Entries Tagged "intelligence"

Page 19 of 25

Another Recently Released NSA Document

American Cryptology during the Cold War, 1945-1989, by Thomas R. Johnson: documents 1, 2, 3, 4, 5, and 6.

In response to a declassification request by the National Security Archive, the secretive National Security Agency has declassified large portions of a four-part “top-secret Umbra” study, American Cryptology during the Cold War. Despite major redactions, this history discloses much new information about the agency’s history and the role of SIGINT and communications intelligence (COMINT) during the Cold War. Researched and written by NSA historian Thomas Johnson, the three parts released so far provide a frank assessment of the history of the Agency and its forerunners, warts-and-all.

Posted on January 2, 2009 at 12:17 PMView Comments

James Bamford Interview on the NSA

Worth reading. One excerpt:

The problem is that NSA was never designed for what it’s doing. It was designed after World War II to prevent another surprise attack from another nation-state, particularly the Soviet Union. And from 1945 or ’46 until 1990 or ’91, that’s what its mission was. That’s what every piece of equipment, that’s what every person recruited to the agency, was supposed to do, practically—find out when and where and if the Russians were about to launch a nuclear attack. That’s what it spent 50 years being built for. And then all of a sudden the Soviet Union is not around anymore, and NSA’s got a new mission, and part of that is going after terrorists. And it’s just not a good fit. They missed the first World Trade Center bombing, they missed the attack on the U.S.S. Cole, they missed the attack on the U.S. embassies in Africa, they missed 9/11. There’s this string of failures because this agency was not really designed to do this. In the movies, they’d be catching terrorists all the time. But this isn’t the movies, this is reality.

The big difference here is that when they were focused on the Soviet Union, the Soviets communicated over dedicated lines. The army communicated over army channels, the navy communicated over navy channels, the diplomats communicated over foreign-office channels. These were all particular channels, particular frequencies, you knew where they were; the main problem was breaking encrypted communications. [The NSA] had listening posts ringing the Soviet Union, they had Russian linguists that were being pumped out from all these schools around the U.S.

Then the Cold War ends and everything changes. Now instead of a huge country that communicated all the time, you have individuals who hop from Kuala Lampur to Nairobi or whatever, from continent to continent, from day to day. They don’t communicate [electronically] all the time—they communicate by meetings. [The NSA was] tapping Bin Laden’s phone for three years and never picked up on any of these terrorist incidents. And the [electronic] communications you do have are not on dedicated channels, they’re mixed in with the world communication network. First you’ve got to find out how to extract that from it, then you’ve got to find people who can understand the language, and then you’ve got to figure out the word code. You can’t use a Cray supercomputer to figure out if somebody’s saying they’re going to have a wedding next week whether it’s really going to be a wedding or a bombing.

So that’s the challenge facing the people there. So even though I’m critical about them for missing these things, I also try in the book to give an explanation as to why this is. It’s certainly not because the people are incompetent. It’s because the world has changed.

I think the problem is more serious than people realize. I talked to the people at Fort Gordon [in Georgia], which is the main listening post for the Middle East and North Africa. What was shocking to me was the people who were there were saying they didn’t have anybody [at the time] who spoke Pashtun. We’re at war in Afghanistan and the main language of the Taliban is Pashtun.

The answer here is to change our foreign policy so that we don’t have to depend on agencies like NSA to try to protect the country. You try to protect the country by having reasonable policies so that we won’t have to worry about terrorism so much. It’s just getting harder and harder to find them.

Also worth reading is his new book.

