The project’s purpose was to identify “strategies and techniques for exploiting open sources of information, particularly social media in support of a counter threat finance mission.”
That’s a quote from the draft of an unclassified NCR after-action report released Tuesday by Steven Aftergood of the Federation of American Scientists’ Project on Government Secrecy.
Many people love the convenience of the Internet and cellphones and ever-multiplying social-media applications. What many don’t always focus on, however, is how easily outsiders can invade their lives.
The June disclosure that the National Security Agency is collecting everyone’s telephone records and storing them for five years as part of anti-terrorism efforts has caused an uproar.
Get used to it. The gathering of such data, whether by private commercial enterprises, hackers or governments — ours or foreign ones — is part of 21st- century life.
NCR’s Quantum Leap is another peak into that future.
The project, designed to improve federal interagency coordination in dealing with different threats or scenarios, involved about 50 people from government and private industry and was to last over six months. Hard to know if it did, because SOCOM is not commenting.
The released draft covers only the first experiment, which dealt with countering the financing activities of terrorists, insurgents, human traffickers, weapons proliferators and international organized crime.
It used a real money-laundering case that up to then involved $2.5 billion and was being investigated by several elements of the Department of Homeland Security, led by Immigration and Customs Enforcement and the Homeland Security investigations division. Quantum Leap participants came from Defense Department and non-defense law enforcement and regulatory agencies.
The threat network involved multinational and U.S.-based corporate entities, shell and shelf companies, dozens of individuals and millions to billions of assets, according to the draft.
What is stunning is that the project identified more than 300 traditional and nontraditional open sources as potentially relevant to the activity. These ranged from public sources such as the Patent Classification System, which has a lot of free business information, to subscription-based sources that sell specialized financial and business data.
Of course there was also access to non-public government data, such as banking-secrecy and transactional activities obtained by law enforcement personnel.
Data on real estate transactions, transportation and logistics are almost always public records but difficult to gather unilaterally. Much of it can be obtained from commercial sectors on a subscription basis.
When it comes to gathering information about individuals, the draft notes, “Fortunately, penetration of social media, preponderance of publicly available Personal Identifying information databases and sources, and advancements in available analytical tools significantly improve the ability to rapidly and accurately do human entity resolution from open sources.”
The Department of Energy’s Special Technologies Laboratory was the developer of the Raptor X open architecture.
Creative Radicals, a San Francisco design and development firm, created Social Bubble, the Twitter search tool that “was heavily used to explore human networks associated with the counter-finance threat scenario and enabled identification of various entities: people, businesses and locations associated with the money laundering network,” according to the draft.
Red Cell Intelligence Group of Arlington specialized in collecting data from public or commercial sources to create a searchable database of international banking relationships; Green Line System is a commercial maritime tracking and analysis company and in Quantum Leap “demonstrated the ability to track a particular ship or ships associated with a named company,” the draft said.
One of the major lessons learned was the “pronounced utility of social media in exploiting human networks, including networks in which individual members actively seek to limit their exposure to the Internet and social media,” the draft report said.
Among other lessons:
●Location-based services are becoming prevalent and much more accepted in social media by the younger generation.
●Exploiting social media could become more or less difficult in the coming months, depending on whether security methods improve.
●Legal reviews of the uses and applications of social media are just beginning and inevitably will transform notions of privacy.
A data revolution is underway with private industry and government leading the way. But as the response to the NSA disclosures show, this country is not yet prepared for it.