Wednesday, December 24, 2014

Maulana Abdul Aziz on the Defensive...For Now

[Update: An Islamabad court has issued an order for Aziz' arrest.  Judging from the Guardian report, characterize the police reaction as "gingerly":

“Police have received the court order and we are trying our best to implement it,” a police official in capital Islamabad said, requesting anonymity as he was not authorised to talk to media. CH, 12/28/2014]

 If you've been following the @chinahand twitter feed, you know I've been retweeting a stream of tweets from Pakistan civil society stalwarts trying, with some success, to put the focus on Abdul Maulana Aziz and the Lal Masjid mosque in the wake of the Peshawar student massacre on December 16.  In that attack, Pakistan Taliban or TTP militants penetrated a military-run school and massacred 132, mostly young students who were the children of military officers.

The Pakistan army is apparently and understandably genuinely infuriated by the murder of the children of their own officers and has killed several dozen Pakistan Taliban in retaliation.  It is unclear to me whether these operations are targeting Pakistani Taliban directly implicated in the attack, or if they are broad brush "price tag" attacks that draw a bright line for the TTP not to cross--and leave plenty of space behind the bright line for jihadi skullduggery.

For instance, the current head of the main faction of the TTP, Maulana Fazlullah, (we can't talk of the TTP as a unified group anymore; it has fragmented, with some factions breaking away and declaring allegiance to IS) is apparently not particularly capable or popular and the ISI may have decided to use the furor to forcibly rejigger the leadership structure of his group.

At times like this I greatly miss the insights and knowledge of Saleem Shahzad, the intrepid Asia Times Online reporter who was murdered in May 2011 as he investigated an al Qaeda cell in the high levels of the Pakistan military.

The Afghan Taliban--which is trying to lay the foundation for its eventual domination of Afghan politics with the assistance of Pakistan's security establishment and has little patience with its Pakistan cousin--immediately condemned the attack.

There is a broad and frustrated swath of educated Pakistani opinion that is horrified by what the nation has become, and is hoping the reaction to the Peshawar massacre will rally civil society in favor of an alternate future, in which the nation is not a plaything in the hands of extremists and their military and intelligence enablers.

The only effective anti-TTP political force in Pakistan, the MQM--a rather thuggish party that dominates Karachi through its championing of the interests of the "Mujahir" (immigrants from India at the time of partition) majority and treats the local presence of Pashtuns,  extremists and otherwise, as an existential challenge--jumped on the bandwagon with its own vociferous condemnation of the attack, and of Maulana Aziz and the Lal Masjid mosque.

Adbul Maulana Aziz is an unrepentant and, until recently, unapologetic advocate of Islamic extremism.  He refused to condemn the Peshawar horror at first, leading to a storm of criticism and a filing of a "First Information Report" or FIR in Pakistan's courts--the first step in a criminal investigation--in Islamabad, and another FIR filed in Karachi by the MQM and accompanied by mass rallies in response to anti-MQM threats allegedly made by the cleric made in a recent sermon.

Maulana Aziz's attention to these challenges was probably accentuated by reports that the Pakistan government was claiming adequate grounds had been found to re-open a clutch of cases against the cleric--cases that had apparently been ditched when the government was cultivating him as its outreach agent to the TTP.

With every appearance of insincerity, Maulana Aziz condemned the massacre on December 21, five days after the event, and, I would think, expects with some justification that he'll be able to ride out the transitory storm of outrage and return to business as usual.

ISLAMABAD: Submitting to a huge outcry from civil society, the chief cleric of Lal Masjid Maulana Abdul Aziz apologised for failing to unconditionally condemn the Peshawar massacre carried out by Taliban on December 16.

“I condemn the killing of schoolchildren and apologise,” Aziz said while talking to The Express Tribune.

The cleric admitted he realised his mistake only after his followers convinced him. He clarified that he did not threaten any member of civil society and police have registered FIR against him under social pressure which is not a good precedent.

Aziz said his personal opinion was unnecessarily propagated in the media. “I forgave Musharraf for launching military operation against us, how it is possible that I was not saddened by the killing of innocent schoolchildren,” he added.


The post reproduced below provides some background on Aziz, why he and the Lal Masjid mosque are at the center of Pakistan Islamic extremism...and why the People's Republic of China is closely and uncomfortably interested in this cleric, his mosque, and the military movement it spawned.

