[iwar] [fc:How.Have.Events.Affected.Your.Analysis]

From: Fred Cohen (fc@all.net)
Date: 2001-09-28 21:23:29


Return-Path: <sentto-279987-2510-1001737347-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 28 Sep 2001 21:24:07 -0700 (PDT)
Received: (qmail 884 invoked by uid 510); 29 Sep 2001 04:23:47 -0000
Received: from n11.groups.yahoo.com (216.115.96.61) by 204.181.12.215 with SMTP; 29 Sep 2001 04:23:47 -0000
X-eGroups-Return: sentto-279987-2510-1001737347-fc=all.net@returns.onelist.com
Received: from [10.1.1.223] by n11.onelist.org with NNFMP; 29 Sep 2001 04:23:31 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 29 Sep 2001 04:22:26 -0000
Received: (qmail 50611 invoked from network); 29 Sep 2001 04:22:26 -0000
Received: from unknown (10.1.10.26) by 10.1.1.223 with QMQP; 29 Sep 2001 04:22:26 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 29 Sep 2001 04:23:30 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id VAA23816 for iwar@onelist.com; Fri, 28 Sep 2001 21:23:29 -0700
Message-Id: <200109290423.VAA23816@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 28 Sep 2001 21:23:29 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:How.Have.Events.Affected.Your.Analysis]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

How Have Events Affected Your Analysis

[FC - Anonymized for your protection]

In the nearly three weeks that have passed since the terrible events of
September 11th, I've wondered how the profession of criminal
intelligence analysis has been altered, both in the US, and overseas. 
This list comprises, according to what I believe Ray Sanford last
reported some days ago, over 1700 members internationally.  Now of
course we recognize that not everyone on this list is, or ever has been
a member of the law enforcement community, either as a badge carrier or
as an analyst.  Yet, our daily message traffic since Sept 11th still
focuses on issues relating to the daily routines of our jobs, ie, crime
mapping, usage of software programs, training and the unfortunate, but
constant bickering between certain list members who are disinclined to
accept different points-of-view. 

What I would like to know, without going into intimate detail or without
revealing sensitive law enforcement operations security, is how the
attacks have altered and/or changed your way of doing business.  I
believe such a discussion on this list would make for an informative,
professional exchange of views that would actually be helpful to others
on the list.  Our President has explained we are not fighting a
conventional war but an unconventional core of international killers who
cross borders with stealth and hide in the shadows.  Should criminal
intelligence analysis now become a bit more "unconventional" as well? By
now, we all know that the killers of Sept 11th resided in our
communities nationwide, (and in some cases, internationally), (several
lived within 20 minutes of my home here in Northern Virginia); they
integrated themselves within our communities and were invisible to law
enforcement because of their consumate law abiding behavior. 
Nevertheless, in hindsight, we are learning numerous details, albeit
disjointed in some cases and unrelated in others, that could have been
collected and possibly documented had anyone taken the interest. 

Certain members of this list occasionally point out the value of
analytic techniques taught in certain courses or derived through
particular experiences.  Processes such as automated or non-automated
link analysis, certain data mining methodologies and other similar
conventions are but a few of the subjects that have significant meaning
to criminal intelligence analysts and could have been applied prior to
the events of Sept 11th by anyone. 

Now I wonder whether such analytic conventions are being re-evaluated
throughout law enforcement because of the post-Sept 11th disclosures
that many of the hijackers were involved with counterfeit licenses for
the trucking of hazardous materials as well as possible uses of crop
dusters for the disbursement of chemicals throughout our nation.  The
list of potential threats to our nations and their infrastructures is
infinite and clearly, this list is not the place to go into minute
details regarding how we've enhanced our respective physical security
requirements.  But as we note now, many laws were violated by these bad
guys in their acquisition of false credentials; their immigration
violations; their transmittal of funds and probably thru numerous other
areas.  These transgressions now deserve not only federal attention but
local attention and such a discussion among this list of analysts might
be helpful not only individually but collectively to anyone currently
overwhelmed with information overload. 

Among the professionals on this list, some discussion could reasonably
take place regading how their intel analysis methods are changing to
meet the new threat in our nations.  This represents a far more valuable
and informative discussion than the trivial arguments we still observe
on a nearly daily basis. 

In my particular case, I've been collaborating with another individual
in collecting what data I can regarding the events of Sept 11th as well
as post-Sept 11 disclosures, with an ultimate objective of applying
Visual Investigative Analysis and possibly Link Analysis to the events
and potentially determining facts that may not already be clearly known. 
I have no visions of grandeur regarding this monumental task as all the
national and interntional law enforcement and intelligence agencies that
can be involved in this case, are involved and are probably doing much
of the same thing.  And with their access to far more detailed and
classified information than I, they can easily derive far more extensive
analytic products than I and my collaborator. 

Nevertheless, it won't hurt for me to do this and attempt to make my
minor contribution.  Whether it makes a difference or not is not my
objective, for in this business, as many of us know and understand, the
objective is sometimes a bit murky and ambiguous.  What we do
individually is not important.  It is what we do to contribute to the
big picture that IS important!

In conclusion, these are my comments.  Perhaps some of you out there,
whether in the US or overseas, have your own views you wish to share
with the list.  I think these discussions could be very meaningful and
helpful so long as we stay focused and no one takes a personal swipe at
anyone for an opinion or comment. 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:51 PDT