JOURNAL: More on Guerrilla Entrepreneurs in Iraq

"If you think that the majority of the money is coming from outside the country to fund the insurgency, you’d be wrong. I think a majority is being done right here . . . under the disguise of legitimate storefront operations." LTC Eric Welsh in Mosul to the LATimes.

Last month, I got word from an outgoing US commander in northern Iraq (guarding pipelines and dealing with black market activities) that heavily marked-up and dog eared copies of Brave New War were making the circuit with the command staff. A common refrain: "I wish I had read this earlier." One result is that it has helped commanders focus on the criminal/guerrilla nexus (see the 2004 brief "Guerrilla Entrepreneurs" for more) that is fueling the Iraqi insurgency (rather than spinning wheels with tired COIN dogma). Here's an example (LATimes):

Recent U.S. and Iraqi raids targeting financiers of insurgents in the northern city of Mosul have uncovered a criminal network involving kickbacks, overbilling and illegal sales, officials say, that has pumped millions into Sunni insurgent groups such as Al Qaeda in Iraq. In Mosul alone, illegal real estate deals, in which government property is sold to unsuspecting buyers, have generated $40 million to $60 million for the insurgency in the last couple of years, a source told U.S. forces. Black-market sales of gasoline and propane in Nineveh province, of which Mosul is the capital, are believed to generate an additional $1 million a month.

JOURNAL: The PKK's Opportunity to Win Strategically

Current tightness in the oil markets (peak oil?) has presented the PKK, the Kurdish guerrilla group fighting the Turkish government, with an amazing opportunity. It can become responsible for sending oil prices over $100 a barrel and sowing panic in global markets.

How? This objective can be accomplished through a series of attacks on the BTC pipeline that runs from Azerbaijan to the Turkish port of Ceyhan (in a fashion similar to earlier attacks that PKK has made on less substantial pipelines). With over 750,000 barrels of oil flow a day (1 m a day next year) over 1,092 miles of pipeline, ongoing disruption would result in:

• An immediate price spike that would likely exceed $100 a barrel, an important psychological barrier. This is pricing power in the oil market on par with Saudi Arabia (see the 2004 brief: "A Shadow OPEC" for more).
• A major loss of income for Turkey from pipeline fees, as contractual caveats kick in. Also, substantial disruptions and price hikes for not only Turkish customers, but European customers too. This could put the final nail in coffin for Turkey's EU bid.
• Global recognition of their situation/cause and immediate international pressure on Turkey to resolve the crisis. At a minimum, if Turkey opts for violence, the disruption of the BTC would be a strategic timer on the conflict -- as in the longer it persists, the greater the international pressure to end it.

If peak oil is actually in play already, as this report from the German government concludes, the price spike we see will not be met with increased production from the big producers. It will be sustained as long as the disruption persists. As a result, it could become the first global example that oil pricing power has shifted from producers to disruptors and that a shadow OPEC is not only possible, but inevitable.

THINKING ABOUT OIL AND SECURITY

Here's some thinking for the weekend. Let's begin:

The financial carnage -- hedge fund failures, bank runs, credit tightening, and potentially a recession -- due to the current mortgage crisis demonstrates (yet again) that very smart people can do incredibly stupid things. For all of the insight, experience, and knowledge we gained through previous financial failures, we still walked blithely into the gaping maw of the delinquencies, defaults, and outsized bailouts that characterize a financial black swan (a black swan is an event that defies prediction, but it is usually obvious in hindsight).

Bad Assumptions

This should lead everyone to contemplate what other dangers are out there, undetected by the very same people that led us into the last crisis. One good way to find these hidden black swans is to sniff out bad assumptions -- particularly those that are only held aloft by boundless optimism, despite growing evidence that they've gone bad. For example, there is a widely embraced assumption that we will always be able to produce enough oil/gas at a reasonable price to meet global needs. Despite this, the oil market is currently characterized by:

• Rapidly increasing prices (on the way to $100 a barrel) that indicate supply stress. Why the stress? Why haven't we had a production increase since 2005?
• Geopolitical maneuvering by the great powers to lock-up sources of energy -- from the Sudan to Iran to Iraq to Russia. If the market was working correctly and future supplies were going to be driven by the magic of economics in combination with technological innovation, why the effort to secure national supplies?
• The peaking/failure of three (and potentially all four) of the world's major oil fields. If these fields are the foundational producers of the global energy system, how can we make up the loss?

