Terrorist Communications and "Cyberspace warriors" ...
National Institute for Systems Test and Productivity in the United States, a federally-funded research institute operated by the University of South Florida and sponsored by the Space and Naval Warfare Systems Command (www.nistp.csee.usf.edu) .... goes beyond carnivore !!!
Haaretz.com, April 15, 2004
By Yuval Dror
Following the trauma of 9/11, Israeli-born computer security expert Prof. Abraham Kandel heads a federally funded institute in Florida whose mission is to monitor information about terrorist activity on the Internet. A look at how scientists are battling the spread of terrorist communications on the World Wide Web.
The Twin Towers were only the beginning, says Prof. Abraham Kandel, who fears an attempt by terrorists to shut down the entire Internet. Kandel is the executive director of the National Institute for Systems Test and Productivity in the United States, a federally-funded research institute operated by the University of South Florida and sponsored by the Space and Naval Warfare Systems Command (www.nistp.csee.usf.edu). Much of the institute's work is secret; its staff is developing tools to monitor information about terrorist activity on the Internet. The programs they are working on can be compared to a huge filter that constantly checks millions of electronic messages with the aim of deciding which of them could lead to terrorists.
"Our programs analyze sentences such as `I sent you ten yams and five lemons' and have to decide whether the sender of the message is a greengrocer or a terrorist who is informing someone about a shipment of explosives," Kandel explains. "We want to know everything. We want to know who's using the Internet and how they are using it. `Who's who in the zoo' is the best description I can offer of our motivation: we want to know where everyone is located, in which cage. If he changes his color, like a chameleon, and disappears, we still want to locate him using our method of operation. We want to identify transfers of money, knowledge or instructions of terrorist bodies."
Kandel is aware that his programs are liable to infringe on the privacy of hundreds of millions of people who have nothing to do with terrorism. However, he is not losing any sleep over this, he says. "Our job is to find the needle in the haystack before it's too late," he says. Since September 11, 2001, the U.S. administration has become a laboratory of plans and software programs to locate online activity. New and invasive laws, which were adopted a few days after the attacks on the Twin Towers and the Pentagon, make it possible for the law enforcement authorities to monitor the citizens of the United States. The laws, which substantially reduce Americans' sacred right to privacy, were enacted almost without opposition after it was discovered that the terrorists had lived, learned how to fly and planned their devastating actions on the soil of the United States, and more specifically in the state of Florida.
However, monitoring phone calls, e-mail messages, surfing habits on the Web, chat room conversations and announcements in discussion forums is only half the story. The other half entails selecting from the billions of words making their way across the Web the particles of information that will lead to potential terrorists. Reports that were published after September 11, 2001, showed that some of the information linking the perpetrators to the act of terrorism was in the possession of American intelligence bodies, but that they failed to put the puzzle together into one clear picture that would make it possible for them to issue a warning about the biggest terrorist operation in history.
One of the systems that drew considerable media and public attention in the United States is known as Carnivore. Developed by the FBI in the 1990s, the system was rapidly and aggressively implemented within days of September 11. Carnivore intercepts and analyzes information that is collected directly from the servers of the Internet providers in the United States.
Kandel is unwilling to say whether his system integrates with Carnivore. "Carnivore is not a program but a concept," he says. "It's possible that our tools can be integrated into Carnivore, but that's not my decision, and in any event those who use our programs don't report to me about where and how they use them."
Even before the first question was asked, Kandel ascertained that the condition for conducting the interview was agreed on: his place of residence must be kept secret. He's 62, Israeli-born and holds a degree in electrical engineering from the Haifa Technion. After the 1967 Six-Day War he decided to make a short visit to the United States ("I told my mother-in-law that I'd be back within a year," he relates) to complete his studies. He ended up staying there. Today he describes himself as an American, adding that he spends a lot of time in Israel. "I have spent all my sabbaticals, with the exception of one, in Israel. I feel at home here."
Kandel's field of expertise in the institution he heads is in a fascinating side area of mathematics and computers, known as "computational intelligence." It encompasses theories and doctrines in fields such as "fuzzy logic," "sensor networks," "genetic algorithms" (algorithms that emulate biological evolution and encourage the creation of mutations), "data mining" and others. These methods help computers to make decisions in conditions of uncertainty and in an environment that does not produce precise data by integrating them into a "learning" system.
