Got a tip for Noah?
SEND IT!
(Guaranteed Confidential)
Subscribe

Subscribe via RSS
Archives by Date
February 2007
January 2007
December 2006

See all Archives
Archives by Category
'Canes
Ammo and Munitions
Armor
Axe in Iraq (and Elsewhere)
Bizarro
Blimps
Blog Bidness
Bomb Squad
Cammo Green
Chem-Bio
Cloak and Dagger
Comms
Cops and Robbers
Data Diving
Dissent Tech
Drones
Eat My Dust
Eye on China
FCS Watch
FOS Files
Gadgets and Gear
Ground Vehicles
Guns
Homeland Security
Info War
Iraq Diary
Lasers and Ray Guns
Less-lethal
Logistics
Los Alamos and Labs
Medic!
Mercs
Missiles
Money Money Money
Net-Centric
Nukes
Planes, Copters, Blimps
Politricks
Rapid Fire
Raptor Watch
Red Team
Retro-Futuro
Roll Your Own
Sabra Tech
Ships and Subs
Space
Strategery
Terror Tech
The Deadlies
Those Nutty Norks
Training and Sims
War Update
You can run...

See all Archives
Related Links
News and Intel
Military.com News
Aviation Week
Natl Defense Mag
Strategy Page
Global Security Newswire
Soldiers for the Truth
Security News
Defense Review
Fed Comp Week

Security Sources
GlobalSecurity.Org
Fed Am Sci
CSIS
Ctr for Defense Info
Defense & Natl Interest
Instit for Sci & Intl Secy
Secrecy News
POGO
Cryptome
The Memory Hole
Natl Security Archive

Geeks and Mad Scientists
Slashdot
Wired News
Security Focus
The Register
Gizmodo
Geek Press
Robots.Net
Cosmic Log
Space Daily
New Scientist
TechCentralStation
Engadget
Space.Com
Technology Review
Gyre
Near Near Future
Fed Dev Blog

Bloggers and Buddies
Phil Carter
Global Guerillas
Jeffrey Lewis
Milblogging
OPFOR
Laura Rozen
Larisa Alexandrovna
Juan Cole
Ryan Singel
Josh Marshall
Cursor
Boing Boing
InstaPundit
Winds of Change
Tapped
TalkLeft
Brad DeLong
Mountain Runner
Gene Healy
Clive Thompson
Greg Djerejian
Jeff Quinton
Workbench
Electrolite
Jim Henley
War in Context
Kathryn Cramer
Wash Park Prophet
Blogs of War
Tom Shachtman

Official Dispatches
DARPA
AF Research Lab
Marine War Lab
Soldier Systems Ctr
Naval Research
Army Research Lab
UK Def Sci Lab
NASA News
DoJ Cybercrime

Military Network
Military Benefits
Veteran Employment
GI Bill Express
Personnel Locator
Free ASVAB
The Few
Fred's Place
Army Insider
Navy Insider
Air Force Insider
Marine Corps Insider
Coast Guard Insider

Edited by Noah Shachtman | Contact

Vote: Fortune 500, or Al-Qaeda?

People working together on projects tend to interact in fairly predictable ways -- whether that project is installing a new computer system, or blowing up a building. So looking only at the links between people won't tell you much about what those folks are up to. At times, the links can be rather deceptive, in fact. Especially if your data set is huge, like the NSA's ginormous database of phone records. Other information is needed, to fill in the gaps.

Here's an example, below. Can you tell which cluster is from a Fortune 500 company, and which one is from Al-Qaeda? Network analysis guru Valdis Krebs shows this slide to corporate and government audiences. Their answers are usually pretty scattershot. Take your guesses in the comments section. Valdis will be back later on with the right answer.

2nets.JPG

May 12, 2006 10:45 AM | You can run...

Latest Comments

My guess is the one on the left is Al Qaeda due to the multiple connections between cells, few inter-cell connections, and larger central hub.

In industry, cells/departments have specific patterns:
- Outlying clusters usually have 1 connection since there is only one manager or one external contact point.
- Leaves of a cell may connect to leaves of other cells. E.g., a developer may call a hardware tech for questions. This bypasses the central hub.
- The core is tight -- few external contacts. This is due to a core management team (e.g., CEO + VPs).

The graph on the right shows all of these features.

For terrorist networks:
- The main hub has many cross-connections. This prevents a single loss (capture/kill) from breaking the entire network. (Industry does not worry about this since subordinates are documented. Terrorists usually do not document structures since documents could compromise their network. Redundancy is used in lieu of documentation.)
- Cells may have cross-communication with parents, but are isolated from other cells. The multiple connections to parents show the communication redundancy. There is no intercommunication between cells because they do not know each other exist.

This matches the graph on the left.

Then again, I could be wrong.
A lot of this depends on the source of the data, duration of the collection, and scope of the graph. Is this a single Fortune-500 company or a department. Do the graphs span a week or a year?
Are the graphs from phone trees, network connections, IRC, IM, or something else?

Posted by: Dr. Neal Krawetz at May 17, 2006 8:59 AM



Could someone please post those graphs in the form of an adjacency matrix, it would make the analysis a little easier than trying to do it by eye. Also, there is something very dubious about these graphs, which is to suggest that all of these interactions are somehow equal in weight.
One immediate comment, is that the graph on the right at least appears to my eye to have a generally higher average degree than the graph on the left (i.e. greater average number of neighbors). At the same time the graph on the right has many more nodes of degree one.
Is it obvious that "splinter cells" have project related interactions with other cells at all? It seems that identifying the graph based on these graphs depends critically on exactly what is the definition of what creats an adjacency (a link).
Just my thoughts. It would be my opinion that there is not enough information here to make the determination without at least substantial prior knowledge about the nature of graphs of known entities (other fortune 500 companies, other clandestine networks).

Posted by: Aaron at May 16, 2006 2:57 PM


Its the cell on the left of course:)

Seriously. the cell on the left has spinter groups that are not connected and that is how I would picture a terrorist group that want to avoid all members knowing each other. The one on the right has everyone talking ot anyone - this is not secret enough.

Companies and normal social groups don't try to hide there alliances and give false trails where a secret organization would.

Posted by: J at May 16, 2006 10:28 AM


Ive been thinking about it.
It ´s strange how social webs looks like terrorist organizations, rigth it´s the correct because all the cells have been organizated with almost three persons and the staff departament of fortune only have two.
But it seems like a normal democracy social web design, it´s like a signal of how all the dinamics moves of the man , like democracy or the ancient regime, make another dinamic in the same way but in diferent direction, like terrorist or revolucionary strikes like the french revolution.
We have to take care in what are we working to stop Al quaeda dimension of operative cells, if we make another dinamics, like make a stronger state with non legal moves( "non legal" because "Auctoritas, non Veritas") because we are working at the same time in oppositte direction.

Posted by: Negroi at May 15, 2006 10:33 AM


Given that the fundamental basis of criminal or terrorist cells is that there needs to be minimal knowledge of the rest of the organisation within each cell, neither of the diagrams presented fits the model. Parts of each one do, but they are not consistent. A terrorist cell model would suggest a web of concentric circles, with very few connections between the circles, the point being that people in the outer rings can't identify the people further in.

Posted by: Tony James at May 15, 2006 8:52 AM


» View All 32 Comments

» Post a Comment