Peak Oil?

If the current assumptions and the theories that are derived from them aren't very good at explaining current events (let alone predictive), then it is smart to look for alternative theories. One alternative (perhaps better) explanation for the conditions we currently see in the oil market can be found in the thinking being done on peak oil. This theory's foundational assumption is that we have already pumped almost all of the easy to produce oil out of the ground and that the complexity of extracting the remaining oil will advance along a exponential curve of difficulty and expense. According to this analysis, we will see:

• Steadily increasing prices as demand outstrips supply.
• An inability to maintain production levels.
• Eventually, a steady and inexorable slide in production as sources of easy/bountiful oil deplete and fall off-line (the rate of this decline, given our relative unpreparedness, will radically outstrip the development of alternative sources of energy).

Top Level Thoughts On Security

Here's a quick round-up of some of the security consequences for this theory (there's much more to do on this):

• An increasing number of wars and conflicts in oil producing areas (Iraq, Iran, KSA, Sudan, Nigeria, etc.). Perversely: 1) the very military force we will likely use in these conflicts is extremely energy dependent and those costs will skyrocket, and 2) terrorists/guerrillas will find that the damage they can inflict with systems disruption rises at a multiple to every decrease in production/supply.
• State failures in the developing world where the costs of energy outstrip the means to pay for it. Hollow states will proliferate.
• Economic dislocation due to a string of recessions and persistent inflation in the developed world as increasing energy costs percolate through the global economy. Global guerrillas in the US?

NOTE: I'm going to list some good books and resources on the topic of peak oil soon.

A FOCUS ON PAKISTAN

With Iraq locked-into a feudal patchwork adorned by a hollow government, al Qaeda's role as a catalyst (or foco) for disorder is over. It outlived its usefulness, although it will quickly return to support the status quo the moment it is threatened by open civil war or an American change of heart re: the local militias it currently supports. This isn't, as some wrongly assume:

• A victory over a networked insurgency. In fact, just the opposite. The only US "success" in the "surge" was to accept the regional dominance of the open source insurgency and rebrand them as "legitimate" militias.
• A political victory over al Qaeda's political goals. Al Qaeda isn't a classic 4GW insurgency (Maoist) aimed at state replacement. It has the neither power, aspirations, nor the organization to propose a political replacement for the central state. All it does offer is the loose feudalism of an imagined Caliphate. A hollow state is a sufficient milestone, which is exactly what we have in Iraq.
• Acceptance of the US presence in Iraq. The current arrangement between Iraq's insurgency and the US military is one of convenience. It is in no way an acceptance of a long term US presence in the country. When this relationship sours, which is inevitable (which may occur at the most inopportune time), blood will flow again, and a chastened al Qaeda will return in a supportive role to aid local groups.

Onto Pakistan

Al Qaeda's departure from Iraq frees it up for a new focus on Pakistan, where it will:

• Extend the reach of the Taliban supported tribal revolt in the northwest territories into the major cities.
• Hit social and infrastructure systempunkts (critical nodes), as demonstrated by the attempted assassination of Benazir Bhutto. The intent of these attacks will be to create cascades of disorder that sweep the country.
• Manufacture a plausible promise (a compelling act that demonstrates the viability of further warfare) of an open source insurgency that will cobble together hundreds of violent groups unearthed through waves of disruption.

Ripe for Disorder

Pakistan is ripe for disorder due to an ongoing crisis of legitimacy. This is in no small part fostered by US attempts at brokering political change in the country and pressure on the military to confront with tribes in the northwest areas. In this environment, waves of disorder caused by al Qaeda and their allies will find fertile ground. Instead of uniting the country in broad opposition, it will divide it and foster the development of an open source insurgency that hollows out the state.

