Connect with us

Intelligence

Testing Solutions for Intelligence and Security Professionals in Fighting ISIS in the Encrypted Social Media Space

Published

on

Authors: Lorand Bodo, M.A. & Anne Speckhard, Ph.D.

Telegram currently is, for a plethora of reasons, the favorite encrypted social media app employed by ISIS.[1] As such, Telegram has become the subject of deep controversies in the West. While government officials demand for Telegram to store and hand over user information of those promoting terrorism, Telegram’s executives have responded with an adamant refusal to comply.

This conundrum between governments wanting to balance security against encrypted social media executives arguing in behalf of the rights to free speech and surveillance-free communications—particularly in authoritarian regimes—has led researchers at ICSVE to question if it’s possible to assist law enforcement in identifying nefarious users on Telegram without demanding the assistance of the app itself. This article reports on our researchers’ successful attempts to test a few potential approaches that show promise.

Background

There is no doubt that ISIS has been the most successful tech-oriented terrorist organization in history that not only understands how to use the Internet for communication purposes but also has learned to do so while hiding their messaging and identities. ISIS cadres use the surface web, deep web, dark web, social media and encrypted messaging apps, such as Telegram, to disseminate their propaganda, recruit new members, inspire or even direct their followers to carry out terror attacks which all cause serious concerns for law enforcement, intelligence and security professionals tasked with staying one step ahead in fighting the group[2]. It bears noting that ISIS also surfaced at a time when social media’s feedback mechanisms were developed enough to allow ISIS to distribute their slick propaganda to global audiences and then hone in on those who show interest. By virtue of a retweet, like, or other endorsement of their products they are able to personally contact those who show interest.[3] In recent years Twitter, Facebook, YouTube and other web-based social media apps have cracked down on ISIS’s presence on their platforms making it harder to carry out intensive grooming and recruiting on these web-based apps. This however, resulted in ISIS using fleeting accounts on mainline web-based apps like Twitter, YouTube and Facebook to quickly attract the attention of those interested in their propaganda and then migrate potential recruits onto encrypted apps such as Telegram where they may then engage with them on a much more intensive level and for a longer time period without disruption—to motivate and direct some into carrying out actual attacks.

While we can monitor most of ISIS’ activity on the web-based Internet (i.e. YouTube, Facebook, Twitter, etc.) through web crawlers and search engines, law enforcement and intelligence agencies struggle when it comes to intercepting valuable intelligence that could support in preventing and disrupting terror attacks on messaging apps, such as Telegram that are encrypted and thus prevent such efforts.

In response to these very real security issues, Russia’s FSB (security service) announced on June 26 (2017) that terrorists had used Telegram to coordinate and plan a deadly suicide bombing on Russian soil by providing “terrorists with the opportunity to create secret chats rooms with a high degree of encryption”[4]. As a result, Russian officials increased their pressure upon Telegram to provide security-related information to Russian security services. In response, Telegram’s founder, Pavel Durov, agreed for his firm to be registered in Russia, but insisted on not sharing any private data with the Russian government, stating that he does not want to undermine the privacy of the six million Russian Telegram users currently registered on the app.[5] Indeed, this is not a simple dilemma, as it pits the rights of free speech and surveillance-free communication in an authoritarian regime against the need for security concerns about potential terrorist attacks. This underlying problem of cooperation between counter-terrorism (CT) officials and any tech-company is what we call the “business-security” dilemma.

The “business-security” dilemma describes a situation, in which tech companies, such as social-media or encrypted messaging apps, have to choose between two options, each that have negative consequences for both parties. Companies that cooperate with law enforcement and intelligence agencies by providing access to private data hopefully address security threats from terrorism, but by doing so, demonstrate their failure to value and protect the privacy and free speech of its users—which is particularly harmful to encrypted social media apps which exist precisely for that purpose. Law enforcement and intelligence agencies also lose if tech-companies cooperate, as many users—both benign and nefarious—will stop using the app and download another. On the other hand, if the social media app executives do not cooperate, bad press inevitably follows, framing the company as a ‘terrorist supporter’. Thus, with either choice—compliance or refusal, the company faces negative consequences, from its customers or the security sector, as does the CT-community.

Social media companies, such as Facebook, Twitter and YouTube face a similar dilemma, costing them time and resources which do not directly support their products in efforts at surveillance and takedowns which may also turn away users. Their dilemma is less severe however, as their apps do not depend solely on being able to provide encrypted communications. In the case of these web-based, open source social media there are also web-crawlers and business applications that could be used by these companies to detect and take down a lot more ISIS content than is currently being taken down at present.[6] And, it should not be forgotten that social media companies are masters in collecting data on users for targeted advertising purposes. Perhaps for them, it would be advisable to use existing technology and modify it to identify violent extremist online propaganda?

