analyzing terrorist networks - theories &...
TRANSCRIPT
Analyzing Terrorist Networks - Theories & Techniques
Drew Conway
NYU — Department of Politics
April 10, 2012
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
What We Will Discuss
Why I am talking to you?
I Where I used to work
I What I used to do
I How I used to do it
Theories of terrorist organizations
I Sageman and Hoffman schools
I Empirical observations
I Who’s right?
Basic network analysis techniques usedin CT
I Key actor analysis
I Detecting community structure
I Block modeling
Exploring with real networks
I Illicit drug network in Hartford, CT
I Covert terrorist network
Conclusions & Departing Thoughts
I New paradigms in networkorganization
I Using network analysis to addressthem
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
My experience in the Intelligence Community
DISCLAIMER: All views and opinions expressed today are my own, and notthose of U.S. Department of Defense or Office of the Director of NationalIntelligence
Currently, a fourth year PhD student in Politics, research interests include...
I Terrorism, low-intensity conflict, and cyber warfare
I Agent-based modeling, machine learning, and network analysis
Prior to entering graduate school...
I Worked in DC in the defense and intelligence communities for four years
I Official title was “All-source analyst,” specific role was to apply statisticaland computational methods to problems of social dynamics andorganization of interest to the DoD/IC.
NO: If I tell what I really did I will not have to kill you...they never have theanalysts do the killing
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Organization of the IC & Where I Worked
Defense Intelligence Agency
I “Getting intelligence tothe war fighter”
National Security Agency
I SIGINT and cryptology
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
The Sageman and Hoffman Schools on Terrorist Organizations
Sageman School
I Marc Sageman - former CIA caseofficer for Islamabad
I Currently Scholar in Residence atthe NYPD
Terrorist groups are independent, orloosely connected cells
I Organization driven by a groupprocess; result of circumstance,motivation and opportunity
I The types of social ties areextremely important: kinship,friendship and religious
From Leaderless Jihad...
“The links are very interesting because it turned out that68% joined the Jihad out of friendship, they either grewup with somebody who was already a terrorist, or therewas a bunch of guys who collectively decided to join.”
Hoffman School
I Bruce Hoffman - History professorat Georgetown University
I Respected academic in terrorismstudies, published widely readInside Terrorism
Terrorist groups are hierarchicalstructures
I Global terrorist organization arewell-formed and lethal
I Critical information and resourcesflow down from the leadership tolow-level operatives
From Foreign Affairs
“Al Qaeda is much like a shark, which must keep movingforward, no matter how slowly or incrementally, or die. AlQaeda must constantly adapt and adjust to its enemies’efforts to stymie its plans while simultaneously identifyingnew targets.”
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Evidence in support of Sageman
The “Hamburg Cell”
I Late 1998, future 9/11 hijackers Mohammed Atta, Marwan al-Shehhi, andRamzi Binalshibh moved into a three-bedroom apartment
I Originally intending to fight jihad in Chechnya, a chance meeting on atrain in Germany caused the group to travel to Afghanistan instead.
Several more contemporary examples
I 2004 Madrid Train Bombing – “al-Qaeda inspired cell”
I July 7, 2005 London bombings – 4 British, 3 Pakistani and 1 Jamaicanmotivated by British involvement in Iraq War
I Alexandria 5 – N. VA students travel to Pakistan to join Taliban
Excerpt from “The Pact”
“This is a story about the power of friendship. Of joining forces and beatingthe odds...”
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Evidence in Support of Hoffman
2002 Bali BombingsI Coordinated attack carried out by Jemaah Islamiyah (JI), Southeast Asian
militant Islamic groupI Deadliest attack in Indonesia’s history, killed 202 peopleI Organized as a hierarchy, though many leaders have since been killed or
captured
International terrorist organizations remain lethalI 2008 Mumbai attacks – 10 coordinated attacks perpetrated by
Lashkar-e-Taiba militants from PakistanI Beslan school hostage crisis – Chechan militants seize school with 1,100
people (including 777 children) for three days. Ultimately, 334 hostageswere killed, including 186 children.
