Forgot your password?
typodupeerror

More Details of the NSA's Social Network Analysis 367

Posted by CmdrTaco
from the bet-some-smart-guys-work-there dept.
mrogers writes "USA Today has a story describing how the NSA looks for suspicious calling patterns in the huge volumes of traffic data it collects. "Templates" such as a call from overseas followed by a flurry of domestic calls are used to identify leads, which are forwarded to the FBI for investigation. There have been complaints that low-quality leads are drawing agents away from other cases, and similar pattern-matching approaches have been found wanting in the past. Can data mining identify terrorists?"
This discussion has been archived. No new comments can be posted.

More Details of the NSA's Social Network Analysis

Comments Filter:
  • by nweaver (113078) on Wednesday May 31, 2006 @11:11AM (#15435662) Homepage
    The problem is, this strategy is not only ineffective, it can be counterproductive.

    There is plenty out there on the "Strength of weak links", where past associations (old roommates, sleeper cells), with not contact can be very strong service links when reinitiated.

    There is also plenty out there on how this is DoSing the FBI.

    And the tin foil hat crowd (a very popular piece of headware these days) will point out that this tool is far more useful for targeting individuals than searching for patterns. And what if you are the target?
  • by gasmonso (929871) on Wednesday May 31, 2006 @11:13AM (#15435677) Homepage

    I know that YAhoo has commented on this because they datamine extensively to find surfing habits on their site to better place advertisements. Obviously this is a bit different, but the technology and methodology is similar. I have no problem with computers analyzing calling patterns. There was a distinct pattern of calls that lead up to 911 and other attacks.

    http://religiousfreaks.com/ [religiousfreaks.com]
  • by qwijibo (101731) on Wednesday May 31, 2006 @11:24AM (#15435786)
    This approach to finding patterns works well in marketing where getting a 1% rate of sales to contacts is a good response rate. The problem with using this approach for anything in the real world is the 99% of the time you're wrong.

    They looked at the history of a few people and found a pattern. Now that the pattern has been disclosed, only historical information is likely to have any merit. If the people controlling the communications know this is a way to be found, after getting a call from a watched country, they'll have the people go somewhere else and send emails or otherwise use a different channel for communication.

    Knowing all of the data points isn't enough if you don't know which ones in different databases (phone, email, etc) are related and why.
  • Dismissing the legality and morality of doing this...

    Let's look how most Network Intrusion Detection Systems work today, including the OSS favorite Snort [snort.org].

    We start off with a bunch if signatures. These signatures are analyzed against including network traffic. A signature is matched, an alert is sent out (syslog, mysql, whatever) and my little console displays the alert. I analyze, determine it's a "false alert". I try to tune it out, maybe, depending on frequency and annoyance, and continue on to the next (false?) alert. If the alert is deemed true, I determine if we were hacked or if something more serious is going on. Usually, I get other people involved.

    Sounds like the NSA's system is very similar to the job of our favorite IDS operator. In fact, it's exactly the same thing. Some softwatre looks for patterns in telephone network traffic. Once these patterns are found, they do a quick check (basic analysis) to confirm the pattern has matched. Then, the alert is passed on to a different team to investigate whether there is a more serious event or not.

    Are there false positives? Yes. Are there false negatives? Yes. Does this mean the method is ineffective? No. Does this mean it should be shut down? No. If it did, why am I, and thousands of others, getting paid for everyday?

  • False leads? No way! (Score:3, Interesting)

    by Pedrito (94783) on Wednesday May 31, 2006 @11:31AM (#15435862) Homepage
    How could those calling patterns ever cause false leads? Surely terrorists operate like clocks and do everything by the numbers.

    Okay, here's an example of how stupid the example given is (and it's not the example that's stupid, it's the intelligence community): I'm an American I have good friends, or maybe family living overseas. Let's say my brother lives in Germany and he just called me to tell me that his wife had a baby boy. So, what am I going to do? Call everyone in my family and anyone that knows my brother well and say, "Guess what, they had a baby boy."

    The fact is that, with calls between friends and family overseas in particular, the calls are not infrequently going to be some sort of major or semi-major news that the person in the States is then going to want to share with other friends and family. If the FBI is getting hit with all this garbage, I'm surprised they find time to do anything else.

    I'm not saying this stuff can't be used to find terrorists, but at what expense? I would imagine there are much more effective ways to spend the money.

    To bring the example a little closer to home, back in the early 90s when export restrictions on encryption were quite a bit tighter than they are now, I was asked by an uncle of mine (who's a venture capitalist) to do a little research into encryption. He had been approached by a group that had come up with some new encryption algorithm and he wanted me to get some sort of feel for how theirs stacked up.

    So, I go onto Usenet and start asking some questions, trying to educate myself on this stuff. A few weeks later, I'm talking to one of my neighbors and she says, "So, did you get that job at the White House?" I said, "What job at the White House?" She said, "Well, there were some agents from the State Department here asking questions about you and they said it was for a job at the White House."

