John Robb's Blog, page 8

Enemies innovate, particularly open source networks like ISIS.  

That's a given.  It's what you do in response to that innovation that matters.

That's where we are at right now.  As I've been writing (1, 2, and 3), it appears that ISIS has found a way to solve the biggest problem with networked terrorism.  A reliable way to span the gap between online support and physical action that isn't easy to detect.  A online zero to terrorist "hero" ritual.

They accomplished this by building a formalized ritual that combines initiation (a self-planned attack) and a public pledge (a formal lifelong, irrevocable pledge of fealty to the Caliph), and acknowledgement (redemption, acceptance, and honor).  It appears to work.  For example, here's what Omar Mateen said on one of his telephone conversations.  Note how important the pledge is to Omar in this public record of the call.

Orlando Police Dispatcher (OD): Emergency 911, this is being recorded.
Shooter (OM): In the name of God the Merciful, the beneficial [in Arabic]
OD: What?
OM: Praise be to God, and prayers as well as peace be upon the prophet of God [in Arabic]. I let you know, I'm in Orlando and I did the shootings.
OD: What's your name?
OM: My name is I pledge of allegiance to Abu Bakr al-Baghdadi of the Islamic State.
OD: Ok, What's your name?
OM: I pledge allegiance to Abu Bakr al-Baghdadi may God protect him [Arabic], on behalf of the Islamic State.
OD: Alright, where are you at?
OM: In Orlando.
OD: Where in Orlando?
[End of call]

The same process was seen a day later outside Paris by an attacker who killed two senior members of the police.  

A New Wave of Terrorism?

With this methodology in place, ISIS has the ability to bypass the security procedures that were effective against attacks from the remnants al Qaeda, and strike US and EU targets.  Let's dive into the numbers.  According to a George Washington Univ study from December 2015 on ISIS:

300 active "recruiters" online in the US.
250 have been stopped, attempting to leave the US to join ISIS in Syria.
900 active investigations into ISIS supporters in the US.
71 have been charged, 56 in 2015.  Of these 86% were male with an average age of 26.

If ISIS has developed an online ritual that can turn supporters into active attackers without exposing itself to security services (travel, planning, chatter, etc.), how many new attacks might occur?

How bad could this get?  

If only 20% of the people who were stopped travelling to join ISIS in Syria to risk their lives as fighters conducted this ritual, we could expect 50 new attacks.   A mere fifty percent of people who have already chosen active participation and were willing to put their lives at risk, that would mean 125 new attacks.  I suspect we could see many more than that if this takes hold.

Posterior Armor

Unfortunately, the US government (with the media's support) has been defensive.  It is claiming that ISIS was not involved -- mentions of ISIS, Islam and al Baghdadi were redacted from the Orlando transcript   It is even making the case that this is merely a run of the mill "postal" (insanity + easy access to guns) attack.  The reason for this?  The US government doesn't want to admit that the US counterterrorism strategy has been on autopilot for a decade and that it has now failed.

This isn't the answer.  There is only one response to an enemy's innovation.

Adapt.

Have fun,

John Robb 

Three months ago, I wrote up a worst case scenario for how the US could end up in a civil war this fall.  Unfortunately, nothing has changed.  The conditions that make the scenario possible are still valid.  

In fact, in one way it has gotten worse:  one of the theoretical methods of disruption that I featured in the scenario was recently used in the real world.  In my scenario, robocalling was used to shut down polling places to skew election results and plunge the US into chaos:

Robocalls pour in to police departments and polling places in heavily (Rep or Dem) polling locations with bomb/terrorist threats. Widespread poll closures occur. Calls continue until late.

This speculation became reality last month when threatening robocalls were used to shut down dozens of schools in at least 21 U.S. states: Colorado, Delaware, Florida, Illinois, Iowa, Maine, Massachusetts, Minnesota, Montana, New Hampshire, North Dakota, Maryland, New York, Oregon, Rhode Island, South Dakota, Utah, Vermont, Washington, Wisconsin and Wyoming. As many as 10 schools received the threats in some states.  Further, in the UK, several schools received a 90-second recorded call from a voice with an American accent promising that "shrapnel" would "take children's the heads off," according to multiple news reports.

This was the first time we've ever seen a nation-wide/international use of this technique.  It's also likely we'll see it again since:

it works,
there isn't a clearing house for threats of this type,
responders/bureaucrats are extremely risk averse (even more so since Orlando and San Bernardino), and (most importantly)
the US phone system is easy to hack.  

Let's expand on that last point.  The reason the US phone system is easy to hack is due to the pervasive influence of the US direct marketing and collections (bad debt) industry.  These industries lobby hard at the state level to ensure full hackable access to the system.  However, this means it's easy for attackers to exploit the system to do real harm.  

