Combating Terrorism Networks: Agency Theory and Adolescent Exploits

COMBATING TERRORISM CENTERat West Point

Combating Terrorism Networks:Agency Theory and Adolescent Exploits

Joint Special Operations UniversitySymposium 2006: Countering Global Insurgency

May 4, 2006

James J.F. Forest, Ph.D.U.S. Military Academy


Please Note: The views expressed herein are those of the author and do not purport to reflect the position of the United States Military Academy, the Department of the Army, or the U.S. Department of Defense.


Agenda

• Networks• Network Vulnerabilities• Functional Agency Viruses• Implications for Information Operations• Conclusion


Networks: Computer & Human

• Nodes• Links• Functions• Access• Maintenance• Security• Control


Key Computer Network Features • Nodes and connections (computers, servers, routers,

hubs, etc. and wires/wireless links)

• Critical nodes – high in importance – low in redundancy (no substitutes)– DNS (Domain Name Servers: www.books.com = 123.45.6.789)

• Internet (global network) functions effectively because: – Trust in the identity of whom you’re communicating with– Trust that financial transactions are secure– Privacy; trust that “nobody is listening, watching” while you

conduct your business


• Communication protocols bind the network nodes together on the Internet– TCP/IP– DNS Servers– IMAP/POP (e-mail)– Etc.

• Critical transactions (info, money) require additional layer of these “trusted handshakes” (e.g., encryption) to ensure network security

Key Computer Network Features


Key Computer Network Features • Size matters – the number of nodes and connections

helps determine resiliency

• Coupling – degree of interaction (dependence) between two nodes impacts network security/vulnerability

• Strength of a network is based on the level of its integrity for conducting transactions (communication, financial, etc.); reliability and trust of a network are critical


Key Human Network Features


• Cliques, cells, bridges – all components of networks in which contingent relationship, based on trust, are formed

• Sophisticated organizational forms; “Living, breathing organisms” with no state/geographical boundaries

• Can include hierarchical organizations within the overall network

• Becoming preferred method of communication, coordination, cooperation & collaboration– Political Activists– Organized Crime– Terrorists– Academic Researchers



Key Human Network Features • Size matters – the number of nodes and connections helps

determine resiliency

• Coupling – degree of interaction (dependence) between two nodes impacts network security/vulnerability

• Strength of a network is based on the level of its integrity for conducting transactions (communication, financial, etc.); reliability and trust of a network are critical

• Distributed networks actually require a higher level of trust than hierarchical organizations in order to maintain operational security


• Anyone can plug into the network if they use the proper protocols and can establish the necessary trusted relationships

• Networked orgs provide multiple pathways for knowledge transfer; enabling org learning; more individual nodes can contribute to the collective knowledge base, like a Wikipedia or CompanyCommand.com sort of approach

• Force multiplier: Can concentrate resources when necessary (‘swarming’)



Global Salafist Insurgency• A networked organization that is committed to using

terrorism to achieve its objectives

• Kilcullen – networked nature of insurgency; loose confederation of local movements, connected by global info technology, shared beliefs, some common ideological, political or economic goals

• Ishimoto – networked structure; “interlocking directorships”

• Network linkages provide conduits through which members can publicize, mobilize, radicalize, coordinate, finance, collect and share info, etc.


Protocols in the Salafist Network

• Both computer and human networks connections rely on common languages (protocols) to establish levels of trust in the integrity of financial and information transactions.

• “To work well, networks require strong shared beliefs, a collective vision, some original basis for trust, and excellent communications” - Brian Jenkins, 2006

• In human networks, trust is established by various social mechanisms (family, tribe, clan, etc.) and shared beliefs


Protocols in the Salafist NetworkShared Beliefs

Core tenets of the Sunni insurgents’ ideology and key ideologues:• Taymiya, Wahhab: inspired Salafist (“pure” Islam) movements among

Sunnis• Banna: Every aspect of Western thought is a threat to Islam• Mawdudi: God’s sovereignty is absolute; thus, no laws created by man are

valid• Qutb: Muslims who do not conform to jihadi interpretations are infidels (ok to

kill); separation of church and state is anathema to true Islam• Azzam: Jihad is a necessity wherever Muslim lands are invaded or occupied,

including Afghanistan• Azzam and Zawahiri: manhaj (blur the paradigm of defensive jihad with the

idea of jihad against the West)• Zawihiri: In order to bring down the apostate regimes in the Middle East (the

near enemy), we must focus on the superpower patrons – the U.S. and the West (the far enemy).