Encrypted apps are another story and cannot be crawled in this manner. In either case, extremist content is spreading, versus decreasing, on social media and law enforcement simply can’t keep up while social media companies, for reasons unknown, have not yet opted to use available technologies for more comprehensive and speedy takedowns. As a result, we are failing in countering extremist content online. However, as a recent Guardian article argued: “Counter-terrorism was never meant to be Silicon Valley’s job”.[7]

Moreover, due to growing concerns of consumers about hacking, as well as anxieties raised about government surveillance (particularly following Edward Snowden’s shocking revelations), a large number of mobile phone users have turned to encrypted messaging apps. In 2016, Telegram was downloaded 49,28 million times, followed by Wickr-Me with 3.8 million, Signal with 3.62 million, and other encrypted messaging combined with 0.35 million downloads[8]. When we look at these numbers, we have to ask ourselves, if our citizens value privacy more than they value security from terrorist threats? Do the costs of losing privacy, free speech and surveillance-free communications outweigh the benefits? Indeed, the number of terrorists compared to the vast majority of Telegram (and other encrypted app) users who are benign and have no intention to commit an act of terror is very low. If all Telegram users were in fact terrorists, we should see terror attacks every single day. But, fortunately, we don’t.

Nevertheless, we should not give up on chasing terrorists and shutting down their activities in the encrypted space; but instead of demanding the encrypted apps cooperate with government, it may be more useful to independently develop creative methodologies to gain valuable intelligence on those individuals engaging with and distributing ISIS propaganda as well as recruiting and directing terrorist attacks. In particular, with ISIS relying so heavily on Telegram, we need at present to find ways to fight ISIS without demanding any help of Telegram, whose executive leadership refuses in any case, to release encrypted information needed to fight jihadists using their messaging app. [9]

Identifying Nefarious Telegram Users without the Help of Telegram

So, how can we deal with this very tiny fraction of Telegram users who support and share ISIS content? To this end, we were interested in two questions: first, can we learn if pro-ISIS Telegram users employ information security (InfoSec) measures, such as virtual private networks (VPNs), to protect their identity and if not, are they identifiable? Second, is it possible to identify ISIS endorsing Telegram users communicating via private messaging without any help from Telegram, to make it possible for the law enforcement or intelligence community to do the same?

ISIS, as well as other militant jihadi groups have long been concerned with promoting information security to their members to enable them to evade law enforcement and intelligence. Among the many InfoSec groups ISIS promotes to their members, one known as “Horizon” has published manuals in multiple languages on topics like VPNs, secure browsers and the deep and dark web. In 2015, researchers discovered that ISIS had been using a 34-page operational manual that demonstrates just how tech-savvy ISIS really is. This manual was written in 2014 by a Kuwaiti cyber-security firm for journalists and activists in Gaza, but it was also found in ISIS chat rooms. Topics that are covered range from how to use Twitter, with a focus on protecting identity, to using encrypted Internet browsers and keeping telecommunications private.[10] At ICSVE, our researchers have been monitoring pro-ISIS Telegram channels for quite a while and we have also come across several Telegram channels that serve solely one purpose, namely educating pro-ISIS individuals in information security. Fig.1 shows a screenshot of a pro-ISIS channel that shares free tools, such as anti-virus software or VPN tools on a daily basis. According to Alkhouri, “such advice is what helped many jihadists bypass scrutiny and operate online with ease”.[11]

Given the dissemination of these manuals and ISIS’ intent of educating its followers about the importance of information security, we were keen to test if Telegram users operating in ISIS space actually are actually savvy enough to have implemented these InfoSec measures or if they fail to pay attention. To this end, we conducted a small experiment on Telegram, which was comprised of two approaches. Concerning our methodology, we have decided not to reveal it here as it was used to learn the identities of pro-ISIS Telegram users and we do not wish to further educate them in terms of information security. In this respect, it must be highlighted that this methodology should not be perceived as a ‘silver-bullet’, but more as a ‘cause for thought’ to develop better and more effective approaches. At ICSVE, we strongly believe that any effort to fight ISIS on the digital battleground is better than doing nothing—particularly as ISIS loses territory and increasingly promotes and directs homegrown attacks via the Internet.

The first approach was OSINT-informed and had the objective to identify the social media accounts of pro-ISIS Telegram users that in turn provides us with valuable intelligence about the actual identity of the person and his or her wider network. By employing our techniques, we were able to gain the actual identities of 3 users in a private chatroom, however, we will only highlight one case herein as the method is the same. In this regard, it is also necessary to emphasize that corroborating our results was one of the main challenges of this approach, however, after analyzing the whole case, we were quite confident in our judgements as the evidence was overwhelming.

In the first approach, we focused on private chat rooms as they allow us (not always) to see the actual group members in terms of numbers and profiles. In this case, we explored a private chat room, which primarily disseminates official ISIS propaganda.

In this case, a profile caught our eyes for several reasons (that we don’t explain here as it would reveal our methods). We were keen to find one of the target’s social media accounts which might revel his or her real identity. Generally, we assumed, that even though individuals employ encrypted-messaging apps for privacy for their terrorist-engaging purposes, they still have active social media social media accounts registered in their own real identities. And, in this particular case, we were right).

In fact, we were quite surprised how easy it was to identify this particular Telegram user. However, it should be mentioned that this approach does not work with any Telegram user, but it is definitely worth a try for the purpose of gaining valuable intelligence.

