People working together on projects tend to interact in fairly predictable ways — whether that project is installing a new computer system, or blowing up a building. So looking only at the links between people won’t tell you much about what those folks are up to. At times, the links can be rather deceptive, in fact. Especially if your data set is huge, like the NSA’s ginormous database of phone records. Other information is needed, to fill in the gaps.
Here’s an example, below. Can you tell which cluster is from a Fortune 500 company, and which one is from Al-Qaeda? Network analysis guru Valdis Krebs shows this slide to corporate and government audiences. Their answers are usually pretty scattershot. Take your guesses in the comments section. Valdis will be back later on with the right answer.
{ 29 comments… read them below or add one }
No guess from me, I can’t tell the difference and I don’t feel like taking credit or blame for a coin flip. However…
I would have expeced a difference. Naiive me would have expected Al Quaeda to be significantly less connected, in order to aid in operational security. (in the security vs control tradeoff).
But thats why I’m the ignorant moron.
The one on the left seems to be Al-Qaeda because it seems to be demonstrate more of the sleeper/splinter cell mentality than the one on the right. The one on the right shows more of a centrality in the bottom-center section of the graph.
The one on the right looks a little less centralized. So I’ll say that’s Atta & Co.
I’m with JJ. There’s a reason we call them “splinter cells.”
Corporate America doesn’t trust its workers enough to act on their own.
Does it matter which is which as long as they are properly labeled?
The reason I say that is because from an IT Security Perspective, both diagrams are giving me useful information to exploit. Whether looking from a penetration or central hub perspective, the diagram gives me information regarding starting points and major distribution points within the network, where i can probe without much intrusion, and where I can probe with and gather the most useful information.
Without more information and using this example I would say it looks to me like the NSA is actually doing its job, and I’m not even sure I think it is legal.
Either way, I think DefenseTech is taking the right approach, this issue needs to be evaluated in depth from an IT perspective, because I myself have generated reports very similar to both shown above for over a decade within my very large organization, and it continues to be a useful tool with useful information.
My first impression given the very little information we actually know to date is, I wonder which vender the NSA uses for their network modelling, because a NSA endorsement isn’t exactly a bad thing.
I’d like to know a little more about the kinds of communications that were included in building these diagrams. Did the net pick up everything, or were personal contacts filtered out?
I make that point because, if they were not filtered out, then the diagram on the right makes more sense to me. Fortune 500 companies are often hierarchical structures with geographically and socially disparate (and sometimes almost distinct) segments. You wouldn’t expect must personal or business-related contact between lower level personel in different segments of the organization in different geographic locations.
Terror networks, on the other hand, include relatives and are built through social and often familial networks. Despite a “cell-based” operational structure, designed to restrict the flow of operational information and limit the penetrability of the organisation, you would expect those social and familial connections to maintain their significance, creating more “inter-cell” chatter.
So if social and familial “chatter” is included in the set of information used to create the diagram, my vote is for the one on the right. Otherwise, my vote is for the one on the left.
But where is the link between the two :D
I’m guessing left for the Al Qaeda network and right for the Fortune 500 – no particular reason, it just looks like that there are layers of middle-management on the right-hand diagram.
I’m thinking the one on the right with the deadenders (i’m with you, DS).
None let’s see if I’ve watched enough spy movies and read enough spy books…….
duh….to make myself clear, I meant Al Qaeda is on the right…….
Timothy’s comment sent a mouthful of lunch flying across the room.
Corp is right, Al Q on the left – it being less centrally controlled and less evenly distributed. The right has such lovely arcs of hierarchy.
Two graphs isolated from existing previous knowledge do not yield much info of value. Insteak, take the set of previously known Al-Qaeda operatives and see if any of them map into either of the two graphs. The cell of bad guys would stand out and it would be easier to “connect the dots”.
On the left is the Fortune 500 group, it has more people who are many-ways connected. The one on the right has a more “cell-like” structure.
That’s my guess.
Neither one. We keep killing the number two and number three. It’s one dot, running scared, unable to stage new attacks unless it gets on the phone to Madrid or London.
That said, the fist shows one to two, and two acts like the one. Probably what the Al-Q netwrok isd like, one level repeats word for word what the operational information will be. Find who two is talking to and shut it down entirely.
The other is classic even distrubtion to the levels, a one three six, with a lot of distinction between those levels. More linear but still diffuse, but even distrubtion.
It’s probably a trick question, the second graph fits between any first given or vice-versa.
Two looks like a cell on staged setting- everyone has specific jobs.
