Intelligence Analysis to Take Down a Terrorist

Intelligence experts are increasingly relying on advanced data extraction software in the fight against terrorism. Berenice Baker talks to the CEO of i2, Bob Griffin, to find out how increasingly intelligent computer software can sift through mounds of information to help intelligence agencies track down terrorists.


There is much speculation about the exact methods of information gathering used by US and coalition forces during the ten-year hunt for Bin Laden, which ended this year after US forces finally tracked the world's most wanted terrorist to a compound in Pakistan.

What is known is since the search began, huge amounts of data, whether it is imagery collected from UAVs or keywords dredged from social media, have flooded in. And in turn this tidal wave of data is creating a critical need for ever more complex analytical tools to sift through the vast swathes of information.

i2, a provider of intelligence and investigation management software, was founded in 1990 by two analysts seeking to move away from largely paper-based methods. They developed a system that can assimilate data in a fashion which is easily understood but enables users to discover patterns of information and true knowledge management.

The i2 flagship product is the Analyst's Notebook, which is used in 150 countries around the world, localised into 17 different languages and has more than 150,000 users.

At the recent i2 EMEA user conference in Brussels, i2 CEO Bob Griffin speculated on what kinds of information were gathered during the hunt for Bin Laden and explains how intelligence analysis tools are changing the quality of data being collected as well as the ways in which analysts work.

Berenice Baker: Is there an increasing demand for intelligence analysis tools?

Bob Griffin:  The oceans of information that are being generated today are astronomical. We have built a platform that allows us to do what we call all-source analysis, which can handle traditional data-based sources of information as well as multi-media rich sources, open source, closed source and so forth.

The goal is to be able to assimilate all that information and sort and sift through it to determine patterns and act upon it within the intelligence community. That action can be anything from developing packages to target an organisation or to disrupt a particular target, or determining emerging players, leaders and communicators within a target organisation.

The goal of the technology is to disrupt, defeat, predict and protect.

BB: How have the requirements of the intelligence community changed?

BG: One of the more important things the community is worrying about now is domestic or home-grown radicalised terrorists.

In the US alone we've seen the Times Square bombing, 'Jihad Jane' and the Oklahoma City bombing.

"The oceans of information being generated today are astronomical."

The intelligence and the law enforcement communities say the biggest concern we have is the domestic terrorism threat, which can be anything from radicalised religious-based terrorists to militia-based organisations concerned with protecting what they believe are their inalienable rights against what they would define as oppression by the government. The cyber threat is also growing.

People don't realise how dependant we are on our cyber infrastructure, but being able to effectively shut down a national grid is a massive security concern.

Events such as the hacking attack of the Sony Playstation network to steal credit card details also raise the threat of identity theft as well as damaging the company's reputation.

The intelligence community is pushing to become more predictive and reactive, identifying where the next incident will happen and what the nature of the breach might be so we can prevent such attacks.

BB: A recent high-profile event that occurred with the assistance of military intelligence was the raid on Bin Laden's compound. Can you speculate what kind of analysis and what sources would have been used?

BG: It would have been not unlike the analysis we did in helping track down Saddam Hussein. I would expect there was a fair amount of social network analysis done on his and his courier's contacts.

Bin Laden's biggest concern was staying off the grid; he was concerned about using any kind of telephony or wired devices. When they raided the compound, other than finding a satellite dish for television, there was no internet or phone, so he relied from an operational perspective on trusted couriers.

Through traditional military function and interrogation, analysts were able to identify one of these couriers and over time gathered information on him. You start to build a profile of that person and their social network, and build up a lifestyle analysis of who they visit, and when and where they travel.

"The thing I thought was clever was how information was selectively leaked about the raid."

Analysis tools use those key indicators to show potential patterns, trends and opportunities, which would have helped identify the compound. The military then set up traditional surveillance and data gathering techniques, from arranging deliveries to the compound through satellite or drone imagery. 

The goal was to get a glimpse of Bin Laden in the compound to validate his presence there. At that point you can start planning the next step, in other words how to disrupt the target.

I think there was a perception that Bin Laden was not in a strong operational role in al-Qaeda in the last couple of years. I assure you clearly he was. If anything his network did a great job in sending out misinformation about his poor health or whether he was alive.

BB: How does the intelligence community define and use social networks?

BG: Most people relate social network analysis with communities like Facebook and LinkedIn, though an amazing amount of intelligence can be gathered through these. 

What intelligence people do is gather information about individuals and relationships the individuals have, and then gather information about those relationships and so forth. They're able to take all that information, such as telephone numbers and the calls they make, to establish relationships with other individuals.

Analysis tools help identify the rising stars in any community as they have the most links to anyone else and may be a communications facilitator, because people in the network only communicate with specific trusted individuals.

When you map those networks, you can make real-time decisions. If you want to disrupt communications, for example, you can take an individual out and that disrupts communications for a certain period of time. You can also identify the next logical replacement for that individual and target him too.

We did some social network analysis recently on the al-Qaeda network around the world, using mostly open source materials and carrying out what/if analysis using our tools.

If we assume Bin Laden had the most connections because he's the founder, we take Bin Laden out of the equation and see who the heir apparent is. That has now been confirmed as Al Zahawiri, the Egyptian doctor, who has classically been known as the number two guy. But if you look at the social network of al-Qaeda, he isn't even in the top three of those that had the most connections.

BB: Is too much sensitive information released to the public following events such as the Bin Laden raid?

BG: There is a degree of frustration in the intelligence community that there is too much information being given out about tools, techniques, participants and players. There is no logical reason to disclose where SEAL Team 6 lives; it just puts them and their families at risk. There really isn't any reason to have conversations about stealth helicopters, or the fact that Bin Laden was double-tapped.

We got him, we cleared the asset, we validated his identity, gave him a proper Muslim burial at sea, and we moved on. I assure you we're going to have to do this again, and if we give the secret sauce on how we did it, then the targets become reactive.

The thing I thought was very clever is the information that was selectively leaked about the raid. This was just enough to worry other players into moving, getting back on the grid and making mistakes. Though I think what we gave away was more than we wanted to from an operational perspective.