The 304th MI’s report "coverhs a few examples of terrorist use and potential use of mobile to web and web to mobile technologies and tactics" including "a red teaming perspective on the potential terrorist use of Twitter." (in a war game, the simulated enemy force is the red team). After briefly describing the service, the report notes that Twitter was used as a "counter-surveillance, command and control, and movement tool by activists at the Republican National Convention" and suggests three red team scenarios:
- Members of a cell using Twitter to communicate with each other
- Terrorist B using Terrorist A’s tweets to determine the optimal time and place to remotely detonate A’s explosive vest
- A spy joining a US soldier’s group of Twitter followers, then using the information gathered to somehow target the soldier
Cell members and terrorist masterminds seem to be going to great lengths to keep their conversations secret; the Christian Science Monitor reports that many messages from terrorist leaders are now being sent by donkey and camel, and that there is "an extensive network of handwritten messages extending across southern Afghanistan." Twitter is close to the opposite of such a network.
For the first two scenarios above I can’t see any advantages to using Twitter over text messaging (beyond perhaps the convenience associated with device independence), but I can see plenty of disadvantages. As I read the report I found myself thinking that Twitter would have great value as yet another tool to disseminate terrorist propaganda, but not as an aid to their loathsome operational activities.
But after thinking about it a bit more I came up with a scenario for Twitter-assisted terrorist operations that I found novel, realistic, and a bit scary. Here it is; please let me know what you think of it, and if I’m overlooking anything important.
In multiple parts of the world today, a segment of the population is sympathetic to the goals and methods of the terrorists in the country. These sympathizers aren’t all members of cells or active participants in past attacks, but let’s stipulate that at least some of them are looking for ways to get involved and help the terrorist cause.
Terrorist leaders, meanwhile, have to be careful about the people they recruit into their cells and attacks because of the constant risk of infiltration by agents. As a result, their caution probably forces them to turn away sincere and eager volunteers. From the terrorist point of view, this is a shame; they’d love to be able to put all willing people to use, as long as doing so was riskless and costless to them. In fact, they’d love to be able to enlist as much of the sympathetic segment as possible in their operations, again as long as it was riskless and costless to do so.
One last important aspect of this scenario is that many of today’s terrorist leaders seem to have very little of the military commander’s historic concern for his troops’ well-being. Modern terrorists have shown a willingness to train and equip suicide bombers and direct them toward civilian targets. It seems safe to say that they consider many types of people expendable.
In these circumstances Twitter can be a new and very powerful tool for terrorist leaders. They simply set up some Twitter accounts and start attracting followers from among the sympathetic segment. They don’t have to know in advance who all these followers are, or vet them carefully as they show up on Twitter and start following the leaders. In fact, the leaders wouldn’t want to be picky at all; they’d just want to build a big mass of followers, who they could turn into a mob when the time was right. In this scenario, Twitter a vehicle for terrorist leaders to do two things: assemble a large and self-selecting group of followers, and send this group messages and updates in real time using a convenient and mobile interface.
The terrorist leaders would probably use Twitter to broadcast propaganda most of the time, but their accounts could also be useful when operations are planned. For operations that consist of mob action, or that would benefit from the kind of large-scale chaos and paralysis that a mob – especially a directed one — can sow, Twitter is a great orchestrator. It’s group-level, instantaneous, mobile, widely available, easy to use, and free. And becuase the terrorist leaders don’t care about the mob members’ welfare, they also don’t care if their orders to the mob are seen by the enemy (it would be a bit better if these orders could be kept private because of the advantage of surprise, but it’s not a deal-killer for the mob action if they are seen).
The same is not true of the communications they have with other terrorist leaders and orders they send about targeted activities such as suicide bombs. For these communications the older methods, including donkeys and camels, are better. But if the new style of asymmetric warface includes the formation and direction of ‘flashmobs,’ Twitter is an ideal tool. It would require no new investments and no real behavior changes by any participants, from the leaders to the sympathetic segment, and would conceivably augment terrorists’ ability to wreak havoc in many parts of the world.
