return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ InfoT Public ]

Kerik's nanny may be a deception simulation event


Information emerging after Mammography, photo interpretation, and presidential appointee selection all suffer from interpretation raises the possibility that Kerik's nanny is a phantom, a deception event.

Remember that deception has four components (Security, Plausibility, Adaptability, and Integration) that recombine into two parts, dissimulation and simulation:

hiding the real and revealing the false. Hiding the real is called dissimulation. It is the covert part, that which is concealed from the enemy. Revealing the false is called simulation. It is the overt part, that which is falsely revealed to the enemy as truth. Dissimulation and simulation are always present together in any act of deception.

The illusiveness of the nanny could be a culpability simulation to cover the attempted culpability dissimulation of all other Kerik transgressions, i.e., pleading to a lesser charge to cover his withdrawal:

Last night, Mr. Kerik was told that skeptics in city government circles were questioning the very existence of the nanny, and he was pressed to provide any kind of evidence to document that she was real. But after taking time to consider the request, Mr. Kerik again decided to remain silent on the subject.

Most puzzled about the nanny, perhaps, are former neighbors of the Keriks and their kin. In the Riverdale section of the Bronx, where the family lived in a first-floor apartment for years before moving last year into the Franklin Lakes home they had extensively renovated, neighbors did not recall any household help. One neighbor, Dennis Doyle, noted that Mr. Kerik's wife, Hala Matli Kerik, a former dental hygienist, not only seemed to care for Celine, now 4, by herself, but that she did her own laundry as well.

Tina Brown noted that vetters only had to read the New York Post's Page Six (Gossip) to be lifted out of their chairs regarding Kerik, a case of ignoring a valid, if outlier, signal. A lighter sample is HOW SON OF SLAIN HOOKER ROSE TO CABINET. Juicier bits are unattributed. FBI take note.

Mystery Woman in Kerik Case: Nanny
New York Times
December 16, 2004

Gordon Housworth

InfoT Public  Strategic Risk Public  


  discuss this article

Mammography, photo interpretation, and presidential appointee selection all suffer from interpretation


Consider three analysis scenarios (those expecting a political jab will be disappointed):

Pilots were operating at night, with impaired depth perception, limited time to acquire, no clear idea what the target looked like, highly constrained, if expensive, acquisition system, and the target was evasive. Mobile Scud kills: zero.

Radiologists were looking for lumps, bumps, and calcium; shape, size, number and density are important yet misleading; density of surrounding tissue is critical; no definitive idea what is malignant; threshold of lethality varies; and usually find only slow-growing tumors. Mammography screening: widespread disagreement over benefit to women and malpractice litigation.

White House vetters were operating under internal pressure, dealing with a presumptive appointee who wanted the post, but "had failed to report lavish gifts [received] as a New York City official, had declared personal bankruptcy [was] the subject of an arrest warrant in a civil case involving unpaid condominium fees [had] helped a company suspected of doing business with organized crime, and [has] been accused of extramarital affairs that his representatives do not deny"; were aware of many of these issues "before the nomination yet did not deem them [individually] disqualifying"; the candidate was apparently both omissive and comissive; while independent sources [media] continues to provide intel at a rate faster than the administration could digest. Appointment process: disarray and embarrassment.

In each case the pictures, the imagery, the information was "not self-explanatory [needed] to be interpreted, and the human task of interpretation is often a bigger obstacle than the technical task of picture-taking."

There is the problem of seeing a "right answer" without seeing many wrong ones, so many that they debase the supposed correct one:

One radiologist caught eighty-five per cent of [a test set of] cancers the first time around [but] also recommended immediate workups—a biopsy, an ultrasound, or additional X-rays—on sixty-four per cent of the women who didn’t have cancer" - an unacceptable level of cost and anxiety.

[The 'imagery' was damning even as vetters] allowed their affection for Kerik to cloud their judgment [effectively] compartmentalized Kerik's controversies, assuming that each dispute and controversy could be deflected or explained away without anticipating the political toll of the accumulation of so many, [were] relying on the support of New York's two Democratic senators [and assumed] that Kerik had survived the rough-and-tumble New York political world, including its bare-knuckled tabloid press.