One looks like the overall body- source heavy, with several layers calling back at levels two and three to do dry runs and check awareness of being watched.
You know when AWOL needs a poll bump they let you know whatever they’ve got. Then the whole network tweaks its method…
It will get more difficult with time.
Most likely the second model applies to the Pakistani and Iranian nuclear programmes. The former being the top concern of proliferation outside the former Soviet.
Then again I’m not an official wonk, just looking at the numbers.
As others note- it is not hard to connect the dots when told Bin Laden determined to strike in the US.
Both go through a vp chain./.. sorry, the comments thread did not have both diagrams.
Two is still pretty even. As noted it’s essentailly a trick question and elements of each are within the whole.
Now imagine the NSA spying on false leads for everyone that ever called or was called by someone bush would believe suspsicious.
Which of them called or got calls from Afghanistan, Syria, Pakistan and/or Iran? How often? Did they place them or receive them? Did one usually call another after recieving a call from a third?
Without information on what the nodes are doing you can’t do anything other then possibly determine the role they have in the organization. What he’s presenting is just like a road map without the town names or indications of what kinds of roads connect them. If I claimed this edited and carefully selected image proved that road maps are useless would you believe me?
Nick:
The “less-connected” Al Qaeda may well be out there — you can’t graph what you aren’t aware of. To the extent that the “well-known” got that way because of their activities with others, it’d help explain the appearance of the AQ network diagram (regardless of which one that is — I’d say it’s the one on the right).
My mathematical ineptitude is legendary but looking at the chain of communication, logic would suggest that the right model is the AQ as we’ve been led to believe it exists. A central command where the outside hubs don’t communicate with the central authority. But the model is too symetrical. It has a sense of predictability that wouldn’t be conducive to clandestine operations. It fits the corporate model better. Corporate decides on the action and then passes the commands to the outposts. I would think the project in question would be something like a coordinated as campaign for car dealers.
The left model doesn’t fit my conception of how a cell would work either. The asymetrical and somewhat unclear hierarchy fits but there’s entirely too much contact between the parties. It suggests a corporate software collaboration to me more so than a nefarious plot. I have the feeling it’s neither but if I must choose, I’ll go with the left.
3)If you were Osama Bin Laden in one of the two, which solution would you choose to avoid while being vulnerable to internal spies and confession by detained members?
That’s right, there’s no point in trying to spy on terrorists since the average man on the street can’t tell the difference between two network diagrams. It’s all for nothing, we may as well just give up now.
I predict that the model on the right is more likely to be that of Al Qaeda. There is too much communication between reference points, centrally, on the left model. That seems more in keeping with a corporate model.
But, many of the connections that we can attribute to the Al Qaeda model may be misleading. It is known that phone calls can be traced and linked. A false pattern may have been laid in order to hide a true pattern. And that would be difficult to empiricize without knowing how such a pattern is being obfuscated.
The left is how I picture the Islamic family/social structure. Cell.
The right looks like it would need the concept of individuals to work. Fortune500.
Given that the fundamental basis of criminal or terrorist cells is that there needs to be minimal knowledge of the rest of the organisation within each cell, neither of the diagrams presented fits the model. Parts of each one do, but they are not consistent. A terrorist cell model would suggest a web of concentric circles, with very few connections between the circles, the point being that people in the outer rings can’t identify the people further in.
Ive been thinking about it.
It s strange how social webs looks like terrorist organizations, rigth its the correct because all the cells have been organizated with almost three persons and the staff departament of fortune only have two.
But it seems like a normal democracy social web design, its like a signal of how all the dinamics moves of the man , like democracy or the ancient regime, make another dinamic in the same way but in diferent direction, like terrorist or revolucionary strikes like the french revolution.
We have to take care in what are we working to stop Al quaeda dimension of operative cells, if we make another dinamics, like make a stronger state with non legal moves( “non legal” because “Auctoritas, non Veritas”) because we are working at the same time in oppositte direction.
Its the cell on the left of course:)
Seriously. the cell on the left has spinter groups that are not connected and that is how I would picture a terrorist group that want to avoid all members knowing each other. The one on the right has everyone talking ot anyone – this is not secret enough.
Companies and normal social groups don’t try to hide there alliances and give false trails where a secret organization would.
Does it make a difference? Just as in the Viet Nam war, we could have ended it by bombing a dam located within miles of Hanoi.
Bush won’t be effective, if he wanted to be, he could give farmers in Afghanistan money to raise other than poppy crop, which is what is funding AQ.
But now one wants to do that…
I don’t see a response from Mr. Krebs. Please…which one is which?!?
its the one on the left. god told me