    Now, I'm no rocket scientist, but I can do the math. Ask about encryption, agents show up. I suspect the two were related. I'm sure they were probably NSA agents since encryption is really more of their deal, or maybe State Dept. agents tasked by the NSA. But whatever.

    Had they even looked at my file, which I'm sure they had since I had a full background check for a security clearance a few years prior, they would have quickly discovered that I'm someone of little consequence and not a likely spy. But no, they had to send out a couple agents to investigate me asking questions that anyone from anywhere around the world could have posted on Usenet. What a complete waste of time and money. And it's not like you couldn't just download regulated encryption algorithms off the net at the time anyway.

    But I digress. Spending money to protect us is fine, if it's spent wisely. This is costing time of valuable people and untold amounts fo money for what is sure to be barely usable information. But hey, that should come as no shock to anyone.
  • by Anonymous Coward on Wednesday May 31, 2006 @11:39AM (#15435936)
    At NSA HQ.
    Okay, here's an example of how stupid the example given is (and it's not the example that's stupid, it's the intelligence community): I'm an American I have good friends, or maybe family living overseas. Let's say my brother lives in Germany and he just called me to tell me that his wife had a baby boy. So, what am I going to do? Call everyone in my family and anyone that knows my brother well and say, "Guess what, they had a baby boy."


    conclusion: Pedritos "brother" has a "baby boy".
    decision: Arrest Pedrito and his dealer network, send them to Egypt and other friendly coalition countries for some "extraordinary rendition".

  • Re:Attitude (Score:4, Interesting)

    by whathappenedtomonday (581634) on Wednesday May 31, 2006 @11:44AM (#15435988) Journal
    Aside from this being patently illegal, what bothers me is the cavalier attitude behind it

    I guess as the US is a democratic country, it's alright to do so. Democracy means, literally, rule by the people. The vast majority of people either doesn't care or doesn't get beyond posting "wtf, criminals!" on /.

    You'd have to shut down TV for a week or only a day - I bet enough people would start to care about this and many other things...

  • by oyenstikker (536040) <slashdot AT sbyrne DOT org> on Wednesday May 31, 2006 @11:49AM (#15436022) Homepage Journal
    Armed with details of billions of telephone calls, the National Security Agency used phone records linked to the Sept. 11, 2001 attacks to create a template of how phone activity among terrorists looks, say current and former intelligence officials who were briefed about the program. (from the USA Today article)

    Are they admitting to collecting details on domestic phone calls _before_ 9/11?
  • Keep in mind... (Score:4, Interesting)

    by jjohnson (62583) on Wednesday May 31, 2006 @12:02PM (#15436140) Homepage
    Not that I'm at all happy about the monitoring, but in fairness, would the NSA/FBI report massive success with the data mining? Doing so would inform terrorists (drug dealers, lesbians, Democrats) that the simple pattern of their phone calls can identify them, forcing them to change their methods of communications, undermining the success of the program. It might be sufficient for them to publicly leak stories that the program isn't working while reporting to the government that it's actually quite successful. It certainly wouldn't be the first time disinformation has been used.

    An interesting aside: as reported by Bruce Schneier, al Qaeda members avoid Echelon by using shared Hotmail accounts. Rather than sending email, they create drafts and save them, and have a running conversation in the draft before deleting it. Not sending the email means the email doesn't trigger midpoint monitoring. Would they be doing that if they didn't know about Echelon?
  • by Doc Ruby (173196) on Wednesday May 31, 2006 @12:04PM (#15436157) Homepage Journal
    "forwarded to the FBI for investigation"

    That dodge is how Bush can appear on TV saying "this NSA program doesn't listen to your calls", because they forward your calls to another program, at the FBI (and probably elsewhere). Feel safer?
  • Re:Beside the point. (Score:3, Interesting)

    by Analogy Man (601298) on Wednesday May 31, 2006 @01:25PM (#15436984)
    From the article: "such as a call from overseas followed by a flurry of domestic calls"

    How to become a suspected terrorist:

    1) Niece in Pakistan...has first son

    2)Niece calls aunt in Dearborn for 5 minutes using neighbor's cell phone

    3)Proud aunt calls all of her friends and extended family in US/Canada

    4)FBI agent from Detroit digs out auntie's file....adds entry

    5) Auntie's Son at U of M attends Arab Heritage meeting in student union...add that to his file

    6)Cross reference Auntie and Son's files and calling patterns

    7)Find both called cousin in Italy

    8) Cousin in Italy was previously arrested at anti-WTO meeting (what greater enemy to the USA than that!?)

    9)Scoop up cousin and fly him of to Egypt as a "person of interest"

    10) Question cousin about his ties to Al Quaeda...specifically his second cousin's neighbor

    11) Despite 48 sleepless hours of interrogation, a sound beating, exposure to cold, being stripped and humiliated this "terrorist" claims to have never been to Pakistan and has never met his second cousin's neighbor

    12) Fly cousin to Afganistan and leave him to rot for 6 months

    13) Drop him off in the countryside of Bulgaria

    How much of this is inconceivable? Does it make you feel safer that our government does this sort of thing? If safer, proud? Do we catch more bad guys than we create?

