The 20-year-old shooter in Bulter, Pennslyvania, on July 13, 2024, personifies not only the ‘lone actor’ threat in an information ecosystem addled with extremist and violent rhetoric – but also the ongoing generational gap within law enforcement and the intelligence community (IC).  Specifically, the paucity of human intelligence points of entry within the information threat vectors that are encrypted messaging servers and multiplayer gaming platforms – and the youth-skewed demographics that virtually populate these digital spaces.  OODA Loop and the OODA Network have been on this strategic beat since the impactful Discord server-based Pentagon leaks by 22-year-old Airman Jack Teixeira, which we have contextualized as a seminal generational inflection point  – and a wake-up call – for law enforcement and the intelligence community.  

Background

In the time between: 

a) the shooting in Butler on July 13th, which killed one and injured many – including a former U.S. President; 

b) The report on July 15th by the FBI that they had cracked the passwords on the young man’s Apple iPhone with “potential evidence [that included] “hundreds of digital media tips which include photos and videos taken at the scene, and we continue to review incoming tips,” the FBI said;  and

c) FBI Director’s testimony on July 24th claiming that the lone shooter had a digital identity limited to Google-based research about the Oswald-Kennedy Killing…

…zero public statements from law enforcement or the IC were made about the would-be assassin’s Discord server presence and avid daily gaming activity. Media outlets like Fox News and The Verge reported on a formal Discord platform statement as early as July 15th. His drone recon efforts trickled in at some point.   

For the seasoned listener of these reports, the responsible public communications about the “digital identity” of the shooter should have positioned that realistic efforts were moving forward to find evidence of digital activity by a young person who lived and breathed in the 21st-century digital age.  Instead, a public statement suggesting that a 20-year-old in July of 2024 had zero digital presence (except for a few Google searches of political candidates’ biographical information in both parties and searches about previous assassination attempts)? Really? It defied credulity at the time – and still does.   

Director Wray mentioning the Discord statement in his testimony would have gone a long way – as well as details of any FBI efforts to assess the shooter’s communications via gaming platforms and place in that “birds of a feather” community.  Without those details, there is nothing conspiracy theories thrive on more than silence – other than low information offered publicly by public law enforcement officials around the known details of a major act of political violence and a major historical event like the attempted assassination of a former U.S. President.    

The “problem set” here is the information that will fill that void. In this broken information ecosystem moving at an exponential pace  – hard-wired to extenuate and amplify conspiracy theories, half-truths, and just plain lies – in the period from the failed assassination attempt on July 13th through the FBI Director’s testimony July 24th, the “story” as told to the general public went down the conspiracy rabbit hole on the left and the right, adding to narratives of mistrust of American institutions and potentially latching on to the amplification of violent and extremist rhetoric in the 2024 U.S. Presidential campaign.  

This information gap turbocharged the following: 

Information disorder, coined by First Draft Co-Founder Claire Wardle, denotes the broad societal challenges associated with misinformation, disinformation, and malformation.

Disinformation is false or misleading information intentionally created or strategically amplified to mislead for a purpose (e.g., political, financial, or social gain).

Misinformation is false or misleading information that is not necessarily intentional.

In this vein, as recently as last week, the Republican Vice Presidential nominee pulled the string on this narrative, suggesting in a speech that the other side tried to have the Republican Presidential Nominee killed because they didn’t think they could beat him in the election in November. Others suggest that the entire event has been “memory-holed” by some at work dark forces.

“They’re Trying to Memory Hole Trump’s Assassination Attempt”

We are here to report that this story has not gone away and is not going anywhere.  We contextualize it, however, as a larger strategic concern and national security issue: an ongoing generational digital skillset gap within law enforcement and the IC that represents a long-term failure of human intelligence from human sources (HUMINT) on global digital platforms predominantly operated and populated by a younger generation of digital natives.   

Anatomy of a Cyber-crypto Heist: $22 Million in Crypto Lifted from Blockchain-based Gala Games

We continue to track notable convergences in the Global Gaming Ecosystem – like our recent analysis of  North Korea’s ‘Moonstone Sleet’ hacking group using a fake tank game for ransomware attacks.  In this post, you will find the details of a May 2024 gaming platform-based cybercrime incident: The theft of $22 million in crypto from the blockchain-based platform Gala Games.