ISIS Tentacles Reach Toward China
August 14, 2014


It’s been reported on the always-reliable Twitter by a Pakistan journalist, Ali Kamran Chishti, that Abdul Maulana Aziz has declared his support for the “Caliphate of Abu Bakar Baghdadi” i.e. ISIS.  “Video to be uploaded soon”.

If confirmed, this is potentially big and bad news for the People’s Republic of China.

Abdul Maulana Aziz was the radical spiritual leader of Lal Masjid, the Red Mosque, in downtown Islamabad.

In 2007, after a prolonged and desultory siege, Pakistan armed forces stormed the mosque, signaling a partial fracture of the de facto alliance between the Pakistan deep state and radical Islam.

The confrontation was little noted in the West, but it was big news in the People’s Republic of China.

Followers of the Red Mosque had targeted Chinese sex workers as part of a purification campaign; Uighur students—“terrorists” according to the PRC--were reportedly ensconced at the mosque; and, as the as the siege muddled slowly on its initial stages, radical Islamists retaliated against Chinese in other parts of the country.

In response the PRC, which at that time relied largely upon the good offices of its local allies and assets to keep a lid on Uighur extremism, demanded action.  Pervez Musharraf, torn between his military/intelligence and Chinese constituencies, obliged the PRC by sending troops personally loyal to him to storm the mosque in a bloody, catastrophic attack that probably claimed hundreds of lives.

Aziz had previously attempted to escape the siege by disguising himself in a burka, but was captured and paraded before the cameras in a humiliating fashion.  His brother died in the assault.

Maulana Aziz was released on bail in 2009 and spoke to an adoring throng.  The Guardian described the scene:

The 2007 siege had been a necessary sacrifice, he told them. "Hundreds were killed, many were injured. But today the whole country is resounding with cries to implement Islamic law. We will continue with the struggle.

"Now Islam will not remain confined to Swat. It will spread all over Pakistan, then all over the world."

Standing beside him was a senior leader from Sipa-e-Sahaba, a banned sectarian group that kills Shias, and which has close ties to the Red mosque.

In 2013, in another murky episode of Pakistan jurisprudence, the over two dozen legal cases against Maulana Aziz all evaporated without any serious government challenge.

Judging by Maulana Aziz’s subsequent re-emergence as member of the Pakistani Taliban’s negotiation team, one can assume his ties to the ISI intelligence services remain strong, and he was cut loose with the hope that he would smooth the way in peace talks between the TTP and the Pakistani government.   

The TTP talks don't seem to be going anywhere, which is bad news for the PRC.

The TTP is reportedly a willing host to Uzbek and Uighur fighters, and does not adhere to the basically hands-off strategy toward the PRC followed by many Islamic militants in the region (China’s links to militants run long and deep, thanks to its central role in funneling hundreds of millions of dollars of materiel to the mujihadeen on the CIA’s behalf during the anti-Soviet struggle in Afghanistan). 

Maulana Aziz is apparently residing in Islamabad, so it remains to be seen what caveats or qualifications he places upon his ISIS allegiance in order to dodge legal jeopardy--and if he and the ISI (Pakistan's Inter Services Intelligence) will encourage forbearance in the matter of enabling the training and infiltration of Uighur radicals back into Xinjiang.

Best case for PRC, the bond holds despite Maulana Aziz's presumably deep resentment against the PRC for its role in the siege and the death of his brother, and his apparent sympathy for the extreme Sunni/sharia stance of ISIS.

Worst case, the ISI exploits radical forces and exacts a terrorist price tag in Xinjiang for PRC attempts to balance its support for Pakistan with its desire to strengthen ties with India, in a recapitulation of the bloody anti-diplomacy inflicted on Mumbai by Pakistan terror assets in 2008.

But in any case, the awareness that the dots are slowly but surely getting connected from ISIS to the TTP and onward to Xinjiang will shadow Beijing’s thoughts, its Uighur security policy, and its diplomacy with Pakistan, the Afghan Taliban, and its interlocutors among Islamic radicals in Pakistan’s borderlands.

Below is an excerpt from a piece I wrote in 2007 on the siege, and the important role that the PRC played.


The provocative kidnapping of 7 PRC nationals compelled Musharraf—reportedly under heavy Chinese pressure—to abandon a policy of appeasement and compromise with Islamic militants at the Lal Masjid mosque in Islamabad and, in July of this year [2007], launch a bloody assault that revealed the extent of the security crisis at the heart of the Pakistani military regime and displayed to the U.S. Musharraf’s—and Pakistan’s--wholehearted reliance on China.

