Two events centered on New York City separated by five days demonstrated the end of one phase of terrorism and the pending arrival of the next. The failed car-bombing in Times square and the dizzying stock market crash less than a week later mark the book ends of terrorist eras.

The attempt by Faisal Shahzad to detonate a car bomb in Times Square was notable not just for its failure but also the severely limited systemic impact a car-bomb could have, even when exploding in crowded urban center. Car-bombs or Vehicle-Borne IED’s have a long history (incidentally one of the first was the 1920 ‘cart and horse bomb’ in Wall Street, which killed 38 people). VBIED’s remain deadly as a tactic within an insurgency or warfare setting but with regard to modern urban terrorism the world has moved on. We are now living within a highly virtualized system and the dizzying stock-market crash on the 6th May 2010 shows how vulnerable this system is to digital failure. While the NYSE building probably remains a symbolic target for some terrorists a deadly and capable adversary would ignore this physical manifestation of the financial system and disrupt the data-centers, software and routers that make the global financial system tick.  Shahzad’s attempted car-bomb was from another age and posed no overarching risk to western societies. The same cannot be said of the vulnerable and highly unstable financial system.

Computer aided crash (proof of concept for future cyber-attack)

There has yet to be a definitive explanation of how stocks such as Proctor and Gamble plunged 47% and the normally solid Accenture plunged from a value of roughly $40 to one cent, based on no external input of information into the financial system. The SEC has issued directives in recent years boosting competition and lowering commissions, which has had the effect of fragmenting equity trading around the US and making it highly automated. This has created four leading exchanges, NYSE Euronext, Nasdaq OMX Group, Bats Global Market and Direct Edge and secondary exchanges include International Securities Exchange, Chicago Board Options Exchange, the CME Group and the Intercontinental Exchange. There are also broker-run matching systems like those run by Knight and ITG and so called ‘dark-pools’ where trades are matched privately with prices posted publicly only after trades are done. As similar picture has emerged in Europe, where rules allowing competition with established exchanges and known by the acronym “Mifid” have led to a similar explosion of types and venues.

To navigate this confusing picture traders have to rely on ‘smart order routers’ – electronic systems that seek the best price across all of the platforms. Therefore, trades are done in vast data centers – not in exchange buildings. This total automation of trading allows for the use of a variety of ‘trading algorithms’ to manage investment themes. The best known of these is a ‘Volume Algo’, which ensures throughout the day that a trader maintains his holding in a share at a pre-set percentage of that share’s overall volume, automatically adjusting buy and sell instructions to ensure that percentage remains stable whatever the market conditions. Algorithms such as this have been blamed for exacerbating the rapid price moves on May 6th. High-frequency traders are the biggest proponents of algos and they account for up to 60% of US equity trading.

The most likely cause of the collapse on May 6th was the slowing down or near stop on one side of the trading pool. So in very basic terms a large number of sell orders started backing up on one side of the system (at the speed of light) with no counter-parties taking the order on the other side of the trade. The counter-party side of the trade slowed or stopped causing this almost instant pile-up of orders. The algorithms on the other side finding no buyer for their stocks kept offering lower prices (as per their software) until they attracted a buyer. However, as no buyer’s appeared on the still slowed or stopped counter-party side prices tumbled at an alarming rate. Fingers have pointed at the NYSE for causing the slow down on one side of the trading pool as it instituted some kind of circuit breaker into the system, which caused all the other exchanges to pile-up on the other side of the trade.  There has also been a focus on one particular trade, which may have been the spark igniting the NYSE ‘circuit breaker’.  Whatever the precise cause, once events were set in train the system had in no way caught up with the new realities of automated trading and diversified exchanges.