Posted on December 18, 2008 at 6:42 AMView Comments

Lessons from Mumbai

I’m still reading about the Mumbai terrorist attacks, and I expect it’ll be a long time before we get a lot of the details. What we know is horrific, and my sympathy goes out to the survivors of the dead (and the injured, who often seem to get ignored as people focus on death tolls). Without discounting the awfulness of the events, I have some initial observations:

  • Low-tech is very effective. Movie-plot threats—terrorists with crop dusters, terrorists with biological agents, terrorists targeting our water supplies—might be what people worry about, but a bunch of trained (we don’t really know yet what sort of training they had, but it’s clear that they had some) men with guns and grenades is all they needed.
  • At the same time, the attacks were surprisingly ineffective. I can’t find exact numbers, but it seems there were about 18 terrorists. The latest toll is 195 dead, 235 wounded. That’s 11 dead, 13 wounded, per terrorist. As horrible as the reality is, that’s much less than you might have thought if you imagined the movie in your head. Reality is different from the movies.
  • Even so, terrorism is rare. If a bunch of men with guns and grenades is all they really need, then why isn’t this sort of terrorism more common? Why not in the U.S., where it’s easy to get hold of weapons? It’s because terrorism is very, very rare.
  • Specific countermeasures don’t help against these attacks. None of the high-priced countermeasures that defend against specific tactics and specific targets made, or would have made, any difference: photo ID checks, confiscating liquids at airports, fingerprinting foreigners at the border, bag screening on public transportation, anything. Even metal detectors and threat warnings didn’t do any good:

    “If I look at what we had, which all of us complained about, it could not have stopped what took place,” he told CNN. “It’s ironic that we did have such a warning, and we did have some measures.”

    He said people were told to park away from the entrance and had to go through a metal detector. But he said the attackers came through a back entrance.

    “They knew what they were doing, and they did not go through the front. All of our arrangements are in the front,” he said.

If there’s any lesson in these attacks, it’s not to focus too much on the specifics of the attacks. Of course, that’s not the way we’re programmed to think. We respond to stories, not analysis. I don’t mean to be unsympathetic; this tendency is human and these deaths are really tragic. But 18 armed people intent on killing lots of innocents will be able to do just that, and last-line-of-defense countermeasures won’t be able to stop them. Intelligence, investigation, and emergency response. We have to find and stop the terrorists before they attack, and deal with the aftermath of the attacks we don’t stop. There really is no other way, and I hope that we don’t let the tragedy lead us into unwise decisions about how to deal with terrorism.

EDITED TO ADD (12/13): Two interesting essays.

Posted on December 1, 2008 at 8:03 AMView Comments

FBI Stoking Fear

Another unsubstantiated terrorist plot:

An internal memo obtained by The Associated Press says the FBI has received a “plausible but unsubstantiated” report that al-Qaida terrorists in late September may have discussed attacking the subway system.

[…]

The internal bulletin says al-Qaida terrorists “in late September may have discussed targeting transit systems in and around New York City. These discussions reportedly involved the use of suicide bombers or explosives placed on subway/passenger rail systems,” according to the document.

“We have no specific details to confirm that this plot has developed beyond aspirational planning, but we are issuing this warning out of concern that such an attack could possibly be conducted during the forthcoming holiday season,” according to the warning dated Tuesday.

[…]

Rep. Peter King, the top Republican on the House Homeland Security Committee, said authorities “have very real specifics as to who it is and where the conversation took place and who conducted it.”

“It certainly involves suicide bombing attacks on the mass transit system in and around New York and it’s plausible, but there’s no evidence yet that it’s in the process of being carried out,” King said.

Knocke, the DHS spokesman, said the warning was issued “out of an abundance of caution going into this holiday season.”

Got that: “plausible but unsubstantiated,” “may have discussed attacking the subway system,” “specific details to confirm that this plot has developed beyond aspirational planning,” “attack could possibly be conducted,” “it’s plausible, but there’s no evidence yet that it’s in the process of being carried out.”

I have no specific details, but I want to warn everybody today that fiery rain might fall from the sky. Terrorists may have discussed this sort of tactic, possibly at one of their tequila-fueled aspirational planning sessions. While there is no evidence yet that the plan is in the process of being carried out, I want to be extra-cautious this holiday season. Ho ho ho.

Posted on November 27, 2008 at 12:27 PMView Comments

Secret German IP Addresses Leaked

From Wikileaks:

The PDF document holds a single paged scan of an internally distributed mail from German telecommunications company T-Systems (Deutsche Telekom), revealing over two dozen secret IP address ranges in use by the German intelligence service Bundesnachrichtendienst (BND). Independent evidence shows that the claim is almost certainly true and the document itself has been verified by a demand letter from T-systems to Wikileaks.