A quick scan of the pictures which were posted on this individual’s Facebook account, reveals more about the individual. Especially the knife picture caught immediately our attention, as in Telegram the same individual was endorsing and sharing violent ISIS propaganda material that causes us to view him as radicalized and potentially considering engaging in violence. To learn if his knife picture was unique to him we searched the same image on the surface web and found out that this picture was posted repeatedly on other websites. In other words, the individual simply copied and pasted the picture, which also implies that the target is most probably not in possession of that particular knife. Yet his Telegram activity makes clear he may be considering enacting violence. To be on the safe side we passed our information, including his identity, on to the relevant security authorities for them to determine whether or not he constitutes an actual terrorist threat.

Our second approach tested whether or not pro-ISIS Telegram users employ information security measures, such as VPNs or a Proxy, to disguise their IP-addresses. We need to emphasize that we were also aware of the fact that individuals could use a Tor browser, public Wi-Fi or similar tools. In these cases, we would not be able to know if the IP address ties to that individual or not. Likewise, we were aware of the fact that identifying someone’s IP address would not give us his or her real name, exact location, or anything like that. In general, we assumed that most individuals use Telegram on a daily basis, meaning that whenever they have time to check out the latest posts, they would use their mobile phones to have a quick look. Furthermore, we assumed that these individuals would probably not use a VPN or Proxy every single time they access Telegram, even if installed, because it often slows down the Internet speed and individuals may just forget about activating the VPN when anxious to view new posts.

With all these assumptions in mind, we again went back to one of the private chat rooms to carry out a small experiment. Our experiment was exploratory in nature as we haven’t come across a similar approach in the literature or on the Internet, however, we are aware that many intelligence agencies have been using the same or similar techniques. Overall, we needed four attempts to gather a sample of three out of all of the 138 group members that we then studied for their use of a VPN or Proxy. From these three individuals, two have not used a VPN or Proxy as in contrast to the third individual who used a Proxy Server (located in Cyprus). In this respect, it is paramount to highlight that these results should be interpreted carefully as the method used is not 100% accurate. Furthermore, those two individuals identified could have also used a Tor Browser or public Wi-Fi, for example. So, how reliable is the method then?

To be on the safe side, we have also used the same method to disguise the IP addresses of friends who use Telegram on a daily basis. We conducted this experiment in three rounds. Round one gave instructions on using a VPN or Proxy. Round two gave instructions on not using any of the InfoSec measures. Round three tested our method in the “Secret Chat” that uses end-to-end encryption, leaves no traces on Telegram servers, has a self-destruct timer and does not allow forwarding, by telling our friends not to use a VPN or Proxy. Overall, we were successful in disguising the IP-addresses (Round 2 and 3) and most importantly, to detect the Proxy or VPN (Round 1). With this in mind, we were confident that our results with the small pro-ISIS sample was similarly successful.

Conclusion

ICSVE’s brief exploratory incursions on Telegram tell us two things. One that it is possible to penetrate ISIS Telegram chat rooms and inside them find the social media accounts, and thus identities, of those who appear to be serious ISIS devotees. Likewise of these we were able to find, we learned that some do not take the precautions of using a VPN or Proxy network, despite ISIS’s instructions to do so. Most surprisingly, we found out that our method even works in the Secret Chat, a special service that makes Telegram so famous for being secure. Our small experiments should be seen as an attempt of exploring and discovering creative ways to identify pro-ISIS Telegram users. Most importantly, we want to demonstrate that there are ways to fight ISIS in encrypted messaging apps, even though Telegram itself is refusing to cooperate.

There is also still the matter of social media giants such as Facebook, YouTube and Twitter using available technologies to take ISIS content and accounts down faster so that there is not the opportunity to engage and be seduced off the open source web-based social media into the encrypted social media apps that are harder to track. However our short experiment demonstrates that tracking is possible even when not having Telegram’s cooperation. And this was just the beginning.

Note to readers: Our expertise and methodology is freely available to law enforcement and intelligence agencies upon request.

Reference for this article: Lorand Bodo, M.A. & Anne Speckhard, Ph.D. (July 15, 2017) Identifying Nefarious Telegram Users without the Help of Telegram Itself: Testing Solutions for Intelligence and Security Professionals in Fighting ISIS in the Encrypted Social Media Space. ICSVE Research Reports. http://www.icsve.org/research-reports/identifying-nefarious-telegram-users-without-the-help-of-telegram-itself-testing-solutions-for-intelligence-and-security-professionals-in-fighting-isis-in-the-encrypted-social-media-space/

 [1] Yayla, Ahmet S and Speckhard, Anne (2017). Telegram: The Mighty Application that ISIS Loves, available at: http://www.icsve.org/brief-reports/telegram-the-mighty-application-that-isis-loves/ (29.06.2017)

[2] Callimachi, R. (2017). Not ‘Lone Wolves’ After All: How ISIS Guides World’s Terror Plots From Afar, available at: https://www.nytimes.com/2017/02/04/world/asia/isis-messaging-app-terror-plot.html (29.06.2017).

[3] Speckhard, A., Shajkovci, A. & Yayla, A. S. (2016). “Defeating ISIS on the Battle Ground as well as in the Online Battle Space: Considerations of the “New Normal” and Available Weapons in the Struggle Ahead”. Journal of Strategic Security 9, no.4, p.1-10.

[4] Reuters (2017). Russia, Upping Pressure on Telegram App, Says It Was Used to Plot Bombing, available at: https://www.nytimes.com/reuters/2017/06/26/technology/26reuters-russia-telegram-security.html (29.06.2017).

