9:25 pm May 3rd, 2008 by wkallander

In the aftermath of the September 11, 2001 terrorist attacks on the United States, Valdis Krebs began piecing together a visual depiction of the attacker’s terrorist network. This article[1] summarizes his attempt using open (or publicly available) sources, explains the limitations of his approach, and provides an argument for this kind of analysis to threats posed by covert anti-social networks.

He motivates his analysis by convincingly stating that, if we can learn the pattern of the organization that Al Qaeda prefers, we may be better equipped to discover their trail in other countries throughout the world. In so doing, we likens the attacker social network to that of a project team in the context of a larger organization, where usual organization time and resource constraints are applicable. However, unlike most organizations, covert networks posed additional challenges, since the data could not always be trusted (as in dis-information being released), nor could it be considered complete. To me, it is this critical difference that makes the problem interesting, in the context of anti-social networks, since fraudsters, gangs, and terrorists are normally trying not to get caught, yet they use the same organizational and social structures that are commonplace among human groups.

Aside from this, he identifies two additional factors that make covert network analysis difficult. First, he states that the boundaries are “fuzzy” and therefore the analysis of the network is obfuscated by the lack of discrete knowledge about who should be included in the analysis, and who is merely an innocent bystander. This seems related to, but not exactly the same as not having complete information about the organizations.

The second factor he identifies as a differentiator of legal versus covert networks, is the dynamic nature of the covert organizations being analyzed. To me, the applicability of this factor in differentiating covert from legal organizations is diminished because all organizations are dynamic, given enough time. Though the scale and rate of network changes may be different, but they are both dynamic. Perhaps timeliness of analysis is more critical in the covert case, since interdiction of prosecution often hinges on catching the culprits in the act, but from the purely social network analysis standpoint, the challenges posed in dynamic networks appear to be equally important to all social networks.

To create his model of the 9/11 terrorists, Krebs used nodes to reflect the attackers, and the amount of time that two people nodes had been associated to reflect the intensity of the trust between them (for the link). In this way, the model formed into a sparse undirected weighted graph, where the effect of edges with low weight (one-time meetings) were overshadowed by the higher weighted long term familial or schoolmate relationships. The sparsity is partially reflective of the limited knowledge of the terrorist network, and presumably partially due to the (essential) isolation of the secret cells.

The metrics Krebs calculated on the resulting graph was rather surprising, given what we know about social networks in the large. In particular, he looked at the relationships between attackers on a given flight, and discovered that the clustering coefficients were smaller than anticipated, and the number of hops between the attackers (path length) were larger. This was also corroborated by Usama bin Laden later. It would seem that the attackers were divided across the strong ties to ensure that any weakness in one would not be tolerated by co-attackers, since the relationships were less trusting for each flight group.

Further, Krebs uses connectivity metrics to affirm that Mohamed Atta was the leader of the attack, and the chief broker of information to all terrorists. The centralization of this task is one of the more interesting aspects of this finding, which suggests that these networks may be disrupted, if only temporarily, by removal of one or more nodes. Still, Krebs caveats his results with the fact that these metrics are highly sensitive to missing nodes and edges in the graph, which is a critical problem in covert networks. Further, Krebs makes the point that the trusted relations within the network are already very strong, and in many cases redundant, so inserting informants would have been implausible, and removal of nodes would have been recoverable.

Lastly, but perhaps most importantly, was that Krebs pointed out that the social network of these terrorists was anomalous in how they interacted with other groups. Members of the secret groups have fewer outside relationships, and even minimize communication and interaction with members inside the group. So, while the network is founded on strong levels of trust, the amount of time that has passed between communications with those contacts is much higher than usual. This gives the appearance of weakness in the relationship to the observer, when the reverse is true. Methods of pruning dynamic graphs based on staleness would therefore be ineffectual in discovering these conspirators.

This entry was posted on Saturday, May 3rd, 2008 at 9:25 pm and is filed under Covert Networks, ECS289M, Graphs, Research. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.