• While terrorism dominates U.S. political and foreign policy concerns, the threat posed by domestic gun violence—from a statistical standpoint—far outweighs the threat of terrorism within the United States
• With over 30,000 gun-related deaths a year (less than half of which are murders, and the rest suicides and accidental deaths), the United States experiences a death toll of ten 9/11 attacks each year from gun violence
• High-profile shootings such as the on-air murder of two journalists in Virginia, or the execution-style killing of a Houston police officer, provide only the briefest of spotlights on America’s daily death toll from gun violence
• As noted last week in the New York Times, there have been more domestic gun deaths in the United States since 1968 than in all of America’s wars since the Declaration of Independence.

Last week’s murder of two journalists on live television in Virginia, and the execution-style murder of a deputy sheriff in Texas, shined a brief spotlight on what is a tragic and frequent occurrence in the United States. With only 5% of the world’s population but approximately 50% of its privately owned firearms, the United States is awash in both guns and gun-related deaths. While the fear of terrorism drives foreign policy in terms of priorities and threat matrices, the fact is that for the average American, terrorism fortunately remains a threat far more feared than realized.

The threat of gun violence, however, is fully realized; more than 30,000 Americans are killed every year by guns. Mass shootings understandably garner the most attention, but the vast majority of victims die alone, through suicide or murder. Since the June 2015 Charleston church shootings, more people have been killed by guns in America than on 9/11—the event that has become the ‘before/after’ for American security policy. As Nicholas Kristof noted in the New York Times last week, more Americans have been killed domestically by guns since 1968 than in all the wars and conflicts fought by the U.S. since 1776. The efforts to convincingly frame the carnage are as endless as they are ineffective. The issue of gun violence in America defies creative comparison.

From the killing of 20 young children in a Connecticut elementary school (among the total of 27 killed that day) to a mass murder in a church in Charleston; from a movie theater in Colorado to a military office in Chattanooga, there is evidently no outrage shocking enough to spur a sustained national discussion on ways to alter the trend lines. Guns play a unique role in the killing of Americans, yet the dialogue surrounding the threat of domestic gun violence remains paralyzed. While other comparable threats are analyzed and addressed, gun violence is alone ignored. The sheer variety of ways in which Americans die by gunfire has rendered it apparently not just unsolvable but also unmentionable. Murders make headlines, but suicides devastate far more American families. The immediacy of an available gun is coupled with the permanence of its firing. Gun violence’s victims may vary, but the cause of death is consistent, as compared to other developed nations.

The focus on terrorism is a comforting ‘us vs. the other’ fight that is easily framed, unlike the unframable threat of American gun violence. Terrorism is certainly a global issue—as people in Iraq, Syria, Afghanistan, Pakistan, Nigeria, Somalia, and across the world can sadly attest. Yet the fact remains that every year gun violence in America—murderous, suicidal, or accidental—kills tens of thousands and yet the threat remains hopelessly uncountered.

• The foiled attack on a Amsterdam-Paris high-speed train on August 21 revealed the vulnerability of non-aviation mass transit
• The incident also revealed the thin line between mass murder and minor injuries that are a hallmark of poorly planned lone wolf attacks; bystanders have very short windows in which intervention is possible
• The perpetrator was a ‘known wolf’—on the radar of several security services—highlighting the difficulty countries are having with monitoring the large numbers of potential threats
• Unfortunately, the sheer numbers of radicalized individuals in Europe, along with the persistent fighting in Syria and Iraq, mean more small cell or lone wolf attacks are highly likely.

The perpetrator of the foiled August 21 attack on a high speed train heading from Amsterdam to Paris says he only intended to rob the passengers, while the nature of his weaponry and his background stronglyindicate terrorism. The ongoing investigations by French and Belgian authorities will uncover more details, but at this early stage one fact stands out: Ayoub El-Khazzani, a Moroccan native who has lived in Spain and France, was known to several intelligence and security services as a possible violent extremist. That Khazzani was able to board a train crossing the open borders of the EU with an AK-47 assault rifle, nine loaded magazines, a pistol, and a razor box cutter highlights serious issues the EU will need to address. The foiling of the attack by bystanders, however, highlights an unexamined aspect of recent lone wolf attacks.

Due to Khazzani’s suspected ties to violent extremists, Spanish authorities had placed him on a watch list, as French authorities later did. Khazzani joined an estimated 5,000 other suspected potential terrorists or extremists on France’s “S List”—a number that is already unmanageable and certain to grow as the entire continent deals with increasing radicalization. The challenge of such a list—and every nation has one—is that the individuals on it are simply suspected of having ties to violent extremism. The net is so wide that it catches the innocent and the guilty alike.

Based on information that is either prescient or foolish, authorities must decide whom to monitor and whom to merely place on the list. There is no way to effectively monitor even a fraction of the people on these terror watch lists, forcing authorities to prioritize threats with imperfect knowledge—the key challenge of preventative intelligence work. As with previous attacks, such as January’s Charlie Hebdo attack in Paris, people will question how a person known to authorities was able to move and operate without detection or disruption—a valid but misguided question.