Protocols in the Salafist NetworkShared Beliefs

Resonance of the Al Qaeda message (principle of jihad) is one form of network protocol, like a secret handshake which confirms a lot of tacit knowledge between two people

Religious dimension: Sunni insurgents’ ideology exploits certain Islamic teachings in order to push the global umma into bringing down the world order of responsibly governed states

Political dimension: As a whole, the Muslim world has many developmental challenges due to political corrupion; these can only be overcome by bringing down the world order of responsibly governed states and replacing it with Islamic rule in the form of a caliphate

Social dimension: Social reinforcement of the core tenets of the ideology eventually raises it to a level of sacred obligation


Attacking Networks: Lessons from Hackers

• Attack the network nodes, get 1 kind of result– For example: Amazon.com, Barnes & Noble.com

• Destroy one node, another can take its place

• However, attack the protocols, impact the entire network– This is why MS Internet Explorer vulnerabilities (and those in other

browsers) are so critical, and why you have to constantly update your software – and why you should be kind to your network administrator

• If the public lost confidence in the Internet’s ability to provide for secure information and financial transactions, we would see a reduction in Internet traffic; in essence, would be less valuable to people


Human Network Vulnerabilities

• National Strategy for Combating Terrorism– Goal #1: “Identify, locate and destroy terrorists” (nodes)

• Intelligence analysts map a network by looking for nodes (individual leaders, operators, financiers, etc.) and for personal connections, social relationships, etc. between nodes

• However, network nodes can be replaced

• Let’s focus on what links them together: the trusted relationships, the shared beliefs (protocols . . .)


Network Vulnerabilities

http://ctc.usma.edu


Network Vulnerabilities• Harmony/Disharmony report

– Analysis of captured AQ documents in OEF and OIF– Reveals concern over disagreements within

movement– Suggests ways to interdict/degrade lines of

communications between network nodes– Offers insights into ways some members of the

movement have subverted the authority of senior commanders (preference divergence)


Agency Theory• Three main areas of preference divergence within the

organization/movement:– Tactical control– Transaction integrity– Ideological authority

• Protocols: Humans need trust in order to work together toward any goal

• Preference divergence impacts the level of trust/expectations of shared effort toward common goal


Network Viruses• Viruses = malicious code that infects computers,

network routers, etc. and propagates, spreads itself to others on the network, often by corrupting the normal protocols used for information and financial transactions

• Are there viruses we can use to negatively impact the network integrity of the global salafist insurgency?– Independence Day – “plant a virus into the mother ship . . .”

• Functional Agency (FA) Viruses to exacerbate preference divergence within an organization


FA Virus #1: Tactical Control• Political and ideological leaders—the principals—must

delegate certain duties to middlemen or low-level operatives, their agents.

• But because of the need to maintain operational secrecy, terrorist group leaders cannot perfectly monitor what their agents are doing.

• Thus, preference divergence creates operational challenges which can be exploited to degrade a terrorist group’s capabilities.


FA Virus #1: Tactical Control• Preference divergence over controlled use of violence;

terrorists cannot afford too alienate the center of gravity, or risk losing all support

• Preference divergence over “who’s in charge”

• Preference divergence over who needs what kinds of situational awareness

• Preference divergence over what should be done to maintain security


FA Virus #1: Tactical Control• Abu Bakr Naji

– one of AQ’s leading strategists– published a number of texts discussing problems that confront

the global network– e.g., organizational difficulties in resolving chains of

command, ferreting out spies within the organization, and reigning in overzealous recruits.

– also worries about low-ranking members of the movement will initiate their own large-scale attacks against high-value targets.

