Ill luck, you know, seldom comes alone.
-- Cervantes, _Don Quixote_
Worries about potential future conflicts and the effects of mechanisms such as the Internet on such are running rampant through the law enforcement agencies (LEAs) and intelligence community (IC). A particular concern is that of internal domestic conflict arising in the United States, where the safety valves built into the democratic process don't seem to be bleeding off the pressure fast enough.
The defining down of the capacity for force and violence, including terror on a mass scale or the 'new' problems of information warfare, may very well mean that potential future attacks are beyond the capacity of law enforcement or intelligence agencies to predict or counteract.
The 'problem space' or 'game' is best explored through the postulation of a 'group' and its activities. The adversarial group will be referred to as 'OpFor' for the remainder of the document.
Assumptions
For the purposes of an interesting, realistic game, certain assumptions must be made; the OpFor must not be assumed to have any deliberate advantage, with 'variables' set to allow the group to function and not necessarily greater. If the group is still viable with the deck stacked against it, the argument for its capabilities is that much more compelling.
OpFor Intent/Mission Orders
What motivates the creation and operation of OpFor? Their agenda could be many things, but their tactics have commonalities
- Damaging the basic trust of the citizens in the operating social contract; this may also include attempts to modify or replace the social contract with new elements or in total (for example, communism, political Islam's sharia, Palestine, Ireland) but OpFor may not be so advanced;
- Damaging the economy of scale in the social dependency infrastructure. All advanced societies have complex mechanisms that provide common support to significant portions of the citizens (Maslow's Hierarchy--food, water, power, sewage, trade, etc.). Removal of this economy of scale, or dramatic impairment of its function, restricts the usage or benefit to the intended parties, and may trigger further collapse;
- Overburden and/or damage the law enforcement agencies and intelligence community elements responsible for protecting and maintaining the social fabric;
- Impair C4I (command, control, communications, computers, intelligence) with C4D (chaos, catastrophe, confusion, computers, deception--note that computers are a constant force multiplier in either domain).
Operational Rules and Arbitrary Restrictions
A 'fair game' (not reality), while it will follow realistic assumptions for OpFor player behavior, will level the playing field somewhat (against OpFor) as such
Occam's Choice (rule)
In the spirit of keeping operations simple, OpFor favors the use of the lowest technological means to achieve the elements or sub-goals of their mission; high technology proficiency is not ruled out, and a certain level must be assumed (discussed further below).
No Contact Profile (rule)
Attacks that may involve people are to be restricted to 'no contact' target profiles (which excludes operations such as kidnapping, hostage taking, extortion, etc.) in the interest of security; such operations ('no retreat' or 'contact' profiles) dramatically increase the risks of exposure.
No HUMINT (rule)
Human intelligence can be useful, but the risks outweigh the return; just as with other 'contact' profiles, minimized risks should be taken of exposure, betrayal, or compromise. For this reason, OpFor players operate inside their own competencies, not consulting outside sources for intelligence or expertise purposes.
No Sponsor (assumption)
OpFor has no need of a sponsor, in the sense of 'state sponsored terrorism.' While a 'contract hit' on a social structure is an interesting concept (and one that the author would find entertaining to negotiate, particularly the compensation clause), it is not required as a precondition. The sorts of mayhem to be contemplated for OpFor needs no sponsor for support or motivation, and the benefits of sponsorship solve certain problems best left as limiting constraints in the game (see the remaining assumptions, which sponsorship would mitigate to a great degree).
Suicide on a Shoestring (assumption)
Financial resources for operating OpFor must come from operational, independent, or legal means; currency must not substitute for creativity, planning, or bootstrapping. Paper trails left by sponsorship would leave footprints for detection, and would also tend to centralize control of the team (the exact opposite of this game, see 'organization' below).
No Formal Training (assumption)
While the numbers of ex-military or intelligence available for recruitment is staggering (primarily because of the aftermarket for their skillset and domain expertise), an arbitrary constraint for this game is that such specialized knowledge is not a precondition, but may be acquired by other means. Training can be acquired on the free market; technical training can be see as university level (lab skills) with reasonable mechanical skills and the ability to follow instructions. Note that in the area of 'weapons of mass destruction' (WMD) such as nuclear, chemical, biological, or information weapons (NCBI), only nuclear becomes a non-viable option.
Information Environment (assumption)
OpFor players have access to the same information environment that most adults do--including any observations they might make, access to schedules and other public information, net access, and a university library. This provides background research equivalent to open source intelligence on as varied topics as the technical specifications on the telephone network (Bell Systems Technical Journals) to explosives and other weaponry. The net isn't the source of so much 'dangerous' material--books and people come first.