Aside from the challenges of expanding terror watch lists, the foiled attack demonstrated a serious, though understandable, vulnerability in the security of non-aviation mass transit. Hundreds of thousands of people in Europe board the continent’s various well-regarded train systems. Within the EU, such open travel is a hallmark of the relatively borderless construct, though one that unfortunately might need adjustment given that the threat of more attacks will only increase. The financial costs of installing X-ray machines, metal detectors, and the personnel needed to operate them, will be immense—as will the cultural and societal costs needed to adjust to restrictions forced on free people. Europe has dealt with spasms of terrorism in the past and will handle this immediate and near-term threat, hopefully balancing security and personal liberty concerns.

The very fact that the attack was foiled highlights an interesting aspect of poorly planned and executed attacks by individuals or small groups. Spectacular terrorist attacks involving massive explosives and simultaneous attacks with multiple trained assailants are by design almost impossible to minimize once initiated. A bystander is not going to stop a car bomb from exploding. But with these recent lone wolf attacks, there is a very small window of opportunity in which to prevent greater tragedies. On the train last Friday, several passengers— three Americans and one Briton—moved immediately towards the threat as soon as it emerged. Closing in on an attacker who is readying himself to shoot is not an easy thing to contemplate, let alone initiate, yet it is the only way to stop the massacre in its tracks. Particularly in the case of an assault rifle, once the assailant has it in battery and is firing, there is very little hope of closing the distance without being cut down. It is within the fumbling first seconds that the chance for disruption is found. Since these attacks are the product of intense motivation but little rehearsal, there will likely be such fumbling in the first few seconds.

This is the thin line between success and failure inherent that is in these new low-scale, high-impact ‘spectacular’ attacks. Single attackers—or perhaps two or three—can be overpowered by a similarly small number of people possessing great courage. The chances of quickly and effectively disrupting an attack by a person more motivated than skilled are higher in these inspired attacks than in those that are more directed.

View the original article here.

While the likely surface-to-air missile that brought down Malaysia Air Flight 17 traveled at more than three times the speed of sound, criminals moved at cyber speed to exploit the intense global interest in the tragedy.

Following the downing of Malaysian Airlines Flight 17 (MH17), cyber criminals were quick to take advantage of the hashtag #MH17, used to consolidate discussion of the ongoing disaster on Twitter. Criminals entered the stream of conversation armed with links embedded with malicious code or malware. Readers looking for more information on news topics like MH17 are likely to click on links on Twitter and Facebook for two compelling reasons:

Social media encourages sharing and fosters a sense of familiarity even with strangers, lowering our guard and making us far more likely to open a link as we get caught up in the torrent of updates.

Twitter and Facebook are both incredibly popular on mobile devices that encourage a quick-click mentality without the hover feature that allows you to see the full URL before doing so.

Within hours of the downing of MH17, cyber criminals had set up several Indonesian-language Twitter feeds incorporating the newly created #MH17. The tweets and retweets from these accounts included URLs that ended with .tk, a domain extension notorious for social media scams and outright malware. When readers clicked on the link to get more information about the fast breaking event, their computers or smartphones connected with one of two IP (internet protocol) addresses that contained ZeuS/ZBOT and PE_SALITY malware. These viruses can steal .SCE and .EXE files from infected devices, a serious security violation.

Since MH17 was brought down over eastern Ukraine, #MH17 has been tweeted or retweeted 3.3 million times and counting, and it’s nearly impossible for the average user to know what links are suspect, especially when they are shortened using the Bitly URL shortening tool. A good rule of thumb is to ignore any link that ends in the .tk extension (.tk denotes the country code top-level domain of the tiny island nation of Tokelau in the Pacific Ocean). Not all .tk extensions are bad, of course, but enough are to warrant extra caution.

MH17 is only the latest tragedy to be exploited by cyber criminals. The hashtag #MH370, for the still-missing Malaysia Airlines flight, was also a tempting target for criminals, who used the same embedded link tactic. For an example of the scale we are talking about, #MH370 was tweeted and retweeted over 4 million times in the first weeks of the search, and is still being used heavily up to now. The rush for information leaves journalists and regular users alike at high risk not only for misinformation but for actual computer infection—another reason to pause before clicking on links not associated with well-respected news outlets, which is a shame since much of the power of Twitter and Facebook is their ability to bypass traditional channels of information.

Any breaking news now generates its own hashtag, making it possible for users to follow the issue across the world. It also generates a target-rich environment for scammers and criminals who don’t need to devise clever ways to get us to click; they just use the hashtag. And it’s not just tragic aviation event hashtags drawing extraordinary numbers and interest; #Gaza has been tweeted and retweeted over 6 million times in the last two weeks, and #WorldCup was mentioned over 10 million times this month.

The use of malware in tweets containing popular hashtags will increase but it’s not the only way criminals in the cyber world exploit real-world tragedies. As soon as the MH17 passenger manifest was released, scammers set up several Facebook pages “dedicated” to specific victims, including several young children from Australia. Visitors to the sites were blasted with banner ads and click-bait ads. The over-the-top ads mean the scammers are simply trying to boost click rates and increase their ad revenue. However, far worse are the tragedy-related sites or links that either inject malware directly, or direct the visitor to another site teeming with viruses. Anti-virus software is always a necessity but it can’t keep up with the daily evolutions in malware.

As social media evolves from a medium where people repeat existing information to a place where people seek to disseminate information (confirmed or unconfirmed), the risk of infected links will evolve as well, matching the trend lines step by step. It remains to be seen if social media malware safeguards will evolve in equal measure, ensuring that the power of social media is not weakened by its open and sharing nature.