In the speech announcing the state of emergency, Musharraf broke into English to tell us what he hoped we wanted to hear, evoking Lincoln as he tried to justify his move to the United States, the EU, and the Commonwealth as a response to judicial activism.

On the other hand, in his remarks in Urdu directed to the local audience as translated by Barnett Rubin , Musharraf cited the Lal Masjid mosque crisis--not the pursuit of al Qaeda and its allies in the border regions--as the primary instance of terrorism and extremism afflicting Pakistan.

And when he commiserated with the victims of terrorism, he took the opportunity to give a heartfelt shout-out to the Chinese, not to the United States:

Now. We saw the event of Lal Masjid in Islamabad where extremists took law into their own hands. In the heart of Pakistan - capital city - and to the great embarrassment of the nation around the world... These people - what didn't they do? - these extremists. They martyred police. They took police hostage. They burned shops. The Chinese, who are such great friends of ours - they took the Chinese hostage and tortured them. Because of this, I was personally embarrassed. I had to go apologize to the Chinese leaders, "I am ashamed that you are such great friends and this happened to you".

Now, about the standoff at the mosque.

One could describe it as Pakistan’s Waco—if Waco had taken place in the heart of Washington, D.C.

It didn’t get the attention it deserved. As the Times of India dryly observed of the attack that claimed at least 100 and perhaps 1000 lives:

...the week-long stand-off that ended in a massacre on Tuesday attracted little attention in the US, where focus is more on the debate over a pullout from Iraq. In fact, a news channel on Tuesday cut into a story on Lal Masjid to bring breaking news of a small airplane crash in Florida.


Lal Masjid was controlled by militant clerics who not only proclaimed their interpretation of sharia law—they enforced it.

An otherwise sympathetic observer declared:

One cannot have any objection to the Lal Masjid just preaching implementation of Sharia in Pakistan. So many organizations are doing so, one more cannot be objected to. The right of any Muslim to preach adoption of Sharia is one thing but to take the powers of implementing his own version of Sharia is another, and the latter is a function of the State.
...
Lal Masjid stands in revolt when it establishes its own Sharia courts, it passes judgments, and imprisons Pakistanis and foreigners.

 

Musharraf’s administration had its hands full with the militant, confrontational, and well-connected (to the intelligence services) cleric who ran the mosque, Maulana Abdul Aziz.

The difficulties involved can be seen from this excerpt from a timeline of the mosque crisis compiled by B. Raman, an Indian China-watcher who is assiduous in washing Pakistan’s dirty linen on the site Intellibriefs:

January 22, 2007: Female students of the Jamia Hafsa madrasa attached to the Lal Masjid in Islamabad occupied a Children’s Library adjacent to their madrasa to protest against the demolition of seven unauthorised mosques constructed on roads in Islamabad by which President Pervez Musharraf often travels. The mosques were demolished on the advice of his personal security staff.

February 13, 2007: The authorities agreed to rebuild one of the demolished mosques to end the library standoff, but the students refused to vacate the library.

March 27, 2007: The female students, along with their male colleagues from the Jamia Faridia, another madrasa attached to the mosque, raided a house near the mosque and kidnapped a woman, her daughter-in-law and her six-month-old granddaughter for allegedly running a brothel. They were released after they “repented”.

March 28, 2007: Some students of the two madrasas took three policemen hostage in retaliation for the arrest of some students by the police. The hostages were released on March 29.

March 30, 2007: Some madrasa students visited CD and video shops in the capital and warned the shop owners that they should either switch to another business or face the “consequences”.

April 6, 2007: The Lal Masjid set up its own Sharia court. The mosque’s chief cleric, Abdul Aziz, warned of “thousands of suicide attacks” if the Government tried to shut it down.

April 9, 2007: The Sharia court issued a fatwa condemning the then Tourism Minister Nilofar Bakhtiar after newspapers pictured her hugging her parachuting instructor in France.

You get the picture. Escalating confrontation, with the government conciliating, accommodating, and backing down.

After exposing the skydiving outrage, the students of Lal Masjid turned their attention to another font of impurity—a Chinese-run massage parlor in Islamabad.