Free Market/Black Market Access (assumption)
Depending on geographic location, many essential elements for the OpFor may be legally or readily available (armament, explosives, chemicals); controlled items are available on the street, which always finds its own uses. Access to the black market is not unusual or extraordinary; the greater the regulation of the 'open market,' the great the access to applicable equipment, and the more uncontrolled/uncontrollable the underground market becomes. This is what drives the continuing alliance between operational groups such as OpFor and the black market on a global basis, the mutual reliance on underground networks to move/supply personnel, equipment, and substances, launder money, etc.
Footsteps (assumption)
There are numerous mechanisms to protect the identities of OpFor players, including cover legends, fake identification (counterfeit, supplied thanks to increasing requirements of such id for employment or even travel; or obtained by 'paper tripping' to adopt entirely valid but false identification), and operational tradecraft (see 'organization' below).
Organization
The mechanism of organization for OpFor is what I have chosen to use to set it apart from the 'standard' terrorist or guerrilla group. My choice was to design an organization which can act as a voluntarist heterarchy.
In voluntarist groups every member of the group agrees on the definitions and intent/mission of the group unanimously; in a heterarchy, authority is determined by knowledge or function, not position. Group of this sort function well, as they are small, tightly directed, hard to detect, hard to stop, camouflage well, and the infosphere/information environment can accommodate any number 'inside' the same virtual territory.
Tools
Certain tools need to be used according to a certain tradecraft to recruit for OpFor and communicate between member nodes. These tools can be accessed from any standard electronic account--anonymous remailer chains, newsgroups and search tools of them, world wide web pages and search tools of them, ftp points, Internet Relay Chat and other chat mechanisms, multi-user domains, and mailing lists. In fact, operation can work entirely from electronic mail and Usenet news access, the simplest of mechanisms.
Chained Remailers
Remailer nesting with cryptographic wrapping of messages is getting quite advanced, able to accommodate operational requirements with only a few additional operational requirements of tradecraft; in particular, the Mixmaster systems are very robust (see httpfor Lance Cottrell's excellent work). The threat specification that went into design parameters is solid
-All traffic in and out of all remailers is tracked (from, to, filesize, time in/out);
-Traffic is backtrailed and forward traced to all known senders and receivers;
-An attacker has the same access to any arbitrary remailer as anyone else, and can attempt to flood any remailer with designed traffic, multisend captured traffic, or deny traffic (in part or whole);
-Some but not all remailers are compromised, and design specifications are known.
The Mixmaster design addresses most of the issues of threats technically, and tradecraft negates the balance if adhered to as follows
-Key sizes for public key messages (final 'receiver' wrapper) is >= 1024 bits;
-At least six remailers are used in a chain to another e-mail account, at least three to Usenet news groups;
-Geographic dispersion should be selected so that one or two (in the middle of the chain) remailers are outside U.S. jurisdiction, preferably in more than one location;
-Latency and combined traffic levels are sufficient to provide decoy traffic, or decoy traffic must be generated by the remailer;
-Headers must be stripped, only the receiver knowing (or not, at option) whom the sender is pseudonymed as;
-Message ids on messages with logging to prevent multisend attacks;
-Messages are split to uniform sizes to prevent filesize tracking.
OpFor CommunicationNodes and Links
A 'paranoid' communication process between member nodes would be to only send through remailers for OpFor links, with the destination being a newsgroup used as a dead-drop. Messages can be obtained with no risk; traffic with a prearranged subject header would be encrypted with a group key, contain the message to the group or another embedded encrypted message to an individual node nym. This asymmetry of usage on the remailers would be picked up by a traffic analysis mapping across the remailers, which may necessitate the adoption of cover behavior (posting to certain newsgroups) or symmetric usage.
Links could be established (recruiting) through the same forums with messages or offers intended to attract potential members. As such, operational rules of the group are again along 'paranoid' lines
-Assume nodes in the net are compromised by LEA or IC;
-Nodes have entirely local management, control, information, planning, resources, capabilities, competencies;
-Net is to share knowledge, act as a 'community memory,' not share operational plans or details.
If the net is compromised by a node, what would the compromised node know? That the remailers are being used by a 'group.' The private key for the group's public key messages. The node's message traffic and stored data (assuming the private key is provided--and maybe not then, if a 'flying dutchman' arrangement is made to keep incriminating files always on the move through the net). No operational details. No specifics on other nodes (unless they violated tradecraft, at which point they get what they asked for), who can drop from the net at any time tracelessly. Entrapment isn't possible, as there are no coordinated operations; turning the node or establishing a traitor node offers no benefit other than participation in the 'community memory' of the group.