[5] Reuters (2017). Telegram App Agrees to Register in Russia, but Not to Share Private Data, available at: https://www.nytimes.com/reuters/2017/06/28/technology/28reuters-russia-telegram-security.html (29.06.2017).

[6] See for example: GIPEC (2017). Who we are: GIPEC, available at: http://www.gipec.com/who-we-are/ (30.06.2017).

[7] Solon, O. (2017). Counter-terrorism was never meant to be Silicon Valley’s job. Is that why it’s failing? available at: https://www.theguardian.com/technology/2017/jun/29/silicon-valley-counter-terrorism-facebook-twitter-youtube-google (29.06.2017).

[8] Roberts, J. J. (2017) Here Are the Most Popular Apps for Secure Messages, available at: http://fortune.com/2017/01/17/most-popular-secure-apps/ (29.06.2017).

[9] The Times (2017). Message app used by Isis refuses to fight jihadists, available at: https://www.thetimes.co.uk/article/message-app-used-by-isis-refuses-to-fight-jihadists-jrddv7c93 (30.06.2017)

[10] Murgia, M. (2015). Islamic State uses detailed security manual, revealing its cyber strategy, available at: http://www.telegraph.co.uk/technology/internet-security/12007170/Islamic-States-detailed-security-manual-reveals-its-cyber-strategy.html (29.06.2017). (You can also find the manual here)

[11] Alkhouri, L. (2017). How Cyber-Jihadists Protect Their Identities and Their Posts, available at: https://www.thecipherbrief.com/column/private-sector/how-cyber-jihadists-protect-their-identities-and-their-posts-1092 (29.06.2017).

Continue Reading
Comments

Intelligence

Mounting Cyber Espionage and Hacking Threat from China

Avatar photo

Published

on

Earlier this month a ransomware attack on America’s Prospect Medical Holdings, which operates dozens of hospitals and hundreds of clinics and outpatient centres across the states of Connecticut, Rhode Island, Pennsylvania and Southern California was forced to shut off its centres in several locations as the healthcare system experienced software disruptions. In June India’s premier hospital, the All India Institute of Medical Sciences (AIIMS) faced a malware attack on its systems which was thwarted by its cyber-security systems. This is not the first time that the premier hospital’s data was breached. In November 2022, AIIMS had experienced a cyberattack within weeks of announcing that from January 2023, it would operate on a completely paperless mechanism. The cyber attack which involved ransomware, designed to deny a user or organisation access to files, lasted for nearly a month affecting the profile of almost 4 crore patients – affecting registration, appointments, billing, laboratory report generation, among other operations of the hospital. Regarding the quantum of data that was compromised, the government revealed that “five servers of AIIMS were affected and approximately 1.3 terabytes of data was encrypted.”

Till June this year, Indian Government organisations faced over one lakh cyber security incidents and financial institutions saw over four lakh incidents. Data presented by the Indian Computer Emergency Response Team (CERT-In), which has the mandate of tracking and monitoring cybersecurity incidents in India, indicates rising Cyberattacks to government organisations.  or systems year on year. From 70798 in 2018, to 112474 in 2023 (up to June) incidents of cyber attacks have been on the rise, on a year on year basis. Presenting this data at the Parliament, Minister for electronics and IT Ashwini Vaishnaw said, “With innovation in technology and rise in usage of the cyberspace and digital infrastructure for businesses and services, cyber-attacks pose a threat to confidentiality, integrity and availability of data and services, which may have direct or indirect impact on the organisation.”

A lot of the hacking activity points towards China.  Western intelligence agencies are becoming increasingly wary of digital intrusion by hacking teams that they believe are being backed by China’s government. Almost a decade ago, American computer security firm Mandiant had made the startling claim that these hacking groups are operated by units of China’s army. The firm was able to trace an overwhelming percentage of the attacks on American corporations, organisations and government agencies to a building on the outskirts of Shanghai. Mandiant made the case that the building was one of the bases of the People’s Liberation Army’s corps of cyberwarriors. US intelligence analysts have detected that a central element of Chinese computer espionage is Unit 61398 which targets American and Canadian government sites. Mandiant, which was hired by The New York Times, found that hacker groups like “Comment Crew” or “Shanghai Group” were behind hundreds of attacks on U.S. companies, focusing “on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks” thereafter bringing that information to the military unit 61398.

In their defence the China’s authorities simply denied any form of state-sponsored hacking, and have in turn dubbed the US National Security Agency (NSA) as “the world’s largest hacker organisation.”

Nonetheless, since the 2013 revelations, Chinese hacking teams have generated a lot of interest and Western cybersecurity companies and intelligence agencies have accused them of global digital incursion. They allege that Chinese government-backed hackers attempt to target everything from government and military organisations to corporations and media organisations.

Most recently in the footsteps of the incident involving the Chinese spy balloon Microsoft claimed that in an ongoing effort Chinese state-sponsored hackers group ‘Storm-0558’ was forging digital authentication tokens to gain unauthorised access to Microsoft’s Outlook accounts  and urged users  “close or change credentials for all compromised accounts”. On May 24, Microsoft and US intelligence state-sponsored hackers of ‘Volt Typhoon’ were engaged in ongoing spying of critical US infrastructure organisations ranging from telecommunications to transportation hubs, using an unnamed vulnerability in a popular cybersecurity suite called FortiGuard, and had been active since mid-2021.

