SushilPradhanMitKatAdvisoryServices22ndJuly2016

§  Radicaliza=onandreligiousindoctrina=on

§  Counteringradicaliza=on

§  IslamicStateintheIndianSub-con=nent

§  Insiderthreat

§  SocialEngineering

TheThreatWithin

Radicaliza=onandreligiousindoctrina=on

CaseStudy–MansoorPeerbhoy,IndianMujahideen(IM)

Loca%on:Pune

Organisa%on:Yahoo!

Who was he?: Mansoor Peerbhoy was a soOwareengineer working at the Pune office of the Yahoo!India-ownedfirmZimbra.Hisfatherownedabusinessof wholesale grocery supplies to the Indian Army’sSouthernCommand.

Ac%vi%es:Hewas IM’sallegedmediawinghead.Hesentemailspreceding theserial blasts in Delhi and Ahmedabad. He had reportedly sent the mails byhackingtheWi-Fiaccountsofunsuspec=ngtargets,includingaUSci=zen.

Whatdidheachieve?:Heallegedlyhelpedhandle the IMpropagandathroughsocialmediaandemails.

CaseStudy–IOCLManagerwithallegedlinkstoIS

Loca%on:Jaipur

Organisa%on:IndianOilCorpora=onLimited(IOCL)

Whowashe?:MohammedSirajuddinwasworkingasanassistantmanagerwiththeIOCLinJaipurandlivedwithhiswifeandtwochildren.

Ac%vi%es: Inves=ga=on revealed evidences of his incrimina=ng chats, posts,videos, images and comments on Facebook,WhatsApp, Telegram and Twi^er(which were) shared and circulated in groups and channels on various socialnetworkingsites.

Whatdidheachieve?:Changedthepercep=onofincreasedinsiderthreatriskinlargeorganiza=onsandcorpora=ons.

CaseStudy–@Shamiwitness,apro-ISTwi^eraccount

Loca%on:Bengaluru

Organisa%on:ITC

Who was he?:Mehdi Biswas was a manufacturingexecu=ve at food produc=on company ITC un=l hisarrest.

Ac%vi%es:Twi^eraccountby thepseudonymof 'ShamiWitness’was linked toMehdiBiswas,basedinBengaluru.@shamiwitnessandisreportedtohavesent1.2lakhtweetsalongwith11,000directmessages;theaccounthadover17,000followers. On Twi^er @ShamiWitness was recorded praising martyred Bri=shfightersofIslamicStatefortheirdedica=onandsacrifice.

What did he achieve?: Triggered the threat of radicaliza=on of well-educatedengineersandtechniciansbyIS.

§  Whenanindividualadoptsextremepoli=cal,social,religiousideasandaspira=ons

§  Perpetratesandmo=vatesviolentbehaviour

§  Inthereligiouscontext–equatesviolencetoatestofreligiouscommitment

§  Greatestthreatisfroma‘HomegrownViolentExtremist(HVE)’–apersonwhowasonceassimilatedinto,buthasrejectedtheculturalvaluesandbeliefsofthena=on’sdemocra=cfibreinfavourofaviolentextremistideology.

WhatisRadicaliza=on?

•  Radicaliza=onandreligiousindoctrina=onarenolongerthemonopolyofthepoorandtheoppressed.–  IslamicStatehasanumberofprofessionalsfromacrosstheworldwhoare

managingthegroup’ssophis=catedcommunica=on,banking,andotherinfrastructuralrequirements

–  AlQaedachief,Aymanal-Zawahiriwasatrainedsurgeonbeforehejoinedtheterroristorganisa=on

–  Lashkar-e-Taibahasbeenknowntohireengineers,doctors,technicians,andotherprofessionalsinthepast

–  InIndia,theIndiaMujahideen,andlatelytheIslamicState,havedrawnrecruitsfromurbanandeducatedbackgrounds.