One must understand the entire critical path in order to make the proper decision:

In developing the surgical strike weapon of WWII, the Norden bombsight, the US spent "more than half the amount that was spent building the atomic bomb." A critical path target analysis of the German economy recommended among other targets, German ball-bearing factories due to their criticality in aircraft production. The costly B-17 bomber raids over Schweinfurt, Germany, bombed the ball-bearing factories using the Norden, but did not halt ball-bearing deliveries to the Werhmach as Germany had ample stockpiles, uninterrupted imports from Sweden and Switzerland, reduced the need by virtue of design changes, even as the ball-bearing manufacturing equipment survived when the plant did not.

The points of interruption were not in the plants themselves. Aerial photography alone misled the Allies. Continuing to the present day, surgical weapons need equally better target tasking else they become no better than free-fall iron bombs.

Mammography "has a Schweinfurt problem" in a particular breast lesion. Despite continuously improving imagery and the aggressive removal of virtually every instance, "the incidence of invasive breast cancer has continued to rise by the same small, steady increment every year."

The solution is now expected to lie outside the imagery in early gene-signature detection.

It's early to tell about the appointment but it appears that any cursory use of Lexus/Nexus and a substantive use of the Survivor's Guide was bypassed, so who can tell where the slip was beyond "a case of hubris on both sides [a political] choice from the beginning to the end [and a belief that] you are invulnerable."

Imagery, data, and opinion are illustrative but often not conclusive. Sound interpretation is king. Part of that process should be thinking how it will look above the fold in the Times.

On Kerik Nomination, White House Missed Red Flags
By Mike Allen and Peter Baker
Washington Post
December 15, 2004

by Malcolm Gladwell
New Yorker
Issue of 2004-12-13

A Survivor's Guide for Presidential Nominees
Brookings Institution and the Pew Charitable Trusts

Gordon Housworth

InfoT Public  Strategic Risk Public  


  discuss this article

New breed of hostile Navaho Talkers, Part 2


Part 1

IRC gained international fame during the 1991 Gulf War, when television and other forms of communication were out in Irak and Kuwait, IRC users gathered on a single line in these countries and gave out reports to the rest of the world. The same was repeated during the Russian Coup in 1993, IRC users in Moscow gave live reports about the unstable situation.

In the absence of TV and radio broadcasts, IRC took regional center stage. (Go here for archives of some of these early 'blog' equivalents. Many have the genuine feel of battlefield dispatches.) "IRC is the net's equivalent of CB radio," but in global real-time, that has grown along with the net, with channels now numbering in the thousands and users in the hundreds of thousands.

Whereas many if not most Western readers now use the Web to navigate the net, specialized communities have long used IRC for its instant one-to-many communication and for its anonymity. Ordinary users have been joined by sexual predators, pedophiles, hackers, crackers, criminals, and terrorists. Personal handles are not identified and the hosting site may be beyond legal reach, in which case any legal challenge for transparency would just see the perp melt away.

Now combine IRC with multiple foreign languages (shifting between them to complicate listening). Languages other than Romance languages are often difficult for machine translation, and we have already noted the US lack of skilled or trustworthy native Arabic translators. Transliteration of various Arabic names into English is maddening, making identification full of false negatives and positives.

One of the terrorists, Abu Abdul Rahman, pretended to send a love message via an Internet chat room to his German girlfriend, who was actually Binalshibh. It contained more code for the attacks:

"The first semester commences in three weeks. Two high schools and two universities. ... This summer will surely be hot ...19 [the eventual number of hijackers] certificates for private education and four exams. Regards to the professor. Goodbye."

Add creative terms:

About three weeks before September 11, targets were assigned to four teams, with three of them bearing a code name: The U.S. Capitol was called "The Faculty of Law;" the Pentagon became "The Faculty of Fine Arts;" and the North Tower of the World Trade Center was code-named by Atta as "The Faculty of Town Planning."

