Today's post is from Mikhailovich. Mikhailovich is another one of those multilingual poets fond of deadlifts, cigars, capitalism and dead terrorists. He is the head coach of a Crossfit gym.
John Robb writes about the concept of "Off the Shelf Leverage." Robb's point is that terrorists in Mumbai used relatively simple, commercially available technology, such as GPS, satellite phones, cell phones, and Blackberries, to coordinate and communicate, both amongst themselves and with the media. This gives them leverage, meaning that it dramatically increases their outputs in terror and destruction relative to their inputs.
The terrorists got highly accurate directions to their location, watched the news (which unwisely provided details regarding the attackers opposition,) and even checked the police's website for data regarding movements against the attacks.
All this from a trip to your neighborhood Radio Shack.
It is understandable how the attackers were able to access this technology. It is, after all, commercially available and relatively inexpensive. What is harder to fathom, however, is why Indian authorites did not have a better grasp of how that technology might be used against them and how to combat it.
The technologies employed by the Mumbai attackers – cell phone networks, websites, GPS tracking, satellite phones – are univesally accessible. What that means is that they can be monitored. In some cases, this may not be very helpful. A cell phone network is massive, and it would be extremely difficult to notice something unusual happening within it. But what about the example of the police's website? Surely that can't be a website that gets a lot of hits. If it does, they are likely from similar, recognizable sources. How difficult would it be to monitor those networks, and recognize unusual activity? In truth, officials are probably already monitoring them, which means that someone in charge didn't know what to look for.
Can an anti-terrorist organization detect a terrorist attack before it happens by monitoring the use of technology? How?
The short answer is no.
I am no luddite, and very open to the idea of TECHINT, or technical intelligence, which involves such monitoring. This has already been explored through Signals Intelligence and government Data Mining, such as the Total Information Awareness project or any of its incarnations such as ADVISE, the Analysis, Dissemination, Visualization, Insight and Semantic Enhancement system, which is designed for such analysis and much, much more.
It is important to remember first and foremost that TECHINT is HUMINT without the context. Yet even with the human intelligence needed to back such a project up, quite frankly it isn't worth it.
Similar schemes are around in the private sector today. Amazon monitors your purchases and page views online to recommend books. More importantly, credit card companies monitor the use of credit cards, which, along with credit card infrastructure, constitute an advanced technology network, in order to detect identity theft. They have been at this for quite a while, and have become rather good at it.
Here is the catch- even with time on their side, and far more credit card thieves than terrorists (about 1% of cards are fraudulently used), there are very many false positives. In the credit business all this means is a phone call and some questions. The customer is hardly bothered as this usually only takes a few minutes, and may even feel safer. Furthermore, even with so many false positives, there are enough successes to calibrate the system and establish usefull procedures.
Terrorists, however, are rarer and less predictable. The stakes are also higher. Not only would there be more false positives, likely many more than 100 for each successful catch, but each one would have to be looked at more carefully. This is expensive, both in terms of the defense and intelligence budget and man-hours, embarrassing, and politically undesirable. Its one thing to get a few questions about your last purchases, and another entirely to have an FBI van tail you for a week because you are an Arab man who made one too many calls to your Pakistani business partners.
In short, while technically feasible, such a program would be costly and would likely outrage the public. That, in turn, would limit further action due to lack of funding, agents, and political support.
It's true that, if it means preventing another Mumbai such measures may be worth it, but I can think of a dozen other projects, human and technical, that can and should be undertaken first. Once we nail the basics, like better human network operations and deeply imbedded intelligence, or better technical support and networking for our analysts, then we can begin considering the less practical methods.
Bruce Schneier does a lot with this topic here: http://www.schneier.com/essay-163.html and on his blog, http://www.schneier.com/
Posted by: Alex @ Insurgent Consciousness | December 01, 2008 at 08:40 PM
Alex,
You're certainly right that there are other, far more pressing matters, and lines of defense to strengthen. However, with the ready availability of commercial technology, how can we afford not to take simple steps that may work in the tactical, if not strategic, atmosphere.
A couple of examples:
- Careful monitoring of websites that provide information on local critical infrastructures. Transportation companies, power grids, communication companies, are all prime targets for systems disruption. Paying careful attention to the traffic on these websites could yield information about an attack before it happens.
