Open Source Intelligence Can Predict Terrorist Attacks

One company is using metadata from video posts, Wikipedia entries, and other sites to forecast geopolitical unrest. 

A YouTube video’s best day, traffic-wise, is usually the day it gets posted. Clicks generally decline quickly and post-launch spikes are rare. On Dec. 18, a year-old jihadist video called “Black Flags of Islam and Imam Mahdi” saw just such a spike, receiving enough views to reach about 70 percent of its best day’s traffic. Eight days later, an ISIS-affiliated suicide bomber detonated an explosive belt at an Ahmadi mosque in the Bangladeshi town of Bagmara, an unexpected uptick in Islamic State tactics in the country.

The video, also known as the “Black Flags of Khorasan,” saw another spike on Jan. 3; a week later, ISIS militants in boats staged a daring attack on the Libyan port of Zueitina. The story repeated itself on Jan. 21 and Feb. 12.

Following the publication of this story, YouTube removed the video in question recently for violating its terms of service.

Narrated in English, the 26-minute video calls to “soldiers of Allah” and promises, “killing upon killing upon killing.” For some ISIS fighters, it’s their “version of listening to AC/DC before weight-lifting,” said Scott T. Crino, a managing director of Predata, a predictive analytics company. “It gets them psyched up. So, often there’s a big spike in that particular [video], prior to an event occurring.”

Predata specialize in finding links between online interactions and upcoming physical events. It’s the latest member of a burgeoning field. Consider the research that has gone into trying to understand how the hot Google searches of the moment reflect what’s going on in the world. So far, the results have been mixed. Lots of people Googling how to collect unemployment is a good predictor of unemployment data as measured by the Labor Department (because published data is a lagging indicator), but spikes in searches for flu symptoms or remedies is not a good indicator of the number of people who actually have the flu.

Like Google Trends, Predata measures interest around a given topic. Crino calls it “chatter,” and uses it to forecast “unrest,” which can be a terrorist attack, a protest, or something else unplanned. But Predata also looks at a variety of sites and services, including YouTube, Wikipedia, and Disqus, watching not so much what people are saying as how they are interacting. An argument in the Disqus-powered comments section of a particular blog post, for example, may suggest contention and future unrest. In 2014, heavy commenting on news articles about Russia and Ukraine preceded Moscow’s annexation of Crimea.

Predata officials also say Wikipedia edits can help predict unrest. Flurries of attempted edits to the page, of a particular controversial figure, or surrounding a particular incident, suggest contention that may spill over into the physical world.

“Things like point of view are not allowed on Wikipedia, and so someone monitoring will come in and say, ‘No, not allowed,’” Crino said. “That will keep going back and forth. Often, the person that’s editing the page will be trying to create what they think is the new normal.”

In the months before November’s Paris attacks, the French-language ISIS Wikipedia page saw particularly heavy changes. That signal, plus others, led the Predata system to raise its prediction for a terror attack in France several times in the six weeks leading up to the November terror attacks said Joshua Haecker, Predata’s director of business development.

“You can see a huge spike up in likelihood of terrorist attacks, at 60%, in France on September 11, 2015, and then it drops back down for a few days and then steadily clumps from 28% up to 49%, the day before the attack,” Haecker said.

Data from Wikipedia edits can also be used to predict how relationships between individual users will develop, how friendships and antagonisms will form. In 2010, data scientist Jure Leskovic showed that he could use 16 kinds of data to predict friend or foe relationships on Wikipedia (as well as epinions and Slashdot) with higher than 80 percent accuracy.

Why is the metadata surrounding web traffic or Wikipedia edits a better predictor than Google searches? For one thing, it’s less noisy; it’s easier and more accurate to count site visits, edits, and reverts than trying to parse what someone means when she Googles “flu.” (The use of metadata rather than semantic data related to literal text is also what separates the Predata platform from Recorded Future, a company supported by In-Q-Tel, the CIA’s investment arm.)

