PJ Media

Twittering to Terrorists

Ever since Ugh the Caveman, there’s been an ongoing struggle: on the one hand, keep communications secret; on the other, crack the secrets of the other guy’s communications.

This was true when “communication” was smoke signals and hand gestures, remained true when Julius Caesar popularized ciphers, and is still true today; we just have fancier methods. But I’ve been involved in intelligence and computer security stuff, off and on, for about thirty years, and if there’s anything I’ve learned from it, it’s that I can always expect fresh amusement from the popular press.

This weekend’s amusement comes from a CNET article and Noah Shachtman’s somewhat breathless article in Wired based on a posting on the Federation of American Scientists Secrecy News blog; that, in turn, is based on a paper, “Sample Overview: Al-Qaida-Like Mobile Discussions and Potential Creative Uses.”  (You can find it currently at the FAS site; I’m not going to link it because it’s marked “for official use only” and, dammit, I don’t want to encourage them.)

In communications security and communications intelligence — really two sides of the same coin — we have a pair of problems.

The people on our side, technically called white hats, want to be able to communicate among themselves without letting the black hats on the other side know what they are saying; that’s communications security. At the same time, they would like to know what the black hats are saying, and ideally without letting the black hats know we’re listening. (If the black hats know we’re listening, they are going to change the way they communicate; this is why “sources and methods” are so important, and why people like me get cranky about “for official use only” documents leaked to open web sites.)

The paper asks the question: what use could terrorists make of new technologies like Twitter and GPS cell phones? This kind of exercise, commonly called a red team, goes on all the time, often just as a thought exercise. The conclusion? Bad guys can use cell phones and Twitter too.

I know. Amazing, isn’t it?

Still, there are some good reasons to think about it. One of them is the common use of Twitter by U.S. personnel. Of course, soldiers want their families and friends to know what they’re doing; it’s important to everyone’s morale. But the “red team” has some interesting examples, like these from Afghanistan:

“I’m in Bagram waiting for a flight to Camp Salemo by Kwost in the volatile east of Afghanistan near the Paki. border. Hot days cold nights.”

“Hi from Bagram air field; 20 minutes from now I’ll hopefully board a flight to the Pakistan border.”

“Flying to Bagram, Afghanistan in 12 hours. The journey is about to begin.”

These seem like pretty benign things on their own, but let’s think about what an intelligence service would do with them. It’s a process called “traffic analysis,” one that I first learned about when we thought the next war was likely to start in the Fulda Gap.

Someone sits and collects these sorts of messages — then, we listened on radio; now, someone could follow a Twitter feed — and we keep track of the names involved. Over time, a picture builds up: Larry, in the 101st Airborne, was in North Carolina; now he’s on a plane to Afghanistan; something’s happening in Afghanistan. Gene is off to Fort Huachuca — what’s there? Wikipedia knows: the Army intelligence school. Add that to the list; Gene’s an intel guy.

Over time, this kind of information can add up; it’s generally a lot more important, and more likely to tell us something useful, than intercepting Boris calling Natasha to say “vee execute plan on Monday.” Get enough names and you can also use social network analysis (SNA) to identify networks of associated people. Now, SNA can sometimes give false leads.  One famous, possibly apocryphal, example was a social network analysis of some of the 9/11 terrorists that identified Mohamed Atta as the core and probable leader of the group, but also identified the best falafel restaurants in South Florida.  Like with any intelligence, it depends on collecting hints that may turn into a picture of something important.

On the other side, a black hat with a GPS phone equipped with a camera — an iPhone, say — can be pretty useful too. Ahmed the Black Hat can wander down the street, take a quick snapshot of a U.S. convoy going by, and email it, with GPS information, anywhere in the world. Or Twitter it. Give us enough guys with iPhones and you could quickly have a very complete picture of U.S. soldiers’ motions throughout Iraq.

The Wired article is pretty dismissive of the whole thing. Sort of “hah hah, the government’s worrying about Twitter now.” I’m not sure that’s quite justified; the kind of information I’m talking about, these kinds of analysis of movements and networks, are pretty much the core of real intelligence work.

On the other hand, it would be difficult — and a constant annoyance to people going about their normal lives — if we tried to really prevent black hats from using cellphones and Twitter.

On balance, it’s probably best if we remember that these things can be useful to the black hats; when the Army wants to cut back, as I’m sure they will, on the use of Twitter by people in real operations, it’s worth remembering that they have real reasons, reasons that can save lives even if they annoy families.