The following messages are all less than 140 characters (Twitter’s current limit):
Today will be a great day. Go to the US embassy and await instructions
Soldiers are gathering in the courtyard. Throw rocks at them
All children under 18 go to the intersection of x and y streets
Lie down in front of the vehicles
Turn the abc neighborhood into a giant traffic jam
The soldiers are heading south on z street. Stay away
Erect barricades at the intersection of m and n streets
They are conducting searches in dfg neighborhood. Remove all weapons from houses
Do everything you can to make it difficult for them to move
All women go to checkpoint q
Everyone leave checkpoint q
This was a great day. Go home now
So my scenario is different than any of those put forward by the the 304th MI; my scenario is a mob attack executed by the sympathetic segment and initiated and coordinated by terrorist leaders using nothing more than a series of Twitter messages like the ones above. Such an attack has a few interesting properties. It’s simultaneously highly autonomous – people only sign up with the mob if they want to, and are under no formal compulsion to obey commands – and tightly centralized and coordinated. It’s self-organizing in some respects, but not in others. It’s easy to practice and experiment with. It marries crowd energy to a central will. Even though it’s tightly scripted, it requires little or no up-front planning. It also doesn’t require the leaders to identify the combatants in advance, or even during the attack itself; leaders just have to satisfy themselves that ‘enough’ combatants will participate. And this attack can be easily modified and redirected as events warrant.
An attack with these properties would be easy to design and carry out using Twitter. I also think that it would be difficult to organize and execute using other social or mobile technologies, although one could cobble together something similar with mobile blog updates, RSS feeds, and mobile feed readers. Finally, I think that it would suit the purposes of some terrorists quite well.
I feel the need to state that I’m not trying to get Twitter shut down, modified, or curtailed, nor am I hoping to educate, arm, or in any way abet terrorists or terrorism. My goals with this post are the same as those of the authors of the 304th MI’s report. I want to help us better understand how terrorists might use today’s technologies against us, so that we can figure out how to best combat them. I doubt that this post is telling terrorists anything they don’t know, but I hope it can stimulate some thinking on our side of the current conflicts.
If you have anything to contribute to this thinking, please leave a comment.
{ 14 comments… read them below or add one }
Hi Andrew:
I think this is just a tempest in a teapot. Technology is neutral and as such can be used for good or ill, as the user sees fit. Terrorists use cell phones, email, supermarkets and automobiles. It doesn’t make any of these inherently evil or offer a reason to be fearful.
I think it’s a good thing that the military charged with watching terrorists is aware of the possible methods they could use to communicate with one another, but we all have to be careful not to overreact because any technology, especially one used to communicate can be used in a variety of ways, some of which will be positive, some negative and some neutral. It’s not a reason to overreact. It’s just a reason to be aware as this report shows it has.
Very interesting post. Thanks.
The approach the military takes to terrorist on Twitter should be exactly the same as the approach successful businesses are taking to customers on Twitter.
They should dive in and master the new medium. This is not a problem they can solve with force or regulation.
Twitter is just another communications tool. Its inherent openness should be a deterrent to bad guys. The information is in an easy to search format. Twitter itself even has a powerful search tool that notifies you when new words appear.
Try detonate: http://search.twitter.com/search?q=detonate
I’d say the best defense against this type of attack, provided you could find it (and you could do that by parsing out directions from these types of things, though that would require some cooperation from Twitter) would be to feed false and misleading directions. I’ll leave the logistics of solving that particular problem to the experts, but there are probably some algorithms that can be used to detect the formation of groups that would be used in this fashion, again requiring the cooperation of the provider of this service.
I think that the use of Twitter by terrorists also delivers some advantages to a counter-terrorist operation, namely:
1. once an activity is online it can be monitored more easily and with a more easily scalable process than if it is offline
2. all online activity runs to ground, behind every message there is an IP address which though often obscured does provide more detail than a repeated rumor. An online footprint of followers is a very attractive nugget of intelligence. These ground contacts can be added to a net that can incrementally close in on an operation
3. the anonymity afforded by Twitter allows for the activation of a disinformation fog of messages once online activity has been observed – taking your example “All women go to checkpoint q” – a program can easily be developed to blanket that same network with messages that instruct all women to go to checkpoints A-Z or to checkpoint T where they can be video-taped and identified
4. a series of fake flashmob instructions or a daily or even hourly request to flashmob can soon turn this mode of communication into static.