"Two sticks, a dash and a cake with a stick down": two sticks is the number 11, and a dash is a dash and a cake with a stick down is the number 9. And that was September 11, or '11/9' in most parts of the world.

Add religious alliterations and cultural phrasing spanning centuries, tribes, and regions across the Arab world, language and dialects rich in puns, and we have a new breed of Navaho Talkers arrayed against us.

Efforts are now underway to search for statistical patterns in the chatter. Whereas many if not most Western readers now use the Web to navigate the net, specialized communities have long used IRC for its instant one-to-many communication and its anonymity. Ordinary users have been joined by sexual predators, pedophiles, hackers, crackers, criminals, and terrorists.

Using a form of traffic analysis on selected chat rooms, the intent is to isolate "hidden communities":

If, for instance, RatBoi and bowler1 consistently send messages within seconds of each other in a crowded chat room, you could infer that they were speaking to one another amid the "noise" of the chat room.

Knowing who talks to whom is the first step in identifying a network, even if message content is not known, that can addressed with a more manageable volume of higher order attacks and decryption. As message context is examined, one would expect a capture of keywords used by which writer in what order. One would also expect a number of linguistic tools to be tested in order to tease out meaning from associated phrases.

Not an easy task, but a necessary one.

A Tool for Internet Chatroom Surveillance
Ahmet Camtepe, Mukkai S. Krishnamoorthy, and Bulent Yener
Department of Computer Science, RPI, Troy, NY 12180

Ibiblio, "The public's library and digital archives"
Collaboration of the
center for the public domain and unc-ch
Gulf War IRC chats
Note subdirectory for Desert Storm

Gordon Housworth

Cybersecurity Public  InfoT Public  Strategic Risk Public  Terrorism Public  


  discuss this article

"Two sticks, a dash and a cake with a stick down": just the tip of a new breed of hostile Navaho Talkers


Instant Messaging (IM) was not the first instant digital communication. Whereas Substitute terrorist, even criminal, for file-sharing pirate dealt with the leading edge of hostile COTS communication, we should not overlook the low end long used by innocents, criminals, and terrorists alike, Internet Relay Chat (IRC), wrapped in jackets of languages which we have difficulty in translating in any volume, e.g., Arabic, that employ cultural and religious alliterations to further obscure the writer's intentions.

Some history: Chat systems began to rise in 1984, on the Internet's predecessor, ARPANET, quickly coming to the attention of administrators concerned that the original intent of file transfers was being overwhelmed:

Around February of 1985, Henry Nussbacher sent a lengthy letter to every node administrator and technical contact in Bitnet which said "chats represent the most serious threat ever to the future of Bitnet" and that sites should hunt down and destroy any they found in existance.

Surviving, four chat Relays had been linked by June 1985, and matured into BITnet Relay Chat. Inspired by BITNet and early UNIX tools, Jarkko "WiZ" Oikarinen wrote the first IRC client and server at the University of Oulu, Finland in 1988. A Finish network arose, Funet, and was soon connected to the Scandinavian Nordunet. MIT was the first US user and, along with two other schools, launched a transatlantic link. By mid-1990, IRC averaged at 12 users on 38 servers.

IRC was designed from the onset as a means of instant communication via the net (not to be confused with the World Wide Web which also sits on the net), for group (one-to-many) communication in discussion forums called channels, but it also permits one-to-one communication.

A channel is a named group of one or more clients which will all receive messages addressed to that channel. The channel is created implicitly when the first client joins it, and the channel ceases to exist when the last client leaves it. While channel exists, any client can reference the channel using the name of the channel.

The result is a very flexible comm link that can be used on PCs and PDAs alike, the latter allows it to join cellphones in forming a redundant mobile command and control system. (Iraqi cell traffic rises whenever US convoys leave the Green Zone.) PC users generally use mIRC software while Mac users use Ircle. Mobile users have PalmIRC for Palm Pilots and SmartSoft for PocketPCs among others.

