Window Snyder, Mozilla's chief security something-or-other (her official title), wants to bring open source practices to the security community.
"At a lot of companies," she told me recently, "there's fear around security: you don't want to talk about what you're doing around security because one might deem it not enough--or might want to criticize it." She said most companies have a lot of reasons to keep what you're doing in security quite, but not Mozilla. "We benefit from being open; it's the model for us and it's been successful for us."
Snyder started her security work at @Stake (now a part of Symantec) then went to Microsoft and later Matasano Security. She describes her journey as moving toward open source with each environment. At Mozilla, makers of the popular Firefox browser, Thunderbird e-mail client, and other open software, she's pretty much at ground zero.
Snyder said the idea of opening up security came about by asking, "What are we doing internally that we can make publicly available to help somebody else in some other project."
They decided to start out small. "We're starting off with secure programs and practices for C and C++. There is a focus on how to make it useful for a browser, but there is of course a general aspect to this. It's training materials, it's syllabi, exercises, it's a workshop-style class. Hopefully we'll be able to do video as well." The idea is that one employee from a company can attend these workshops and then take the training back home to train even more people.
Johnathan Nightingale of Mozilla echoed this. "It's pretty brittle if there's only one person who is the security guy or gal that always solves a problem. It's better to get that knowledge out there--whether it's working on Mozilla or some other project. By working at understanding the good habits and the bad habits, you've made a huge step forward."
In addition to training sessions, Mozilla will be making a variety of tools available. Last year Mozilla released a protocol fuzzer created by Michael Eddington, and a Javascript fuzzer created by Jesse Ruderman. Further, Mozilla admitted that these tools had found vulnerabilities within Firefox. Accepting that openness, Opera reported that the tools had also discovered a flaw within its browser product. Microsoft, maker of Internet Explorer, and Apple, maker of Safari, haven't revealed whether they used the tool to detect any flaws in their products.
Snyder says often the security story isn't that a company created a tool that found 14 vulnerabilities in it own product, it's that there were 14 vulnerabilities in the product in the first place. "Why would they want to share this tool? Maybe they want to demonstrate how successful it was because it found a vulnerability. That's something that we can do that other companies cannot."
In addition to training and tools, Mozilla wants to talk more about security metrics and threat modeling.
"Threat modeling is a methodology for identifying security vulnerabilities, for identifying the risks of a security vulnerability within that application," Snyder said. "Making a threat model available shows other development environments how a complex application like Firefox gets deconstructed into threats, along with the mitigations that we've implemented to address those specific threats.
"But it also gets us feedback on whether or mitigations are sufficient. It gets the research community engaged in another point in the development process. Instead of looking for vulnerabilities at the end of the lifecycle, they're able to get involved in the threat modeling process which is between design and implementation, ideally. You want to be able to do it early enough in the process so that you can actually change at the architectural level as the result of threat modeling."
The goal, she said, is to remove whole categories of vulnerabilities. "Here's a pattern, and if we implement one architectural change we can eliminate all these vulnerabilities."
Threat modeling is more theoretical; it's abstract. "So, instead of saying concretely if you do this that and the other thing, that will result in an actual vulnerability, threat modeling, says there is no input validation mechanism, for example. If you send a request this way, you end up bypassing the input validation mechanism and you're sending content, unvalidated to this audio decoder. That would be scary. So the threat would be unvalidated content is being passed directly to the audio decoder if it comes in this way. A vulnerability would be there's an overflow in the audio decoder that an attacker is able to trigger if they craft a URL this way, and because it bypasses the input validation mechanism, all these other mechanisms that would have protected from an exploit are bypassed as well."
She concludes that the training, the tools, and the threat modeling is "good for peer reviews, it's good for testers, it's good for developers." She sees it as delivering on a promise to "to make the Web more secure."
Mozilla has been steadily demonstrating how open source projects can make money without betraying their community goals. At Mozilla, she says "we absorb the costs in criticism and we tolerate that in security because the benefit for us far outweighs everything else."
Saturday, October 25, 2008
Thursday, October 23, 2008
Post Cold War Systemic: Toolkit Problems and Notes
Every problem touches others, and few problems submit to simple cause-and-effect reasoning. The so-called war on terror, for example, touches the Iraq problem, just as the Iraq problem touches, among other things, our need for oil, our relations with China and Russia, and our current operation in Afghanistan. Costs, resources, will, perception, threats, risks–all combine to create an interwoven network of conflicting constraints and difficult tradeoffs. Most people understand this intuitively, although sophisticated analysis is required to untangle a network with any confidence.
