You are here

Mumbai:: Lessons in security: Terrorists Used Google Earth, Boats, Food

Bruce Schneier is probably the best in the business when it comes to security... and as he makes the point often, it does not have to be high cost or high tech.

His security email CRYPTOGRAM comes like clockwork on the 15th of every month. So for those who have the time and the inclination, I would strongly recommend that you subscribe to it.

Read on, and best wishes,

.

Lessons from Mumbai

Written right after the carnage:

I'm still reading about the Mumbai terrorist attacks, and I expect it'll be a long time before we get a lot of the details. What we know is horrific, and my sympathy goes out to the survivors of the dead (and the injured, who often seem to get ignored as people focus on death tolls). Without discounting the awfulness of the events, I have some initial observations:

* Low-tech is very effective. Movie-plot threats -- terrorists with crop dusters, terrorists with biological agents, terrorists targeting our water supplies -- might be what people worry about, but a bunch of trained (we don't really know yet what sort of training they had, but it's clear that they had some) men with guns and grenades is all they needed.

* At the same time, the attacks had a surprisingly low body count. I can't find exact numbers, but it seems there were about 18 terrorists. The latest toll is 195 dead, 235 wounded. That's 11 dead, 13 wounded, per terrorist. As horrible as the reality is, that's much less than you might have thought if you imagined the movie in your head. Reality is different from the movies.

* Even so, terrorism is rare. If a bunch of men with guns and grenades is all they really need, then why isn't this sort of terrorism more common? Why not in the U.S., where it's easy to get hold of weapons? It's because terrorism is very, very rare.

* Specific countermeasures don't help against these attacks. None of the high-priced countermeasures that defend against specific tactics and specific targets made, or would have made, any difference: photo ID checks, confiscating liquids at airports, fingerprinting foreigners at the border, bag screening on public transportation, anything. Even metal detectors and threat warnings didn't do any good.

If there's any lesson in these attacks, it's not to focus too much on the specifics of the attacks. Of course, that's not the way we're programmed to think. We respond to stories, not analysis. I don't mean to be unsympathetic; this tendency is human and these deaths are really tragic. But 18 armed people intent on killing lots of innocents will be able to do just that, and last-line-of-defense countermeasures won't be able to stop them. Intelligence, investigation, and emergency response. We have to find and stop the terrorists before they attack, and deal with the aftermath of the attacks we don't stop. There really is no other way, and I hope that we don't let the tragedy lead us into unwise decisions about how to deal with terrorism.

http://www.news.com.au/couriermail/story/0,23739,24726093-954,00.html
http://www.upi.com/Top_News/2008/11/29/Executive_says_Taj_hotel_warned_of_attack/UPI-97361228007685/ or http://tinyurl.com/5onsh6
http://www.pebbleandavalanche.com/weblog/2008/11/30/blog-20081130T1857

Movie-plot threats:
http://www.schneier.com/essay-087.html

Our brains and stories:
http://www.schneier.com/essay-171.html

** *** ***** ******* *********** *************

Communications During Terrorist Attacks are *Not* Bad

Twitter was a vital source of information in Mumbai; people were using the site to communicate with and update others during the terrorist attacks. We simply have to be smarter than this idea: "And this morning, Twitter users said that Indian authorities was asking users to stop updating the site for security reasons. One person wrote: 'Police reckon tweeters giving away strategic info to terrorists via Twitter.'"

This fear is exactly backwards. During a terrorist attack -- during any crisis situation, actually -- the one thing people can do is exchange information. It helps people, calms people, and actually reduces the thing the terrorists are trying to achieve: terror. Yes, there are specific movie-plot scenarios where certain public pronouncements might help the terrorists, but those are rare. I would much rather err on the side of more information, more openness, and more communication.

http://technology.timesonline.co.uk/tol/news/tech_and_web/article5245059.ece or http://tinyurl.com/5zu8zc
http://stephensonstrategies.com/2008/11/26/us-officials-must-monitor-learn-from-use-of-web-20-in-mumbai/ or http://tinyurl.com/58htvy

** *** ***** ******* *********** *************

Mumbai Terrorists Used Google Earth, Boats, Food

The Mumbai terrorists used Google Earth to help plan their attacks. This is bothering some people:

"Google Earth has previously come in for criticism in India, including from the country's former president, A.P.J. Abdul Kalam.

"Kalam warned in a 2005 lecture that the easy availability online of detailed maps of countries from services such as Google Earth could be misused by terrorists."

Of course the terrorists used Google Earth. They also used boats, and ate at restaurants. Don't even get me started about the fact that they breathed air and drank water.

"A Google spokeswoman said in an e-mail today that Google Earth's imagery is available through commercial and public sources. Google Earth has also been used by aid agencies for relief operations, which outweighs abusive uses, she said."

That's true for all aspects of human infrastructure. Yes, the bad guys use it: bank robbers use cars to get away, drug smugglers use radios to communicate, child pornographers use e-mail. But the good guys use it, too, and the good uses far outweigh the bad uses.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=networking_and_internet&articleId=9121819&taxonomyId=16&intsrc=kc_top or http://tinyurl.com/6sytye

** *** ***** ******* *********** *************