[ISN] Terrorism and the Tactics of Network Destruction

From: InfoSec News (isnat_private)
Date: Mon Oct 08 2001 - 01:08:13 PDT

  • Next message: InfoSec News: "[ISN] Computer Security Applications Conference Advance Program Available"

    CHICAGO - Open source and complexity theory hold the strategic keys to
    managing risk in this age of terrorism, writes Eric Norlin of the
    Denver-based Titanic Deckchair Rearrangement Corporation.
    Let's explore a simple analogy...
    The terrorist organization is a network a loosely affiliated group of
    nodes that exhibit emergent properties as they form for a task and
    then disband. Their organization fits within the standard model of
    modern complexity theory: nodes of prominence emerge naturally as the
    forces of co-evolutionary development (namely, natural selection and
    auto catalysis) battle it out.
    That is to say that terrorists are, in a sense, born and not made (and
    no, I don't mean that as some slight on Arabs, Muslims or Islamic
    The Internet is also a loosely affiliated group of nodes that exhibit
    emergent properties. In fact, if the structure of the two were lined
    up side by side, they would be nearly indistinguishable. As such, that
    which seriously damages the Internet could, from a tactical
    standpoint, teach us valuable lessons about damaging the terrorist
    The Nimda virus hurt the Internet more than any major corporation is
    willing to acknowledge, but make no mistake about it this sucker
    seriously impeded performance and leaves certain systems still
    cleaning up. In other words, a virus at least temporarily, brought a
    large portion of the Internet to a crawl. This should be our first
    Terrorist networks are distributed intelligence. Thus, they do not
    respond to the attacks of a command and control architecture i.e.,
    tank battalions are pretty senseless. Hacks against computer networks,
    on the other hand, provide a useful outline for harm:
    1) Take down a few key hubs.
    OK, so Nimda didn't actually do this in theory, but in practice it
    might as well have. In a terrorist network, this will mean the
    physical destruction of known camps, training centers and monetary
    sources (and a few key humans, if possible).
    2) Begin a denial of service attack.
    Nimda, at its core, did this on an individual node basis as it
    occupied servers everywhere with its incessant spreading. Translating
    this to terrorism means a little creativity, as a denial of service
    attack is essentially a request for information.
    I would think the analogy in the terrorist lexicon is something
    similar to gathering intelligence at such a rapid rate that they
    become alerted to your closing presence on a daily and repeated basis.
    This forces the network to constantly attempt to reorganize its
    connections to maintain viability.
    3) Don't stop.
    This is where the Internet analogy crosses over to complexity theory.
    The lifecycle of a complex system (be it terrorist network, ecosystem
    or Internet) runs as follows:
    Initial conditions build to a point wherein auto-catalysis
    (self-organization) occurs among the existing interactive elements.
    The auto-catalysis leads to a organizational network of prominence,
    wherein certain nodes gain levels of importance over other nodes. The
    key here, though, is the process the value and viability of the system
    lies in its ability to interact node-to-node. That is to say that
    information is generated in the process between nodes, and it is at
    that point that the co-evolutionary drives kick in.
    (Note: We see this in the terrorist networks in the loose actions that
    ripple across cells that do not actually know each other. The
    operation only becomes viable as the nodes process interactions with
    each other.)
    The system, once organized, will evolve so as to encourage maximum
    levels of diversity. Essentially this means that the system will
    naturally push itself to the now-famous "edge of chaos" as it seeks to
    remain viable. Systems living on this edge achieve maximum
    productivity (viability), but they also become increasingly vulnerable
    to catastrophic, exogenous events that push them into a
    reorganizational state equivalent to extinction. Alternatively,
    systems that do not reach this edge become rigid in their responses to
    information. This brings their extinction rate to 100 percent.
    The extremely dynamic nature of the terrorist network implies that it
    lives on the edge of chaos a network whose very viability depends upon
    its ability to rapidly respond to incoming information. Thus, the
    network is vulnerable to repeated deluges of assault not so much in
    the physical sense as in the intelligence sense.
    By forcing the network to adjust to ever-tightening circles of
    intelligence, you're asking it to respond ever more rapidly to
    information requests effectively setting up a denial of service
    attack. Insistent, aggressive intelligence forces the network to
    expend its energy reorganizing and ensuring survival vs. pursuing its
    stated purpose for existence. This will push the network over the edge
    of chaos and into a state of disarray. Whether it is able to
    reorganize is anybody's guess.
    So you see, the terrorist network can be effectively fought and it
    would appear that Powell et al. have some clue as to how to go about
    For business, this means that distributed approaches to organization
    are now doubly important and while I hate to say we can learn
    something from the open source movement (if only because Eric Raymond
    wrote the single most asinine piece of the decade in response to the
    terrorist strike)  well, it's true.
    Open source and complexity theory hold the strategic keys to managing
    risk in this age of terrorism.
    For those that are wondering, yes, I'm available for strategic and
    tactical consulting in this area. What makes me qualified, you ask?
    Four years working with the NSA doing (stuff) that I'll never tell you
    about. Call me if you need help (and you know you do).
    Eric Norlin is a defense analyst and CEO of the Denver-based Titanic
    Deckchair Rearrangement Corporation. He can be reached at
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Oct 08 2001 - 03:01:54 PDT