The epic was reported in great detail in Pakistan Today:

First, the abduction:

Male and female students of Jamia Faridia, Jamia Hafsa and Beaconhouse School System, in a joint operation, kidnapped the Chinese women and Pakistani men shortly after midnight Friday from a Chinese massage centre, working at House No 17, Street 4, F-8/3, alleging that they were running a brothel. ...
...

Riding in three vehicles, the students ... raided the massage centre located in the posh Islamabad sector. They overpowered three Pakistani males and guards posted there after thrashing them.


They, later, entered the building and ordered those present there to accompany them. On refusal, the students thrashed them and forcibly took them to the Jamia Hafsa compound. They accused the abducted people of rendering un-Islamic and unlawful services.
...

Ghazi [of Lal Masjid] said the China massage centre was involved in sex trade and complaints were being received about it since long. "Even housewives used to tell us by phone that the centre charges Rs 1,000 for massage while by paying Rs 500, something else was also available," he said.


Then the anxious confab with the Chinese:

President Pervez Musharraf and Prime Minister Shaukat Aziz were earlier given minute-by-minute reports of the negotiations regarding the release of the hostages. ... The prime minister was in contact with the Islamabad administration and the Interior Ministry and getting minute-by-minute reports from State Minister for Interior Zafar Warriach.
...
The Chinese ambassador contacted President Hu Jintao two times during the 15-hour hostage drama, sources said. The ambassador called his president while holding talks with Pakistan Muslim League chief Chaudhry Shujaat Hussain at his residence.


... Sources quoted President Hu Jintao, expressing shock over the kidnapping of the Chinese nationals, has called for security for them. The ambassador informed his president about his talks with Prime Minister Shaukat Aziz and Chaudhry Shujaat Hussain. The PML leader also got telephonic contact established between the hostages and the ambassador.

The ignominious conclusion:

The release came only after Deputy Commissioner Chaudhry Muhammad Ali and Senior Superintendent of Police (SSP) Zafar Iqbal, who held talks with the Lal Masjid administration, beseeched it for five hours and even touched the knees of some leading clerics while begging for the freedom of the abductees.

Finally, the tellingly sleazy detail:

The administration quietly let two "big shots", Pakistani customers, go and released their vehicles, seized from outside the massage centre... The identity of these clients is not being disclosed.


Beyond President Hu Jintao’s tender regard for the security and livelihood of Chinese masseuses, there was obviously a larger issue at stake. China did not want to see its citizens and interests to become pawns in Pakistan’s internal strife.

It's a non-trivial point for China, which lacks the military reach to effectively protect its overseas citizens itself, but does not want to see them turned into the bargaining chip of first resort for dissidents in dangerous lands like Pakistan, Sudan, Nigeria, and etc. who are looking to get some leverage on the local government--or Beijing.

It looks like China demanded that Pakistan draw a red line at the abduction, extortion, and murder of its citizens.

A week after the kidnapping incident, Pakistan’s Federal Interior Minister was in Beijing.

Once more from the Intellibriefs timeline:

June 29, 2007: The "Daily Times" of Lahore wrote in an editorial as follows: "During his visit to Beijing, Sherpao got an earful from the Chinese Minister of Public Security, Zhou Yongkang, who asked Pakistan for the umpteenth time to protect Chinese nationals working in Pakistan. The reference was to the assault and kidnapping of Chinese citizens in Islamabad by the Lal Masjid vigilantes. The Chinese Minister called the Lal Masjid mob “terrorists” who targeted the Chinese, and asked Pakistan to punish the “criminals”.

One factor that would have intensified Chinese alarm and exasperation was a report that the attack on the massage parlor revealed a tie-up between Pakistan’s Islamic militants and Uighur separatists:

Mr.Sherpao also reported that the Chinese suspected that the raid on the massage parlour was conducted by some Uighur students studying in the Lal Masjid madrasa and that the Chinese apprehended that Uighur "terrorists" based in Pakistan might pose a threat to the security of next year's Olympics in Beijing.

In early July Musharraf apparently was able to invoke China’s anger to overcome resistance within his armed forces, and move against Lal Masjid.

Even so, he was forced to employ troops personally loyal to him, as the Weekly Standard reported:

China applied enormous pressure to Musharraf. His previous attempts to order military strikes against the Lal Masjid had met with rebuffs. In late January, after the Pakistani army refused to raid the mosque, Musharraf ordered his air force to do so--only to see this order refused as well. Musharraf's eventual solution was to send in 111 Brigade, which is personally loyal to him.


