Some of my colleagues posted earlier about the applications of network analysis in the context of counter-terrorism and national security. BigT referenced a fascinating article by network analyst Valdis Krebs, Uncloaking Terrorist Networks , in which Krebs used public domain knowledge available shortly after the September 11th attacks to identify Mohamed Atta as a key figure in the plot, based solely on social network topology metrics.
As an addendum to this extraordinarily relevant example of network analysis, there has been a point of controversy regarding a DoD (Department of Defense) task force known as Able Danger, which was formed to identify Al Qaeda operatives through similar social network analysis techniques. Able Danger allegedly actually succeeded in uncovering Mohamed Atta as an Al Qaeda operative a year before the September 11th attacks, so there has copious dispute regarding why their findings were not acted upon.

In the same vein, there certainly have been a large number of high-profile stories involving the application of network analysis toward national security problems, especially with the many recent controversial DoD and NSA programs (e.g. Total Information Awareness, warrantless wiretapping). However, basic network analysis techniques were developed out of necessity and used long before the recent formalization and recognition of the field. Intelligence gathering is an intrinsically network-based field. Human intelligence (HUMIT) relies on the cultivation of a network of assets, whereas financial intelligence (FININT) is comprised of the investigation of transaction networks and other monetary connections. In the paper, Terrorists/Liberators: Researching and dealing
with adversary social networks, Karl van Meter explores a variety of historical examples of different types of network analysis accomplished by various intelligence organizations. Though while van Meter examines these intelligence gathering techniques from a historical context, their relevance and continued efficacy in the dynamic world of should not be ignored. I will present a few techniques that van Meter discussed, contextualizing in terms of graph theory.

Social Network Analysis – Nodes are people and edges are their contacts and relationships. The innate usefulness of . The example van Meter presents concerning the first major application of this technique in intelligence gathering is the McGehee’s villiage method. In the mid-1960s a CIA operative named Robert McGehee was sent to Thailand to gather intel on the spread of communist influence in the region. Dissatisfied with the inaccurate data gathered thus far, McGehee had his team engage in an anthropological-style survey of entire villages to flesh out an area’s social network. An analysis of the network’s structure and anomalies led to great success in discovering communist party members and weapons dealers in the region. However, McGehee later became a vocal critic of the CIA. This later criticism partly stemmed from his feelings that many of his findings were suppressed as they painted too bleak a picture of the extent of communist support in the Southeast Asian region (and would have been an indicator as to the futility of military efforts in Vietnam).

Traffic Analysis – Nodes are people and edges are instances of communication (e.g. Phone calls, letters, email, wired monetary transaction). Traffic analysis . Often communications are encrypted and cryptanalysis resources can not be devoted to decipher them all. However, there is information encoded in the structure of the communications network that can be of immense value in identifying members of an organization or key individuals within an organization. Traffic analysis was developed in its modern form by the British internal security service MI5. Though, ironically, one particularly intriguing example of traffic analysis occurred when the IRA adopted similar tactics against anti-IRA operatives in Northern Ireland. Through traffic analysis the IRA was able to discover that all MI5 agents and informants were paid on the same day, and by staking out certain ATMs in the region, the IRA was able to uncover many of the MI5 assets in Northern Ireland.

Movement Analysis – Related to traffic analysis, this mode of analysis involves compiling information regarding a group of individual’s whereabouts and transportation activities during a period of time. Through various statistical and network analysis techniques, the data from movement analysis can yield information regarding the structure of an organization, its key members, and its more peripheral members.