Reading Saddam's e-mail

[David Farber <dave () farber net>]

Begin forwarded message:

From: h_bray () globe com
Date: January 30, 2006 2:37:40 PM EST
To: dave () farber net
Subject: Reading Saddam's e-mail

http://weeklystandard.com/Content/Public/Articles/ 
000/000/006/652zozfg.asp

A veteran intelligence guy fills us in on why so little of the captured
Iraqi data have been analyzed so far.  It's a fascinating overview of  
how
intelligence analysis is supposed to work

Excerpts:

The process of exploitation begins with the recognition that neither  
human
intelligence nor signals intelligence is the be-all and end-all. Human
sources can lie. They can hide parts of the truth. Unwitting dupes in a
deception scheme can honestly tell you what they think is the truth.
Intercepted signals generally reveal only part of the intelligence  
picture.
In a complex web of bad guys, tapping the phones of one or two leaves  
a lot
of gaps, especially when your adversary is a whole network of webs.


Digital media, on the other hand, are less prone to be a means of
deception, and even one node of a network can reveal a significant  
amount
about the entire network. Think about the data that you keep on your
computers at work and at home. Unless you write fiction for a living,  
these
are the most accurate and factual data that can be obtained about you
(short of reading your mind). The memos and letters you write, the
financial information you calculate, the websites you visit, and the  
people
you email or instant-message--all this is a gold mine for anyone  
looking to
know who you are, what you do, and with whom you cavort. Now imagine  
having
access to the same data about your adversary.


<snip>



...when data come without any meaningful context, we have to re- 
create it
after the fact. We begin to do this by building lists of keywords,  
phrases,
personalities, and other data that pertain to the topics of interest  
to our
intelligence services. These lists can easily include tens of  
thousands of
terms, names, figures, and data formats.


The next step is to create a forensically sound process to spin off the
more meaningful pieces of data (user-created documents, emails,
spreadsheets, etc.) while leaving behind data that have less utility  
(files
associated with the operating system and software applications).  
Let's call
this our forensic centrifuge.


Ideally our centrifuge will be built out of a cluster of computers:  
dozens
of cheap processors networked together and scaled to rival a  
supercomputer
in power. Cluster computers have been used by academia and the  
government
for years, notably in places like NASA and the Department of Energy.


Computer programs written to take advantage of the multiprocessor
capabilities of the centrifuge will extract the easy-to-obtain data  
files,
recover deleted files and those that have been obfuscated by various  
means,
and find the data stored in web browsers, email software, and other
programs. There are commercial applications that do this, but our
applications will have to be custom-made.






Hiawatha Bray



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/