Part 2

U.S. Funds Chat-Room Surveillance Study
Associated Press
Posted on Mon, Oct. 11, 2004

CIA pumps capital into linguistics software
By Wilson P. Dizard III
April 9, 2004

Taming the Task of Checking for Terrorists' Names
New York Times
December 30, 2002
Original has scrolled to archive

Al-Jazeera offers accounts of 9/11 planning
September 12, 2002

Gordon Housworth

Cybersecurity Public  InfoT Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Substitute terrorist, even criminal, for file-sharing pirate: BitTorrent & eDonkey lead the way for a COTS many-to-many C2 system


Attentive readers will remember in the aftermath of 11 September that Islamic terrorists boasted that they had established websites "to "make the Internet our tool," and although service providers frequently shut them down they usually reappear someplace else."" There was steganographic effort to digitally hide clear and cyphertexts inside images, often in obscure IRC chatrooms. Authorities were challenged to find, isolate, and decrypt, requiring vast bandwidth and supercomputer arrays. This bears a canny similarity to present efforts of the Recording Industry Association of America (RIAA) and Motion Picture Association of America (MPAA), to halt individual file swapping pirates.

I predict that mischief makers will adopt these emerging file sharing tools to create means of communicating to and among the faithful in ways that will challenge conventional traffic analysis and the newly emerging link analysis, while slowing the identification and termination of illegal sites.

eDonkey differs in two essential ways from earlier file-swapping services: decentralized search and independent distribution of file fragments:

  • Decentralized search: When a file is shared on the network, the technology gives the file a "hash" identifier--essentially an address based on the characteristics of the file itself. Each computer logged onto the network has a certain range of addresses assigned to it, so it can act as an index. This allows searches to be carried out more efficiently than in earlier decentralized systems. [A query] would be directed quickly to the computer that is temporarily responsible for keeping track of the location of files in that category, and a response would be returned more quickly.
  • Independent file fragment distribution: the system can break up each file into tiny pieces, allowing them to be distributed . As soon as one person starts downloading these pieces, he or she starts offering them to the network at large. That means a movie does not have to be downloaded in its entirety before it can be offered to other people, making distribution of these and other larger files much more efficient.

BitTorrent is optimized for distribution and transfer speeds of large files over search:

Users intending to distribute files] set up a "tracker" Web site [essentially] a low-level server that keeps track of requests for a given file and directs the requests to the users offering the file. These users will have posted links to the tracker on a Web site, and these links will trigger the properly formatted BitTorrent downloads. Once someone has started downloading a file, that person's computer immediately serves as an upload server for anyone else looking for the file. The technology automatically balances upload and download speeds, ensuring that people downloading give back to the network, Cohen said. Unlike other file-swapping networks, if the number of people searching for a single file increases, it means faster downloads--not traffic jams--as the individual pieces get spread quickly around the community.

Unlike earlier file-sharing programs, the more users swapping data on BitTorrent, the quicker it flows, which was its original White Hat app (reducing server clogging when distributing large files). It was immediately diverted to Black Hat piracy ends. BitTorrent gains resistance to spoofing countermeasures used to sabotage file-sharing (such as uploading decoy or incomplete files) as it doesn't seek entire files, but "torrent" or seed files hosted by many sites:

The files on the Web sites are not songs or movies but serve as markers that point the way to other users sharing a given file. BitTorrent then assembles complete files from multiple chunks of data obtained from everyone who is sharing the file. Attempts to upload bogus files to corrupt the process fail because the BitTorrent program follows a blueprint of the original file when piecing it together.

While some BitTorrent seed hosting sites have been forced to close, others get under the radar as they are not hosting known copyrighted materials and so do not have as identifiable signature. BitTorrent central servers have already come under DDoS attack from unknown sources. That is prompting an "overhaul of the BitTorrent protocol itself, as right now there lies too much reliance on the trackers, [thereby reducing] the requirement of the tracker to an initial connection, therefore moving the actual peer-sharing burden to the peers themselves."