•  Around21peoplefromdifferentpartsofKeralaarethoughttohavejoinedtheIslamicStateaOertheywentmissing-mostofthemwererecentconvertstoIslamfromHinduismandChris=anity.

§  Addi=onalconcernsfromagrowingsenseofHinduradicaliza=onacrossthecountryagainstminori=es

Radicaliza=onandReligiousIndoctrina=on

§  Psychologicalstate–rejec=on,pressure,failure,imageincommunity

§  Influenceofsocialnetworks–peerpressure

§  Feelingofaliena=on

§  Grievancesagainstapoli=calparty–Gujarat,Assam?

§  Externalevents–violenceinIndiaasareac=ontoa^acksinMyanmar

Whatarethefactorsthatassistinradicaliza=on?

•  Beingincreasinglysecre=veabouttheirhabits•  Displayingfeelingsofisola=onandexpressionsof“usandthem”mentality•  Becomingmoreargumenta=veordomineeringintheirviewpoints•  Beingquicktocondemnthosewhodisagree•  Ignoringviewsthatcontradicttheirown•  Ques=oningtheirfaithoriden=ty•  Downloading or promo=ng extremist content, such as clips, manuals or

literature•  Expressingextremistviews,orseekingoutthecompanyofthosewhodo•  Losinginterestinac=vi=estheyusedtoenjoy•  Distancingthemselvesfromfriendsandsocialgroups•  Havingachangedstyleofdressand/orpersonalappearance•  Abnormalrou=nesortravelpa^ernsCau=onisalwaysrecommendedinreachingjudgments!

SignsofRadicaliza=on

•  Engagingandworkingwithcivilsociety•  Educa=onprograms•  Promo=nginter-culturaldialogues•  Tacklingeconomicandsocialinequali=es•  Counteringradicaliza=onontheinternet•  Legisla=onreforms•  Rehabilita=onprograms•  Developing,sharing,anddissemina=nginforma=on•  Trainingofagenciesinvolvedincounter-radicaliza=onpolicies

CounteringRadicaliza=on

Bangalore 09972 001 260 NCR +91 9999 689 502, Mumbai +91 9820 126 761, Pune +91 9049 011 353

Bangalore 09972 001 260 NCR +91 9999 689 502, Mumbai +91 9820 126 761, Pune +91 9049 011 353

Bangalore 09972 001 260 NCR +91 9999 689 502, Mumbai +91 9820 126 761, Pune +91 9049 011 353

Bangalore 09972 001 260 NCR +91 9999 689 502, Mumbai +91 9820 126 761, Pune +91 9049 011 353

§  It’sthemostpotentandmedia-savvyterroristoupitglobally§  Usesthemediaasarecruitmentandpropagandatool

§  OnlyahandfulfromIndiahavejoinedISascomparedtosomewesternandmiddleeasterncountries

§  IncreasingtrendofreligiousintoleranceinthecountrymaypushsomeMuslimyouthintoradicalisa=on

§  WemaysuffereffectsofBangladesh&Pakistanevents/efforts§  Unemploymentandmarginalisa=onarealsoimportantfactors

§  Increasingly,affluentandeducatedpeoplearejoiningup

§  Thethreatisnowimminent!

ShouldIndiaworryabouttheIslamicState?

ShouldIndiaworryabouttheIslamicState?

•  FouryouthfromMumbaileOforSyriatojointheISinMay2014.Onereturnedandwasarrested.

•  AnISrecruitfromGreaterMumbai(AreebMajeed)wasinterceptedinTurkeyinNovember2014,andtheninterrogatedandarrestedbyNIA.Suspectedofkillingupto55people,heallegedlyleObecausetheydidn’tpayenough,treatedSouthAsiansbadlyandabusedwomen.

•  FahadShaikh,oneofthefourKalyanyouthswhoranawayandjoinedhasgotintouchwithhisfamily,butrebuffedcallstoreturn,saying"Iamhappywithmyjihadiwork,Iwon'tcomebacktoIndia”.