According to US cybersecurity firm Palo Alto Networks cyber espionage threat group ‘BackdoorDiplomacy’ has links to the Chinese hacking group called ‘APT15’and they are all involved in cyber intrusions and financially motivated data breaches for the Chinese government. During the visit by then-US House of Representatives Speaker Nancy Pelosi to Taipei, APT27 initiated a range of cyber attacks targeting Taiwan’s presidential office, foreign and defence ministries as well as infrastructure such as screens at railway stations. Television screens at 7-11 convenience stores in Taiwan Began to display the words: “Warmonger Pelosi, get out of Taiwan!”

Mara Hvistendahl’s article in Foreign Policy, 2017 ‘China’s Hacker Army’ estimated China’s “hacker army” anywhere from 50,000 to 100,000 individuals, but rejected the belief that it was a monolithic cyber army. Mara contends that Chinese hackers are for the most part dangerous ‘freelancers’ whose ‘causes neatly overlap with the interests of the Chinese government’ and these hackers are left alone as long as they target foreign sites and companies.

Although cyber attacks have gone up globally, data by Check Point, an American-Israeli software company, reveals that weekly cyber attacks in India have gone up by 18 per cent this year, which is  2.5 times more than the global increase. Furthermore the  cyber attacks are becoming more sophisticated as hackers try to weaponize legitimate tools for malicious gains. For instance the use of ChatGPT for code generation, enables hackers to effortlessly launch cyberattacks.

Last year in a massive case of cyber espionage, Chinese-linked hackers broke into mail servers operated by the Association of Southeast Asian Nations (ASEAN) in February 2022 and stole sensitive data. At the recent ‘Conference on Crime & Security on the theme of ‘NFTs, AI and the Metaverse’, current G20 President India, has highlighted the need for cooperation to build cyber-resilience in an increasingly connected world. Both cyber attacks and cyber crimes have national security implications.

In India, investigations into the cyberattack, which had crippled the functioning of India premier health institution AIIMS, revealed that “the IP addresses of two emails, which were identified from the headers of files that were encrypted by the hackers, originated from Hong Kong and China’s Henan province”.

Earlier this year, US Federal Bureau of Investigation (FBI) Director Christopher Wray had an alarming metric, – that Chinese hackers outnumber FBI cyber staff 50 to one. Addressing a Congressional panel he said, China has “a bigger hacking programme than every other major nation combined and has stolen more of our personal and corporate data than all other nations — big or small — combined.”

China is today home to some of the most sophisticated hackers, whose capabilities have only improved with time. Their motivations and actions might be independent but are conveniently entwined. However, much more needs to be understood about the hacker culture from China in recent years, if the menace of cybercrime and ransomware is to be mitigated successfully .

Continue Reading

Intelligence

Whistleblowers: the Unsung Heroes

Avatar photo

Published

on

Whistleblowing is a bribery and corruption prevention strategy that does not receive the credit it deserves. In fact, rather than relying exclusively on laws, regulations, and resolutions, whistleblowing can be considered a highly effective method to combat bribery and corruption in any field, including government or corporate settings. Whistleblowing often leads to sustainable solutions, as it involves voices from various levels, ranging from grassroots to top-tier management. However, there are plethora of challenges whistleblowers face when they blow the whistle. Nonetheless, whistleblowers play a crucial role in preventing bribery and corruption, and this pivotal role enables preserving the security of any nation.

As stated by the National Center for Whistleblowing (2021), at its core, a whistleblower is an individual who discloses instances of wastefulness, fraudulent activities, misconduct, corruption, or hazards to public well-being, with the intention of prompting corrective actions. While whistleblowers are often affiliated with the organization where the wrongdoing occurs, it is not a prerequisite; anyone can assume the role of a whistleblower as long as they reveal information about the wrongdoing that would otherwise remain concealed. In simple terms, a whistleblower is a person who acts responsibly on behalf of themselves as well as others. Whistleblowers play an extremely imperative role in any society, as they stand for justice, promote accountability, and advocate transparency.

When looking at its link to national security, whistleblowers play a crucial role. One prominent action is whistleblowers exposing imminent and occurred security threats. They are capable of disclosing breaches of security, illegal surveillance, and in situations where individuals or entities are attempting to divulge material information. Whistleblowers uncover injustices, misconduct, and beyond-the-scope activities of decision-makers within government or private entities. If individuals engage in unethical practices, illegal actions, or actions jeopardizing integrity, whistleblowers blow the whistle. One such example, as reported by St. Francis School of Law in 2022, is whistleblower Frank Serpico’s case. He was the first police officer who openly testified about corruption within the New York Police Department, reporting instances of police corruption, including bribes and payoffs, despite facing numerous obstacles. His revelations contributed to a 1970 New York Times story on systemic corruption in the NYPD, leading to the formation of the Knapp Commission. In 1971, he survived a suspicious shooting during an arrest, raising concerns about potential attempts to harm him. Serpico’s bravery emphasized the importance of accountability and transparency in law enforcement.