It's only a matter of time before terrorists and criminals began to harvest these new P2P tools.

'BitTorrent' Gives Hollywood a Headache
December 11, 2004

Free underground--an immovable force?
By John Borland
CNET May 30, 2003

Downloads rise as file traders seek new venues
By Dawn Kawamoto
CNET April 26, 2004

Gordon Housworth

Cybersecurity Public  InfoT Public  Strategic Risk Public  Terrorism Public  


  discuss this article

Useful, as yet unassigned


Aviation Databases/Links

Center for Cooperative Research, a committed collector with good timelines on key issues

International Crisis Group

John Robb's Blog, technology, security, intelligence, geopolitics

Kevins Sites blog, CNN front line war reporter

Live from Baghdad, Green Zone adventures

Network Weaving, Social network analysis

South Asia Intelligence Review, K.P.S. Gill, an Indian and South Asia view

Southern Poverty Law Center, hate groups

Switchboard, search for telephone & address

TranslatorsCafe Forums, scroll down to language specific areas

Gordon Housworth

Blogroll and Links  InfoT Public  


  discuss this article

Technology & Science


Filter, Cynthia Webb, colation of technology news feeds

Mitretek, Toxicology and risk assessment, other areas

New Scientist

Resources for the Future, originally for the cost-benefit analysis issue

TechNews from ACM, wide-ranging

TechWorld (UK), infrastructure & networking

Technology Review (MIT)

Gordon Housworth

Blogroll and Links  InfoT Public  


  discuss this article

Political, Economic, Media


Asia Business Intelligence, Richard Kuslan

Chicago Boyz, republican but not fanatical, note the intrade futures contracts for various political events on page right

East View Cartographic, former Soviet and other nations maps and charts, digital geospatial data, Russian satellite imagery (sub-meter), Ikonos and IRS imagery from Space Imaging, OrbView imagery from OrbImage and declassified historical US imagery. Fee based, but a good one-stop shop.

FRONTLINE, public affairs

On the Media, good analysis on the tools of reporting

OpenNet Initiative (ONI), investigation of state filtration and surveillance

Talking Points Memo, Joshua Micah Marshall

Washington Note, Steve Clemons

White House Briefing, Dan Froomkin, feed of White House-related items, president and staff, policy by implication

World Bank

Operations Evaluation

Development News Media, releases, transcripts

Daily press reviews, surveys of press opinion on issues

YaleGlobal Online, from Yale Center for the Study of Globalization

Gordon Housworth

Blogroll and Links  InfoT Public  


  discuss this article

News feeds, regional and global


ArabNews, first Saudi English-language daily newspaper, launched in 1975 by Saudi Research & Publishing Co. (SRPC)

Asia Times, generally excellent and quite useful that escapes the myopia of US highstreet press

China Digital News, sited at Berkeley CA

CitizenLab  Version 4.0, intersection of digital media and world civic politics

MOSNEWS, partner project of The Moscow News and Gazeta.RU

NewsDirectory, global newspapers & magazines, US TV stations

Project Syndicate, global association of newspapers, interesting monthy series in a variety of subjects

Radio Free Europe/Radio Liberty

TIDES World Press Reports, DARPA, news, translations, videos

Transitions Online, coverage of 28 post-communist countries

Washington Technology, government IT systems integrators, News, Archives

Worldpress, news/views around the world, sections for Africa Americas Asia Europe Middle East

Gordon Housworth

Blogroll and Links  InfoT Public  


  discuss this article



CodeBlueBlog, medical blog, medical blog

Gordon Housworth

Blogroll and Links  InfoT Public  


  discuss this article

Prev 26  27  28  29  30  31  32  33  34  35  [36]  37  38  39  40  41  42  43  44  45  46  47  48  49  50  Next

You are on page 36
A total of 68 pages are available.

Items 351-360 of 673.

Pages: [1 - 25] [26 - 50] [51 - 68]

<<  |  May 2020  |  >>
view our rss feed