Perhaps the most evident lack of systems thinking resides in how we perceive the problem itself. During the Cold War, for example, we understood that the conflict was as much a war of ideas as a war of missiles. In fact, one could argue that we won the war with ideas while our missiles thankfully rested in their silos. We also understood that a misstep in Asia meant trouble in Europe while a faux pas in Central America could spell disaster on the home front. Significantly, our Cold War toolkit reflected this understanding. While our military forces stood ready, we employed–and employed well–a wide range of tools short of war: surveillance, intelligence (human and technical), espionage, psychological operations, alliances, and diplomacy.
Today, our toolkit has dwindled to a single hammer– military force–and the tools we once employed so effectively as a suite now exist largely to support this force. We are simply not equipped to deal with the problem as a system; we don’t understand it as one, and any capability for subtlety or stratagem we achieved during the Cold War has atrophied.
Perhaps the most evident lack of systems thinking resides in how we perceive the problem itself. During the Cold War, for example, we understood that the conflict was as much a war of ideas as a war of missiles. In fact, one could argue that we won the war with ideas while our missiles thankfully rested in their silos. We also understood that a misstep in Asia meant trouble in Europe while a faux pas in Central America could spell disaster on the home front. Significantly, our Cold War toolkit reflected this understanding. While our military forces stood ready, we employed–and employed well–a wide range of tools short of war: surveillance, intelligence (human and technical), espionage, psychological operations, alliances, and diplomacy.
Today, our toolkit has dwindled to a single hammer– military force–and the tools we once employed so effectively as a suite now exist largely to support this force. We are simply not equipped to deal with the problem as a system; we don’t understand it as one, and any capability for subtlety or stratagem we achieved during the Cold War has atrophied.
Fixing Fragile States by Enterra Solutions (Thomas Barnett)
Globalization has both its proponents and opponents. Its proponents point to the fact that globalization has helped billions of people climb up the economic pyramid and out of poverty's grasp. Opponents note that it doesn't seem to be helping the remaining 1.4 billion people still locked in poverty's grip. Most of these so-called "bottom billion" are trapped inside nation states that have little going for them except a recognized international border. These states have variously been labeled, failed, failing, weak, and fragile. Seth Kaplan, a business consultant and entrepreneur who has run multinational firms and founded successful local corporations in Asia, Africa, and the Middle East, believes there is a difference between failed, weak, and fragile states. Kaplan also believes that past efforts to support such states have not recognized the differences nor the idiosyncratic circumstances each such nation faces. In a new book, Fixing Fragile States, Kaplan provides his prescription for addressing the challenges that keep such states from progressing.
Kaplan believes that "fragile states are a menace unlike any other, endangering international security, while ruining the lives of hundreds of millions across the globe." The only way to reduce these dangers, he insists, is reduce the number of such states. On this point, Kaplan agrees with my colleague Tom Barnett, who asserts that such states almost exclusively exist in the geographical region he calls the Gap. Tom, too, believes that the grand strategy the global community should embrace is to "shrink the Gap." Kaplan writes:
"If we are to transform failed and failing states in Africa, Latin American, the Middle East, and elsewhere, we need to adopt innovative policies that challenge conventional wisdom. In particular, we need to embrace a new way of thinking about development."
Kaplan believes like I do that one must take a holistic view of development. As a result, Kaplan's approach "blends political, science, economic, sociological, and business theory" to explain why states fail and how that can change. Specifically, Kaplan believes that too many of those involved in development fail to appreciate the importance of local conditions, culture, and circumstances. As a result, Kaplan believes that they have tried to press cookie cutter solutions in situations where they simply won't work. As proof that historic approaches haven't worked, Kaplan cites a World Bank report that laments the fact that the number of fragile states has grown from 17 in 2003 to 26 in 2006. He also notes some of the common shortcomings that analysts point to as the causes of state failure: "weak governance, ill-conceived policies, and feeble institutions." These institutional shortfalls, Kaplan notes, mean that "fragile states are unable to garner anything but the paltriest fruits from globalization. ... As a result, fragile states typically export no more than a handful of commodities, often produced in protected enclaves that limit opportunities for embezzlement and violence."