- Analysis of the use of GPS networks. If ten, twenty, fifty people all start moving towards the same location from different points on a GPS network, it would be possible to intercept some, if not all, of the attackers, so long as the people watching the network are well trained and vigilant enough to recognize the signs of potential terrorist activity.
Both of these methods are low cost, but with proper training of the individuals in charge, have the potential to pay off immensely. Yes, it is less practical than some methods, but considering the cost-to-potential ratio, is it not worth undertaking this type of activity?
Posted by: Mikhailovich | December 02, 2008 at 12:27 PM
Alex makes some excellent points. But does the scenario change at all when another source of intelligence not only warns you that an attack may be imminent, but also tells you where it is coming from and what the target will be?
According to the BBC (http://news.bbc.co.uk/2/hi/south_asia/7761165.stm) , Indian officials were told about a month before the attacks by US officials that militants had hatched a plot to attack Mumbai from the sea, and that hotels, like the Taj Mahal, would most likely be targeted. India's navy chief is quoted as saying that there were "systemic failures" in security and intelligence services.
Also of interest, if not directly related to the topic of this post, is the utter failure of the Indian incident command structure. The reaction of the Indians to the terrorist take-over of the Taj Mahal hotel was to go in with an immediate assault. The terrorists' first action, on the other hand, was to set up a communications and command center in the hotel. Information access superiority was wielded, and by the wrong side: ' "It was blind. They didn't have maps of the hotels, yet there terrorists had done enough reconnaissance to use the service facilities to manoeuvre." ' http://www.telegraph.co.uk/news/worldnews/asia/india/3534784/Mumbai-attacks-Are-they-British.html
Posted by: internogc | December 02, 2008 at 12:31 PM
Hold on guys- The counter-examples that you give seem very much in line with SIGINT, or signals intelligence, which I wholeheartedly support, especially, as you have mentioned, when it has context from other sources.
I took the question to be whether we can search through technical data for trends in order to catch terrorists, which we can theoretically do, and sometimes attempt, but which should not be at all a priority as it is inefficient, distracting, and frankly does not go too well with civil liberties.
Using SIGINT is not only advisable, it is what we do, with a fair amount of success. That does not mean we should cut funding here, as TECHINT needs to be cutting edge to work and becomes outdated quickly.
I think when monitoring is targeted, such as in the examples you give, we are talking about SIGINT rather than Data Mining. Furthermore, 50 people with GPS converging on a location is sort of the holly grail of Data Mining- the equivalent, in terms of credit card theft, of a "retiree" using his card to buy sky diving lessons, sports cars, and lap dances- a clear give away, though even here there will be a fair number of flase alarms. Even a mass of GPS users converging on the Pakistani mountains, similarly, can be some sort of corporate adventure tourism, unannounced war games, etc. To be effective you also have to investigate much more than just obvious anomalies, as these usually have other, even clearer give aways. One would track, for example, overall patterns of GPS movement over a period of weeks to detect common routes, patterns, and convergences, and then hopefully check that against other forms of intelligence from satellite imaging to informants.
Your points, however, are correct. The signs of an impending attack have changed greatly. Let's hope that our analysis system and procedures are adapting. From what I read, we are very good at getting and monitoring the data, but bad at analyzing it. I think you can make some good guesses as to why.
Posted by: Alex @ Insurgent Consciousness | December 02, 2008 at 05:11 PM
Agreed, Alex. It is a relatively impractical method, but once which can yield results. I believe the low costs of undertaking these methods make them worth it. Of course, inability to analyze remains the problem.
Posted by: Mikhailovich | December 02, 2008 at 06:07 PM
Technology is no substitute for human intelligence. It is a useful tool that may or may not prevent/mitigate attacks. It is no panacea.
Technology has more utility in a defensive capacity (airport security, retina scans, nuclear radiation detectors...etc.)
Posted by: Andrew | December 03, 2008 at 01:30 AM
Technology is also tremendously important for alalysis, though this is an area where development lags behind. Even so, the use of networks, computers, and tools such as intelligence Wikis have been very beneficial.
Posted by: Alex @ Insurgent Consciousness | December 03, 2008 at 03:48 PM