"Human language is fuzzy language, which is statistically imprecise," Kandel says. "When I say I met a tall man, the listener is called upon to analyze my intentions solely on the basis of the term `tall,' which is a pretty vague term, yet he is capable of understanding what I am talking about." Kandel offers another example. "Let's say that the world's greatest expert on differential equations is driving his car and suddenly the traffic light in front of him changes from green to red. Does the expert mentally calculate the formulae relating to the friction of the tires with the road in order to decide whether to stop or keep going? No. He uses the same type of information and intuition that we know how to catch and introduce into a computer program."
According to Kandel, many cars now have chips based on the laws of fuzzy logic that determine, for example, when the gears should be changed in an automatic gearbox. "When you integrate fuzzy logic into computers or chips that have to make decisions, you get systems that are not only smart but also strong in terms of real-time decision making."
A good many years went by between the time Kandel decided to specialize in the field of computational intelligence and his involvement in ferreting out terrorism. Along the way he became one of the world's leading experts in the field, wrote more than 40 books and 500 papers on the subject, was a department head at the University of Florida for 13 years and then headed a department at the University of Southern Florida for 12 years. Gradually he began to apply his expertise to industrial products as well.
"Beyond my academic work, I have served as an adviser to bodies such as the U.S. Air Force in spheres of software security and checking software quality, and for Israeli bodies such as Israel Aircraft Industries [IAI]." One of the major applications of fuzzy logic, Kandel says, was carried out in an automatic landing system of an RPV (a pilotless aircraft), which was developed for IAI.
Because of his ties with the U.S. Air Force, administration officials asked him, at the end of the 1990s, to establish an institute that would examine software systems. Initially this had nothing to do with the struggle against terrorism. "The Department of Defense discovered that it was losing $80 billion a year because of software that doesn't work properly," Kandel says. "A program that orders a missile to leave the launcher but sends it to the wrong building means a financial loss. The institute was established in an effort to harness the technologies in which I specialize to the automatic examination of computer programs. The major motivation was to save money for the Department of Defense."
Then came the events of September 11, 2001. Kandel relates that at the time his young son was working in one of the buildings of the Twin Towers complex. A few weeks earlier he had complained of back pains and had consulted with his father about whether to see a chiropractor. Kandel said he would pay for the consultation. The appointment was for September 11, and thus he was saved. "For a whole week I just stared into the television set," Kandel relates. "I couldn't move. The event had a tremendous impact on me."
Immediately afterward he decided to see whether it would be possible to utilize the automatic technologies that examine the working order and efficiency of code lines in computer programs. "I was pleased that the answer was positive," Kandel says. The positive answer brought about a change in the institute's order of priorities and a large injection of funds into the new sphere.
The terms Kandel uses stimulate the imagination. "I got into a field called `perception management,' which has the task of managing a computerized system that tries to understand what a certain person's intentions are." The institute staff are apparently utilizing every technology that is capable of learning from its own experience and is capable of simulating the activity of the human brain. As such, the programs have a tremendous advantage: Instead of employing thousands of people who will go over every piece of information and decide its value (not important, important, how important), the computer does the initial filtering by emulating people's mode of thought and way of decision-making. The result is that only the pieces of information that the computer selects as especially important are conveyed for human examination. The systems are programmed in such a way that whenever they make new decisions they learn, improve and become "smarter."
Kandel is currently in Israel to carry out a study during the coming academic year, commissioned by the U.S.-Israel Educational Foundation (founded in 1956 to administer the Fulbright Program between the United States and Israel) in cooperation with the Faculty of Engineering at Tel Aviv University. On April 22 the university will hold the first-ever conference in which experts from the field of terrorism and from other fields will lecture on cybernetic terror and the development of tools to monitor activity on the Internet.
Secret civilian institute
The National Institute for Systems Test and Productivity (NISTP) is a civilian body, whose funding is decided on by the subcommittee for military appropriations in Congress, with the budgets being transferred via the U.S. Navy. Another investor is Boeing, the aircraft manufacturer. The NISTP transfers its products to the Navy, which in turn transfers them to other government bodies. The size of the institute's budget is secret, as is the number of people it employs (it's thought to be a few dozen). The institute's Web site in no way hints at the actual activity it is engaged in.