The mosque was encircled by 15,000 troops and the siege proceeded in a dilatory fashion...until three Chinese were murdered in remote Peshawar, apparently in retaliation for the siege.

China Daily reported:

Police officer Abdul Karim said that it was a robbery attempt.

But one witness said that attackers with face covered were shouting religious slogans when they opened fire on four Chinese nationals in a three-wheel auto-rickshaw factory at Khazana, a town some eight kilometers from Peshawar, the capital city of Pakistan's North West Frontier Province.

The Chinese outlets splashed the story all over the media, including their embassy websites, complete with atrocity photos—a treatment that the unfortunate demise of rickshaw factory employees doesn’t usually attract.

Tarique Niazi describes the denouement:

On July 2, barely a week after the abduction, the government ordered 15,000 troops around the mosque compound to flush out the militants. On July 4, it arrested the leader of the militants, Maulana Abdul Aziz ... After apprehending the leader, government troops moved to choking off the militants’ supplies of food, water, and power. But as soon as word of the revenge killing of three Chinese on July 8 reached Islamabad, it created a “perfect storm” for Gen. Musharraf. Embarrassed and enraged, he reversed the troops’ strategy and ordered them, on July 10, to mount an all-out assault at the mosque, in which Aziz’s brother and his deputy, Abdul Rashid Ghazi, together with as many as 1,000 people, was killed.

Wednesday, December 17, 2014

Did the Senkakus Sink Sony?

[Update, Dec. 19:



I am not blown away by the US attribution of the hack to North Korea.

On technical grounds, there’s problems like this, pointed out by Jeffrey Carr (h/t to “@SaiGonSeamus), who wrote a book on cyberwarfare:

The White House appears to be convinced through "Signals intelligence" that the North Korean government planned and perpetrated this attack against Sony:


In one new detail, investigators have uncovered an instance where the malicious software on Sony’s system tried to contact an Internet address within North Korea

There is a common misconception that North Korea's ITC is a closed system therefore anything in or out must be evidence of a government run campaign. In fact, the DPRK has contracts with foreign companies to supply and sustain its networks. Those companies are:

  • Lancelot Holdings
  • Loxley Pacific 
  • Shin Satellite Corp
  • Orascom Telecomms Holding

Each offers a different service, but Loxley Pacific, a Thailand joint venture involving Loxley (Thailand), Teltech (Finland), and Jarangthai (Taiwan). 



Loxley Pacific is a subsidiary of Loxley, a Thai public company that provides a variety of products and services throughout the Asia Pacific region. According to its 2013 annual report, Loxley has 809 permanent staff and 110 contract staff. 



Loxley Pacific provides fixed-telephone lines, public payphone, mobile phones, internet, paging, satellite communications, long-distance/international services, wire or wireless in the Rajin-Sonbong Free Economic and Trade Zone. Star JV is North Korea's internet service run as a joint venture between the North Korean government and Loxley Pacific.



One of the easiest ways to compromise the Internet backbone of a country is to work for or be a vendor to the company which supplies the backbone. For the DPRK, that's Loxley, based in Bangkok. The geolocation of the first leak of the Sony data on December 2 at 12:25am was traced to the St. Regis hotel in Bangkok, an approximately 13 minute drive from Loxley offices.




 This morning, Trend Micro announced that the hackers probably spent months collecting passwords and mapping Sony's network. That in addition to the fact that the attackers never mentioned the movie until after the media did pretty much rules out "The Interview" as Pyongyang's alleged reason for retaliation. If one or more of the hackers involved in this attack gained trusted access to Loxley Pacific's network as an employee, a vendor, or simply compromised it as an attacker, they would have unfettered access to launch attacks from the DPRK's network against any target that they wish. Every attack would, of course, point back to the hated Pyongyang government.



Under international law, "the fact that a cyber operation has been routed via the cyber infrastructure located in a State is not sufficient evidence for attributing the operation to that State" (Rule 8, The Tallinn Manual). The White House must responsibly evaluate other options, such as this one, before taking action against another nation state. If it takes such action, and is proved wrong later, which it almost certainly will be, the reputation of the U.S. government and the intelligence agencies which serve it will be harmed.

On evidentiary grounds, there’s stuff like this:

China may have helped North Korea carry out the hacking attack on Sony Pictures, a US official has told Reuters. 

The official, who spoke on condition of anonymity, said the conclusion of the US investigation was to be announced later by federal authorities.

