My new project: Tact, a simple chat app.

The movie plot threat

April 10, 2006

Bruce announced a movie-plot threat contest.

Your goal: cause terror. Make the American people notice. Inflict lasting damage on the U.S. economy. Change the political landscape, or the culture. The more grandiose the goal, the better. Assume an attacker profile on the order of 9/11: 20 to 30 unskilled people, and about $500,000 with which to buy skills, equipment, etc.

I’m not sure about what qualifies a movie-plot threat against a non-movie-plot threat, but this got me thinking about what I would do if I was evil to disrupt America. I don’t think these thought exercises are anything evil – sometimes it’s helpful to put on the black hat and see stuff from the “other side”.

Most of the “threats” posted on Bruce’s blog comments are boring or too high-tech and impractical. Some are marginally funny. This comment I liked ;)

to kill the united states, you need only kill its one critical agency - the one that did not have a soviet counterpart during the cold war - the one that collects the means by which our government operates - the internal revenue service.

But really, if you were to do damage, what would you do?

I think the main goal would be to have long-lasting and widespread effects, instead of single local isolated incidents. Thus, while incidents like “lone gunmen go astray” are definitely movie material, they cause local setbacks at most. You need something which is more long-lasting and has more profound effects than a few dead bodies.

I would go with infrastructure and communications. In short: transport, water, power and telcos.

One peculiarity of the American lifestyle is the urban sprawl coupled with virtually nonexistent wide-area mass transit (public transport). In other words, people drive long distances in private cars to get to work. Hurt that, and life grinds to halt. Now there are many ways to do it. A spectacular one, but a difficult one to execute would be to hurt the “oil economy” – either attack the seaports from where imported oil enters from tankers to ashore, or the refineries/distribution centres. Oil price panic starts. People queue up in gas stations. One thing is just the price panic, but if there’s actually no oil to be bought, then things get worse.

There are several other low-tech and effective ways on Bruce’s blog to hurt the “urban sprawl” transport system. You can blow up oil-transporting trucks at highway interchanges. You can toss lots of metal spikes on the roads, blowing up cars’ tyres and causing massive accidents/jams (jams are already bad during regular business days, so this would just aggravate an already bad situation).

Water supply is key to the survival of all businesses and individuals. Contaminate or hurt it, and things get messy. As news have reported previously, there was recently an experiment which demonstrated that it was not a problem to get across US borders with forged documents about nuclear materials. I can’t imagine why it would be any more difficult to get into the water supply/purification plants. So get a van into one of those plants and blow it up trying to damage the supply pipes, possibly having a “dirty” element to it. So that supply is hurt and people can’t go in to reconstruct it because the area is contaminated.

The problem with the above two methods is their local nature. The attacks can be spectacular, but they’re not “scalable” across the country or beyond the metropolitan area you’re “working with”. If you execute several of these in orchestration in different places, maybe that qualifies as “wide enough”. But power and telco are the real killers.

There doesn’t need to be any terrorism at all to cause widespread panic and damage. The U.S. power grid is notoriously overloaded and there are smaller or bigger “organic” outages every summer, occasionally having catastrophic consequences if they escalate across regions and knock out the grids in a wider area. Just throw in a few “helping hands” by physically crippling parts of the infrastructure or people/organizations capable of fixing them, and off you go.

Telcos are what the modern economy is based on. These days, most communications are run off the same packet-switched networks. Although the Internet was invented to provide resilience through distributed processing in case of failures, the reality these days is that most of the Internet runs through centralised switches of a few commercial providers. Through a combination of covert (inside job) and open attack methods (destruction of infrastructure, contamination of facilities), you can cause communication disruptions for all sorts of networks – Internet, landlines, mobiles, radio and TV stations.

Plus: where things always get nasty is combinations of the above. Imagine being trapped at home because transport doesn’t work, without power and phone/Internet lines so you cannot contact anyone including emergency services, and without water for basic survival. How people begin to riot in that kind of situations we could see during Katrina in New Orleans – all the Superdome trappings and those things. Civilization is thinner than we think.

The good thing is that I don’t think any of the above will really ever happen on a grand scale. It’s all too straightforward and “by the book”. Thus other people have thought of it too and are at least marginally protecting against it. Successful attacks are something that don’t follow the common pattern, but all of the above are too simply imaginable. The next big bad thing will be something that none of us have really thought of, coming from an unexpected direction.

The moral of this exercise and the point of Bruce: terrorism is a symptom of some other cause. Successful treatment treats causes, not symptoms. You simply cannot protect against all the odds. As a defender, you need to protect on all fronts, whereas the attacker can just choose the “weakest spot”.