A very detailed overview of a bomb plot, especially the lines related to anything digital such as :
- "An e-mail sent from Mr. Khawaja to Mr. Khyam on Nov. 30, 2003, read: "It's not as easy as we thought it would be. We have to design the whole thing ourselves. "There are two parts to it, one transmitter and another receiver that will be at a distance of about 1 or 2km that will be attached to the wires and send out 5 volts down the line and then we get fireworks."
No details on whether or not the communication was encrypted, how it was decrypted -- indirectly through client side attacks for sure -- and was their communication on purposely intercepted or filtered though the noise with keywords such as transmitter, wires and fireworks.
- "Mr. Mahmood was working for the British gas company, Transco, and had stolen sensitive CD-ROMs from National Grid, a British utility, that detailed the layout of hundreds of kilometres of high-pressure gas pipelines in southeast England."
And the insider threat was just an overhyped threat with lack of statistical evidence of it happenning. Think twice. Don't dedicate efforts in ensuring such information never makes it out of the organization due to terrorist fears only, but consider the consequences of it getting into the wrong hands at the first place.
- "A notebook in the living room included references for books including The Virtue of Jihad, and Declaration of War."
Propaganda writings are easily obtainable online, which reminds me that monitoring them to the very last mile is worth the risk in order to further expand their network, of both, sites they visit and people they communicate with.
- "Downloaded on to his laptop was a computer file, The Mujahideen Explosive Handbook. It contained the exact recipe to build an ammonium nitrate bomb."
On purposely placed online DIY manuals can act as honeypots themselves. As we've already seen, counter-terrorism forces across the world are establishing such fake cyber jihad communities in order to lure and monitor wannabe jihadists. But monitoring who's obtaining the already hosted in the wild manuals, is far more beneficial than hoping someone will eventually fall a victim into your cyber trap.
In another related research by the RAND Corporation entitled "Exploring Terrorist Targeting Preferences" the authors try to come up with various scenarios on the process of prioritizing possible targets such as :
"the coercion hypothesis; the damage hypothesis; the rally hypothesis; and the franchise hypothesis. If Al-Qaeda directs the next attack the coercion and damage hypothesis, and, quite possibly both, are the most likely to influence the nature of the target.
Great psychological imagination applied in the paper, worth the read. From a statistical point of view, the probability of death due to a car accident is higher than that of a terrorist attack, so consider escaping the FUD related to terrorism that's streaming from your favorite TV channels in order to remain objective. The ugliest part of them all is that everyone's discussing the post-event actions taken, and no one is paying any attenting to the pre-event activities that made it possible, and with training camps under heavy fire, the digitalization of terrorist training is taking place.
And here's another great analysis, this time covering the process of how terrorists send money by combining anonymous Internet services in between mobile banking :
"Advanced mobile technology, cooperation between international mobile communications providers and international financial institutions and the lack of regulations make for a swift, cheap, mostly untraceable money transfer -- known as "m-payments" -- anywhere, anytime, by anyone with a mobile telephone."
Dare we say adaptive?
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Friday, May 04, 2007
A Chronology of a Bomb Plot
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment