MS Risk Blog

Senior AQIM Official Likely Killed in Action (1 March 2013)

Posted on in Mali title_rule

Although Chadian President Idriss Deby has announced that a senior al-Qaeda militant has been killed in northern Mali, efforts by the Algerian security services are currently under way in order to confirm the reports that one of the most notorious and ruthless leaders of al-Qaeda’s North African wing has in fact been killed.  If these reports are confirmed, it is highly likely that militant rebels in Mali, and possibly in other countries in West Africa, may carry out retaliatory hit-and-run attacks in an attempt to place increased pressure on France to withdraw its military intervention.  Likewise, the lives of fifteen French nationals, who are being held hostage by Islamist militants in West Africa are currently in jeopardy as they may be executed in retaliation for his death.

Chadian President Deby has indicated that the country’s troops killed Abdelhamid Abou Zeid, one of the main leaders of al-Qaeda’s north African branch on 22 February during fighting in northern Mali.  According to reports, Chadian troops confronted a number of jihadists in the mountainous region near Kidal.  It has also been reported that the commander was amongst forty militants who were killed near the border with Algeria.  Although these reports have yet to be confirmed by officials in France, Algeria or Mali, Washington has indicated that these reports appear to be credible and that they view his death as a serious blow to the al-Qaeda wing.

Algerian security services have taken DNA samples from two of Abou Zeid’s relatives in order to compare them with the body which reportedly belongs to him.  If the testing comes back positive, the killing of Abou Zeid, a longtime militant who has been linked with a number of kidnappings and executions of Westerns, would be a major success for French forces.  However it is highly likely that his death will also come with increased retaliatory attacks in Mali and possibly in Chad.  The killing of this high-leveled militant will no doubtedly spark a number of hit-and-run attacks throughout Mali.  Any citizens remaining in the country are advised to relocate to Bamako and avoid the main former strongholds, including Gao, Timbuktu and Kidal.  Citizens in Chad should also remain vigilant as retaliatory attacks may be staged in that country in the coming days and weeks.

Abou Zeid, a 46-year-old whose real name is Mohamed Ghedir, was often seen in the cities of Gao and Timbuktu after Islamists took control of northern Mali last year.  An Algerian born near the border with Libya, Abou Zeid is a former smuggler who embraced radical Islam in the 1990’s and who became one of AQIM’s key leaders.  He is suspected of being behind a series of brutal kidnappings in several countries, including British national Edwin Dyer, who was abducted in Niger and executed in 2009, and a 78-year-old French aid worker Michel Germaneau, who was executed in 2010.  Abou Zeid is believed to be holding a number of Western hostages, including four French citizens who were kidnapped in Niger in 2010.  If his death is confirmed by Algerian authorities, then the lives of those French hostages may be in jeopardy as they may be executed in retaliation for his death.  Similarly the well being of a French family who was recently kidnapped in northern Cameroon and taken over to Nigeria may also be at risk.  Although the group holding the family hostage is not directly linked to the militants in Mali, their execution may be used to issue a warning to France to halt the military intervention in Mali.

Abou Zeid is thought to have about 200 seasoned fighters under his command, mainly comprised of Algerians, Mauritanians and Malians, who are well equipped and highly mobile.   Last year, an Algiers court sentenced Abou Zeid in absentia to life in prison for having formed an international armed group implicated in the kidnapping of foreigners.  Five other members of his family were jailed for ten years each.  He is seen as a true religious fanatic and more uncompromising than some other leaders of north African armed Islamist groups, such as Mokhtar Belmokhtar, the mastermind behind the January attack on an Algerian natural gas facility which left thirty seven foreign hostages dead.

Mali Security Update (27 February 2013)

Posted on in Mali title_rule

A car bomb has exploded in Kidal, killing seven and wounding eleven. The bombing is the second attack in less than a week, as Islamist rebels increase a guerrilla campaign in Northern Mali. Kidal is situated near the Ifogha Mountains, which have become a safe haven for Al Qaeda-linked fighters.

A local government official, speaking anonymously, said the attack occurred on the road leading to Menaka, a town near the Niger border. “Everybody is afraid here in Kidal. The car bomb came from the centre of Kidal. That’s scary; we don’t know how many other car bombs are waiting in there.” A Malian source stated that three other vehicles were destroyed in the attack.

The attack targeted a checkpoint manned by the secular Taureg group, MNLA (National Movement for the Liberation of Azawad). The MNLA was initially aligned with Mali’s Islamist groups, but issued a statement on 24 January in which they “rejected all forms of extremism and terrorism and was committed to fighting them.” The group called for a peaceful solution to the Mali crisis, and currently backs the French-led offensive to drive the Islamists from the region.

French troops seized control of Kidal’s airport last month. Since then, the MNLA has taken control of the town with the assistance of French and Chadian troops. Though Islamist rebels have been driven out of Kidal, they have regrouped and began to launch guerrilla style hit-and-run attacks against pro-government forces. On 21 February, a car bomb attack killed two MNLA fighters as well as a suicide bomber in Kidal. The next day, a car bomb detonated in the Mali Mali-Algeria border town of In Khalil, killing five.

Both attacks last week were claimed by the Movement for Unity and Jihad in West Africa (MUJWA), a splinter group from AQIM.


Mali and Algeria Security Updates (25 February 2013)

Posted on in Algeria, Mali, Region Specific Guidance title_rule

After nearly two months of fighting, French President François Hollande has announced that French troops are currently engaged in the final phase of fighting Islamist militants in the northern region of Mali.  French officials have confirmed that over the past weekend, there has been an increase of fighting in the Ifoghas mountains where a number of al-Qaeda in the Islamic Maghreb (AQIM) militants are reportedly hiding.  Fighting continued into Sunday when French warplanes targeted an Islamist base in Infara.

Speaking in Paris on Saturday, President Hollande indicated that Chadian troops had launched an attack on Friday which resulted in significant loss of life.  According to the Chadian army, thirteen soldiers from Chad and some sixty-five militants were killed in clashes that occurred on Friday.  This latest fighting, between the Islamist militants and ethnic Tuaregs, occurred in the In-Khalil area, which is situated near the northern border town of Tessalit.  Security sources have confirmed that four members of the Arab Movement of the Azawad (MAA) were wounded on Sunday after French warplanes launched an attack on an Islamist base in Infara, which is located 30 km (19 miles) from the border of Algeria.

With airstrikes continuing throughout Mali, and especially in the northern mountainous regions of the country, it is likely that hit-and-run attacks may be staged in a number of towns over the coming weeks.  In turn, with France slowly wrapping up its military intervention, and with operations being handed over to the African Union forces, militants may use this opportunity in order to clash with locals and army forces in a bid to exploit the fluid security situation.  Furthermore, any militants who have fled the airstrikes in Mali may be regrouping in other countries and may attempt to stage hit-and-run attacks in neighbouring countries and/or in those African states that have provided troops for the intervention.  The United States Embassy in Senegal has warned its citizens of a possible attack in the capital city of Dakar.  Although no further information has been provided, any such attacks may be carried out by Islamist militants from Mali or may be indirectly linked to the Malian intervention.

Meanwhile in Algeria, the gas plant that was at the centre of a deadly hostage-taking last month has partially resumed production.  Ever since al-Qaeda-linked gunmen stormed the plant and took hundreds of local and dozens of foreign workers hostage, the Tiguentourine plant has been closed.  The hostage crisis ended after four days when the Algerian army stormed by complex.  The incident left twenty-nine insurgents and at least thirty-seven hostages dead.  Officials have indicated that the plant is now operating at about a third of capacity.  Since the incident, the plant has increased its security, with armed guards being deployed in order to help protect Algeria’s remote desert energy installations.




Chinese Hacking Report Released

Posted on in China title_rule

A report released on 19 February indicated that hackers from a unit of China’s People’s Liberation Army (PLA) had amassed hundreds of terabytes of stolen data from over twenty nations as far back as 2006.

The report, released by American security company Mandiant, was the result of six years of investigations. The team tracked individual members of the Chinese hacker group to a high-rise building in residential Shanghai. The location is home to Unit 61398 of the People’s Liberation Army. The report claims that among other information, the unit has obtained technology blueprints, negotiating strategies, and manufacturing companies from 141 companes, 115 of which are in the United States. Among the diverse set of targets was a large defence contractor, and a company that helps utilities to run North American pipelines and power grids.

The most prolific of these actors, in terms of quantity of information stolen, is a group known as  APT1 (ATP stands for Advanced Persistent Threat). The Mandiant report indicates that APT1 is staffed by hundreds or thousands of English-proficient speakers with advanced computer security and networking skills. They have hacked into 141 companies, remaining in their networks for an average of 365 days (with the longest lasting 1,764 days), and have targeted companies across twenty industries which were identified by China as strategically important under its Five Year Plan for economic growth.

The Chinese government has denied and condemned the Mandiant report, calling it “unprofessional”. Chinese foreign ministry spokesman Hong Lei stated, “Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don’t know how the evidence in this so-called report can be tenable.”

Mr. Hong further added that China opposes hacking, and believes the nation itself is a victim of cyber attacks. Yet the report, which is lauded in the West for its unprecedented level of detail, indicates that not only are the activities based in China, but that the Chinese government is aware of them.

Hackers in Chinese Culture

While the Chinese government may not know the full extent of Chinese hackers, they are aware that hacking is a prevalent part of Chinese tech-society. There are three types of hacker attacks emanating from China: economic espionage, cyber warfare, and attacks by “hacktivists” with a socio-political agenda. The latter of these, Chinese “Red Hackers” perceive themselves as Internet patriots. They number in the thousands, have nationalistic politics, and exist in a culture where hacking, particularly against the West, is “fashionable”. A 2005 Shanghai Academy of Social Sciences survey found that hackers equated with rock stars. Forty-three percent of elementary-school students “adore” China’s hackers and nearly a third aspire to join them. Within the culture, there are hacker magazines, clubs and online stories. Unlike Western hackers, who tend more anti-government, Chinese hackers are more involved with politics. “Nationalism is hip,” claims a man identified as “the Godfather of hackers”, “and hackers — who spearhead nationalist campaigns with just a laptop and an Internet connection — are figures to revere.”

Of China’s thousands of “Red Hackers”, many may not be acting on direct behalf of their government, but the net effect is the same. The Chinese government does not have a direct connection to all hacker groups, nor do they prosecute hackers for attacks outside of their borders. In instances where hackers work to the benefit of China, this lack of supervision is perceived as tacit approval, particularly as the Chinese distinction between the private and public domain is very small.

Refinement of Phishing

To companies in the West, the particularly increasing difficulty is in identifying the actual hack. The primary tactic used to enter a system is “phishing”, a process by which seemingly innocent messages include links or attachments which dump spyware on recipients’ computers. Initially, these emails were easy to spot, due to poor language use, or obviously malicious attachments, such as “.exe” or “.rar” files. However, Chinese hackers have polished their strategy, using polished English and more convincing attachments, such as links for RSVPs to events, or PDFs which must be opened to obtain the information.

ATP1 has effectively created webmail accounts using real names which are familiar to the recipient, such as a colleague, vendor, or client. The phishing attempts are customised with use subject lines and content relevant to the target, making it more difficult to identify when a security system had been compromised.

The most effective tool against this polished technology is a return to old mediums. Companies are urged to contact a sender face-to-face or via telephone to confirm the attachment’s safety. Even sending an email asking if an attachment is safe is risky, as the malicious sender can simply respond that it is legitimate.

Hacking and the Chinese Economy: What it could mean

Analysts believe that the pattern is likely to continue because it is affordable. Frank Smyth, founder of Global Journalist Security, says, “No one should be surprised, because it doesn’t take that much infrastructure. If you have a team of people in a room, you can create a lot of havoc. That’s much cheaper than building a tank or a jet fighter.”

China’s rapid growth and aging population has caused their reliance on foreign food and energy to increase dramatically. These leadership fears may serve as an impetus to justify an industrial espionage campaign. However these actions may serve to hinder economic progress. The acquisition of foreign technology may handicap Chinese development, according to James Lewis of the Center for Strategic and International Studies. “There is a puzzling lack of faith in China’s own strengths. Beijing has concluded that now is not yet the moment to tame the decades-old effort to pilfer technology.”

Hacking on this scale also signals a reluctance to play by the rules in the in the international market. China’s new leader, Xi Jinping has vocally suggested that the nation embrace reform and work within the rules of international law. The failure to acknowledge of the contents of the Mandiant report are a missed opportunity; the denial, and boomerang accusation that it is China which has been victimised,  may generate a loss of trust in both the Chinese government and business relations in the nation.

Mali Security Update (22 February 2013)

Posted on in Mali, Region Specific Guidance title_rule

This past week has seen a number of suicide incidents and increased fighting occurring throughout Mali, with one French Legionnaire being killed in the fighting.  The continued string of suicide bombings in the previously occupied northern regions of the country are further indications that al-Qaeda-linked groups have resorted to hit and run attacks as a means of destabilizing the security in Mali.  Anyone remaining in Mali is advised to either leave the country immediately or relocate to Bamako as it is highly likely that suicide attacks and clashes will take place throughout the northern regions of the country.  Such attacks and bombings are likely to take place in the previous rebel-strongholds and will likely target military camps and foreigners.  Clashes between militants and soldiers are also likely too occur throughout northern Mali as rebels attempt to disrupt the security. In turn, their is a heightened risk that similar attacks may occur in neighbouring countries, especially those West African nations which have sent their troops to Mali.

On Friday, five people, including two suicide bombers, died in car bombings that occurred in northern Mali just one day after fierce urban battles amongst French-led forces and Islamists resulted in the deaths of at least twenty al-Qaeda-linked militants.  Security sources have confirmed that today’s incident involved two vehicles that were targeting civilians and members of the ethnic Tuareg rebel group, the MNLA.  The incident occurred in the town of Tessalit, which is known as the gateway into the mountainous regions of the country.  It is believed that a number of rebels have fled to this region in order to seek shelter and to regroup.  Although no group has claimed responsibility, it is widely believed that the al-Qaeda-linked Movement for Oneness and Jihad in West Africa (MUJAO), which is one of Mali’s main Islamist groups, is behind today’s attack.  Furthermore, it is highly likely that any rebels in the mountainous regions, and nearby, will focus on hit and run attacks in the coming weeks as a means of preventing allied troops from gaining control of the region.

Today’s attack also comes after al-Qaeda-linked rebels claimed responsibility for another car bomb attack that occurred on Thursday near the city of Kidal.  The car blast occurred just 500 metres from the camp which is occupied by French and Chadian troops.  Although the vehicle was targeting the camp, it had exploded before it could reach the base.  At least two civilians were wounded in the incident.  MUJAO have claimed responsibility for this attack, stating that they had no difficulty getting into Kidal in order to blow up the vehicle as they had planned.  A spokesman for MUJAO, Abu Walid Sharoui also noted that “more explosions will happen across our territory.”

With an increase of attacks occurring this week, France announced its second military death since President Francois Hollande launched the unilateral military operation on 11 January 2013.  Military officials in Paris confirmed that Staff Sergeant Harold Vormeeele, an NCO and commando with the 2nd Foreign Parachute Regiment, an elite unit of the French Foreign Legion, was killed during an operation launched on Monday which resulted in the deaths of more than twenty rebels in the mountainous Ifoghas region.  According to military sources, 150 French and malian soldiers were taking part in the operation which was aimed at rooting the rebels out of their hideaways.

Over the past few weeks, the French-led forces have been increasingly facing guerrilla-style tactics after initially having been met with little resistance in their drive to force Islamist groups out of the main northern towns of Gao, Kidal and Timbuktu.  Although the large-scale military operations in the northern region of the country are beginning to wind down, sporadic fighting continues to erupt and may prove to be an issue once the French hand over their mission to the African Union forces.