– for more, see Stealing al Qaeda’s Playbook

• What does newly established Shura Council in Iraq signify re: desire among some leaders for greater tactical control over activities?


FA Virus #1: Tactical Control• What could UBL do to destroy his own credibility, popular ratings?

If you were UBL, what would you fear or worry about most?

• Perception of strategic drift

• Highlight disconnect between rhetoric and actions

• Publicize CT successes and tactical failures; discredit perception of competence

• Publicize the differences between AQ leaders and affiliate groups and the internal dissension within the AQ leadership

• Make information management more difficult; degrade the C2 network channels with noise, static


FA Virus #1: Tactical Control• Create uncertainty over which affiliate group is responsible

for particularly brutal attacks against innocent Muslim; – provide “claims” of responsibility on behalf of dozens of groups each

time– try to force real culprits to “prove” their ownership of an attack– in doing so, they may reveal more than they want to (OpSec challenge),

and may also alienate the local population/support base by demanding recognition for murdering Muslims

• Force leaders to consider punitive actions against agents/operatives

• Flood the network nodes with requests for info/requests for clarification of intent, strategy, etc. Goal: overwhelm the decision-makers from within


FA Virus #1: Tactical Control• Cellular structures complicate C2

• Secure long-distance communication is time consuming and expensive

• How can we increase their concern about network infiltration, forcing them to spend more time on screening new members, allowing less time for planning/conducting attacks?

• Overall focus: degrade level of trust regarding leadership, leaders’ competence, personal agendas, etc. as well as forcing them to focus more on operational security and tactical control


FA Virus #2: Transaction Integrity• Expectations of money to support operations will be

made available in a timely fashion

• Expectations that individual recipients will do the correct things with those funds

• Problem: Limited or no accountability– Because of operational security needs, a clandestine

organization cannot offer much transparency regarding its finances

– This allows considerable latitude for abuse, corruption– Use their need for secrecy against them


FA Virus #2: Transaction Integrity• Networked organizations need to support financial

transactions, movement of assets, weapons, people

• Key element in financial networks is trust

• Promote suspicion, rumors, mistrust in financial networks

• Encourage internal looting (or perception of looting)

• Overall goal: degrade the integrity within financial networks; make asset management more difficult


FA Virus #2: Transaction Integrity• Get money to disappear with no reason

• Have conspicuous consumption items (big screen TV) appear in place of the missing money

• Raise suspicion of misappropriation, fund diversion; should be particularly effective in certain cultures where conspiracy theories are already popular

• Some members of the movement (especially Pakistanis) have complained on web forums that Egyptians and Saudis are given preferential treatment in the network; opportunities for exploiting fissures by publicizing supposed benefits given to them


FA Virus #2: Transaction Integrity

• How else to enhance suspicion of financial mismanagement, corruption in network?

• Slow the transfer of funds, assets from one node to another; cause unexplained transaction delays

• If Internet is a primary means for getting funds into the network, need to publicize financial agency problems, encourage suspicion that money donated will not necessarily be used as intended (e.g., to pay drug couriers, murderers of schoolchildren, etc.)

• Publish articles on “lavish lifestyles of AQ leaders” focusing on KSM and his playboy antics; al Fadl stealing money in Kenya; the Montreal cell and its money mismanagement, etc. Paint a portrait of these guys as anything but humble, pious, devout Muslims or competent financial decision makers.


Other Functional Agency Virus Ideas

Organizational Tightness

TechnologicalCapacity

Operational Security Operational Security

FinancialEfficiencyTactical

Control

Constrain the network’s security environment


FA Virus #3: Ideological Authority• Preference divergence over who has greater

ideological authority

• Zawahiri illustrates challenges of networked organization– Trying to retain his ideological grip on the movement; struggle

with Zarqawi over tactics, influence– Public arguments with others over strategy, control, authority

(e.g., Zawahiri’s criticism of Muslim Brotherhood and Hamas)– Is democratic process de-legitimizing existing orgs (in the eyes

of radicals)?