This system of organization provides a stable network of dynamic links between nodes, shelters the internals of the nodes (including substructures, potentially along other organizing principles, making this a sort of 'intranet for terrorists'), yet acts to provide a sharing mechanism for knowledge. As new systems such as 'electronic money' come into usage, the network also gains the ability to work finances and likely equipment between nodes.
Attacks
Nodes of OpFor will obviously have independent preferences of targets, and varied capabilities to draw upon, but attacks fall into a small number of basic categories
- 'Hard' actions, for OpFor nodes willing to inflict massive destruction and casualties--truck/car bombs, airplane bombings, weapons of mass destruction, etc.;
- 'Soft' actions, for OpFor nodes preferring targeted attacks or attacks where casualties come as collateral damage--assassinations, infrastructural attacks, etc.;
- 'Wet' actions, for OpFor nodes with the skills necessary to launch information warfare attacks, propaganda efforts, etc.
Attack profiles are generated and selected by an array of parameters in addition to the OpFor intent or mission, such as
Leverage
How much 'bang for your buck' do you get for your invested effort of capability development, research, planning, resource dedication, execution model, risk/return? Direct effects, collateral damage, and unintended consequence need to be 'gamed' out by the OpFor node to optimize operations.
Inverse Relationship Between Casualties and Recognition Strategy
The greater the OpFor node effort toward inflicting casualties, the lower the likelihood of desire for recognition for the operation; conversely, the greater the desire for recognition, the lower the effort to inflict casualties (or direct effort to minimize such). Casualties are counterproductive to a strategy of recognition for the OpFor objective (the internal disagreements in organizations such as the Irish Republican Army (RA) over this very point demonstrate the relationship; note RA actions to warn authorities of actions past the no-go point, but while time remains to clear the area). Pure terror efforts are at odds with taking recognition--why put a face or name to the terrorist? It only provides an external enemy for the target; better to leave the action unclaimed.
Wirkung im Ziel (Effect in Target)
Depending on the intent of the OpFor node, a careful effort is required to monitor the effects of operations, not only for feedback on the operational process, but to meter the force/violence, manage propaganda efforts, and to know cut-off points when actions must taper back or cease.
Political Opportunism
OpFor groups looking to redefine the social contract usually receive help from an unexpected quarter--politicians. He who guards the throne is but one step from it, and faced with an opportunity to reinforce their own position, politicians' fascist tendencies emerge. 'Anti-terror' measures put into effect have little functionality or impact on operational groups, instead only enacting greater societal control; response/retribution actions taken are merely political posturing for publicity sake (numerous U.S. actions), or used to disguise other agendas (a continual multi-decade strategy on the part of Israel).
Targets
OpFor has a multitude of potential targets to choose from, and various methods to employ operationally (action or credible threat of action)
Communications/Media
Attacks on communications systems (if not narrowly targeted, such as specific switching points or towers) and the media are counterproductive; they are necessary for smooth functioning of OpFor organization, and communication of the messages and actions of OpFor operations. Reliable relationships should be built with the media, possibly necessitating a secondary communications network to obscure OpFor identity, but provide media contact. Media outlets are an OpFor force multiplier when used correctly and to advantage, and the media will provide their own sizzle. OpFor understanding of the media process/techniques (media 'hot' and 'cold') and media markets are essential. For example, operations may be deliberately launched in geographic locations 'in the middle of nowhere' because there is no media middle-of-nowhere thanks to modern technology, yet middle-of-nowhere locations will have little to no other competing news events.
Power Infrastructure
Generating plants and delivery systems for the power grid are not exceedingly robust, and trigger their own scale-back or shut-down once outside of stringent tolerances. Denial of service attacks are indirect, but have the virtue of being simple to effect.
Water
Given the scares of drugs in the water supply in the 60s and 70s, processing plants are relatively secure; yet nature has found the weakness with extremely resistant microbial organisms which are not difficult to obtain/culture, and once introduced into the system, have considerable direct and collateral effect.
Fuel
Numerous, reasonably accessible targets are available--tankers, pipelines, storage, gas stations, propane storage, tanker trucks, etc. Not difficult to ignite, such sources provide considerable fire and explosive hazard; planned effort to attack numerous sites could have frightening effect.
Banks
An essential part of the currency cycle, banks are harder targets from security and surveillance standpoints. Subtle attacks of information warfare (infowar) or propaganda (bank runs) may be possible, but creative actions may also be (for example, a 'malfunctioning' automated teller 'giving away' money would attract quite a crowd, then susceptible to violence).