A Generational Shift: The Global Gaming Ecosystem as Attack Surface and Point of Entry

In the April 2023 OODA Network Member Meeting discussion – The DoD Discord Leak and the Future of Security Measures – there was the realization that” we have this generational shift that is going on right now with the younger generations that are fully digital and born-digital – Gen Y, and Gen Z”….and beyond.  Discord’s server-based community and communications were central to the 2023 Airman Jack Texeira case. Still, by all accounts, Discord-based comms usually run parallel to multi-player gaming activity amongst this age cohort.   Fortnite, Minecraft, and Roblox?  All are current building blocks of the future metaverse.  The Global Gaming Ecosystem is all at once an attack surface and point of entry.  Game worlds are already a clear gathering place – but do law enforcement and the IC have adequate entry into these communities for attribution efforts in response to incidents based on these platforms and in these younger communities? We continue to track notable convergences in this space. Details here.

The April 2023 OODA Network Member Meeting on the DoD Discord Leak and the Future of Security Measures

OODA hosts a monthly video call to help members optimize opportunities and reduce risk to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and better understand member needs.   The April call was held on Friday, April 21st, 2023. Topics discussed at the April meeting included the impacts of the Airman Jack Teixeira leak scandal, including the impact on national security and what industry should be learning from this incident.  

The Recent Pentagon Leak is as Much a Generational Story as it is a National Security Failing

This leak story is not only generational in terms of the platforms on which the leaks were initially posted, the age cohort of the suspect, and the online discussion group participants who received the initial leaked documents – but a story about the new generation of reporters who are putting in the shoe leather to really understand the story. This writer is 52, a member of Gen X, and I will just say it: these great young journalists are super sharp, love what they do, know the world they cover inside and out, and, as a result, know their stuff.  There is also the generational difference of the new climate in open-source intelligence represented by the role of Bellingcat in this story. That OSINT outlet is more of a mix of seasoned vets and young journalists with deep technical skills, so we chose to highlight Motherboard’s reportage of the Bellingcat scoops as a framing device in this post.

Did Airman Teixeira Give You Concern? Just Wait For The Metaverse

Airman Jack Teixeira is responsible for the worst leaks of national security material in years.  Spies and leakers all have their own reasons for doing what they do. Some do it for money, some do it because they are being blackmailed, some do it because they are narcissists and seek fame, and some have done it for ideological reasons. This one seems to have done it to impress other intellectually and psychologically immature online acquaintances. He damaged national security for the lulz.  Teixeira was active on Discord and even ran his own server there. Discord is a great tool; I use it every day. Discord was not the problem here, but it may have contributed in a less obvious way.  

What Next?

Defending The Metaverse From Threats Old and New

There is some good news and some bad news with the coming Metaverse. The good news is the incredible use cases this third wave of Internet capabilities will bring. It will have its own thriving business economy. Estimates are that the Metaverse economy will be a trillion dollars within 3 years and twenty trillion dollars within a decade. It will be a primary means of educating our youth and delivering knowledge through life and will be a leading form of social interaction, advice, and assistance on a range of issues. And of course there will be incredible new forms of entertainment.  Now, the bad news. There are serious threats and security issues to consider with the Metaverse.

Also, following are OODA Loop follow-up research insights and questions that emerged from the April 2023 OODA Network discussion of the 2023 DoD document links via Discord Server by Airman Jack Texeira – on which we continue to pull the string and now apply to the after-action efforts surrounding the assassination attempt on July 13, 2024:  