Here's an example:  It's possible to dynamically change the caller ID used on every call you make.  This means an attacker can insert fake caller IDs such as "FBI" , "Atlanta Police" etc. to make their calls seem more credible and increase the disruptive impact.

Sincerely,

John Robb 

PS:  bots will make it possible to automate terrorism....

The lone wolf terrorist does not exist.

The lone wolf terrorist is a fiction.  He doesn't exist.

The reason is simple.  

People don't engage in terrorism as individuals.  They do it as part of a social group.  They need the social meaning a group provides to justify the personal risk and the act of violence.

This need for meaning may be even more true for blood and guts terrorism, given the high mortality rates and public disapproval involved. This creates achasm between cheerleading a violent cause and an actual act of terrorism. Crossing this chasm requires an extensive social investment.

This chasm makes it extremely hard to activate terrorists remotely. The online and offline grooming required to activate any single individual can be easily detected by security forces.  We've been lucky this is true. Groups like ISIS have tens of thousands of active online supporters in the developed world and if they could self-activate even a small percentage of these supporters, we'd be in deep trouble.

Unfortunately, it appears our luck has run out.  The attacks in Orlando and outside Paris have demonstrated that ISIS has found an innovative way to cross the chasm between online cheerleader and active terrorist.  A method made possible by instant and global access to social media and a method that can easily pierce US counter-terrorism defenses.

These attacks show it's now possible to turn online supporters into a self-activating terrorist without heavy investments in individualized social grooming.  This is accomplished by:

turning the effort required plan, prepare, and execute a terrorist act into a ritual of initiation.  Initiates are expected to undertake this effort on their own, without support.


turning the act itself into a forum for a public, online declaration of fealty -- an extremely potent medieval loyalty pledge made by knights to their lords -- to the Caliph of ISIS.  This pledge is made public (both attackers used Facebook to publicly pledge fealty to al Baghdadi) at the moment of the attack to maximize the meaning to the attacker and the audience.  Think of it as social media performance art.


immediate acceptance into the ranks of ISIS.  Inclusion in the group and acceptance as a vassal by the Caliph.  In other words: ISIS has found a way to provide social belonging and meaning through an online activation process.

This method is nearly opaque to US counter-terrorism efforts:

the marketing funnel for this process of activation can be done in the open, in vanilla forums.  Everything required is within the realm of free speech protections. 


all of the detectable preparation for warfare is done by the initiate by himself, which makes it very hard to detect.


it has zero barriers to participation. Anybody can undertake the initiation and pledge loyalty, from the criminal to the self-hating homosexual, and they will be accepted (their past will be washed away) upon pledging during the act.  

Even in its raw form, this method of activation has yielded two successful attacks (Orlando and Paris) over a couple of days.  

Now that this form of attack has been demonstrated we are likely to see many more.   

Have fun,

John Robb

PS: The primary national security challenge for the US following the collapse of al Qaeda in 2008, was to prevent the establishment of another global terror network that could find new ways to attack the US. We failed at that. Not only have a new, bigger, badder terror network (ISIS), it has now found a way to attack us again, again, and again.

PPS: The media and the government will spend the next couple of months finding "motives" for Orlando in order to avoid connecting this to ISIS. That's a waste of time. This process of activation, is open to all other motivations for an attack.  All that matters is that initiation and the ritual occur according to script.

 

The ISIS Caliphate is using online fealty as a way to recruit jihadis around the world.   It's a powerful recasting of an ancient concept that goes well beyond modern expressions of loyalty.  

The way ISIS has constructed its brand of online fealty makes it globally scalable.  The  only barriers to entry are:  conduct an attack and publicly pledge fealty.  The most common platforms for a public pledge?  Social media, 911, etc.

For example, when Omar Mateen pledged fealty to ISIS during his deadly attack, it provided him with the following:

It instantly gave him permission to conduct an attack in the name of ISIS.
It instantly accepted him into the ranks of ISIS as a proven holy warrior.
It cleansed his previous sins (particularly his conflict over his sexual orientation).

This recasting of fealty is interesting within the context of open source insurgency because it might provide ISIS with a way to construct a globally scalable, segmented network of terror.  

That's a very new innovation.   

Have fun,

John Robb

 

During his deadly attack on a packed Orlando nightclub where he killed 50 people and wounded many more, Omar Mateen called 911.  

On the recorded call, he pledge his loyalty to ISIS.  

A day later, a terrorist outside of Paris, used Facebook livestreaming to pledge his loyalty to ISIS while stabbing a police chief and his wife to death.

What's going on?