Markets/Exchanges
Also potentially susceptible to infowar attacks, these are among the hardest targets. Historical evidence suggests that operations employing considerable force or weapons of mass destruction may actually have potential for success.
Air Travel
Circumvention of air/airport security continues on a regular basis; only the non-functioning airport can be considered secure. X-ray/metal detectors rely on personnel, and can be fooled by devices with little or no metal; bomb detection devices look for chemical trails which only changes the selection of the weapon, from nitrogen-based explosives to chemical weapons for instance; cargo containers to withstand explosions can be obviated by binary packages, combining thermite to burn through the container with a device to explode after a delay. Security procedures securing airports have little effect; too much traffic, ease of obtaining false id, etc. make airport security procedures an exercise in wishful thinking.
Rail
Highly attractive targets, rail travel is poorly controlled, easily accessible across the railsystem, and regularly carries harmful or dangerous substances in, through, or near populated areas.
Ground
Free access with minimal effective control makes the delivery of car and trucks bombs relatively simple; tunnels and bridges are particularly vulnerable. Bussing and commuter rail/subways are similar targets for explosive devices or weapons of mass destruction.
Schools/Religious Institutions/Administrative Facilities
Ease of public access and the trust of those using the facilities makes them targets for disguised bombs, booby traps, and weapons of mass destruction--toys or lunch pails with explosives on a playground, or an attack on a regularly scheduled religious service, etc.
Emergency Management Systems (Police, Fire, Ambulance)
These groups are particularly susceptible to attack, and provide high-profile media coverage; anti-personnel booby-traps or firestorm mechanisms could overwhelm EMS personnel, and provide reluctance of other EMS personnel for continuing their operations. Ecological warfare (for instance, a plane dropping chemical-timed thermite pencils while flying over a region, or targeting refineries and chemical plants) is also possible.
Business (Food, Medical, Misc.)
The dependence on such providers makes the impact of product tampering, explosive devices, or weapons of mass destruction particularly leveraged. Shopping malls have near perfect target profiles for weapons of mass destruction or explosive packages.
Public Events
Concerts, conventions, sporting events, etc. are venues with existing media coverage, large crowds, and easy access for explosive devices, weapons of mass destruction, or other attacks.
Government
Little benefit is to be gained by targeting political figures or organizations--the myths and romanticism surrounding the political domain make martyrs out of any attack. OpFor nodes wishing to have real effects on society or organizations need to recognize that political figures have very little 'value add' to society, and are best left in place to add to the confusion. Law enforcement agency and the intelligence community personnel are open to serious and subtle attacks, ranging from identity hacking (use or damage to personal data) to using such data to select and target true 'value added' personnel.
Conclusions--Is this a Credible Scenario?
What competencies are demanded to undertake these sorts of operations by OpFor? Nothing unrealistically extraordinary--tools for research and planning; tutorials on explosives, boobytraps, chemical weapons, forensic procedures; information about societal weaknesses, operational concepts; communication tools. All these things are available. Where are the personnel for OpFor, the users of these things?
This is as good a place as any to discuss motivation (briefly mentioned earlier) and will. Will is a moral determination, a desire, a dedication to purpose. That purpose may be 'good' or 'bad' (highly subjective terms), but with the will, there will be a way. Neither law of society or word of God will hamper men of will. It does no good to make tools like guns illegal--you would have to reach into every man and wrench out the will to use guns, the very idea of guns, and then still hope and pray they don't get reinvented. The real need is for when something triggers that moral determination that the moral compass guiding the will is one that does not favor chaos or destruction.
Of course, nothing is produced more readily in places like the United States than disaffected youth. The collapse of a stable, socially prevalent moral structure is the most critical factor in understanding this sort of potential future conflict. These people don't need to be recruited--they recruit themselves. Particularly evident on the Internet (but one could just as easily point to Los Angeles, Detroit, Washington D.C.) is a desire for the very same knowledge needed for OpFor--tools, tutorials, weaknesses, operational concepts, communication tools. Experimentation is occurring on a regular basis (usually among legal minors, unprosecutable for all practical purposes if caught), details are exchanged, laws and social graces are broken and flaunted, reputations and contacts are made (including links to criminal and other organizations).
What's missing so far are only a few things--either leaders who would create a purpose inside the subcultures, or triggers that activate groups or make leaders, men of will. Certainly as time goes on, leaders will emerge to take up the sword, or members of the subcultures will be triggered by events in their lives--and then all hell will break loose.
The technology is available. The elements of society are vulnerable. The personnel are being bred. All that remains is a threshold of will, the boundary condition, to be crossed.
So I gave up my boyhood,
To drill and to train,
To play my own part in
The Patriot Game.
--Irish folksong