• A member clarified that no one on the call was suggesting that certain younger generations were inherently bad but rather that we currently have digital inputs on a scale and with an intensity and frequency that we cannot imagine.
  • We are dealing with impacts on the development of the human brain that we won’t know the true extent of for another 20 or 30 or 40 years.
  • Also, the social structures of these younger generations are vastly different, and we simply do not know enough about them. 
  • Some of the core foundations of prior generations (civic education, frequent churchgoing, or religious affiliations) are weak or non-existent today.
  • We have created new, different young people and young adults who are different from prior generations. We’ll have to take that into account as we consider what behaviors are acceptable, nominal, and normal and make a judgment call about someone’s suitability for having access to classified information.
• One network member went on to share: “I think the lesson corporate can take from this DoD leak is that these threats are a who, not a what;  ‘I think the conversations we’re having here around this 21-year-old having access shows that we are seeing a lot more classified information in gaming forums  – because people are saying while gaming ”That plane couldn’t fly that way, and that move you made, that you attacked me with, it wasn’t right.” And the response is:  “Well, yes, it is. Here’s the technical diagram from the F-35.” There are people and their motivations – which are always evolving. When it comes to this government, we are probably the best in the world when it comes to understanding our adversaries.  When it comes to government employees, we are not.  And that will be an ongoing problem.”
• Questions positioned throughout this discussion included:
  • Will the intelligence community and the Department of Defense (DoD) perform any sort of damage assessment?
  • Do they want the damage assessment? Or would they rather not do the assessment because it may compel actions they don’t want to do?
  • Will the American public stay engaged in this event and this topic? Or will it move on to the next item in the news cycle?
  • Is there any political will to do anything about this issue?
  • What about the incentive structures and lack of punitive measures for these security breaches?
  • Will this breach drive some change within the IC and within the Department of Defense?
  • What should corporate America – and those who focus on risk mitigation and risk management within corporate America – be taking away as a lesson from this?   
  • Are there unique lessons from this leak that apply to corporate America? And are there generational changes that are occurring that are going to complicate things even more?
  • How is releasing some of these leaks in the public interest when they jeopardize current national security operations?
  • Do System Administrators simply have too much root/super user access to classified information? 

Additional OODA Loop Resources

Cyber Risks

Corporate Board Accountability for Cyber Risks: With a combination of market forces, regulatory changes, and strategic shifts, corporate boards and their directors are now accountable for cyber risks in their firms. See: Corporate Directors and Risk

Geopolitical-Cyber Risk Nexus: The interconnectivity brought by the Internet has made regional issues affect global cyberspace. Now, every significant event has cyber implications, making it imperative for leaders to recognize and act upon the symbiosis between geopolitical and cyber risks. See The Cyber Threat

Ransomware’s Rapid Evolution: Ransomware technology and its associated criminal business models have seen significant advancements. This has culminated in a heightened threat level, resembling a pandemic in its reach and impact. Yet, there are strategies available for threat mitigation. See: Ransomware, and update.

Challenges in Cyber “Net Assessment”: While leaders have long tried to gauge both cyber risk and security, actionable metrics remain elusive. Current metrics mainly determine if a system can be compromised without guaranteeing its invulnerability. It’s imperative not just to develop action plans against risks but to contextualize the state of cybersecurity concerning cyber threats. Despite its importance, achieving a reliable net assessment is increasingly challenging due to the pervasive nature of modern technology. See: Cyber Threat

Recommendations for Action

Decision Intelligence for Optimal Choices: The simultaneous occurrence of numerous disruptions complicates situational awareness and can inhibit effective decision-making. Every enterprise should evaluate its methods of data collection, assessment, and decision-making processes for more insights: Decision Intelligence.

Proactive Mitigation of Cyber Threats: The relentless nature of cyber adversaries, whether they are criminals or nation-states, necessitates proactive measures. It’s crucial to remember that cybersecurity isn’t solely the responsibility of the IT department or the CISO – it’s a collective effort that involves the entire leadership. Relying solely on governmental actions isn’t advised given its inconsistent approach towards aiding industries in risk reduction. See: Cyber Defenses

The Necessity of Continuous Vigilance in Cybersecurity: The consistent warnings from the FBI and CISA concerning cybersecurity signal potential large-scale threats. Cybersecurity demands 24/7 attention, even on holidays. Ensuring team endurance and preventing burnout by allocating rest periods are imperative. See: Continuous Vigilance

Embracing Corporate Intelligence and Scenario Planning in an Uncertain Age: Apart from traditional competitive challenges, businesses also confront external threats, many of which are unpredictable. This environment amplifies the significance of Scenario Planning. It enables leaders to envision varied futures, thereby identifying potential risks and opportunities. All organizations, regardless of their size, should allocate time to refine their understanding of the current risk landscape and adapt their strategies. See: Scenario Planning

Track Technology-Driven Disruption: Businesses should examine technological drivers and future customer demands. A multidisciplinary knowledge of tech domains is essential for effective foresight. See Disruptive and Exponential Technologies.