I Richard Reid (shoe bomber) – admitted member of al-Qaeda
2007 NIE The Terrorist Threat to the US Homeland
“Al-Qaida is and will remain the most serious terrorist threat to the Homeland,as its central leadership continues to plan high-impact plots, while pushingothers in extremist Sunni communities to mimic its efforts and to supplementits capabilities.”
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Sorting out the debate
Who’s right?Spoiler: Both men are correct, and wrong
Karen J. Greenberg, Executive Director of NYU Center on Law and Security
“Sometimes it seems like this entire field is stepping into a boys-with-toysconversation. Here are two guys, both of them respected, saying that there isonly one truth and only one occupant of the sandbox. Thats ridiculous. Bothof them are valuable.”
I Since 9/11, the persistent, coordinated and international effort to kill orcapture terrorist leaders has decimated the structure of transnationalterrorist organization
I For those left, movement, communication and planning has becomeincredibly strained
Enter the age of the “al-Qaeda Affiliates”
I Model has moved away from strictly hierarchical or cellular to a franchise
I Leadership provide inspiration, rather than resources and ideas
I Umar Farouk Abdulmutallab and the al-Qaeda in the Arabian Peninsula
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Why study networks for CT?
9/11 Commission Report - Chapter 12
“Our enemy is twofold: al Qaeda, a stateless network of terrorists that struck us on 9/11; and a radical ideologicalmovement in the Islamic world, inspired in part by al Qaeda, which has spawned terrorist groups and violenceacross the globe. The first enemy is weakened, but continues to pose a grave threat. The second enemy isgathering, and will menace Americans and American interests long after Usama Bin Ladin and his cohorts are killedor captured. Thus our strategy must match our means to two ends: dismantling the al Qaeda network andprevailing in the longer term over the ideology that gives rise to Islamist terrorism.”
After 9/11, the IC becomes focused on understanding networked organizations,with a specific focus on dismantling and disruptingPrimary focus is one three aspects of network analysis
1. Identifying leadership and key actors
2. Revealing underlying structure and intra-network community structure
3. Evolution and decay of social networks
We will review 1-2; however, 3 is where most cutting edge network research isfocused
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Comparing two network metrics to find key actors
Often social network analysis is used to identify key actors within a socialgroup. To identify these actors, various centrality metrics can be computedbased on a network’s structure
I Degree (number of connections)
I Betweenness (number of shortest paths an actor is on)
I Closeness (relative distance to all other actors)
I Eigenvector centrality (leading eigenvector of sociomatrix)
One method for using these metrics to identify key actors is to plot actors’scores for Eigenvector centrality versus Betweenness. Theoretically, thesemetrics should be approximately linear; therefore, any non-linear outliers will beof note.
I An actor with very high betweenness but low EC may be a criticalgatekeeper to a central actor
I Likewise, an actor with low betweenness but high EC may have uniqueaccess to central actors
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Highlighting Key Actors
Using data collected on a network of drug users in Hartford, CT we willattempt to identify the identity and location of the key actors
I First, visualize the data
1. Clear bifurcation withinthe network
2. Each region of the networkappears to cluster aroundcentral communities
3. Sparse peripheral structurewith long “pendantchains”
Given these structural featureswe will want to identify actorsboth inside the network’s core,but also those with uniquestructural positions
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Finding Key Actors with R
I Perform a linear regressionof Eig ∼ Bet
I Capture residuals fromregression
I Use this data to resize andcolor the actors in the plot
I Identify key actors:I Pulse takersI Gate-keepers
Actor 44 is a significant outlier,and likely part of the centralleadership, while actors 50, 28and 53 are pulse takers and 67,102, and 79 are gate-keepers.