•  AnMNCexecu=veMehdiMasroorBiswaswasarrestedinBangaloreforrunningapro-IStwi^erhandle.

•  SalmanMouinuddin,aHyderabadbasedengineerwasarrestedfromtheairport,whenhewasenroutetoSyria.

•  FirstIslamicState‘module’busted,5heldinMadhyaPradesh(May2015)•  ThereisanimminentdangerofIndianyouthsmovingtotheconflictzone(Iraq-

Syria),andthenemergingasrolemodels.

It’sspreadingquickly!

IslamicStatePresenceinIndiaJ&K:•  ISwantsKashmirunderits'caliphate'

ratherthanPakistanortheLeT•  NIAclaimedforterrorlinksina

chargesheetagainstIndianOilofficialMohammadSirajuddinarrestedlastDecember

•  ISflagshavealsorou=nelycroppedupintheValleyatprotests

Maharashtra:•  Manyyoungstershavegonemissing

overthepastfewyearsandlikelytobeinSyria&IraqwithIS.Amongthem,themosttalkedofareAarifMajid,AmanTandel,FahadShaikhandSaleemTankifromKalyan.

•  AnISrecruitfromGreaterMumbai(AreebMajeed)wasinterceptedinTurkeyinNovember2014

•  Intherecentpast,IS-relatedarrestshavebeenmadeinPuneandParbhani.

•  ZakirNaik

Karnataka:In2014,policearrestedMehdiMasroorBiswas,amanagementexecu=veinanMNC,fromBangalore.HeallegedlyworkedasanISpropagandaac=vist.

Kerala:21people,including4children,missingfromthestate.TheymayhavejoinedIS.Themissingincludesadoctor'sfamilyandacomputerengineer,hiswifeandhisfriends.

UBarPradesh:•  TwoUPmenfeaturedinanISTVgrabinMay:AbuRashidAhmad

andMohd'Bada'Sajid.Rashid,fromAzamgarh,movedtoMumbai&isasuspectinIndianMujahideenblastsbetween2005and2008SajidwentmissingaOerthe2008BatlaHouseencounterinDelhi.IntheISvideo,thetwothreatenterrorstrikesinIndia.

•  AnotherAzamgarhyouthtoojoinedISinIraq.HecontactedhisfamilylastOctobersayinghenowwantedtoreturn.

WestBengal:•  SuspectedterroristMohammedMusiruddin,

arrestedinKolkatathisJuly4,wasinKashmirtotrainforterrorgroupssuchasISandJamaatul-MujahideenBangladesh.

•  ThesecurityestablishmentisworriedaOertheriseinIS-linkedterrorinBangladesh.

Telangana:•  In2014Telanganapoliceintercepted17youngstersfrom

differentpartsofthecountrywhiletheyweretryingtocrossovertoBangladesh.AnothergroupwascaughtatNagpur.SomeweretryingtocatchaflighttoSrinagarandenterPOKandAfghanistan.

•  In2013,thefamilyofanAdilabadengineer,MdA=fWaseem,27,whohadgonetoLondonforanMSandlaterbeganworkinginDubaiwasinformedthathehaddiedinSyriafigh=ngforIS.

MP:FiveMadhyaPradeshmenarrestedfromthetownofRatlamwerepartofanIslamicState(IS)-linkedjihadcellplanningstrikesinIndia

Bangalore 09972 001 260 NCR +91 9999 689 502, Mumbai +91 9820 126 761, Pune +91 9049 011 353

Whatcancompaniesdo?

