Make no mistake – applying link analysis against communications traffic is a highly effective way to find a few bad guys. One of the best examples in open source happens to be how the Cali cocaine cartel used phone records in their counterintelligence operations to hunt for moles.
As I mentioned in a recent post [1], the world’s insatiable hunger for more data and better tools escalates on the grounds of competition. Imagine the high stakes game of “cops and robbers” that is going on between large criminal narcotics organizations and government counter-narcotics groups that target them … each side trying to maximize advantage (human capital, information, tools) to attack, defend and dominate. At stake: billions of dollars and human life.
A great way to dominate in such a competition is to have unanticipated insider knowledge of the adversary’s strategy and operations. One obvious way to get such information is the use of moles (e.g., paid informants). Drug cartels, fully aware of this exceptional risk, employ sophisticated practices to ferret out and kill such informants (try not to think about chainsaws right now).
Here is one very telling, and chilling, glimpse into this world. In 1996 the DEA discovered that the Cali drug cartel had a “mainframe” computer with a database containing the phone records of all Cali residents. Using link analysis to cross reference phone calls that occurred between the cartel’s own people and American and Columbian narcotics officials (including US diplomatic, military and DEA personnel) the Cartel was able to detect, capture and kill at least 12 informants. [2]
When having a starting point, link analysis can be very effective. [3,4] I have seen this hold true for various low signature threats including both the asymmetric and insider threat.
Never underestimate the ambition of the adversary to covertly acquire and develop similar (and wherever possible better) technology, information, methods and sources. To this point, and speaking as an inventor, over the years I have actually had a number of inventive ideas that I have chosen to never reveal to anyone. Why? Because, I have come to believe that one way to evaluate responsible innovation is by using this simple test: … “Would you be willing to have your adversary use this invention against you?”
[1] Ubiquitous Sensors? You Have Seen Nothing Yet
[2] Columbia Cartels Hum With High Tech
[3] The Six Degrees of Kevin Arbitrary
[4] Sometimes a Big Picture is Worth a 1,000 False Positives
I'm reading this through the filter of the National Security Agency spying program revealed by USA Today the other week. I take it you would argue in favor of secrecy in such programs because this gives the good guys an advantage. This sounds like an argument for security through obscurity, which is a highly debatable security practice.
http://en.wikipedia.org/wiki/Security_through_obscurity
Indeed, your story shows how dangerous it can be. If the Cali cartel knows how you do your intel, but you don't know that they know, they can play you like a fiddle.
Also, I wonder if secrecy is appropriate in the governmental context given that it prevents tuning and honing of such programs through public discussion and debate. I sense from your writings and our past conversations that if the NSA effort to use phone traffic analysis is a pure data mining operation seeking after terrorists that you would argue against it. But you can't because it's secret.
Your thoughts, Mr. Jonas?
Posted by: Jim Harper | May 21, 2006 at 07:58 PM
Indeed, your story shows how dangerous it can be. If the Cali cartel knows how you do your intel, but you don't know that they know, they can play you like a fiddle.
Posted by: cheap eve isk | June 29, 2009 at 08:08 PM