Whistleblowers also contribute by facilitating accountability by bringing into light corrupt practices such as mismanagement of money. An example is, in 1968 when A. Ernest Fitzgerald, known as the “godfather of the defense movement,” exposed a staggering $2.3 billion cost overrun related to the Lockheed C-5 transport aircraft. His courageous testimony before Congress shed light on issues in defense contracting and resulted in substantial government savings. Fitzgerald’s contributions went beyond the immediate case, playing a crucial role in the passage of the Whistleblower Protection Act of 1989. This results in a culture of accountability where representatives of the public are answerable to their actions. Whistleblowers uphold the rule of law and promote justice by defending the rights of the citizens. It fosters democracy.

However, whistleblowers are often subjected to criticism for standing up against injustice. They fear retaliation, as guilty parties may try to silence them out of revenge. Additionally, companies or institutions may not take whistleblowers seriously, leading them to avoid addressing the reported issues. In many cases, this happens because governments or authorities in power might be involved in bribery and corruption. Public recognition and appreciation of whistleblowers’ contributions to society are vital and should not be perceived as excessive. In addition, there are situations where groups of individuals create sub cultures within organisation and act against rules and protocols jeopardising inclusive culture. In such situations, reporting to a superior will be seen as favoritism or being overly devoted to the institution. This toxic environment demotivates valuable employees or those willing to stand against injustice. The lack of adequate legal protection further compounds the challenges faced by whistleblowers. Moreover, the courage to stand against bribery and corruption is in dire need, as many individuals may lack the moral fortitude to do so.

Whistleblowers are internationally and domestically protected, primarily through the adoption of the United Nations Convention against Corruption. Other international agreements, such as the African Union Convention on Preventing and Combating Corruption and the Organization of American States Inter-American Convention against Corruption, also demonstrate a commitment to whistleblower protection. Various influential international organizations, including the G20, OECD, and APEC, have played a role in promoting whistleblower laws and best practices worldwide. On the domestic front, countries like Sri Lanka have specific laws dealing with corruption, while OECD findings highlight countries with comprehensive whistleblower laws such as the United States, Canada, Japan, and others.

Despite these efforts, there are still some ambiguities and gaps in provisions that hinder effective whistleblowing. For instance, the proposed anti-corruption bill in Sri Lanka allows public officers to accept gratifications authorized by written law or employment terms, which undermines the core objectives of the bill and enables influential individuals to evade accountability for corrupt gains. In Russia, whistleblower protection is limited, with unsuccessful attempts to establish protective measures in 2017. This puts Russia behind the EU, which has implemented robust whistleblower protection through the Whistleblowing Directive.

It is evident that whistleblowers play an indispensable role in combatting bribery and corruption, acting as a highly effective strategy to preserve the security of any nation. Despite facing numerous challenges, these individuals contribute significantly by uncovering wrongdoing, promoting accountability, and upholding transparency. By exposing imminent security threats and holding corrupt practices accountable, whistleblowers safeguard the rule of law and foster democracy. However, to harness the full potential of whistleblowing, it is crucial to address barriers to reporting and remedy afore mentioned legal hurdles. Encouraging a whistleblowing culture and recognizing their contributions will enable society to effectively mitigate and combat bribery and corruption, by creating a more just and transparent environment. To accomplish this, organizations can embrace a culture of whistleblowing, by conducting awareness campaigns, implementing training programs, and fostering a safe and supportive environment for whistleblowers to come forward. In addition, implementing technical measures and policies to ensure whistleblower protection, authorities can demonstrate their commitment to supporting those who expose wrongdoing. These collective actions will strengthen the pivotal role of whistleblowers in preserving security by combating bribery and corruption, fostering a safer and more ethical society for the future.

Continue Reading

Intelligence

Breaking the Grip: Comprehensive Policy Recommendations to Defeat Drug Cartels

Avatar photo

Published

on

afghanistan terrorism

In 2022, drug overdoses claimed the lives of over 100,000 Americans. The primary sources of illegal drugs flooding into the United States are the Mexican drug cartels, who exploit a network of corrupt politicians, police officers, and military personnel in Mexico. Within Mexico itself, these cartels are responsible for a staggering level of violence, including tens of thousands of homicides each year. Within the United States, the cartels establish distribution cells, collaborating with either Mexican gangs or affiliated criminal organizations.

The U.S. Drug Enforcement Agency (DEA) considers the Mexican drug cartels to be the number-one threat to the United States. Among them, the Sinaloa Cartel and Jalisco New Generation Cartel (CJNG) are the richest and most powerful. Their exceptional earnings allow them to invest in soldiers and weapons, as well as payoffs and bribes, enabling them to expand their territorial control.

To effectively address the challenge posed by the cartels, the United States should adopt a comprehensive set of policy measures. These include securing the southern border, fostering enhanced cooperation with the Mexican government, implementing immigration reforms, bolstering drug enforcement efforts domestically, designating the cartels as terrorist organizations, imposing targeted financial and economic sanctions, and considering if limited military intervention is necessary.

While these measures hold significant potential, there exist political barriers that hinder their implementation.