•  Acquaintyourselfwiththeboththeglobalandlocalthreatlevelsofterrorism•  Inves=gatewhataspectscanmakethecompanya^rac=vetoterrorists,and

considerspecificrisksthecompanymaybevulnerableto•  Drawupaperiodicthreatvulnerabilityanalysis•  Formulateasecurityandcounter-radicaliza=onplan,andencouragethe

employees’awarenesswithregardtoissuesofsecurityandradicaliza=on•  Operateaproperaccesspolicyandensuretheimplementa=onofproperaccess

controlmethods•  Checkreferenceswhentakingonnewstaff;makesureyouaredealingwith

reliablecompanieswhenhiringthird-partyemployees•  Aresponsemechanismneedstobedesignedtocounteranysitua=onwhere

organiza=on'sreputemightbeatstakeduetotheemployees•  Policyontacklingextremismandradicaliza=onmustbecommunicatetoall

managers/employees,andhastobepromptlyfollowedaspertheguidancewhenissuesarise

InsiderThreat

Aninsiderthreatariseswhen:§  Apersonwithauthorizedaccesstotheorganiza=on’sresources,§  Whichincludesincludespersonnel,facili=es,informa=on,

equipment,networks,andsystems,§  Usesthataccesstoharmthesecurityorreputa=onofthe

organiza=on.Whoarethetrustedpeople?§  Managers

§  Opera=onspersonnel§  Securitypersonnel§  Vendorstaff§  Part=meworkers

InsiderThreat

Thisa^ackcouldbecarriedoutby:§  Infiltra=ngthecompanyforana^ack,or

§  Becomingradicalisedwhileinthecompanyalready

§  Beingblackmailedorcoercedintosuchac=vityThepersoncould:

§  A^ackdirectly,or§  Facilitateana^ackThisa^ackcouldbe:

§  Violent,or§  Non-violent–recruitment,propaganda

InsiderThreat

•  Unauthorized disclosure of sensi%ve informa%on - A short-term contractorleakedprivilegedinforma=onfromhisemployer

•  Processcorrup%on-Themanager,withanover-inflatedsenseofhisownvalueand contribu=on to the organiza=on, increased his own salary and claimedover=mepaymentswithoutoversightorauthoriza=onfromanotheremployee

•  Facilita%on of third party access to an organiza%on's assets - An agencyemployeefacilitatedaccesstoanex-employeewithlinkstoorganizedcriminalsforthepurposeofcommizngmajorfraud

•  Physical sabotage - A temporary employee working as a security guardpurposefully tampered with equipment vital to the opera=on of theorganiza=on

•  ElectronicorITsabotage-Anemployeesabotagedtheautoma=caccesssystemathisworkplace

InsiderThreat–typicalexamples

•  Athoroughbackgroundcheckofallemployees–  Suspiciousgapsinresumes–  Travel–  Socialmediapresence–  Historyofmentalillness

•  Developcriteriafordenialofhiring•  Educatepersonnelonwhatindicatorstowatchoutfor•  Confiden=alinternalrepor=ngprocedure•  Behaviouralprofiling•  UseCCTV,remoteCCTV•  Thoroughaccesscontrolchecks•  Nowaivers,includingforsecuritypersonnel•  Developresponseprocedures

Bestprac=cestocounterinsiderthreat

•  Companiesareconsistentlyoutsourcingandarecommizngmoreandmoreresourcestothecloud,topayrollservices,andtoothervendorstostreamlinetheirbusinesses.

•  Inthisnewbusinessclimate,canassetsbetrulysafe?•  Mul=-vendoroutsourcingarrangementsaremorecomplicatedbecauseservices

canveryrarelybeperformedinisola=onfromotherservices•  Third-partyvendorscouldbetheweaklinksinmanagingtheorganiza=on's

securityasthereisnodirectmonitoringmechanismofthethird’sparty’ssecuritysystemorpossibletohaveathoroughbackgroundofitsemployees

•  Third-partybreachcancauseseriousreputa=onalandfinancialdamage

Therefore:•  HaverobustSLAswithallvendors•  Vezngoftheirstaffisasimportantasthatofyourownstaff•  Ensureallprocessesapplytothemtoo

ThirdPartyLiability

ThankYou