[SecurityRatty] tag: terrorists

Gadgets of the Mumbai Attacks

Mon, 01 Dec 2008 11:39:00 +0000

The Mumbai terrorists used an array of commercial technologies -- from Blackberries to GPS navigators to anonymous e-mail accounts -- to pull off their heinous attacks.

Communications During Terrorist Attacks are Not Bad

Mon, 01 Dec 2008 09:02:50 +0000

Twitter was a vital source of information in Mumbai:

News on the Bombay attacks is breaking fast on Twitter with hundreds of people using the site to update others with first-hand accounts of the carnage.
The website has a stream of comments on the attacks which is being updated by the second, often by eye-witnesses and people in the city. Although the chatter cannot be verified immediately and often reflects the chaos on the streets, it is becoming the fastest source of information for those seeking unfiltered news from the scene.

But we simply have to be smarter than this:

In the past hour, people using Twitter reported that bombings and attacks were continuing, but none of these could be confirmed. Others gave details on different locations in which hostages were being held.
And this morning, Twitter users said that Indian authorities was asking users to stop updating the site for security reasons.

One person wrote: "Police reckon tweeters giving away strategic info to terrorists via Twitter".

Another link:

I can't stress enough: people can and will use these devices and apps in a terrorist attack, so it is imperative that officials start telling us what kind of information would be relevant from Twitter, Flickr, etc. (and, BTW, what shouldn't be spread: one Twitter user in Mumbai tweeted me that people were sending the exact location of people still in the hotels, and could tip off the terrorists) and that they begin to monitor these networks in disasters, terrorist attacks, etc.

This fear is exactly backwards. During a terrorist attack -- during any crisis situation, actually -- the one thing people can do is exchange information. It helps people, calms people, and actually reduces the thing the terrorists are trying to achieve: terror. Yes, there are specific movie-plot scenarios where certain public pronouncements might help the terrorists, but those are rare. I would much rather err on the side of more information, more openness, and more communication.

Lessons from Mumbai

Mon, 01 Dec 2008 05:03:41 +0000

I'm still reading about the Mumbai terrorist attacks, and I expect it'll be a long time before we get a lot of the details. What we know is horrific, and my sympathy goes out to the survivors of the dead (and the injured, who often seem to get ignored as people focus on death tolls). Without discounting the awfulness of the events, I have some initial observations:

Low-tech is very effective. Movie-plot threats -- terrorists with crop dusters, terrorists with biological agents, terrorists targeting our water supplies -- might be what people worry about, but a bunch of trained (we don't really know yet what sort of training they had, but it's clear that they had some) men with guns and grenades is all they needed.
At the same time, the attacks were surprisingly ineffective. I can't find exact numbers, but it seems there were about 18 terrorists. The latest toll is 195 dead, 235 wounded. That's 11 dead, 13 wounded, per terrorist. As horrible as the reality is, that's much less than you might have thought if you imagined the movie in your head. Reality is different from the movies.
Even so, terrorism is rare. If a bunch of men with guns and grenades is all they really need, then why isn't this sort of terrorism more common? Why not in the U.S., where it's easy to get hold of weapons? It's because terrorism is very, very rare.
Specific countermeasures don't help against these attacks. None of the high-priced countermeasures that defend against specific tactics and specific targets made, or would have made, any difference: photo ID checks, confiscating liquids at airports, fingerprinting foreigners at the border, bag screening on public transportation, anything. Evenmetal detectors and threat warnings didn't do any good:

"If I look at what we had, which all of us complained about, it could not have stopped what took place," he told CNN. "It's ironic that we did have such a warning, and we did have some measures."
He said people were told to park away from the entrance and had to go through a metal detector. But he said the attackers came through a back entrance.

"They knew what they were doing, and they did not go through the front. All of our arrangements are in the front," he said.

If there's any lesson in these attacks, it's not to focus too much on the specifics of the attacks. Of course, that's not the way we're programmed to think. We respond to stories and not analysis. I don't mean to be sympathetic; this tendency is human and these deaths are really tragic. But eighteen armed people intent on killing lots of innocents will be able to do just that, and last-line-of-defense countermeasures won't be able to stop them. Intelligence, investigation, and emergency response. We have to find and stop the terrorists before they attack, and deal with the aftermath of the attacks we don't stop. There really is no other way, and I hope that we don't let the tragedy lead us into unwise decisions about how to deal with terrorism.