Secure the Southern Border

Since January 2020, over five million people have illegally crossed the southern border. The U.S. Customs and Border Protection (CBP) identifies protecting the border from illegal movements of people and drugs as being essential to homeland security. Transnational criminal organizations, such as the Sinaloa Cartel and CJNG, are responsible for most of the drugs entering the country. On an average day, CBP seizes 1,797 pounds of illegal narcotics. In 2022, CBP seized a total of “more than 1.8 million pounds of narcotics and 14,700 pounds of fentanyl.” Preventing the cartels from being able to transport drugs into the United States would take away their income, causing their soldiers and friendly politicians to stop cooperating with them.

In order to better secure the border, CBP has created a preparedness plan which consists of a number of crucial elements, such as increasing the number of personnel, while improving technology and infrastructure. In addition to new hires, the number of personnel can be augmented through increased cooperation with other branches of law enforcement and the military. In May, President Biden, in response to a request from the Department of Homeland Security (DHS), which oversees CBP, ordered an additional 1,500 troops to the border for a 90-day deployment. This was on top of the 2,500 already in place. Texas Governor Ron Abbot deployed his national guard and the new Texas Tactical Border Force to the border. North Dakota and Tennessee, as well as other states, also sent members of their national guard to Texas. In addition to national guard troops, the state of Florida sent a mix of state law-enforcement officers from varying branches. To effectively control the border, however, and have a major impact on illegal immigration, the number of troops will have to be drastically increased and the deployment would have to be permanent.

The technological improvements called for by the DHS include increased use of high-tech assets for aerial surveillance such as drones and manned aircraft. They also want sensors on border barriers, land sensors, cameras, radar, and autonomous surveillance towers. This technology will allow the DHS to better detect, monitor, and track unauthorized border crossings. Additionally, improved data analytics and artificial intelligence would help with screening and processing of legal entrants as well as illegals who have been apprehended.

The DHS has called for improved infrastructure towers, as well as facility expansion and upgrades. Some U.S. lawmakers would also like to see the border wall completed, particularly along vulnerable areas. A wall would impede illegal entry to the country, while making it easier for officials to spot illegal crossings.

Plans to secure the border have been rejected on a number of grounds. First, it would be expensive to station the necessary number of personnel at the border. Increased infrastructure, particularly the wall, would also be very costly and would not provide a 100-percent solution. Even more, it would be seen as racist, with Bloomberg calling the border wall a monument to White Supremacy.

Increased Cooperation with Mexican Government

One part of the cooperation with Mexico has to include Mexico’s willingness to help staunch the flow of illegal immigrants into the United States. Mexican President López Obrador formed a national guard tasked with this purpose, but the group has been condemned by human rights activists. Furthermore, the national guard, like other elements of Mexico’s law enforcement and military, suffers from corruption. 

If migrants were turned away by the U.S. in large numbers, Mexico would have to stand ready to accept them. Mexico would also have to form agreements with other countries in the chain of drug transit, from Colombia, through Central America, to the U.S. border. These countries will have to similarly agree to help prevent migrants from entering Mexico and they will have to stand ready to receive those migrants returned by Mexico.

Inside of Mexico, the Mexican government must actively fight the cartels, disarming them, disbanding them, and loosening their hold over both territory and people. This includes targeting high-profile cartel leaders. This will create command and control vacuums which historically have caused in-fighting among cartel members. Large cartels would then splinter into independent and warring groups with considerably less power. Changes within Mexico, however, would be dependent on reducing corruption, and these policies would be very unpopular among politicians, police, and military officers who benefit from the status quo.

Because of the massive corruption and the influence the cartels have over the Mexican authorities, U.S. Rep. Dan Crenshaw (R-TX) has abandoned any hope of cooperating with the Mexican government, calling the country “a failed narco-state.” Sen. Lindsey Graham (R-SC) has similarly given up on the Mexican government, saying that the U.S. should notify Mexico that the cartels will soon be designated as terrorist organizations.

Immigration Reform

The screening process for legal immigrants must be strengthened, while backdoor avenues, such as illegal entry and asylum-seeking, must be curtailed. Under the Biden administration, anyone arriving at the southern border can claim to be seeking asylum. This allows them to remain in the United States awaiting their asylum hearing. Republicans see this as an enticement for people wishing to enter the country, bypassing normal immigration procedures. Rights groups, on the other hand, complain that Washington should not curtail its acceptance of asylum seekers. In this case, asylum seekers should be returned to Mexico to await their court date. Knowing that they cannot get a free pass into the U.S. would reduce the number of people seeking to exploit the system. This change in immigration procedure would have to be coordinated with Mexico, however, as the undocumented would be entering Mexican territory.

Increased Drug Enforcement in the U.S.

Drug laws in the U.S. must be rigorously enforced in order to reduce the demand for drugs. Law enforcement must be strengthened, including additional training, and increased investigation and prosecution of drug-related crimes. Intelligence gathering must be enhanced through the creation of specialized units and task forces. The DEA reported that drug cartels are exploiting social media to sell fentanyl and methamphetamine. The authorities should closely monitor these social media in order to identify and arrest buyers and sellers. Furthermore, the DEA must coordinate with federal, state, local, and tribal law enforcement agencies to increase arrests of people selling or buying illegal drugs.