Although he doesn't use the term "sovereignty gap" preferred by Ashraf Ghani and Clare Lockhart, Kaplan recognizes that such a gap is a critical characteristic of fragile states [see my post entitled More on Dealing with Failed States. Kaplan writes:
"Most experts agree that any country where the government is unable to deliver even the most basic public services -- such as territorial control and security -- to a significant portion of the population is failing. ... Fragile or weak states, however, encompass a much wider group of territories where the national government operates, but has institutions so dysfunctional that they perform many of their tasks badly -- or not at all. ... The state is so incapacitated that it cannot provide many essential services: public schools and hospitals barely operate in many places, police and judges are beholden to the rich and the powerful, and the black market trumps moneymaking activities."
Kaplan believes that old approaches to helping fragile states have failed because they have concentrated almost exclusively on helping ill-conceived and illegitimate government bureaucracies build capacities. That top down approach, Kaplan asserts, won't work as long as the institutions that need support are not recognized or utilized by the local population. "The cure for fragile states," Kaplan asserts, "is development." On that point, Kaplan and I agree. Kaplan, however, has a very interesting view of what constitutes development.
"Although usually equated with economic growth, [development] is really a process of transforming the system of how the members of a society work together. Although education and health care can better prepare individuals to participate in development, a country's ability to advance is crucially tied to its citizens' ability to cooperate -- both among themselves and in partnership with the state -- in increasingly sophisticated ways. A community's capacity to foster progress is therefore highly dependent on its social cohesion and its set of shared institutions -- especially its set of shared informal institutions in the early stages of development when strong, formal governing institutions are typically absent."
Kaplan is correct that a lack of social cohesion prevents sustained development. Nothing demonstrates a lack of cohesion more than the civil wars that plague so many Gap states. One of the problems, analysts point out, is that states in the Gap are often "fake states" whose borders were drawn by colonial powers without regard for traditional tribal boundaries. Few of these fake states have ever managed to achieve the social cohesion that Kaplan discusses. Kaplan believes that social boundaries can be bridged by economic cooperation that spawns informal institutions whose capacities can then be strengthened to make them more formal. Here, however, Kaplan faces the development/security conundrum faced in what Tom Barnett calls the military/market nexus.
Kaplan admits that "investor's money is the fuel that drives the wealth-creation process that is the prerequisite for any development." But as I have stressed on numerous occasions, investor dollars are cowards. They flee any situation where risks outweigh rewards. No risk is a greater threat to investment dollars than violent conflict and instability. Kaplan's bottom-up approach, which involves making governments "more relevant to their populations by interconnecting them with local, informal, internally driven political and economic processes," does empower local societies, but it doesn't address how to get over the initial security challenge so that the approach can work. Security is no small hurdle to progress. The marketing material for Kaplan's book states, "Flawed governance systems, not corrupt bureaucrats or armed militias, are the cancers that devour weak states. The cure, therefore, is not to send more aid or more peacekeepers but to redesign political, economic, and legal structures--to refashion them so they can leverage local traditions, overcome political fragmentation, expand governance capacities, and catalyze corporate investment." As I've stated time and again, security and development go hand-in-hand. I agree with Kaplan that sending peacekeepers into a fragile state without an accompanying development plan won't put the state on the road to recovery. Both are required.
Take, for example, the Iraqi city of Samarra. Violence has been so frequent in that city that for the past two years people haven't even been able to worship in their famous Askariya Shrine. Development projects during that time came to a complete standstill. Relative security in Samarra has finally returned and development is once again progressing ["As Bombs Fall Silent, an Iraqi City Rebuilds," by Erica Goode, New York Times, 2 October 2008]. Goode writes:
"Yet the costs of greater safety are also apparent. At virtually every corner there are checkpoints staffed by members of the Iraqi security forces or guards from the Awakening, the citizen patrols that the American military paid and trained to fight the insurgents. Blast walls line the streets. And to stray outside the nine 'safe' neighborhoods that American military officials say have been secured by the Awakening guards is still to invite violent death. ... Still, new reconstruction projects for the city are planned, including the building of a water treatment plant, the refurbishment of five schools and the repair of an asphalt factory. 'Progress has been made, some of it has been significant, some of it has been slow, some of it has been mixed,' said Lt. Col. J. P. McGee, commander of the Second Battalion, 327th Infantry stationed in the area, who added that there had been a 'complete security transformation' in Samarra. The local council is finally able to meet. A court has reopened, making it no longer necessary for couples who wish to marry to travel to another district to register. But the streets of newly opened shops are ringed by blocks of bombed-out buildings fronting on deserted sidewalks piled with broken glass, crumbled pillars, tin and rebar."