Chairman Tata Surprised by Tricky Terrorists

Sun, 30 Nov 2008 22:29:00 +0000

Chairman Rata Tata, whose company owns the Taj hotel in Mumbai, gave a frank and honest interview to CNN. I would imagine that the Tata Group's PR people and General Counsel are scrambling at the moment trying to do as much damage control as possible.

The sad part of this unfolding story is the feeling one gets that the terrible loss of life at the hotel may have been prevented or at least mitigated had proper security measures been implemented and if the security that had been in place prior to the attack had not been removed.

One eye witness who stayed at the hotel a week before the terrorist assault spoke about metal detectors and baggage being checked. The same witness then went on to say that those security measures had been removed within the last week, allowing people to enter without being checked.

The most surprising news to surface must be the Chairman's comments regarding the terrible event. Unbelievably, he actually said; "They knew what they were doing and they did not go through the front. All of our arrangements were on the front entrance".

Who is Tata's security advisor, a kitchen worker? Actually, he might have been better off if that were the case since the terrorists entered the hotel through the rear kitchen door. ANNOUNCEMENT TO ALL CHAIRMEN AND CEO's; Terrorists are Tricky. That is their job. They are watching your businesses and will do the opposite to what you expect.

In the case of the TAJ HOTEL, you made it easy for them. Did nobody in Mumbai ever stop to think that a bad person can go through the back door? It is one thing for a cafe in a pedestrian area to be attacked as anyone can walk right by or walk through the front and open fire, but how can a major landmark that attracts Western vistors drop their security measures AFTER they have received terrorist alert warnings that the hotel may be the target of terrorsit attacks?

I don't know if it was the case with the Taj Hotel, but cutting corners where security is concerned is common place in corporate culture. Security is often seen as a necessary evil and usually the first department to experience budgetary cutbacks. It is very difficult to convince some clients that nothing happening is really a good thing and that by cutting out security may open the door to evil.

This appears to have been the case with the Taj. There is no doubt that the terrorists had conducted hundreds of hours of surveillance in and around Mumbai. Was it a coincidence that the attack occurred the week after security measures had been removed? What might have been the result if security had remained tight (if you could call watching the front entrance and disregarding the back as "tight security")? Maybe the terrorists would have held back another month or two...maybe in that time they would have been detected...

One thing is for certain, places like the Taj Hotel have to get serious about security. Mr. Tata's claim that; "If I look at what we had...it could not have stopped what took place", must be replaced by more progressive, proactive thinking. If the Tata Group had spent an adequate amount of funding on ensuring that a strict security policy was in force - if only for the period in question - then they might not now be facing a 5 Billion Rupee reconstruction bill. Who knows how high the civil suits against the Taj will run when compensation and punitive costs are calculated.

Kudos though to Chairman Tata for at least recognizing that the Indian authorities may not be able to handle the situation on their own. "These attacks underscore the need for Law Enforcement to seek outside expertise for training, equipment and strategic operations", he said.

We agree Mr. Tata. We also hope that you will recognize the need for the Tata Group to seek similar outside expertise to assist you with your security planning and training.

FBI Stoking Fear

Thu, 27 Nov 2008 09:27:35 +0000

Another unsubstantiated terrorist plot:

An internal memo obtained by The Associated Press says the FBI has received a "plausible but unsubstantiated" report that al-Qaida terrorists in late September may have discussed attacking the subway system.
[...]

The internal bulletin says al-Qaida terrorists "in late September may have discussed targeting transit systems in and around New York City. These discussions reportedly involved the use of suicide bombers or explosives placed on subway/passenger rail systems," according to the document.

"We have no specific details to confirm that this plot has developed beyond aspirational planning, but we are issuing this warning out of concern that such an attack could possibly be conducted during the forthcoming holiday season," according to the warning dated Tuesday.

[...]

Rep. Peter King, the top Republican on the House Homeland Security Committee, said authorities "have very real specifics as to who it is and where the conversation took place and who conducted it."

"It certainly involves suicide bombing attacks on the mass transit system in and around New York and it's plausible, but there's no evidence yet that it's in the process of being carried out," King said.