More nodes same assumptions

On one level this seems to defy conventional thinking about security – more diversity greater strength – not all nodes in a network can be compromised at the same time. By having a greater number of exchanges surely the US and global financial system is more secure? However, in this case, the theory collapses quickly if thinking is switched from examining the physical to the virtual. While all of the exchanges are physically and operationally separate they all seemingly share the same software and crucially trading algorithms that all have some of the same assumptions. In this case they all assumed that because they could find no counter-party to the trade they needed to lower the price (at the speed of light). The system is therefore highly vulnerable because it relies on one set of assumptions that have been programmed into lighting fast algorithms. If a national circuit breaker could be implemented (which remains doubtful) then this could slow rapid descent but it doesn’t take away the power of the algorithms – which are always going to act in certain fundamental ways ie continue to lower the offer price if they obtain no buy order. What needs to be understood are the fundamental ways in which all the trading algorithms move in concert. All will have variances but they will all share key similarities, understanding these should lead to the design of logic circuit breakers.

New Terrorism

However, for now the system looks desperately vulnerable to both generalized and targeted cyber attack and this is the opportunity for the next generation of terrorists. There has been little discussion as to whether the events of last Thursday were prompted by malicious means but it certainly is worth mentioning. At a time when Greece was burning launching a cyber attack against this part of the US financial system would clearly have been stunningly effective. Combining political instability with a cyber attack against the US financial system would create enough doubt about the cause of a market drop for the collapse gain rapid traction. Using targeted cyber attacks to stop one side of the trade within these exchanges (which are all highly automated and networked) would, as has now been proven, cause a dramatic collapse. This could also be adapted and targeted at specific companies or asset classes to cause a collapse in price. A scenario where-by one of the exchanges slows down its trades surrounding the stock of a company the bad-actor is targeting seems both plausible and effective.

A hybrid cyber and kinetic attack could also cause similar damage – as most trades are now conducted within data-centers – it begs the question why are there armed guards outside the NYSE – of course if retains some symbolic value but security resources would be better placed outside of the data-centers where these trades are being conducted. A kinetic attack against financial data centers responsible for these trades would surely have a devastating effect.  Finding the location of these data centers is as simple as conducting a Google search.

In order for terrorism to have impact in the future it needs to shift its focus from the weapons of the 20th Century to those of the present day. Using their current tactics the Pakistan Taliban and their assorted fellow-travelers cannot fundamentally damage western society. That battle is over. However, the next era of conflict motivated by a radicalism from as yet unknown grievances, fueled by a globally networked generation Y, their cyber weapons of choice and the precise application of ultra-violence and information spin has dawned. Five days in Manhattan flashed a light on this new era.

Roderick Jones

Certainly, the revenue model remains unclear, as does its true utility or even what the unintended consequences of using the service may be. In a National Security sense Twitter emerged as a powerful networked communications platform during the Mumbai terrorist attacks, when a stream of tweets marked #Mumbai (# being the global tagging system Twitter employs) gave a seemingly real-time commentary on events as they unfolded in Mumbai. Similarly, Twitter has been used to communicate the message and activity surrounding the riots in Greece using the #Griot tag. These are examples of the network effect working with a rapid communications platform and developing a powerful narrative from many different observation points. The style is anarchic but increasingly compelling.

Therefore, one argument regarding the long-term use of Twitter, in the National Security space at least, is that Twitter in conjunction with other tools, continues the trend of making ordinary citizens active producers of potentially actionable intelligence. This equally applies to Microsoft Photosynth and the meshing of user created digital platforms is a future trend, which doesn’t seem too far away. One of Twitter’s more recent high profile moments was the picture of the USAirways plane in the Hudson taken by an ordinary citizen who happened to be on a ferry, which went to the scene. This picture quickly and succinctly explained the situation to any emergency service in the area. This same principal can clearly be globally extended in terms of data and geographic reach. In fact it is the increasing penetration of mobile devices, which would seem to offer a bright future for the Twitter platform.

An area, which the Twitter platform excels in are the tools that can be used to manipulate the information within Twitter. This is where the open feel of the service suggests it somehow has more potential than the well designed social networking platforms such as Facebook. Information is messy and Twitter fits around this principle.