JOURNAL: Platforms and Resilience in San Diego

Here's a great example of how two generic information platforms, Google maps and Twitter, are being used to foster local resilience. KPBS news, a public radio/TV station quickly leveraged these platforms to get updates into the hands of people starved for information on the status of the blazes. There is a lesson in this.

UPDATE: A smart reader pointed out a very good (rapidly refreshed) blog on the blazes at SignOnSanDiego. He also had a great term for what we are seeing here: "an open source reverse 911 system."

JOURNAL: Charlie Rose with Prince and Kilcullen

Erik Prince, Blackwater's CEO and Founder on Charlie Rose in full hour interview. While you are there, here's another Rose interview with David Kilcullen on counter-insurgency.

JOURNAL: Blog-based Analysis of Naxalite Violence

Shlok Vaidya uses the frameworks of open source warfare, black globalization, and systems disruption to generate unique insight into Naxalite violence in India. Bravo. NOTE: Shlok was in the field last year, gathering data and analyzing patterns on violent attacks meant to disrupt India's train system.

MALWARE, WARFARE, AND SELF-REPLICATION

The tinkering networks of the Internet criminal/hacker marketplace have produced a major innovation called the "Storm Worm" and it is rewriting the rules of engagement in computer security. It's essentially a new breed of malware that is a combination of worm/trojan/bot. What makes it special is that the Storm Worm's method of operation is sophisticated, so much so, that it is nearly immune to defense, suppression, or eradication -- demonstrated in that it has already infected up to 50 million computers and slaved them into a massive botnet.

However, the really dangerous aspect of this isn't the smart way the Storm Worm is operated, it's what the network will be able to do once it activated. If the developers are as smart as their approach indicates, that outcome will either be a big pay-off or substantial damage.

A Rogue Network Expands

So, what's so special about it? Bruce Schneier, an expert on computer security and the author of an excellent blog (as well as the book, Beyond Fear), lists the details of Storm Worm's behavior:

• Storm is patient. A worm that attacks all the time is much easier to detect; a worm that attacks and then shuts off for a while hides much more easily.
• Storm is designed like an ant colony, with a separation of duties. Only a small fraction of infected hosts spread the worm. A much smaller fraction are C2: command-and-control servers. The rest stand by to receive orders. By only allowing a small number of hosts to propagate the virus and act as command-and-control servers, Storm is resilient against attack. Even if those hosts shut down, the network remains largely intact, and other hosts can take over those duties.
• Stealth. Storm doesn't cause any damage, or noticeable performance impact, to the hosts. Like a parasite, it needs its host to be intact and healthy for its own survival. This makes it harder to detect, because users and network administrators won't notice any abnormal behavior most of the time.
• Distributed/resilient command and control. Rather than having all hosts communicate to a central server or set of servers, Storm uses a peer-to-peer network for C2. This makes the Storm botnet much harder to disable. The most common way to disable a botnet is to shut down the centralized control point. Storm doesn't have a centralized control point, and thus can't be shut down that way. This technique has other advantages, too. Companies that monitor net activity can detect traffic anomalies with a centralized C2 point, but distributed C2 doesn't show up as a spike. Communications are much harder to detect.

  One standard method of tracking root C2 servers is to put an infected host through a memory debugger and figure out where its orders are coming from. This won't work with Storm: An infected host may only know about a small fraction of infected hosts -- 25-30 at a time -- and those hosts are an unknown number of hops away from the primary C2 servers. And even if a C2 node is taken down, the system doesn't suffer. Like a hydra with many heads, Storm's C2 structure is distributed. Not only are the C2 servers distributed, but they also hide behind a constantly changing DNS technique called "fast flux." So even if a compromised host is isolated and debugged, and a C2 server identified through the cloud, by that time it may no longer be active.