Beyond law enforcement and prosecution, there must be comprehensive drug prevention and treatment programs, education campaigns, addiction treatment, and rehabilitation programs. Opponents of strict enforcement claim that enforcement does not work because drug use has increased during the 50 years that the U.S. war on drugs has been going on. The war on drugs has cost $1 trillion, and roughly one in five incarcerated people were arrested on drug charges. Opponents also complain that prisoners are disproportionately Black and Latino. Although only 13.4 percent of the population is African American, about 25 percent of all persons arrested for drugs are African American adults.

Identify Cartels as International Terrorist Organization

The cartels are known to cooperate with international terrorist organizations, such as Hezbollah, Taliban, the Revolutionary Armed Forces of Colombia (FARC) and al-Qaeda, in order to sell their drugs in other parts of the world. They also aid terrorism by smuggling terrorists into the United States. To launder their illicit income, they employ the services of Chinese criminal organizations which pose their own threat to the United States. U.S. lawmakers have proposed designating the cartels as terrorist organizations, because they use violence and threats of violence to influence and control judges, politicians, and lawmakers. Designating the cartels as terrorist organizations would facilitate U.S. government seizure of cartel assets. It would make it easier for the U.S. to arrest cartel members inside of the United States, and possibly inside of Mexico. The U.S. could deport or bar from entry persons associated with the cartels. A terrorism designation would also enable the U.S. to deploy the military, even inside of Mexico.

However, there would be a number of disadvantages. First, violence would most likely increase, particularly if the U.S. military became involved. Next, it would effectively destroy U.S.-Mexico relations. The U.S. would be able to sanction or arrest high-ranking members of the Mexican government and security forces, which might be perceived as an act of war. These types of purges might destabilize the Mexican government and would, at the very least, cause a breakdown in cooperation between the two nations. Furthermore, bilateral trade, valued at $800 billion and accounting for millions of jobs on both sides of the border, would dry up. Increased violence, a destabilized government, and a loss of jobs would increase the flow of illegal immigrants into the United States.

Military Intervention

Rep. Dan Crenshaw and other U.S. lawmakers have called for an Authorization for Use of Military Force (AUMF) to target Mexican drug cartels, saying “We must start treating them like ISIS – because that is who they are.” Those who back an AUMF point to the fact that the cartels are responsible for more American deaths each year than the entire Vietnam War. An AUMF would provide the president with the sophisticated hardware and expert personnel of the U.S. military, more powerful assets than those possessed by law enforcement or the DHS. Supporters of an AUMF also make the point that the soldiers would be engaging foreign hostiles in a foreign nation and, therefore, would not be infringing on the civil rights of U.S. citizens. 

In addition to arresting or killing key cartel members, military intervention could disrupt drug supply chains by destroying growing fields and drug labs. The government of Mexico has protested discussions of U.S. military operations in his country, calling it an offense to the Mexican people. Mexico’s President Lopez Obrador said that he would not “permit any foreign government to intervene in our territory, much less that a government’s armed forces intervene”.

Another disadvantage of U.S. military operations in Mexico would be an increase in violence. Inevitably, civilians would suffer, and the U.S. would be portrayed as the villain in the international and liberal press. The threat of cartel violence against Americans would also increase. Historically, the cartels have tried to avoid killing Americans, for fear of provoking Washington’s wrath. If the U.S. military began engaging in cross-border operations, the cartels would most likely declare all-out-war on Americans. Cartel violence within the U.S. would also accelerate as the cartels would be risking nothing by upping the ante.

Increased Financial and Economic Sanctions

Financial and economic sanctions can be powerful tools to break the cartels and to punish those who assist them. This includes enforcement of anti-money laundering laws, as well as targeting financial institutions that handle cartel money. Cartel assets held in banks around the world could be seized if U.S. allies also participated in the sanctions. If Mexico is legitimately interested in curbing corruption in their own government, this intense scrutiny would also help them to discover which public officials were accepting bribes.

Sanctions have already been used against the cartels: In 2022, the U.S. Treasury Department, in cooperation with their Mexican counterparts, brought sanctions against a cartel member who was trafficking weapons from the United States. Under the sanctions, Obed Christian Sepulveda Portillo had his property in the U.S. seized. U.S. Entities and persons from the U.S. are also prohibited from doing business with him or completing transactions on his behalf. Those who violate these sanctions may face criminal charges or civil lawsuits. In July 2023, the Treasury Department imposed sanctions against ten individuals, including several Sinaloa Cartel members, as well as one Mexico-based company, for their role in the production of illicit fentanyl and the precursor chemicals necessary for fentanyl production. Under the sanctions, all of their properties and interests in the U.S. were seized. Americans were banned from doing business with them. Companies in which they had a direct or indirect stake of 50 percent or more were also prohibited from doing business in the U.S. or with Americans. These are good examples, but to break the cartels, these types of sanctions would have to increase in scope, hitting large numbers of people participating in criminal networks.

From an efficacy standpoint, the above policy recommendations, if taken together, would result in a decrease in the supply side, a decrease in the demand side, and a long-term reduction in drug deaths and violent deaths in both the U.S. and Mexico, eventually leading to the stabilization of Mexico. Breaking the hold the cartels have on the country would allow Mexico to develop economically. This would benefit the entire population and the United States. But this success, which could take painful years to achieve, would come with a political and human cost which politicians may not be willing to pay.

Continue Reading

Trending