There were also reports on Friday that Iran and Russia may have also helped the North Korean hackers. 

The software used in the hacking was at a level of sophistication not previously seen in past North Korean attacks, a US intelligence source told Fox News, adding that China, Iran and Russia had all used the technology previously.

Bear in mind, this is from the anonymous official who’s making the case for North Korea.

Also, unfortunately, there is the whole political angle.

When America, even in the form of a Japan-owned movie studio, is attacked, the US government wants to strike when the iron is hot, i.e. when fear and anger are at a fever pitch, and the sense of outrage is unencumbered by second thoughts like “Do I really care what happens to Sony?” "How far am I willing to go to defend Seth Rogen's freedom of expression?" or even "Did the hackers actually do us all, including Rogen & Franco, a favor by removing The Interview--by all accounts a real stinker--from the market place?" 

Unfortunately, cyberattacks don’t lend themselves to quick attribution or, for that matter, even ultimate attribution.  And for a government that does not want to make a spectacle of its impotence, waiting on due process and evidentiary niceties to produce the conclusion, “Well, the circumstances argue this, but we could never prove it in a court of law” doesn’t really cut it.

I have a suspicion that the United States has an app for that: blame somebody, preferably somebody unpopular, as quickly and categorically as possible.  

So I see the quick attribution of the hack to North Korea part of the “Infowar” mindset, one that obsesses inside-the-Beltway types but I don’t think is really on anybody else’s radar: the idea that the government has to be able to manipulate and guide public opinion even in less than crystal clear situations, if it has hopes of being effective.

In other words, When in doubt, finger the bad guy.  There’s no downside, only upside. 


[On 9/11] Rumsfeld ordered the military to begin working on strike plans. And at 2:40 p.m., the notes quote Rumsfeld as saying he wanted "best info fast. Judge whether good enough hit S.H." – meaning Saddam Hussein – "at same time. Not only UBL" – the initials used to identify Osama bin Laden.

"Go massive," the notes quote him as saying. "Sweep it all up. Things related and not."

Who’s going to stand up and defend Kim Jung Un and the idea of due process and legal rigor in dealing with North frickin' Korea?  Nobody.  And we've now got a free turn to take another swing at North Korea if and when we want to.

My melancholy prediction: even as cybercrimes become harder to attribute, governments will become quicker, more vociferous, and less scrupulous in providing those attributions.

CH]





I came over this measured exercise in opinion journalism penned by “Alec Ross, Senior Fellow at Columbia University's School of International & Public Affairs” over at Huffington Post:

North Korea is a miserable, backward, hellhole of a place. It has a per capita GDP of less than $2,000 -- trailing Yemen, Tajikistan and Chad -- and about one-sixteenth the size of the GDP of South Korea. The Hermit Kingdom derives its power through the twin pillars of state repression and an all-encompassing propaganda apparatus.

This poor, delusional country managed to wallop Sony after it objected to the content of some movie which I can't remember the name of at the present moment but which looks boring and stupid. ..

Kinda funny, in a way, since the FBI has stated there isn’t sufficient evidence to attribute the attack to North Korea at the present time, and in fact some people are pointing fingers at the People’s Republic of China instead.  More about China later.

Hmmm, I said to myself, and I surfed off to find out whether Mr. Ross was indeed a fellow at some hallowed Ivy, or perhaps the meth-crazed denizen of some non-accredited on-line institution in Columbia, South Carolina.

My concern evaporated as I perused Mr. Ross’s lovingly curated Wikipedia page, helpfully titled Alec Ross (innovator):


Alec Ross (born November 30, 1971) was Senior Advisor for Innovation to Secretary of State Hillary Clinton for the duration of her term as Secretary of State, a role created for him that blends technology with diplomacy.[2] As Secretary Clinton's "tech guru,"[3] Ross led State Department's efforts to find practical technology solutions for some of the globe's most vexing problems on health care, poverty, human rights and ethnic conflicts, earning him numerous accolades including the Distinguished Honor Award. In 2010 Ross was named one of 40 leaders under 40 years old in International Development,[4] and Huffington Post included him in their list of 2010 Game Changers as one of 10 "game changers" in politics.[5] He is also one of Politico's 50 Politicos to Watch as one of "Five people who are bringing transformative change to the government."[6] Foreign Policy magazine named Ross a Top Global Thinker in 2011.[7] U.S. Ambassador to the United Nations Samantha Power, speaking at the White House referred to Alec Ross as "One of the most creative people probably that the U.S. government has ever known." [8] Profiled in 2011, Time Magazine describes how Ross is incorporating digital platforms into the daily lives of U.S. diplomats and his support of programs to train activists in the Middle East.[9] Time Magazine also named Alec Ross one of the best Twitter feeds of 2012.[10] In 2012, Newsweek named Alec to their Digital Power Index Top 100 influencers, listing him among other "public servants defining digital regulatory boundaries,"[11] and the TriBeCa Film Festival awarded Ross a Disruptive Innovation Award.[12] Alec Ross is recipient of the Oxford Internet Institute OII Award 2013.[13]