The answer is that these pledges aren't simply expressions of loyalty, they are expressions of fealty, a much more powerful means of connection.  

Fealty is something we haven't seen since the middle ages.  ISIS became capable of employing fealty once it rebuilt a barebones Caliphate and it is using it to transform modern terrorism.

To understand this, let's dig into fealty a bit. 

Fealty is a strict, lifelong pledge of loyalty from a vassal to a lord.  It's public and irreversible.  (If you watch Game of Thrones, it's why everyone hates the Kingslayer, even if he was justified in his actions)


Fealty obligates the vassal to act in the service of the lord, without any need for specific direction.  It also gives the protection of the lord to the vassal (in a religious context, salvation and redemption).


Fealty made it possible to build large, geographically segmented networks in a world without instant communications and rapid travel.    

Fealty allows ISIS to get around some of problems of modern open source insurgency.   For example:

A potential terrorist shouldn't express fealty until the attack.  Benefit: This prevents discovery during the grooming process.


A public expression of fealty (FB, Twitter..) provides them with instant acceptance by the "lord"  Benefit: this provides them spiritual protection for the attack and maximizes the publicity for ISIS


A Jihadi, or their local network, shouldn't ask for permission, planning, or support.  They should act on their own.  The attack itself is a demonstration of loyalty.  Benefit: this reduces chances of discovery and maximizes the innovative potential of the global network.

The more I think about it, fealty is an extremely useful way of harnessing and directing the power of an open source insurgency (aka, herding cats).

The GOP convention is scheduled for 18-21 of July in Cleveland.  What's the chance of protests dominating the convention?  100%  Here's a good example of why:

The Federal government gave Cleveland a $50 m security grant to prepare for the convention.  With this money, the city plans to field 4-5,000 officers drawn from around the state.  Here's what it they plan to equip them with:

2,000 sets of riot-control “turtle suits’’ that include upper body and shoulder protection, shin guards, elbow and forearm protection, tactical hard-knuckle gloves, and 26-inch collapsible batons.  
16 police motorcycles, 300 patrol bicycles, 310 sets of bicycle riot control gear, and three horse trailers.
500 interlocking steel barriers that are 6½ feet high and 2,000 shorter steel barriers.

However, the city didn't put the bid for this equipment out until March.  Even if the equipment does turn up in time for the convention (unlikely), there won't be any time to train with it.  

This degree of organizational incompetence is more than sufficient to guarantee a bad outcome for a convention city in a good year.   However, this year's convention won't be a normal protest.  

It will be something altogether different, considering the number of groups planning to protest, the number of protesters expected, the passion of the protesters, recent innovations in disruption, and the quality of the protest leadership headed to Cleveland.

This summer, the city will be hosting the Superbowl of Protest.  

Unfortunately for the citizens of Cleveland and the hapless GOP, the city can't play at that level.  

It will be a blowout.

Have Fun,

John Robb

 

The Panama papers revealed only one of the vast networks used by criminals, corrupt politicians and tax evaders to hide wealth from scrutiny. There are many, many more.  

My friend, Tom Barnett, at his new digs on resilient.com explains why this leak is important:

There's nothing new in tax evasion through parking one's financial assets "offshore." That's been around for a very long time. Instead, what's truly stunning here is the routinization and systematizing of these nefarious practices. It reminds me of the leap from a pogrom to the Holocaust: a massacre you can attempt to blame on particular circumstances, timing, leaders, etc., but a genuine effort at genocide is something operating on an entirely different level. The former, because it's short-lived, can be sustained by emotion, but the latter, because it takes years of consistent effort, requires something far worse - a truly deformed sense of morality.

I concur.

This is the same reason I found the financial crisis of 2007-2016 so troubling (others found it troubling too since it launched both the Tea party and Occupy):  

This financial crisis demonstrated, beyond a shadow of a doubt, that the entire US system from Wall Street to Washington is an elaborate fraud.

A morally bankrupt system we can't (read: won't) dismantle because it has become routine and accepted. 

A system that is actively destroying the socioeconomic fabric of the US and strangling our future.  

A truly deformed sense of morality that has become disturbingly pervasive.  

Have fun,

John Robb

After a brief post Cold War hiatus, great power conflict has returned and it is likely to intensify as the economic woes of China, Russia, and the US worsen. 

During the Cold War, great power conflicts were fought through proxies using a variety of different means (my friend Frank Hoffman's Hybrid Warfare). This method of indirect fighting was used to avoid situations and military casualties that could trigger a nuclear war. 

In the near future, we are likely to see the great powers — China, Russia, and the US — fight it out in the same way they did historically, in intense set piece battles (see explanation below). 

What is a set piece battle? 