• Hamas and Sudan responded to recent UBL tape with “thank but no thanks;” Hamas also criticized recent attacks in Egypt


FA Virus #3: Ideological Authority• Identify and exploit rivalries within the network

– Disagreements already exist in the network– How to exacerbate them, make them more acrimonious?– Open marketplace to encourage competition; force them to

defend their ideas

• What are the ideological disagreements in the global jihadist movement?– Is Muslim Brotherhood competing against AQ for the support of

the center of gravity (bulk of Muslim world)?– Encourage network competition/competing network formation– Get ‘competitive fatwas’ out there


FA Virus #3: Ideological Authority• Exploit disconnects between nationalist loyalties and calls

for a non-state global caliphate– Who would be on the soccer team for the World Cup finals?

• Sacred values are important; focus on attacks, other activities that occur without any religious justification

• In the history of insurgencies, once a group has had the power to do so, it destroys/terrorizes any political opposition; rarely provides the just society it promised

• Insurgent groups will not/cannot be just rulers because they have only known success through unjust, violent means


FA Virus #3: Ideological Authority• Raise questions strategic coherency

• Puncture the myths

• Highlight the hypocrisies

• Highlight personal agendas; expose jihadists as seeking a power grab, but pursuing a religious goal

• Emphasize internal criticisms of “armchair” jihadists with no operational experience (e.g., Maqdisi)


Implications for Information Operations• Boykin: “Info Ops are critical, we must do better”• Ishimoto: “Info Ops are critical, we must do better”

– IT460: Politics and Strategies of Information Warfare

• What to do when combating an idea-based global network?– Map the influences within the network; Identify their most

influential members; who is trusted most? Whose ideas carry the most weight?

– Avoid strategic miscommunications that reinforce their beliefs

– Deprive them of the ability to discredit the U.S. and the West


Implications for Information Operations• Foster/strengthen a universal belief that the globalized

community of responsibly governed states offers a more viable future of dignity, respect, security, prosperity for everyone– Note: this does not say “promote democracy”

• Organize and properly resource a multilateral, multidimensional Information Operations capacity– Networked hackers are far more dangerous than a single one

• Use IO tools to combat the enemy in the strategic battlespace of ideas and perceptions


Other Items on the “To Do” list• Diminish likelihood of state sponsorship/facilitation

• Diminish likelihood of new group affiliation, allegiance to AQ/OBL/global Islamic insurgency/movement

• Explore possible opportunities to address generational preference divergence

• Find other ways to create suspicion in the network – discredit conduits and centers of learning– “don’t download the training manuals; they have been tampered with,

and could get you killed!”– The “training” provided by so-and-so is inaccurate, ineffective; they

are incompetent”


Other Items on the “To Do” list• Build new networks, based on alternative protocols of

trusted relations (e.g., civic groups, sports clubs, etc.), particularly for dissatisfied youth

• Develop MOE for assessing gradual network deterioration (e.g., frustration of members over C2, financial agency disruptions)

• Don’t do anything that could strengthen the protocols of trust with the enemy’s networks– For example, if we don’t deliver on our post-conflict

reconstruction promises, we lose our honor, respect, social credibility among critical target populations


Conclusion• Understanding a terrorist organization’s internal challenges and

vulnerabilities is key to developing effective strategies to combat the threats they pose and degrade these groups’ ability to kill

• Networked organizations require trusted relationships in order to support information and financial transactions

• Degrading the network protocols of trust may be more important than other missions

• Refrain from actions that encourage preference alignment among disparate groups within the global network

• Spread agency theory-based viruses that exploit network vulnerabilities and produce a constant state of disruption and uncertainty – degrade its ability to function effectively


Winning Long Wars

We face a hostile ideology-global in scope, atheistic in character, ruthless in purpose, and insidious in method. Unhappily the danger it poses promises to be of indefinite duration.

Farewell Radio and Television Address to the American People by President Dwight D. Eisenhower, January 17, 1961.

“In the long run, winning the war on terror means winning the war on ideas, for it is ideas that can turn the disenchanted into murderers willing to kill innocent victims.”

National Security Strategy (March 2006), p. 9


Coffee Breakhttp://ctc.usma.edu

Documents

Combating Terrorism Networks: Agency Theory and Adolescent Exploits