In April 2009, Ross was tapped to join the State Department. As Senior Advisor on Innovation, he successfully advocated for new digital diplomacy tools.[25] In front of a group of activists, Hillary Clinton described his work by saying that "Alec Ross has been my right hand on all that we're doing for internet freedom."[26] He is spearheading the "21st Century Statecraft" initiative[27] and led Civil Society 2.0, a program to educate and train grass-roots organizations around the world to create Web sites, blog, launch text messaging campaigns, and build online communities.[28] Speaking to digital diplomacy's promise, Ross told The American Prospect, "If Paul Revere had been a modern day citizen, he wouldn't have ridden down Main Street. He would have tweeted."[27]

…During the Libyan uprising, Alec drove the State Department's efforts to "restore communication networks in rebel-held territories such as Benghazi, working with the late Amb. Chris Stevens, to fight the Internet blackout imposed by Libyan leader Muammar al-Qaddafi."[32] Ross' team also "provided communications technologies to opposition members in the Syrian border areas and trained NGOs on how to avoid the regime's censorship and cyber snooping."[32]

… In the eastern Democratic Republic of Congo, Ross … also put together a mobile banking program for soldiers who haven’t been paid in years, empowering them with the ability to securely transfer money and save through accounts over cellphones.[28]


Gadzooks, I thought.  Benghazi!  No, really, I realized this is Hillary Clinton’s go-to guy for evil-empire related digital policy, besties with Samantha Power, and also an indispensable, foundational figure in the compilation of end-year listicles.

Upon reviewing these credentials, my concerns were allayed, and I look forward to our 21st-century high speed, high efficiency digital justice system, which pitches cumbersome anachronisms such as evidence and due process off the steamship of modernity (to paraphrase my favorite Mayakovsky bit), and allows the simultaneous posting of crime, sentence, and punishment on the pages of our new court record, Huffpo.

But seriously.

The Sony hack apparently involves a major investment of time and resources, which are available both to governments and to criminal gangs.  What makes the Sony hack kinda special is that, once access was obtained and the goodies extracted, the intruders torched the place and made a public spectacle of their crime.

Going the extra mile in vandalism and humiliation would seem to argue some political purpose beyond simple malice, mischief, and greed, and observers have naturally gravitated toward a narrative of North Korean revenge for The Interview.

But, you know, maybe something Chinese.  Not an operation sanctioned by the PRC government, to be sure—the benefits are miniscule (unless Xi Jinping just absolutely had to see Annie pre-release) compared to the potentially immense diplomatic and economic costs—but maybe some kind of off the books operation by rogue, nationalistic minded hackers who decided to stick it to a vulnerable Japanese corporation as punishment for the Japanese government’s confrontational attitude toward the PRC over the Senkakus, the pivot, etc.

One of the more interesting cases bubbling along incybercrime is the early-December arrest of 77 (!) PRC nationals crammed into a house with their computer gear in an upscale Nairobi neighborhood, allegedly with criminal designs on the Kenyan banking system.

The PRC surfs and hacks the world looking for system vulnerabilities, and I’m beguiled by the possibility that a government cyber operation discovered a vulnerability in the Kenyan banking system, and a freelancing group of hackers decided to exploit that information for some private and profitable breaking and entering.

I suspect in the brave, new world of PRC hacking, there is a growing cadre of entrepreneurially minded or ideologically driven hackers who can bring impressive information, resources, and skills to bear on a chosen objective.