Posted on November 20, 2008 at 7:26 AMView Comments

Clever Counterterrorism Tactic

Used against the IRA:

One of the most interesting operations was the laundry mat [sic]. Having lost many troops and civilians to bombings, the Brits decided they needed to determine who was making the bombs and where they were being manufactured. One bright fellow recommended they operate a laundry and when asked “what the hell he was talking about,” he explained the plan and it was incorporated—to much success.

The plan was simple: Build a laundry and staff it with locals and a few of their own. The laundry would then send out “color coded” special discount tickets, to the effect of “get two loads for the price of one,” etc. The color coding was matched to specific streets and thus when someone brought in their laundry, it was easy to determine the general location from which a city map was coded.

While the laundry was indeed being washed, pressed and dry cleaned, it had one additional cycle—every garment, sheet, glove, pair of pants, was first sent through an analyzer, located in the basement, that checked for bomb-making residue. The analyzer was disguised as just another piece of the laundry equipment; good OPSEC [operational security]. Within a few weeks, multiple positives had shown up, indicating the ingredients of bomb residue, and intelligence had determined which areas of the city were involved. To narrow their target list, [the laundry] simply sent out more specific coupons [numbered] to all houses in the area, and before long they had good addresses. After confirming addresses, authorities with the SAS teams swooped down on the multiple homes and arrested multiple personnel and confiscated numerous assembled bombs, weapons and ingredients. During the entire operation, no one was injured or killed.

Posted on October 13, 2008 at 1:22 PMView Comments

Data Mining for Terrorists Doesn't Work

According to a massive report from the National Research Council, data mining for terrorists doesn’t work. Here’s a good summary:

The report was written by a committee whose members include William Perry, a professor at Stanford University; Charles Vest, the former president of MIT; W. Earl Boebert, a retired senior scientist at Sandia National Laboratories; Cynthia Dwork of Microsoft Research; R. Gil Kerlikowske, Seattle’s police chief; and Daryl Pregibon, a research scientist at Google.

They admit that far more Americans live their lives online, using everything from VoIP phones to Facebook to RFID tags in automobiles, than a decade ago, and the databases created by those activities are tempting targets for federal agencies. And they draw a distinction between subject-based data mining (starting with one individual and looking for connections) compared with pattern-based data mining (looking for anomalous activities that could show illegal activities).

But the authors conclude the type of data mining that government bureaucrats would like to do—perhaps inspired by watching too many episodes of the Fox series 24—can’t work. “If it were possible to automatically find the digital tracks of terrorists and automatically monitor only the communications of terrorists, public policy choices in this domain would be much simpler. But it is not possible to do so.”

A summary of the recommendations:

  • U.S. government agencies should be required to follow a systematic process to evaluate the effectiveness, lawfulness, and consistency with U.S. values of every information-based program, whether classified or unclassified, for detecting and countering terrorists before it can be deployed, and periodically thereafter.
  • Periodically after a program has been operationally deployed, and in particular before a program enters a new phase in its life cycle, policy makers should (carefully review) the program before allowing it to continue operations or to proceed to the next phase.
  • To protect the privacy of innocent people, the research and development of any information-based counterterrorism program should be conducted with synthetic population data… At all stages of a phased deployment, data about individuals should be rigorously subjected to the full safeguards of the framework.
  • Any information-based counterterrorism program of the U.S. government should be subjected to robust, independent oversight of the operations of that program, a part of which would entail a practice of using the same data mining technologies to “mine the miners and track the trackers.”
  • Counterterrorism programs should provide meaningful redress to any individuals inappropriately harmed by their operation.
  • The U.S. government should periodically review the nation’s laws, policies, and procedures that protect individuals’ private information for relevance and effectiveness in light of changing technologies and circumstances. In particular, Congress should re-examine existing law to consider how privacy should be protected in the context of information-based programs (e.g., data mining) for counterterrorism.

Here are more news articles on the report. I explained why data mining wouldn’t find terrorists back in 2005.