My point is that Kaplan's strategy for development, like all other plans, depends on a relatively stable and secure environment. Kaplan's "paradigm for development" has ten parts.
1. Adopt Local Models -- "States need to look inward for their resources and institutional models and adopt political structures and processes that reflect the history, complexity, and particularly of their peoples and environment. ... Far more emphasis must be placed on seeking locally appropriate solutions for problems of governance, land resource, and knowledge transfer if development is ever going to become locally propelled and thus sustainable."
I agree that local conditions must be taken into account when constructing any development plan. The more "buy in" a plan gets from the local population the greater its chances of success. The problem with "fake states," however, is that some of them have few resources on which to draw and tribal biases are so ingrained that a collaborative approach to governance may take years (or generations) to establish.
2. Closely Integrate State and Society -- "States need to be deeply enmeshed within the societies they are meant to represent if they are to be effective tools of governance and development. ... State institutions constructed around identity groups can duplicate some of the important features of nation-states, leveraging traditional approaches to problems of political and economic order. ... Cohesive identity groups are more likely to unify behind and discipline their own state structures (both formally and informally), ensuring that they work for the benefit of the group the structures represent."
Kaplan points to the Kurdistan Regional Government as a local structure that is perceived as working more effectively for a particular group than the central government. The problem with using the KRG as an example is that while Kaplan argues for integrating state institutions with society, his example supports establishing autonomous regions. If such regions can be woven into a federated system, then the road to integration might work. But most autonomous regions believe they are only a step away from sovereignty, which doesn't bode well for long-term integration.
3. Design Institutions around Identity Groups -- "If people are to make effective use of their own histories and customs in fashioning institutions and laws that best reflect their particular needs, then state structures must be better aligned with cohesive identity groups where practical. Such reengineering will naturally foster greater legitimacy of the state and make it better able to integrate informal institutions into formal structures while increasing the ability of groups to leverage their built-up imbedded social capital to improve economic conditions."
Kaplan is certainly justified in his fascination with ethnic, cultural, and religious identities. As he points out, even in developed nations issues surrounding ethnicity and religion rear their heads on a regular basis. Any plan for establishing a sustainable system of governance must ensure that all citizens feel they have a voice. As Kaplan points out, "most fragile states are centralized in ways that accentuate their difficulties." Recent elections in Kenya are a good case in point.
4. Construct States Bottom-Up -- "In many cases, the best chance for leveraging local capacities and institutions and improving governance will be to focus on building up local governments and tying them as closely as possible to their local communities. While in some cases (especially in rural areas and small cities) this may mean leveraging traditional identities and institutions, including chiefs and village elders where they retain strong legitimacy. In the case of many large cities whose populations are diverse and increasingly divorced from their traditional roots, the best way to introduce accountability into state organs is to structure them around greatly empowered administrations."
Using a bottom-up approach requires walking a very fine line. Kaplan admits that local governments can be "afflicted by parochialism, factionalism, the danger of elite capture, inequity, and injustice." One need only look at the situation in Afghanistan or in Somalia to see how powerful warlords have managed to co-opt large sections of those countries because the central government is weak or non-existent. Kaplan correctly notes that central governments are critical in providing the infrastructure necessary for the common good, but he believes that central governments have a difficult time fostering trust at the local level. Kaplan recommends strengthening local government institutions. He believes they can be strengthened in ways that make them both trustworthy and competent through the use of "accountability loops" and "oversight committees." The idea is to create a more participatory experience for citizens.
5. Exploit the Advantages of Regionalism -- "In regions populated by multiple pintsized fragile states, regionalism offers the best chance to overcome the poisonous and self-reinforcing nexus of identity divisions, weak administrative capacities, undersized markets, and limited human resources. Regional associations of small, poor countries -- if allowed to fully leverage region-wide capacities and outside assistance, and if empowered with the necessary authority and staffed by [a] team of competent managers -- could gradually transform the institutional environments and economic prospects of their member-states."