Is optional. It only occurs when both opponents agree to fight (it’s not a siege).
Is contained. It’s only fought in a finite battlespace that both opponents agree on (e.g. a specific field or river crossing or island).
It’s a showcase of capability. It allows both opponents to execute their plans simultaneously.

However, unlike historical set piece battles, these battles won’t be fought with people. That would be too dangerous since high numbers of Chinese, US, and Russian casualties could lead to a nuclear crisis. 

Instead, these battles will be fought and won by autonomous robotic systems. 

In the next dozen years, as robotic weapons become autonomous and capable of executing mission orders, we’re going to see a spike in the number of lethal (to the system) tactical engagements between robotic weapons fielded by peer competitors. These early engagements will condition the military and political leadership to fighting in this way without escalation.

However, it won’t be long before one of the great powers decides to test their capabilities in robotic weapons against a regional antagonist. 

For example, China could deploy a fully robotic A2/AD (anti access, area denial) system of precision guided munitions, autonomous drones/UUVs/etc. across hundreds of the Spratly islands. A veritable hedgehog of lethal machines capable of destroying anything that entered the territory. 

China could then provoke a set piece battle by activating the system and declaring that anything within a very specific territory is off limits to all traffic not specifically approved by the Chinese government.

At this point, the US has three options in response to this “pop-up A2AD” (I love that term). It could:

Ignore it. This would likely lead to more pop-ups all over the world from any power capable of fielding robotic A2AD. 


Engage it with manned forces. There are two options here. First, the US could sail a carrier battle group into the area in a classic Cold War test of strength, challenging the Chinese to sink it, which would escalate the engagement to a nuclear war. Second, the US could choose to attack it with conventional forces augmented with robotics (teaming), however the battle would likely result in significant loss of US life (a waste of lives if the islands aren’t retaken or neutralized).


Engage it with autonomous robotics in a set piece battle. This option would test the relative strengths of the respective militaries in robotic systems and AGI (artificial general intelligence). It would be bloodless and contained to a specific battlespace.

These battles could be short and over in hours, fought with robotics and cyber combined arms. In some cases, they could go on for decades. An eternal contest until one side or the other runs out of money or the political need to distract an angry population.

Have fun,

John Robb

The policy wonks are up in arms over the NYTimes and WaPo interviews with Trump on foreign policy and trade. They simply can't say enough about how uninformed Trump is on this topic.... but there's something wrong with this picture.

The same wonks who claim to "know" everything have gutted the US economy, gotten us into wars we can't win, and plunged entire regions of the world into chaos & terrorism.

Personally, I like that both Sanders and Trump are isolationists.  People profoundly out of step with the demands of an "Imperial Presidency"  In my view, the Imperial Presidency beloved by the policy wonks should have died with the end of the cold war.

Yet it's still here, eating our future, in Zombie mode.

Have fun,

John Robb

PS:  What if, and this is a crazy notion, we simply focused on making the United States a success story, rather than a poorly run Imperium?  

The ROI (return on investment) from making FAKE attacks against EU targets could exceed $1,000,000 to $1.  IF 10,000 FAKE attacks are made in the next year by self-activating, super-empowered individuals, the costs would be incalculable.  

The successful terrorist attacks on Brussels and Paris have left the EU vulnerable to tens of thousands of fast, frequent and fake attacks by self-activating terrorists.

Here's how.

The recent attack on Brussels was big, bloody, and effective.

Fortunately, attacks on this scale don't occur often. They take lots of time to prepare for and lots of support. Given these costs, it's unlikely we'll see an attack on this scale for a while.

Unfortunately, there is a way for terrorists to get around that limitation.  A way to continue to damage the EU without mounting a new, large-scale attack. This is accomplished by self-activating terrorists making small, frequent and fake attacks.  Fake attacks that have a disruptive impact similar to a real attack.  Attacks like:

threats to buildings, organizations and individuals
suspicious packages left on trains, airports, etc. or mailed bombs/biochem
reports of suspicious activity - building, organizations, and individuals

 Why are fake attacks effective?   

in the current environment, every threat/attempt is taken seriously by the government.  Police, fire, and the military responds.  Buildings are searched.  People are accosted.  
it costs orders of magnitude more to respond to a fake attack than it takes to mount it.  Airports are closed.  Subways are suspended.  Traffic is stopped.
these attacks can be made frequently, with very little risk/cost to the attacker.  Simply, anybody can participate with 10 minutes of instruction.

Worse, at scale (tens of thousands), these attacks could deeply damage the socioeconomic fabric of the EU, by increasing distrust of minorities, generating hundreds of billions in security costs and sinking Schengen.

Have fun,

John Robb

PS:  Next post:  How robots make large scale conventional war between the major powers much more likely.