Of course, the technique has limitations. For instance, it can’t predict an event for which little data has yet been created; so much as it can forecast the continuance or abatement of a current trend. It can’t predict a new ISIS terrorist attack in a country that has never experienced one. And it can’t see much less than a month out, so you can’t forecast an event that will happen, say, tomorrow. Predata can, however, adjust its model for the number of Internet users in a country, since a lot more people are online in, say, Nigeria than North Korea.

The group offers a weekly newsletter that features predictions — and notes about events it predicted. For instance, the April 17 newsletter noted, “The continued elevation of Abu Sayyaf signals coupled with relatively high signal levels over the past month for several potential terrorist targets, such as the Manila Light Rail Transit System and the SM Megamall in Manila, raise a definite concern. Given this unusual combination of elevated signal levels, Predata anticipates another terrorist attack in the Philippines is likely within 30 days.” On May 1, two blasts killed more than 14 people in General Santos City.

What else can you use Predata’s services for? The Bloomberg news site has begun experimenting with its predictions about the volatility of stocks and other asset classes. If you’re in the national security business, you might use it to predict the geopolitical weather, in the same way the movement of high-pressure fronts predicts storms. Ultimately, it’s information you can use to decide what to wear for going out, or to not go out at all.

“We have a client who gave us 3,200 different types of events,” recounts Crino. “We were able to place those events within a particular province [in Egypt.]. And they have an interest in some provinces, and not others, because they are an oil exploration company. When the level rises, the likelihood or level of an attack occurs and it’s greater than 50 percent, they totally change their work posture. They send them on different routes to work or they don’t let them go in at all.”

Company officials say that a handful of officials within the Pentagon and State Department will begin using Predata on a trial basis later in May. There are folks in other government agencies also using the platform, agencies that Predata can’t name. For a sense of who they could be, consider that the company’s founder, James Shinn, was the CIA’s national intelligence officer (NIO) for East Asia for many years.

As for the near future, one of the group’s April newsletters offers this to look out for: “The North Korean discussion around the KN-08 rocket spiked well above average levels on April 15, 8 days before the submarine-launched ballistic missile test. Prediction levels remains elevated for a WMD test within the next 30 days, raising the concern that Kim Jong-un may seek to conduct another Nuclear test before May’s Party Congress.”

The problem with predicting future geopolitical events is…the news is never good.

DefenseOne:

 

« Unlikely Partners Build High Speed Trans-Atlantic Cable
SWIFT Hackers Linked to ‘North Korean’ Lazarus Group »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

CRU Data Security Group (CDSG)

CRU Data Security Group (CDSG)

CRU is a pioneer in devices for data mobility, data security, encryption, and digital investigation.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

Kivu Consulting

Kivu Consulting

Kivu Consulting combines technical and legal expertise to deliver data breach response, investigative, discovery and forensic solutions worldwide.

CyberGuarded

CyberGuarded

CyberGuarded are an accredited vendor independent information security testing and auditing company.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

Cyberspace Solarium Commission (CSC)

Cyberspace Solarium Commission (CSC)

The Cyberspace Solarium Commission was established to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.

Zephyr Project

Zephyr Project

The Zephyr Project strives to deliver the best-in-class RTOS for connected resource-constrained devices, built to be secure and safe.

Amidas Hong Kong

Amidas Hong Kong

Amidas is your trusted companion on the road to Digital Transformation. We provide a full range of Information Technology Solutions and Professional Services to Enterprise customers.

RB42

RB42

RB42 (formerly Nexa Technologies) provide cyber defense solutions (ComUnity, secure and encrypted messaging, detection of interception tools, etc) and cyber defense consultancy service.

DEKRA

DEKRA

DEKRA’s promise is to ensure the safety of human interaction with technology and the environment.

Gleam Cloud Security Solutions (GCSS)

Gleam Cloud Security Solutions (GCSS)

GCSS Security is an information security firm providing cyber security protection with a highly skilled and experienced team focused on technology that creates best-in-class customer experiences.

S4E (Security for Everyone)

S4E (Security for Everyone)

At S4E.io, our mission is to democratize digital security, making it accessible, simple, and effective for individuals and businesses of all sizes.