Knocke, the DHS spokesman, said the warning was issued "out of an abundance of caution going into this holiday season."

Got that: "plausible but unsubstantiated," "may have discussed attacking the subway system," "specific details to confirm that this plot has developed beyond aspirational planning," "attack could possibly be conducted," "it's plausible, but there's no evidence yet that it's in the process of being carried out."

I have no specific details, but I want to warn everybody today that fiery rain might fall from the sky. Terrorists may have discussed this sort of tactic, and while there is no evidence yet that it's in the process of being carried out, I want to be extra-cautious this holiday season. Ho ho ho.

Mayhem in Mumbai

Thu, 27 Nov 2008 02:48:00 +0000

The total number of casualties rise in the financial capital of India after terrorists attack multiple locations.

The latest figures suggest that at least 100 people have been killed and as many as 900 injured. Radio and television reporters are saying that it has all the hallmarks of an Al-Qaeda attack. Locations included a railway station, a cinema, the Taj Hotel, and another very popular restaurant.

It appears as if the terrorists singled out Westerners as they are reported to have taken British and American tourists hostages and brought them up to the 18th floor of the hotel. This evening the hotel is on fire and the fate of the hostages is still unknown.

The good news for some, is that they were able to escape form the hotel in the confusion. It appears that the terrorists could have numbered dozens of heavily armed men. This is definitely not a random attack but a well planned and executed operation aimed at causing mass casualties amnd hitting India's financial markets in much the same way as Wall Street was attacked on 9/11.

We do not hear that much about India's terrorist problems in the West but I was made aware of it when I was invited to India to speak on Security matters this time last year. I have since that time made clients and potenital clients aware of the security situation.

There has been much outsourcing to India and many U.S. businesses are sending personnel over there as a result. Those who can afford to have their own professional security protectors should consider that option very carefully. It could very well turn out being more of a necessity than a luxury in these dangerous times.

In Mumbai, bloggers and Twitter offer help to relatives

Wed, 26 Nov 2008 21:00:00 +0000

Bloggers pitched in offering information and other help to people worldwide as Indian police and commandos battled it out Thursday with armed terrorists in two top hotels and a residential complex in south Mumbai.

Friday Squid Blogging: Preserving Giant Squid

Fri, 21 Nov 2008 13:20:18 +0000

At the Smithsonian:

At the centerof the Smithsonian Institution's National Museum of Natural History's gleaming new Sant Ocean Hall lies a preserved giant female squid -- the arresting, spineless star among the vibrant exhibition's animal specimens. Tentacles menacingly outstretched and seemingly frozen in time, the 24-foot squid embodies humans' fascination with the briny deep. But this squid also symbolizes something else: an ongoing experiment in the chemistry of preservation, without which the Smithsonian's new exhibition would not have been possible.

Also note the terrorism tie-in:

To create the exhibit, the Smithsonian had to work around post-9/11 rules restricting flammable materials, while maximizing the lifelike appearance of the squid for public display. They turned not to formalin or ethanol, but to a new fluorinated chemical called Novec, developed by 3M.

If we give up our preserved giant squids, then surely the terrorists have won.

They didn't go away you know....

Fri, 14 Nov 2008 03:02:00 +0000

Listening to a discussion on CNN the day after President elect Obama won the U.S. Presidential race, made me think about what the terrorists may be thinking.

It really is fairly easy for the average citizen to push these thoughts out of their mind, but we should always keep it somewhere in our minds - close enough to recall it when necessary.

Bill Clinton was "tested" early in his Presidency as was the U.K.'s new Prime Minister - Gordon Brown. In PM Brown's case it came 72 hours after the Election in Britain. How long may we wait to see something here..or overseas, but definitely aimed at inflciting U.S. casualties?

Bottom line - we should always remian alert and open to the idea that something could happen and we can not afford to drop our guard and think "they have gone". Terrorists have great amounts of patience. They conduct surveillance right under the noses of their intended victims. As the old saying goes; "we have to be successful every single time - they only have to be lucky once".

Pakistan Declares Death Penalty for 'Cyber Terror'

Sat, 08 Nov 2008 15:20:01 +0000

American officials can have some pretty over-the-top reactions to hackers and so-called cyber terrorists. Once, I saw a briefing comparing our own Kevin Poulsen to Osama bin Laden and Pablo