In a post entitled The Rising "China Price," I noted that rising transportation costs are shrinking the supply chains of many companies and placing more importance on regional economic systems. I concluded that "a regionalized economy will help impoverished nations, but regionalization (as a part of globalization) is a new twist that will take time to work out. Time, unfortunately, is often the enemy of economies in crisis." The key to making Kaplan's strategy work is the "team of competent managers" that fights corruption and creates trust.
6. Unify Disparate Peoples -- "As state cohesion is a major predictor of state effectiveness, more emphasis should be placed on measures that unify disparate peoples in fragile states. This is especially important in countries where multiple identity groups are not concentrated in particular areas but are spread throughout the country, making pointless to introduce federalism and other territorial based institutional agreements. ... In states containing combustible mixes of identity groups living side by side, such as Syria, formal bodies should be designed to institutionalize cross-group cooperation and to minimize the potential for ethnic, religious, tribal or clan divisions sparking verbal or violent conflict that undermines the state."
Although Kaplan is absolutely right that every possible effort should be made to unify disparate peoples, he also knows that doing that is easy said than done. Look at the former Yugoslavia. People in that former Balkan "fake state" lived together in relative peace for nearly half a century under Tito. It took very little, however, to spark violence and civil war after Tito's death. The eventual outcome was state disintegration. Kaplan recommends some form of "consociational government" be used to reduce "tensions by lessening or eliminating actual or perceived imbalances." But one of the states to which Kaplan points as an example of such a governmental system -- Belgium -- is on the verge of separation ["With Flemish Nationalism on the Rise, Belgium Teeters on the Edge," by Michael Kimmelman, New York Times, 4 August 2008]. As Kimmelman writes: "It's about culture in the end. In its escalating dysfunction Belgium demonstrates the inextricable link between culture and nationhood."
7. Supplement State Capacity -- "In many cases, states are unable on their own to create and sustain some of the capacities necessary for them to promote stability development. Where institutional reengineering and other creative mechanisms are unable to overcome these deficiencies, outside assistance might be more helpful if it was directed at supplementing capacity rather than providing more cash or technical assistance."
Kaplan notes that states with a history of internal strife might need outside security or law enforcement forces to maintain a secure environment (the same peacekeepers that Kaplan's marketing material seem to eschew). In countries with highly exploitable resources, Kaplan says that "multinational companies could be mandated to provide security and education, health, and infrastructure improvements to local citizens in areas where those companies prospect for natural resources if a weak state is unable to do so." In my discussions about Development-in-a-Box™, I have often recommended public/private partnerships as a good way to develop infrastructure when an emerging market country cannot provide it by itself. I have also recommended a system of mentors that can be used to train local citizens so that they can fully assume responsibility for local business and government activities. Kaplan notes that supplementing state capacities is cost effective and less prone to corruption than cash assistance.
8. Reinforce and Complement Local Processes -- "At present, 'much external action either undermines (local) governance structures or puts in place structures that are unsustainable.' Instead of continuing to promote one-size-fits-all prescriptions, Western aid agencies and governments should make much more use of nonfinancial aid, put more emphasis on institutional reengineering, devote greater effort to reinforcing local processes in a bottom-up fashion, and work harder to ensure that the assistance provided actually helps local efforts to spur development."
I believe that the heart of Kaplan's approach -- the point to which he returns time and again -- is strengthening local capacities in ways that build on traditional structures. We know that this approach is viable because it is basically the approach promoted by Muhammad Yunus and his Grameen Bank. Any program that connects and empowers people also provides them a stake holding in the future.
9. Foster Private Investment and Competition -- "Although they generally receive scant attention from the development community, businesses and private investment are actually the main engines of development and should be prioritized as such. Only companies can drive the self-sustaining wealth-generating process underpinning development forward; provide work to the armies of unemployed in the underdeveloped world; efficiently transfer better work skills to large numbers of people; increase productivity throughout an economy; lower the price of goods consumed by poor people; and provide the revenue necessary to fund education, health, and other public programs and to wean governments off of foreign aid."