Given the difficulties of identifying a smoking gun as to an originating server—let alone a controlling individual or institution—Ross speculated a private sector riposte which sounds rather ridiculous:

It is only a matter of time before some hotshot group of engineers recognizes and stalls a cyber attack and instead of calling the authorities (who can't do anything anyway), the VP of Engineering orders a counter attack against the aggressor. If Sony had a better engineering department --- if it were a little more Northern California instead of Southern California -- I wonder what would have happened if they had identified the source of the hack and shot back with a DDoS attack. Would the North Koreans have considered this an "invasion" by the United States or Japan (where Sony is actually headquartered). They are complete lunatics, so they probably would.

I can only hope that, if Hillary Clinton is elected president, they will give Alec Ross a phone that can only call 911 and a computer that is not plugged in to the Internet.

Functionally, the Sony hack resembles the “Shamoon” hack of the Aramco network in Saudi Arabia, itself perhaps retaliation for the US/Israeli Stuxnet attack on Iran’s centrifuge operation.  In addition to a data drain, Shamoon featured the wiping of target hard drives and the presentation of a taunting message on computer screens.

I wrote about Shamoon for Asia Times Online in 2013, and pointed out the implications of larger and more sophisticated cyberintrustions.

[T]the PRC and Russia have lined up behind a proposed "International Code of Conduct for Internet Security", an 11-point program that says eminently reasonable things like:


Not to use ICTs including networks to carry out hostile activities or acts of aggression and pose threats to international peace and security. Not to proliferate information weapons and related technologies.

It also says things like:


To cooperate in combating criminal and terrorist activities which use ICTs [information and computer technologies] including networks, and curbing dissemination of information which incites terrorism, secessionism, extremism or undermines other countries' political, economic and social stability, as well as their spiritual and cultural environment. [11]

The United States, of course, has an opposite interest in "freedom to connect" and "information freedom," (which the Chinese government regards as little more than "freedom to subvert") and has poured scorn on the proposal.

The theoretical gripe with the PRC/Russian proposal is that it endorses the creation of national internets under state supervision, thereby delaying the achievement of the interconnected nirvana that information technology evangelists assure us is waiting around the next corner - and also goring the ox of West-centric Internet governing organizations like ICANN.

So the Chinese proposal is going exactly nowhere.

The (genuine) irony here is that the Chinese and Russians are showing and driving the rest of the world in their response to the undeniable dangers of the Internet ecosystem, some of which they are themselves responsible for but others - like Stuxnet - can be laid at the door of the US.

In response to hacking, the Internet as a whole has evolved beyond its open architecture to a feudal structure of strongly-defended Internet fortresses, with cyber-surfs free to roam the undefended commons outside the gates, glean in the fields, and catch whatever deadly virus happens to be out there.

In recent months, the word "antivirus" has disappeared from the homepages of Symantec and MacAfee as they have recognized that their reference libraries of viruses can't keep up with the proliferation of millions of new threats emerging every year, let alone a carefully weaponized packet of code like Stuxnet, and protect their privileged and demanding users. Now the emphasis - and gush of VC and government money - has shifted to compartmentalizing data and applications and detecting, reducing the damage, and cleaning up the mess after a virus has started rummaging through the innards of an enterprise.

In other words, the Internet fortresses, just like their medieval analogues, are increasingly partitioned into outer rampart, inner wall, and keep - complete with palace guard - in order to create additional lines of defense for the lords and their treasure.

In other words, they are starting to look like the Chinese and Russian national internets.

It is, unfortunately, a simple and incontrovertible fact that, if we want to effectively detect, block, and investigate cyberattacks, the solution is tightly monitored, internally accountable national internets along the lines implemented by the PRC, Iran, and, increasingly Russia and Brazil.  Under this model, states have the capability, right, and responsibility to police their digital borders as they do their physical borders.

This approach is, of course, anathema to Mr. Ross, as it raises the specter of oppressive governments stifling dissent and inhibiting free expression at the same time they pursue cybersaboteurs.

It also flies in the face of the US strategic and economic interest in an open transnational network accessible to Google bots and NSA penetration, that places American government and corporate entities at the profitable, vulnerable heart of the Internet, and makes it dependent on US good offices, just as the international financial system still is today.

Unfortunately, the US, in its interest in sustaining an open, transnational, and easily compromised Internet, is at the same time demonstrably unable and unwilling to effectively secure it or police it fairly.  That’s why the current Internet has the structural robustness and integrity of a bag of shit thrown from a third-story window.

And that’s why I’m afraid our response to outrages like the Sony hack will be to use the language of deterrence and intimidation--and private sector vigilantism--to shift focus away from the profound and probably irreconcilable contradictions that form the foundation of the current Internet.