EDITED TO ADD (10/10): More commentary:

As the NRC report points out, not only is the training data lacking, but the input data that you’d actually be mining has been purposely corrupted by the terrorists themselves. Terrorist plotters actively disguise their activities using operational security measures (opsec) like code words, encryption, and other forms of covert communication. So, even if we had access to a copious and pristine body of training data that we could use to generalize about the “typical terrorist,” the new data that’s coming into the data mining system is suspect.

To return to the credit reporting analogy, credit scores would be worthless to lenders if everyone could manipulate their credit history (e.g., hide past delinquencies) the way that terrorists can manipulate the data trails that they leave as they buy gas, enter buildings, make phone calls, surf the Internet, etc.

So this application of data mining bumps up against the classic GIGO (garbage in, garbage out) problem in computing, with the terrorists deliberately feeding the system garbage. What this means in real-world terms is that the success of our counter-terrorism data mining efforts is completely dependent on the failure of terrorist cells to maintain operational security.

The combination of the GIGO problem and the lack of suitable training data combine to make big investments in automated terrorist identification a futile and wasteful effort. Furthermore, these two problems are structural, so they’re not going away. All legitimate concerns about false positives and corrosive effects on civil liberties aside, data mining will never give authorities the ability to identify terrorists or terrorist networks with any degree of confidence.

Posted on October 10, 2008 at 6:35 AMView Comments

MI6 Camera—Including Secrets—Sold on eBay

I wish I’d known:

A 28-year-old delivery man from the UK who bought a Nikon Coolpix camera for about $31 on eBay got more than he bargained for when the camera arrived with top secret information from the UK’s MI6 organization.

Allegedly sold by one of the clandestine organization’s agents, the camera contained named al-Qaeda cells, names, images of suspected terrorists and weapons, fingerprint information, and log-in details for the Secret Service’s computer network, containing a “Top Secret” marking.

He turned the camera in to the police.

Posted on October 1, 2008 at 1:59 PMView Comments

The Pentagon's World of Warcraft Movie-Plot Threat

In a presentation that rivals any of my movie-plot threat contest entries, a Pentagon researcher is worried that terrorists might plot using World of Warcraft:

In a presentation late last week at the Director of National Intelligence Open Source Conference in Washington, Dr. Dwight Toavs, a professor at the Pentagon-funded National Defense University, gave a bit of a primer on virtual worlds to an audience largely ignorant about what happens in these online spaces. Then he launched into a scenario, to demonstrate how a meatspace plot might be hidden by in-game chatter.

In it, two World of Warcraft players discuss a raid on the “White Keep” inside the “Stonetalon Mountains.” The major objective is to set off a “Dragon Fire spell” inside, and make off with “110 Gold and 234 Silver” in treasure. “No one will dance there for a hundred years after this spell is cast,” one player, “war_monger,” crows.

Except, in this case, the White Keep is at 1600 Pennsylvania Avenue. “Dragon Fire” is an unconventional weapon. And “110 Gold and 234 Silver” tells the plotters how to align the game’s map with one of Washington, D.C.

I don’t know why he thinks that the terrorists will use World of Warcraft and not some other online world. Or Facebook. Or Usenet. Or a chat room. Or e-mail. Or the telephone. I don’t even know why the particular form of communication is in any way important.

The article ends with this nice paragraph:

Steven Aftergood, the Federation of the American Scientists analyst who’s been following the intelligence community for years, wonders how realistic these sorts of scenarios are, really. “This concern is out there. But it has to be viewed in context. It’s the job of intelligence agencies to anticipate threats and counter them. With that orientation, they’re always going to give more weight to a particular scenario than an objective analysis would allow,” he tells Danger Room. “Could terrorists use Second Life? Sure, they can use anything. But is it a significant augmentation? That’s not obvious. It’s a scenario that an intelligence officer is duty-bound to consider. That’s all.”

My guess is still that some clever Pentagon researchers have figured out how to play World of Warcraft on the job, and they’re not giving that perk up anytime soon.

Posted on September 18, 2008 at 1:29 PMView Comments

1 17 18 19 20 21 25

Sidebar photo of Bruce Schneier by Joe MacInnis.