related activities.” They go on to say, “The open source Jihad is America’s worst nightmare; It allows Muslims to train at home instead of risking a dangerous travel abroad.”

The magazine, Inspire, is well named. This is an essential change in the pattern of Islamic extremist terrorist activity today: instead of being directed by relatively large, “professional” terrorist organizations, it is typically designed and carried out by small groups who are inspired by al-Qa’ida, but who are not members in the classic sense.

This pattern holds true for domestic terrorism, too. There are hundreds of like-minded groups and thousands of individuals who share neo-Nazi, white supremacist, and militia/anti-government ideologies. Yet, they have not coalesced into anything like al-Qa’ida in its heyday, and they instead serve to inflame individuals like Oklahoma City bomber Timothy McVeigh without actively directing them.

Written by Homeland Security

September 22, 2011 at 04:26

With friends like these…..

with one comment

When reviewing a number of articles dealing with Homeland Security, I came upon a recent NY Times article (LINK) which was an interesting demonstration of how sometimes the US confuses itself and can’t focus on Homeland Security with one voice.

The article was discussing Nassir Al-Rifahe, who was a member of the Iraqi National Congress, having worked for years to topple Saddam Hussein before being granted political asylum in the United States in 1997. For the last 10 years, Mr. Rifahe has been living in the US as a refugee, and the Department of Homeland Security has refused to grant his application for a green card.

To remind my readers, the Iraqi National Congress (INC) was an umbrella Iraqi opposition group led by Ahmed Chalabi. It received millions of dollars in funding from the United States government following the first Gulf War, with the goal of overthrowing Iraqi leader Saddam Hussein.

Why is this happening to Mr. Rifahe, you ask?

Well, according to the New York Times article, “Under a sweeping section of federal immigration law, the government considers Mr. Rifahe to have engaged in terrorist-related activity, making him ineligible to live here permanently. That the group Mr. Rifahe worked for was once supported by the United States and tried to overthrow Saddam Hussein matters little.

At issue is a section of the Immigration and Nationality Act, which was bolstered after the Sept. 11 attacks by the Patriot Act and other legislation to prevent terrorists from entering the United States.

As currently worded, the act defines a terrorist group as any organization with two or more people that has engaged in a range of violent activities against persons or property. This would include groups that take up arms against a government. Simply belonging to such an organization, which does not have to be officially designated by the United States as terrorist, or providing “material support” are grounds for being barred from this country.

The law makes no distinction for groups or governments that Washington views favorably.

I personally don’t see any benefit from this law being so broad as to prevent the US government from assisting individuals who are being labeled as terrorists even when they did not engage in terrorist activities or worked for a US funded group which was doing the bidding of the US Government.

What do you think?

Recommended Reading: Homeland Security Remains an Agency in Progress (Brian Naylor, National Public Radio Weekend Edition, September 11, 2011)

with one comment

Recommended reading: Homeland Security Remains an Agency in Progress (Brian Naylor, National Public Radio Weekend Edition, September 11, 2011) Link: http://www.npr.org/2011/09/11/140367706/homeland-security-remains-an-agency-in-progress

NPR’s Brian Naylor presented an interesting discussion of the status of the Department of Homeland Security as of September 11, 2011. Ten years after 9/11, DHS has overcome many of the growing pains involved in building a vast agency out of 22 separate entities, and it is working to solve the vulnerabilities and faults identified in the 9/11 Commission Report.

The article reflects several challenges DHS is facing. One is the need to spend money carefully. Another is the Department’s balance between terrorism response and management of other kinds of disasters. The public often thinks of DHS in terms of terrorism, such as the old color-coded alert system, yet much of its work is on an “all-hazards” basis: it’s preparing for natural disasters, accidental chemical releases, etc., as well as terrorist attacks. Naylor quotes one academic who believes DHS should reduce its spending on terrorist preparations and focus on risks which happen with more frequency.

Steven Flynn, a member of the 9/11 Commission, says in the article that there’s also a need to focus more on resilience– bouncing back from disasters, since they can’t always be prevented. Flynn doesn’t say that prevention is no longer worth DHS time and resources, but his statement may represent a new way of looking at disasters.

What do you think?