On this point, Kaplan and I are in complete agreement. Anyone who has followed my posts on Development-in-a-Box understands how passionately I believe that helping foster a growing and diverse economy that supports a sustainable middle class is the key to lifting millions out of poverty.
10. Creatively and Gradually Increase Accountability -- "In states where rapid change may be detrimental to stability or may be obstructed by elites, emphasis should be given to encouraging gradual, incremental reform that introduces a variety of mechanisms to hold governments more accountable, to integrate them more closely with their societies, and to make them more dependent on their citizens."
Here Kaplan is stressing that any development approach must be pragmatic. I agree. Any approach that is not pragmatic simply won't work. Kaplan is also correct that eventually a government must operate transparently and with integrity. This is not only important for connecting the government with the governed, but to connect the national economy to the global economy.
Kaplan believes "these ten guidelines amount to a significant reconceptualization of the causes and problems of fragile states and of the best way to fix them." I'm not sure I would go that far, but I do appreciate the fact that Kaplan is promoting a holistic approach to development. Kaplan concludes:
"Only by learning from the mistakes of the past and formulating policies that recognize and respond to local conditions can we construct a brighter future for the unfortunate citizens of fragile states -- and bring greater security, stability, and prosperity to all the world's citizens."
I can certainly support that conclusion. I also believe he gets the priorities right -- security, stability and then prosperity. For anyone interested in development, Kaplan's book is a welcomed addition to the growing library of literature dealing with the subject. The competition of ideas is important for discovering what works and what doesn't. Kaplan's stress on using idiosyncratic approaches that match local conditions is important. On the other hand, the approaches utilized can't be so unique that they isolate a developing country from the larger international community. In my post Explaining Development-in-a-Box™, I noted that connecting to the global economy requires an emerging market country to garner the trust of others and the fastest way to do that is to adopt internationally accepted standards and best practices. I wrote that "it makes no sense for each emerging market country to reinvent these standards and practices. They can be imported as 'in the box' solutions and, when necessary, be adapted to local conditions. Because they don't have to be reinvented or rediscovered in each new situation, valuable time is saved and precious resources aren't squandered." The development community needs as many tools in its kit as it can find. Kaplan's book provides a few more of those tools.
Wednesday, October 22, 2008
Has Al-Qaida Chosen its Candidate? An Examination of the "Al-Hesbah-McCain" Controversy by Evan Kohlmann
Earlier this week, the Washington Post published an article examining recent "chatter" on Al-Qaida Internet forums which appears to endorse Arizona Senator John McCain as Al-Qaida's "preferred" candidate in the upcoming U.S. presidential election. The Post cites a message posted on the notorious Al-Qaida web forum known as "Al-Hesbah" from a frequent discussant, "Mohammad Haafid", in which the latter individual suggests, "Al-Qaeda will have to support McCain in the coming election" because McCain's anticipated counter-terrorism policies "will succeed in exhausting America." In the wake of the article, the McCain campaign quickly responded with a conference call featuring key advisers Randy Scheunemann and Jim Woolsey. Both men correctly pointed out that the original message on Al-Hesbah was not posted on behalf of any terrorist organization, but was simply the work of an "individual blogger." However, Scheuenmann and Woolsey went even farther, reportedly dismissing the discussions of Al-Hesbah users as meaningless "musings and bravado" broadcast over a single "terrorist Islamist blog."
I sympathize with Scheuenmann and Woolsey when they point out the relevant contrasts between an official communique issued by a terrorist faction versus the independent bloviations of self-appointed Al-Qaida advocates. However, with all due respect, it is extremely disturbing that a former director of the CIA would categorize "Al-Hesbah" as just another "terrorist Islamist blog." One certainly does not need access to classified intelligence data to know what Al-Hesbah is, and who subscribes to their forum. On April 3, 2006, Al-Qaida's Organization in Saudi Arabia issued an official communique regarding their relationship with Al-Hesbah: "We can only say good things about our brothers from the Al-Hesbah network... The brothers from Al-Hesbah have provided a superb service to the jihad and the mujahideen and everyone credits them for this." Last spring, when Al-Qaida's deputy commander Dr. Ayman al-Zawahiri made himself available for a public question-and-answer session, Al-Hesbah was one of three forums specifically identified by Al-Qaida as accepting queries directly on behalf of al-Zawahiri. Over the past four years, Al-Hesbah forum users have quietly disappeared on an almost weekly basis in order to embark upon real-life jihadi missions. A variety of seemingly "ordinary" Al-Hesbah users have been reported "martyred" in jihadi conflicts that include Iraq, Afghanistan, Saudi Arabia, Lebanon, and North Africa. Meanwhile, with its fellow online web partners Al-Ekhlaas, Al-Firdaws, and Al-Boraq currently knocked offline, Al-Hesbah is Al-Qaida's last fortified redoubt left on the Internet. Casually dismissing Al-Hesbah as "just another terrorist Islamist blog" is like referring to Internet giant Google as "just another e-commerce website."