The institute also underwrites the activity of researchers in other countries, including a research group at Ben-Gurion University of the Negev in Be'er Sheva ($250,000 a year). The group in the Negev, Kandel says, is in daily touch with the Florida institute. Part of the activity in Be'er Sheva is funded by the Israeli defense establishment; it's reasonable to assume that at least some of the knowledge accumulated by the American institute ultimately reaches Israeli intelligence bodies as well.
"The real battle is moving from the conventional fields to cyberspace," Kandel maintains. "Ten divisions of tanks and five air squadrons wouldn't have helped stop September 11. Accordingly, the tools that are used to fight the new warfare also have to be different." According to Kandel, terrorists make use of the communications networks, and the Internet above all, to coordinate activity and transfer information. It is possible that they will come to understand that the damage they could inflict on the United States and on the American way of life by striking at the Internet would be greater than any other harm they are capable of.
How is it possible to destroy the Web?
"We're not talking about developing worms and viruses of the type that attack PCs. This will be a more brutal and more destructive assault. The only thing that many organizations have today to defend themselves against that kind of attack is a firewall of one kind or another."
What's wrong with that? Companies such as Checkpoint have built an empire around firewall protection.
"There's nothing wrong with it. But it's worth asking why companies like Checkpoint or Aladdin or other Israeli companies don't obtain huge contracts from American defense bodies. The answer is not that it's because they are Israeli - after all, I fund activity in Israel with the consent of the U.S. Navy. The reason is that they are developing protective tools that can provide protection up to a certain level against hackers who have a certain background in infiltrating sites. Apparently there is some slight difference between protecting a business organization and protecting U.S. governmental bodies."
If so, why don't you develop tools for nongovernmental needs as well?
"When I hire new people, I usually ask them if in their opinion it would be possible to launch a startup company that would be based on one of our developments. If he says yes, I show him the door. We are not working for an IPO on the Nasdaq. True, the salaries aren't bad - we don't work for free - but our target market is clear and we work for it alone. There is a great advantage in not seeking to go public and in not having the limitations of a commercial company."
Of golems and moles
Kandel rejects out of hand the contention that he is engaged in developing software that is the equivalent of the modern crystal ball. "They are wonderful systems, but they don't predict everything. They deal with forecasting that is based on the analysis of existing information. They are systems with power, but their power is anchored in the information that they are fed."
And where does the information come from?
"We are an organization of five initials; we get our information from organizations of three initials," he laughs, and says he is referring to USF (University of Southern Florida). But he doesn't really mean USF. In the United States alone there are many intelligence organizations of three initials: CIA, FBI and NSA (National Security Agency) are only the best-known of them. It's reasonable to assume that his systems analyze information from all three bodies. It's an equally reasonable assumption that the NSA uses the institute's information analysis tools. Asked about this, Kandel says he can neither confirm nor deny it.
The NSA was established in November 1952 and its main activity is cracking enemy codes (so that it will be possible to listen to the enemy) and protecting U.S. government codes (to protect the government from snoopers). In a document outlining intentions for the new century, the NSA declared that it will "develop applications to leverage emerging technologies and sustain both our offensive and defensive information warfare capabilities."
The time may have come to establish an Israeli NSA, Kandel says. "The American NSA is not a military body, it's a civilian one. True, it's a secret body, but it's overseen by congressional subcommittees. Unfortunately, in Israel there are no research institutes like mine. Most of the research institutes in Israel produce position papers - they don't develop tools. It's time to act to establish a civilian agency on the model of the NSA and to start a massive development of intelligence tools. Everyone will gain from that."
You deal with information that's received from intelligence agencies. Is all the information you handle classified?
"No way. You'd be amazed at how much free information is available on the Internet. All you have to know is how to snatch it from the air, download it and view it. The terrorists love publicity and love to publicize themselves."
Google, the most successful search engine on the Web, analyzes only 3 billion of about 30 billion pages that exist on the Internet. Do you have a better search engine than Google?
Kandel is silent. "I can't answer that question," he says, his face serious. On the other hand, he is ready to talk at length about the moral dilemma he and his staff face when they develop tools that the government is liable to use in order to infringe on people's private lives.
Whenever someone uses one of your tools, he monitors my e-mail and turns me into a potential suspect. Doesn't that bother you?