In order to examine Twitter we established a Twitter feed at www.twitter/In_Terrain. The idea behind this was to use the RSS feed Twitter tool TwitterFeed to push content of interest to a Twitter account and then examine ways in which this could be consumed. The results so far have been impressive. Twitterrific available for Apple products displays the security information feed in a very useful way. Tweetr for windows does a similar thing for Microsoft based systems and of course TwitterBerry enables access from a Blackberry. If users join Twitter they can chose to ‘follow’ the In_Terrain feed and receive the same information and potentially reply to specific tweets they find interesting – thus creating the ‘conversation’ Twitter, desires. Similarly, if other security and intelligence focused twitter feeds become apparent the In_Terrain twitter feed can ‘follow’ those conversations – thus beginning the network effect.

Clearly, this is still experimental and there are other avenues to explore with regard to GPS Twitter applications. The aim with the In_Terrain Twitter account is to generate tweets from mainstream information sources as well as the ‘lower frequencies’. Starting a National Security focused tweet seems like an interesting idea right now – so I welcome Blog readers to ‘join the conversation’ – and please make suggestions for improvements or content additions. Maybe it will even become useful.

The defining feature of terrorism and technology is its adaptive quality. It is highly unlikely that individual terrorists or terrorist groups would exactly replicate the mainstream functions of the technology abu aardvark highlights in his post. It is more likely they would take certain elements from the various innovations and mesh them together or otherwise distort them. So an al-Qaeda Facebook isn’t going to happen anytime soon but using the system to identify IDF soldiers for possible assassination already has. Similarly an ‘AQThirdlife’, which replicates the virtual world Second Life seems unlikely but using some of its key features still seems probable. The virtual money transfer aspect continues to be a high on most peoples list of concerns (this is discussed in a recent SSRN paper written by Stephen Landman, Funding Bin Laden’s Avatar: A proposal for the regulation of Virtual Hawalas, which he has kind enough to share with me). Aardvark’s point about an AQThird life also fails to account for phenomena such as the virtual caliphate, which is running in the UK, where users log into areas to see and hear sermons by dead or expelled radical preachers — there continues to be a market for extremism and virtual exposure to it is potentially more powerful than real exposure.

As ever the central point is that given rapid and increasing virtualization flexible thinking and planning is required to conceptualize the next form of terrorist threat — blogs appear to be a great enabler of this practice.

All of this also tends to agree with the assertion made by Philip Bobbit in ‘Terror and Consent’, that al-Qaeda is simply version 1.0 of a new type of terrorism for the 21st century. This type of terrorism is attuned to the advantages and pressures of a market based world and acts more like a Silicon Valley start-up company than the Red Brigades — being flexible, fast moving and wired — taking advantage of globalization to pursue a violent agenda.

This all somewhat begs the question of, what next? If al-Qaeda is version 1.0 what is 2.0? This of course is hard to discern but looking at the two certain trends, which will shape humanity over the next 20 years — urbanization and virtualization — throws up some interesting potential opponents who are operating today. The road to mass urbanization is currently being highlighted by the 192021 project (19 cities, 20 million people in the 21st century) and amongst other things, points to the large use of slum areas to grow the cities of the 21st century. Slum areas are today being globally exploited from Delhi to Sao Paulo by Nigerian drug organizations that are able to recruit the indigenous people to build their own cities within cities. This kind of highly profitable criminal activity in areas beyond the vision of government is a disturbing incubator.

Increased global virtualization complements urbanization as well as standing alone. Virtual environments provide a useful platform for any kind of real-life extremist (as is now widely accepted) but it is the formation of groups within virtual spaces that then spill-out into real-space that could become a significant feature of the 21st century security picture. This is happening with, ‘Project Chanology’ a group that was formed virtually with some elements of the Anonymous movement in order to disrupt the Church of Scientology. While Project Chanology (WhyWeProtest Website)began as a series of cyber actions directed at Scientology’s website, it is now organizing legal protests of Scientology buildings. A shift from the virtual to the real. A more sinister take on this is the alleged actions of the Patriotic Nigras — a group dedicated to the disruption of Second Life, which has reportedly taken to using the tactic of ‘swatting’ — which is the misdirection of armed police officers to a victim’s home address. A disturbing spill-over into real-space. Therefore, whatever pattern future terrorist movements follow, there are signs that religion will play a peripheral rather than central role.

Originally posted on the Counterterrorism blog.