There is, of course, a degree of well-deserved irony in John McCain having to defend himself against charges of being a "terrorist enabler". The McCain campaign has been unforgivably slow to condemn the vocal minority of their supporters at recent campaign rallies who have shouted out "Terrorist!" and "Kill him!" in response to hearing the name of Senator Barack Obama. The fact is, Al-Qaida's real interest in the current American election cycle has nothing to do with choosing one candidate over the other -- clearly, Al-Qaida doesn't like either candidate. Rather, what Al-Qaida is hoping to witness this political season are internal recriminations, name-calling, racism, xenophobia, disunity, and America tearing at its own social fabric. The motivation is obviously not in crowning the victor, but in prolonging the game. Those foolish individuals who have shown up at political rallies carrying tasteless signs and threatening violence against their own fellow Americans are Al-Qaida's real allies in this race. They are the ones who are responsible for providing a limitless bounty of propaganda fodder for our global adversaries -- and there should be no tolerance in either campaign for such despicable behavior.
I sympathize with Scheuenmann and Woolsey when they point out the relevant contrasts between an official communique issued by a terrorist faction versus the independent bloviations of self-appointed Al-Qaida advocates. However, with all due respect, it is extremely disturbing that a former director of the CIA would categorize "Al-Hesbah" as just another "terrorist Islamist blog." One certainly does not need access to classified intelligence data to know what Al-Hesbah is, and who subscribes to their forum. On April 3, 2006, Al-Qaida's Organization in Saudi Arabia issued an official communique regarding their relationship with Al-Hesbah: "We can only say good things about our brothers from the Al-Hesbah network... The brothers from Al-Hesbah have provided a superb service to the jihad and the mujahideen and everyone credits them for this." Last spring, when Al-Qaida's deputy commander Dr. Ayman al-Zawahiri made himself available for a public question-and-answer session, Al-Hesbah was one of three forums specifically identified by Al-Qaida as accepting queries directly on behalf of al-Zawahiri. Over the past four years, Al-Hesbah forum users have quietly disappeared on an almost weekly basis in order to embark upon real-life jihadi missions. A variety of seemingly "ordinary" Al-Hesbah users have been reported "martyred" in jihadi conflicts that include Iraq, Afghanistan, Saudi Arabia, Lebanon, and North Africa. Meanwhile, with its fellow online web partners Al-Ekhlaas, Al-Firdaws, and Al-Boraq currently knocked offline, Al-Hesbah is Al-Qaida's last fortified redoubt left on the Internet. Casually dismissing Al-Hesbah as "just another terrorist Islamist blog" is like referring to Internet giant Google as "just another e-commerce website."
There is, of course, a degree of well-deserved irony in John McCain having to defend himself against charges of being a "terrorist enabler". The McCain campaign has been unforgivably slow to condemn the vocal minority of their supporters at recent campaign rallies who have shouted out "Terrorist!" and "Kill him!" in response to hearing the name of Senator Barack Obama. The fact is, Al-Qaida's real interest in the current American election cycle has nothing to do with choosing one candidate over the other -- clearly, Al-Qaida doesn't like either candidate. Rather, what Al-Qaida is hoping to witness this political season are internal recriminations, name-calling, racism, xenophobia, disunity, and America tearing at its own social fabric. The motivation is obviously not in crowning the victor, but in prolonging the game. Those foolish individuals who have shown up at political rallies carrying tasteless signs and threatening violence against their own fellow Americans are Al-Qaida's real allies in this race. They are the ones who are responsible for providing a limitless bounty of propaganda fodder for our global adversaries -- and there should be no tolerance in either campaign for such despicable behavior.
Subscribe to:
Posts (Atom)