Andrew,
The scenario you describe has indeed been in use for some time (not by terrorists). It’s often called a “flash mob,” which I think comes from a Larry Niven story of about 1973. This technology does not require Twitter, although I’m sure Twitter has advantages and disadvantages. Other methods of coordination include IM, and simple web page updates.
See http://en.wikipedia.org/wiki/Flash_mob
Andy, you crafted a very plausible scenario for how a sleeper cell in the US could leverage Twitter…except you nullified it earlier in your article when you said “Terrorist leaders, meanwhile, have to be careful about the people they recruit into their cells and attacks because of the constant risk of infiltration by agents.”
For this very reason, it would be relatively easy for an agent to infiltrate such a Twitter group and thwart the flash mob.
To the earlier comment: trivially, all can use communication media which are universally available, be they shouting across the street or exchanging strongly encrypted, anonymous email. New means of communication *have* changed tactics and even balance of power in terrorism vs. counter-terrorism. Command detonation of bombs with a $50 expendable cost, at distances from line-of-sight to intercontinental, became possibly only with mobile phones. No prior technology came close to that capability. The technology had an inherent asymmetry that worked for the bomber, with no equivalent benefit for the bombÂ’s target.
Twitter differs from previous communication media in ways that have made it successful: simplicity, immediacy, and broadcast capability. I cannot think of another medium which would work as well as Twitter for AndrewÂ’s example of flashmobbing. The obvious countermeasure would be against the account or the service providing the instructions. If those were beyond reach, it sure seems that the open, truly publish/subscribe nature of Twitter would provide an incremental advantage over alternatives, such as an RSS feed. That would apply equally for any mob-leadership type of application, including the activists at the RNC or street protest in general. Where security is impossible due to threat of infiltration, Twitter may be the medium of choice for real-time broadcast.
Thank you for the opportunity to comment.
Although, not directly relevant to this post (but keeping in sync with the rest of the blog), I would like to point out this article published in the Mindtree Consulting Inc Knowledge Center.
http://www.cioupdate.com/reports/article.php/11050_3755056_1/Enterprise-20—Giving-the-Hype-a-Second-Thought.htm
This is another skeptic’s viewpoint on the Enterprise 2.0 phenomenon. However, I would like to point out that one can glean several snippets of important information (although, I am sure that the author wouldn’t want to look at it from this point of view)from this article as enumerated below.
1. Organizations need to understand that the Web 2.0 and Enterprise 2.0 are different animals even though both may utilize similar underlying components and plumbing, the environments and the context in which they are implemented are very different.
2. The cultural readiness of an organization will go a long way in determining the success of Enterprise 2.0 initiative.
3. Be wary of basing your Enterprise 2.0 strategy on the basis of one or two experiments with Enterprise 2.0 in small teams.
4. Does the organization have the required critical mass to leverage the network effect?
Could we have an open blog discussion on these issues sometime if possible? Thanks.
While I think it’s important to be aware of the potential abuses of new technologies by people with bad intentions, I think in the Twitter Terror scenario, the chances of detection would be too high to really render it viable.
Twitter would be as vulnerable if not moreso than “real life” networks to infiltrators or informants. In the even that this were to happen, law enforcement agencies would have access to the same information that those in the twitter cell would, which would likely allow them to plan in advance for any disturbance or shut it down quickly once it started. Obviously that’s just me speculating though.
-Karim
http://regispromotion.com
Something that has not been questioned as of yet is the electronic controlability of a mob. Sure flashmobbing works to get a bunch of latte junkies to try and stop the new Seattle turn-pike but are terrorist sympathiesers really going to go throw stones with a bunch of people that they don’t know? Particularly knowing that their “leader” is sitting at home at his computer. Seems unlikely, and certainly not in keeping with any theories of organizational behaviour or leadership. Or do they not apply to terrorists?
This is essentially a commentary on civil rights and privacy law. Where can we as a nation draw the line? And how will the patriot act adapt to include virtual property?
twitter is one of the social media networks that took web 2.0 by storm. many people now are following on twitter, maybe beacause of its cool features
Twitter is so cool. I love the way disqus mixes the 2 so well Twitter is awesome.
moretwittertraffic.com