  • by sasdrtx (914842) on Wednesday May 31, 2006 @01:34PM (#15437092)
    First, your analysis of the incompetence of the national "intelligence" community is very good.

    Second, your recommendation that this be fixed is disturbing.

    How about we just do away with the whole pile of crap. For more on the dismal state of affairs, see http://www.lewrockwell.com/engelhardt/engelhardt19 2.html [lewrockwell.com]

    The only thing you can count on is that more and more money will be wasted on returning less and less of value.

    Actually, have the CIA, NSA, etc. yet produced anything of value? Note: do not count useful intelligence ignored because the president was asleep, drunk, or just dumb as shit.
  • Re:terrororists (Score:1, Interesting)

    by Anonymous Coward on Wednesday May 31, 2006 @01:36PM (#15437106)
    It's not just terrorists. Telcos have been doing this for years. Look at their fraud department software.

    I used to work for one of the computer, software, services, printer, and offshoring companies in the US that regularly sold such software to telcos all around the world. The only thing new about this is that the government is doing it, not that it is being done. If you don't think telcos had the ability to intelligently analyze who was calling who, for how long, whether the call was any way different than the caller (or reciever's) usual behavior, etc... you have been out of touch. About the only thing the telcos don't monitor is the actual content of your conversations...but there were 1 or 2 api's for our product that looked like they were specifically created for just this purpose (according to what I saw of their documentation).

    If you want to learn more about this technology, I recommend you talk to someone from the CFCA (Communications Fraud Control Alliance) and see what they'll let slip. Sadly, it's a notoriously tight lipped group to those not in the industry and without a need to know.

  • by LnxAddct (679316) <sgk25@drexel.edu> on Wednesday May 31, 2006 @01:42PM (#15437167)
    The difference being that the brits had to travel a thousand or so miles before they got here (which really makes any war a bit harder) and armed forces were significantly less advanced (your enemy has a gun, you had a gun... they might have some cannons too or something... but it is pretty much a fair playing field). Look at Iraq, not even 2,500 U.S. soldiers have died yet... and we've been in the war for a few years now. The American military destroyed old Iraq's military in a matter of days. The advantage that remaining terrorists have is that they blend in, and have to shoot first before soldiers know who the enemy is. Terrorists have a huge advantage here in that they always get to shoot first, the American soldiers don't know who the enemy is until it happens. Despite this advantage, our kill ratios are the best of any war ever. The bias in the media reporting is ridiculous, but by all accounts from a military point of view it is a huge success. The military officials are glad because this is like real life training for their troops, if a nation's army goes a decade or so without real fighting then when the fighting is needed the troops won't be as effective, so a lot of officials jumped at this chance to get their men out into the field. So if we did have another civil or revolutionary war (in this case it would be civil), we'd have to make sure we blend in with the general populace..but as Iraq shows, that still doesn't provide a very effective means of fighting. It would be even worse here because the soldiers are familiar with the area, as opposed to Iraq, and there is a ton of military equipment just a few miles from just about any point in the nation... there supply lines would be damn near impenetrable. The only chance we would have would be if a good chunk of the soldiers and generals sided with the revolutionaries, or if another major power in the world came to help us out (just like France did previously). I think that last scenario is likely considering the number of nations that would probably love to throw a punch or two our way. So yea, we might have a chance... but the rules of the game are vastly different today.
    Regards,
    Steve
  • by Behemoth (4137) on Wednesday May 31, 2006 @02:11PM (#15437440) Homepage
    Bruce Schneier wrote an interesting piece on why data-mining not only doesn't work, but can't work in the context of finding terrorist plots:

    http://www.wired.com/news/columns/0,70357-0.html?t w=wn_story [wired.com]

    In a nutshell, his premise is that the underlying assumptions that make data mining work for such things as credit card fraud don't hold when searching for terrorist plots. Also, that trying to apply those models will result in a flurry of false negatives so large as to make the whole effort useless and a waste of resources which could otherwise be better spent. It's hard to argue with...
  • by russ1337 (938915) on Wednesday May 31, 2006 @03:04PM (#15437992)
    As said in the comment above.. a decade ago. Sympathizers in the USA were well known for supporting the IRA (Provisional Irish Republican Army / Real IRA) in Ireland through the 80's and 90's, and the UK has constantly houded the US to combat this funding.

    After 911 the US adminstration decreed along with the war on Terror - 'funding terrorism is a crime'. While the comment was primarliy aimed at Al-Queda, funding the IRA was (unintentionally?) put in the same category.

    Its probably always been illegal to fund terrorism (IANAL), but I havent seen any arrests for funding the IRA hit the news, nor have i seen any Irish Americans thrown in GTMO. I'd say someone turned a blind eye.

    Check out: http://en.wikipedia.org/wiki/NORAID [wikipedia.org]

    Why arent the former/current leaders and members of NORIAD in GTMO?

Premature optimization is the root of all evil. -- D.E. Knuth

Working...