• Rapid evolution. Storm's payload -- the code it uses to spread -- morphs every 30 minutes or so, making typical AV (antivirus) and IDS techniques less effective. Also, Storm's delivery mechanism also changes regularly. Storm started out as PDF spam, then its programmers started using e-cards and YouTube invites -- anything to entice users to click on a phony link. Storm also started posting blog-comment spam, again trying to trick viewers into clicking infected links. While these sorts of things are pretty standard worm tactics, it does highlight how Storm is constantly shifting at all levels. The Storm e-mail also changes all the time, leveraging social engineering techniques. There are always new subject lines and new enticing text: "A killer at 11, he's free at 21 and ...," "football tracking program" on NFL opening weekend, and major storm and hurricane warnings. Storm's programmers are very good at preying on human nature.
• Retaliation. Last month, Storm began attacking anti-spam sites focused on identifying it -- spamhaus.org, 419eater and so on -- and the personal website of Joe Stewart, who published an analysis of Storm. I am reminded of a basic theory of war: Take out your enemy's reconnaissance. Or a basic theory of urban gangs and some governments: Make sure others know not to mess with you.

Superempowerment Through Self-Replication

It's not surprising that the methods of operation we see with the Storm Worm are similar to the methods of open source warfare in the real world explored on this blog and in Brave New War. The interesting part is that it uses individual superempowerment, a major trend cited in the book, to bring it to a new level. This superempowerment is accomplished by adding hard self-replication to the mix (as opposed to soft self-replication through the propagation of ideas or disruption -- ala al Qaeda). Hard self-replication makes exact copies of itself through an automated process, ad infinitum, and is something we will see much more of in biotech weapons/crimes in the future. It is the path to a one man against the world scenario.

NOTE to insiders: Hard self-replication likely a hallmark of a fifth generation of warfare.

JOURNAL: Hybrid Gangs in the US

Elements of Open Source Warfare are being adopted by a different breed of US gangs: hybrid gangs. These gangs are unlike the traditional gangs in older cities and are flourishing in areas that haven't traditionally had a gang problem. Hybrid gangs are characterized by:

• Cooperation between numerous gangs, including rivals. Rapid emergence, name changes, and merges between gangs.
• Soft rule-sets. Cut and paste culture.
• Extreme profit motive -- to the exclusion of everything else.
• Increasing instances of multiple ethnic/racial groups in a single gang.
• Association with more than one gang.
• Less focused on turf (more on virtual "commercial" territory).

Data point: Iowa, Des Moines Police Det. Mike Stueckrath estimated about 40 percent of their gangs are now hybrids. With the new gangs sprouting up, he said, it is hard to know who their leaders are or what their beliefs are. In Kansas, Wichita Police Det. Loren Johnson said some experts would be very surprised by some of the behavior patterns they see in their hybrid gangs. Rival gangs co-exist peacefully on the same block, which police say is better for their crime business. Theres no loyalty beyond money, Johnson added.

JOURNAL: Is Blackwater Evil?

Here's another example of dysfunction in our societal discussion about the future of security: rather than an informed/constructive debate on the future of private military contractors in warfare (a big topic that WILL NOT go away), we end up demonizing Blackwater with hyper-ventilation from Scahill, Singer (Salon) and the New York Times. If anything, Blackwater's current problems have everything to do with its (ill advised) super-macho image and anger over an unpopular/unsuccessful war. In truth, it's simply a security company with an excellent reputation for keeping its high value clients alive and a record of violent incidents in a dangerous war zone on par with the US military's experience. Were we expecting something different?

No, the real issues lie much deeper than this. It has to do with unease with the underlying shift from "defense" to "security."

UPDATE: I've struggled with this journal entry. The reason is that it's clear that private military forces will be a major part of the global security equation, like it or not. The decline of the nation-sate ensures it. As a consequence, the real thrust of our collective efforts should be on methods to manage its emergence.

UPDATE2: Here's a YouTube video of a Blackwater helo extricating the wounded Polish Ambassador in Baghdad yesterday.