"There are two dilemmas here: one legal, the other moral. At the legal level, we don't make a move without the university's lawyers. If I want to develop a certain feature within the software, I first of all check to make sure that it's not against the law. I have no control or information concerning the end users of our software. The problem at the moral level is far greater."
Kandel here offers a surprising analogy. "We are like the group of physicists who worked on developing the atomic bomb at Los Alamos. While they were developing the bomb, did the scientists have a moral problem, when it was clear that what was at stake was deciding the war? On the other hand, I wouldn't want to have been in the shoes of Oppenheimer or Fermi when Hiroshima and Nagasaki were blown up."
But there is a problem of balance here - we have to fight terrorism, but is it to be done at any price?
"No, not at any price, but it seems to me that the price we are paying is a proper one. Do you have any doubt that every one of the families of those who were killed in the terrible attack would be ready to have their e-mail scanned, to have it monitored, if that would have prevented the attack?"
In practice, though, that is never the question, is it?
"That's right, and we still have to examine the dilemma in those terms. True, public opinion views the tools we are developing as a type of illegal hacking into their privacy, but we are developing the programs in order to protect them."
Aren't you concerned that you are creating a type of golem that will one day rise up against its master?
"Yes, we are developing a golem, maybe even a few of them. But still, I'm not worried. I'm more worried that one of my employees might be a mole. I lose sleep over that. Is the atomic bomb a type of golem? Probably it is, but the tools we are developing are not meant for offensive purposes, only for defense. They are intended for protection against people who want to destroy, who want to attack civilization and our way of life. I sleep well at night; I have no qualms of conscience."
Following the money trail
Kandel is stingy with technical explanations about the operation of his systems. When asked about the power of the computerization needed to run the institute's programs, he replies, "Every ordinary supercomputer supplies our needs," like someone who is used to having supercomputers at his disposal. He declines to answer other questions. Sometimes he is silent for some time before he succeeds in mentally formulating a reply that will answer the question without giving away too much information. One of the central goals in the struggle against the terrorists, he says, is to locate their sources of funding. "If you succeed in blocking the money, you succeed in blocking them. The problem is that the money has to be blocked before it gets to the bank, otherwise it's a lost cause. We have to locate it when it is transferred immediately after being created."
And how is the money created? It turns out that the terrorists have learned to take advantage of the American system to clip coupons - literally. "Every Sunday booklets of coupons are inserted in the papers," Kandel explains. "The American clips the coupons and receives a discount of, say, 25 percent on the price of a bottle of Coca-Cola. The shop owner sends the coupons to the Coca-Cola Company and receives in return a cash payment for the value of every coupon he sends, plus 7 percent." The terrorists buy newspapers, too, Kandel says. "The whole family sits and clips all the coupons. There are many branches of supermarkets in the United States, whose local managers act as accomplices to terror. The method is quite simple. The father of the family - which has clipped out all the coupons - takes them to the branch manager but doesn't buy Coca-Cola or anything else with them. The manager takes the coupons to Coca-Cola and other companies, gets their value plus 7 percent, and gives the money to the father of the family.
From this point the money begins to roll on. "Now it's a game of mathematics," Kandel says. "If coupons worth $30 or $40 are attached to the paper every Sunday, and in the United States there are a few thousand families like this who cut out coupons - after putting a dollar into the automatic newspaper vendor but pulling out a few dozen newspapers - it won't be long before hundreds of thousands or even millions of dollars are collected."
When asked how the institute's software is able to differentiate between legitimate money transfers and transfers made as part of the "coupon scam," he smiles as though hiding a secret. "The systems we have developed don't search aimlessly through databases and Internet communications. They are fed with diverse pieces of information. If you don't know what to look for, everything seems to be the same color and there's no way to select between the legal and the illegal. But if you know where to start, it becomes simpler."
Kandel offers an example from the financial market, which relies on sources of information and a different type of research. "Officially, everyone can tell you what the dollar rate is and what the interest rate is, but as a sharp financier you want to know what the whisperers are saying, those who are considered to be in the know. If you're connected to the right sources, if you know how to look for the information in the right place, you get a lead that makes it possible for you to know what and whom to concentrate on. That's the stage at which the search becomes interesting."n
add a comment on this article
add a comment on this article