Jared Cohen - The New Digital Age

The security shields of some institutions and cities will prevent this, but not everyone will have such protection. Nigeria, which struggles with domestic terrorism and weak institutions, is already a world leader in online scams. As the connectivity of the cities of Lagos and Abuja extends to the more restive and rural north (where violent extremism is most prevalent), many would-be scammers could easily be attracted to the cause of a violent Islamist group like Boko Haram (Nigeria’s version of the Taliban). Only a handful of new recruits could transform Boko Haram from West Africa’s most dangerous terrorist organization into its most powerful cyber-terrorist one.

Cyber-terrorist attacks need not be limited to system interference, either. Narco-terrorists, cartels and criminals in Latin America lead the world in kidnappings, but in the future, traditional kidnapping will be riskier, given trends like precision geo-location in mobile phones. (Even if kidnappers destroy a captive’s phone, its last known location will have been recorded somewhere in the cloud. Security-conscious individuals in countries where kidnapping is widespread will likely also have some form of wearable technology, something the size of a pin, which would continuously transmit their location in real time. And some who are most at risk may even have variations of those physical augmentations we wrote about earlier.) Virtual kidnappings, on the other hand—stealing the online identities of wealthy people, anything from their bank details to public social-network profiles, and ransoming the information for real money—will be common. Rather than keep and maintain captives in the jungle, guerrillas in the FARC or similar groups will prefer the reduced risk and responsibility of virtual hostages.

There are clear advantages to cyber attacks for extremist groups: little to no risk of personal bodily harm, minimal resource commitment, and opportunities to inflict a massive amount of damage. These attacks will be incredibly disorienting for their victims, due to the difficulty of tracing the origins of virtual attacks, 1as we noted earlier, and they will induce fear among the enormous pool of potential victims (which includes nearly everyone whose world relies on being connected). We believe terrorists will increasingly shift their operations into the virtual space, in combination with physical-world attacks. While the dominant fear will remain weapons of mass destruction (the porousness of borders making it far too easy to smuggle a suitcase-sized bomb into a country), a future 9/11 might not involve coordinated bombings or hijackings, but coordinated physical and virtual-world attacks of catastrophic proportions, each designed to exploit specific weaknesses in our systems.

An attack on America could begin with a diversion on the virtual side, perhaps a large-scale hacking into the air-traffic-control system that would direct a large number of planes to fly at incorrect altitudes or on collision paths. As panic sets in, another cyber attack could bring down the communication capabilities of many airport control towers, turning all attention to the skies and compounding the fear that this is the “big one” we’ve been fearing. Meanwhile, the real attack could then come from the ground—three powerful bombs, smuggled in through Canada, that detonate simultaneously in New York, Chicago and San Francisco. The rest of the country would watch as the first responders scrambled to react and assess damage, but a subsequent barrage of cyber attacks could cripple the police, the fire department and emergency-information systems in those cities. If that’s not terrifying enough, while urban emergency efforts slow to a crawl amid massive physical destruction and loss of life, a sophisticated computer virus could attack the industrial control systems around the country that maintain critical infrastructure like water, power and oil and gas pipelines. Commandeering these systems, called supervisory control and data acquisition (SCADA) systems, would enable terrorists to do all manner of things: shut down power grids, reverse waste-water treatment plants, disable the heat-monitoring systems at nuclear power plants. (When the Stuxnet worm attacked Iranian nuclear facilities in 2012, it operated by compromising the industrial control processes in nuclear centrifuge operations.) Rest assured that it would be incredibly, almost unthinkably difficult to pull off this level of attack—commandeering one SCADA system alone would require detailed knowledge of the internal architecture, months of coding and precision timing. But some kind of coordinated physical and cyber attack is inevitable.

Few terror groups will possess the level of skill or the determination to carry out attacks on this scale in the coming decades. Indeed, because of the vulnerabilities that technology introduces for them, there will be fewer terrorist masterminds altogether. But those that do exist will be even more dangerous. What gives terror groups in the future an edge may not be their members’ willingness to die for the cause; it might be how good their command of technology is.

Various platforms will aid extremist groups in planning, mobilization, execution and, more important, as we’ve already pointed out, recruitment. There may not be many caves online, but those blind spots where all manner of nefarious dealings occur, including child pornography and terrorist chat rooms, will continue to exist in the virtual world. Looking ahead, future terror groups will develop their own sophisticated and secure social platforms, which could ultimately serve as digital training camps as well. These sites will expand their reach to potential new recruits, enable information-sharing among disparate cells and serve as an online community for like-minded individuals. These virtual safe houses will be invaluable to extremists, provided that there are no double agents and that the digital encryption is strong enough. Antiterrorism units, law enforcement and independent activists will try to shut down or infiltrate these sites but will be unable to. It’s just too easy to relocate or change the encryption keys in boundless virtual space and keep the platform alive.

Media savvy will be among the most important attributes for future transnational terrorists; recruitment, among other things, will rely on it. Most terrorist organizations have already dipped a toe into the media marketing business, and what once seemed farcical—al-Qaeda’s website heavy with special effects, Somalia’s al-Shabaab insurgent group on Twitter—has given way to a strange new reality. The infamous case of Anwar al-Awlaki, the late American-born extremist cleric affiliated with al-Qaeda in Yemen, provides a compelling example. His high profile was largely a result of his own self-promotion—he used viral videos and social networks to disseminate his charismatic sermons internationally. As the first major terrorist YouTube sensation, Awlaki’s influence is undeniable—several successful and would-be terrorists cited him as an inspiration—and his prominence earned him a spot on the U.S. government’s list of high-value targets. He was killed by a drone strike in September 2011.

Awlaki’s social media mastery impressed the billionaire investor and reformist Saudi prince Alwaleed bin Talal al-Saud, who sees this as part of a broad trend across the region. “Even the most anti-Western religious figures in Saudi Arabia are now almost all using technology,” he told us, adding that “a number of them are even using mobile devices and increasingly social networks to issue fatwa s” — Islamic edicts. As Middle East observers know, this is a profound change, particularly in Saudi Arabia, where the clerical establishment is notoriously slow to accept technology. The trend will only continue.