By Roderick Jones
This piece was co-authored with Michael Schrage who is senior advisor to the MIT Security Studies program and a Sloan School adjunct lecturer.
Terrorists are early adopters of new technologies - especially if they're cheap and easy to acquire. Al-Qaeda's global embrace of the Internet was no surprise. The virtual world of jihadi chat rooms, online recruitment and networked proliferation of deadly terrorist techniques has entered the public consciousness. No serious security observer now doubts that radical Islamist groups are adept at exploiting online environments. Therefore, the most visible recent advances in the realm of online collaboration -virtual worlds and social networking sites - will likely be adapted for use by extremists. The benefits these platforms provide for military training and operational command & control sharing are clear. The inevitable adoption of these systems by extremists will likely mirror past online developments: quiet experimentation across a number of platforms and mainstream systems, followed by the creation of password-protected digital enclaves that incubate future destruction.
The real-world Afghanistan may be gone as a terrorist training safe-haven but creating virtual Afghanistans is literally and figuratively child's play. From the Provisional IRA to al-Qaeda terrorists have traditionally relied on pliant host governments to conduct their necessary face-to-face training. That may no longer be necessary. Geographically dispersed terrorist groups could easily come together to learn the complex technical tradecraft of terror, such as bomb making - but within a virtual environment. Training camps have also traditionally played a significant role in terrorist movements, by indoctrinating recruits into their new cause. This essential discourse will be replicated, virtually across voice-enabled worlds. Systems such as the virtual world Second Life are unlikely to be used in this way, as potential jihadis will seek to operate behind private protected systems. However, password protected environments do become compromised over time as the monitoring of jihadi forums by the SITE Institute clearly shows. Unfortunately, terror has a dangerously clever and elusive option. A practical and shockingly accessible pathway to this future exists today. The same criminal gangs that use 'malware' and ‘spybots’ that secretly ‘recruit’ tens of thousands of unsuspecting home PCs and laptops into digital ‘zombies’ will ultimately become subcontractors to terror. Untraceably cheap and disposable 'just-in-time' virtual worlds that fuse the benefits of virtual worlds like Second Life with the criminal effectiveness of zombie botnets are inevitable. They will be where tomorrow's bin Ladens educate, train and coordinate their aspiring killers.
Botnet originator’s can control their zombie groups remotely and use it to launch Distributed Denial of Service (DDoS) attacks, to great effect, as was recently seen in Estonia. The suspicion remains that botnet time was rented to attack Estonia from Russian trans-national criminal syndicates and when this time ran-out the attacks fell-off. Since January 2007 numerous computers have been infected by a virus known as, Storm Worm, giving the criminal syndicates controlling the virus and hence the computers, processing power estimated beyond the power of the worlds top ten supercomputers. There is clearly an argument for using these botnet systems for more than just spam. It is not yet true to say that the next conflict will be fought virtually on computers alone but it may be rehearsed there.
Combining, fusing and blending virtual worlds and botnets for the purpose of extremist planning would solve many of the terrorist’s problems involved with using the public Internet. A virtual world that only existed for 72 hours on a botnet system would be impossible to trace. Users could come together discreetly and learn specific skills in virtual worlds constructed for that purpose. The barriers to creating such a world are being constantly reduced as companies are beginning to provide the tools for creating DIY worlds. Virtual worlds require a relatively small software interface, which sits over a number of dispersed servers that host the world. Botnets could act as temporary servers and software could be written to create a small 3-D environment geared towards training terrorists in specific skills. Botnet systems would be rented, exploited and utilized to host a virtual world where terrorists would rehearse their real world performances. For the moment, botnets are best-of-breed platforms for Just-in Time Jihadinets.
How can traditional counter-intelligence operations deter or undermine this emerging threat? They can't. Not unlike Iraqi IEDs, these innovative technologies require new doctrines, new training and new tactics to cope. Would the rise of jihadidworlds make 'humint' the more important counterintelligence investment? Or do novel forms of digital surveillance and subterfuge become more valuable? Should network penetrators be close and intimate? Or is their work best done from a (virtual) distance? Should these worlds be continually hunted down and disrupted? Or should they become vehicles for more targeted intelligence gathering? The answers to those questions depend in large part whether policymakers believe that a (virtual) world war is being waged or if these are merely criminal activities that pose little national - or international - security threats. But if the physical past can service as a digital prologue to the future, it's clear that allowing terrorist training infrastructures to take root in either nation-states or virtual worlds invites lethal violence. Safe havens for 'terror capital' online are every bit as much a threat as safe havens in Afghanistan, Iran or North Korea. Policymakers who take the safety and security of their citizens seriously must invest in both the capacity and capability to deny aspiring terrorists this medium for mayhem.
December 17, 2007 02:41 PM Link