...now add this visualizationstogether
Key Actor Analysis for Hartford Drug Users
Betweenness Centrality
Eig
enve
ctor
C
entr
ality
1 2 3 45
6
7 8
9
1011
12
13 1415
16
17
1819
20
21
22
23
24
2526
27
28
29303132
33
34 35
36
37 3839 40
41
42
43
44
4546
47
48
49
50
51
52
53
5455
56
57
58
59 6061 62
63
64
65
66
67
6869
7071 72 7374
75
76
77
78 798081 8283
8485
86
87
88
89
90
91
92
93
94
9596 9798 99
100
101
102103
104
105
106107108109
110
111
112113 114 115116 117118119120121
122 123124
125
126
127128129
130
131132133134135
136
137138
139
140
141
142143 144145146
147
148149
150151152153 154
155
156 157158 159 160161
162
163164
165
166167
168
169
170
171
172
173
174
175176
177
178179180
181
182
183
184
185
186187188189 190191 1921931940.0
0.2
0.4
0.6
0.8
1.0
0 1000 2000 3000 4000 5000 6000
res
−0.2
0
0.2
0.4
0.6
abs(res)
0.1
0.2
0.3
0.4
0.5
0.6
0.7
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Key Actor Plot
●
●●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●●
●
●
●
●●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
● 20
284447
50
53
58
79
102
141155
Plot with key actor data
Good
I Very easily identify coreleadership
I Mid-level actors,pulse-takers, layer
I Highlight some bridges,gate-keepers
Bad
I Several key actors nothighlighted
I Over-emphasis on onecommunity due to dataasymmetry
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Identifying Network Sub-Structure
The Hoffman School posits that terrorist networks will contain layers ofconnectivity and leadership.
I Covert networks often exhibit a“core-periphery” structure
I We may want to identify clustersof actors based on variousstructural features
To identify these layers, we willexamine an actual covert network
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Methods for Community Detection
Identifying community structure within a network is an entire sub-discipline ofnetwork science.
I Google Scholar search for [“community detection” networks] returns 3,380articles since 2001
I There is an incredible diversity of methodsI StatisticalI SpectralI Node and edge context and/or attributes
We will be using a very basic method from the statistical category: hierarchicalclustering of geodesic distance
I Clusters nodes together based on their distance (closer nodes clusteredtogether)
I Returns several possible partitions
I Method is both art and science
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Hierarchical Clustering of Geodesic Distance
First, we will generate a matrix of the distance between all node pairs
Clustering this data hierarchically, we can produce a dendrogram of all thecommunity cuts within our covert network
I Each break in the treerepresents a cut in thecommunity structure
I Further down the tree, themore granular thecommunities
I To find a “good” set ofcommunity partitions wecan step through themvisually
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Stepping through the partitions
We will now visualize each community cut.Partition: 123456789
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Block Modeling Covert Network
To reveal the underlying structure of these communities, we will collapse thesecommunities into single nodes using a technique know as “block modeling”
Suppose we wanted to view partition 8as a block model
In the block model, each colored groupwill become a single node
We can also take advantage ofadditional data generated by the blockmodel
I Each block represents somenumber of nodes with ties to eachother, as well as actors in otherblocks
I We can use that data to uncoverboth the underlying structure, aswell as the tie dynamics within andamong blocks in the model
I This is best revealed by combiningthis data into a visualization
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Block Model of Partition 8
With the added datawe can alter thevisualization
I Blocks sized byinternal density
I Edges sized by tiestrength
We can now see somedistinct underlyingstructural dynamics
I Ignore block 8
I Central leadershipvery tightlyconnected
I Middle layersparsely, butstrongly connected
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Developing New Theories of Terrorist Organizations
What is the influence of information technology on terrorism and terroristorganizations?
I Cyber-terrorism blurs the lines among transnational terrorism,state-sponsored attacks, rogue actors and homegrown threats
I Is it possible to distinguish among these threat?I Is attribution possibly in cyber?
I The barriers to influence approach zero through the InternetI Recruitment still primarily through in-person connections, but significant
push to online
How does the franchise model change theories of organization?
I With the vanishing operational importance of terrorist leadership, how canresources be maximized for CT?
I Is there more value in disrupting communication networks (e.g.,inspiration/influence) than operation (e.g., franchise cells)?
Can network analysis mitigate these new problems?
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
subsection newtheories(end)
Drew Conway Analyzing Terrorist Networks - Theories & Techniques
Introduction Theories of terrorist organizations Network Analysis and CT Conclusions
Thank you
Thank you!
Email: [email protected]
Drew Conway Analyzing Terrorist Networks - Theories & Techniques