Revision note for University of Cambridge Students on secret world intelligence topic

This is a revision note I have drafted for final year pre exam revision for University of Cambridge undergraduates who were supervised by me on Militant Islamist Radicalization on the Internet.

Good luck, make use of this, and keep in touch!

The challenge now is to apply the Internet-focused information and approach from our sessions to practical questions on intelligence. Radicalization is a part of the topic on which you will be examined and can inform your approach to the Internet and intelligence post 9-11. This note, and more particularly the links included in it (make sure to read the links that are in bold), is intended to help you do this.

A. Challenges
B. Opportunities
i) OSINT & data mining
ii) intelligence reform & sharing
C. Where radicalization fits in
Concluding note

Probably the most important practical factor, from the perspective of an exam taker, is the question of what has been changed by the introduction of the Internet into the security picture, specifically, what challenges and opportunities are presented by the Internet for the intelligence operator?

A. Challenges

David Pepper, the then head of GCHQ, testified before the Lords Intelligence & Security Committee that packet-switched networking communications upon which the Internet relies represent ‘the biggest change in telecoms technology since the invention of the telephone. It is a complete revolution’. (ISC Annual Report 2006-07, p. 21). This is particularly the case with applications such as Skype and other voice over Internet protocol programs (VOIP), which offer the same utility to users as the telephone, but pose far greater difficulties to would be listeners.

The Internet uses a very different approach to communications in that, rather than having any sense of fixed lines like that, there is a big network with a number of nodes, but for any individual communicating, their communications are broken up into shorter packets. So whether you are sending an email or any other form of Internet communication, anything you send is broken up into packets. These packets are then routed around the network and may go in any one of a number of different routes because the network is designed to be resilient…

Note that this challenge appears to be ongoing. In 2009 the National Security Agency in the US, according to the technology and law journal The Register is seeking private sector means of reliably breaking into Skype conversations. On the one hand then the Internet represents a challenge – and an additional expense – for those in the business of SIGNIT (signals intelligence). Responding to David Pepper’s testimony, the Intelligence & Security Committee concluded that

it is satisfied that, despite the substantial costs involved, the current SIGINT Modernisation programme represents an essential investment in maintaining GCHQ’s technological capabilities. Given the unremitting progress of technology – particularly internet-based communications – we believe it is vital that plans and budgets are established early to ensure that GCHQ is able to continue vital modernisation work. The Committee will continue to monitor the existing programme and intends to study these future plans carefully.

In October 2008, the Times reported on an emerging controversy over the extent proposals for UK electronic surveillance, which was reported to be expanding into the league of the abortive Information Awareness Office proposals in the US.

B. Opportunities

i) OSINT & data mining

On the otherhand, the Internet represents significant opportunities for OSINT (open source intelligence) gathering. The University of Arizona Artificial Intelligence Laboratory is working on a data mining project, The Dark Web, with ambitious objectives.

We aim to collect “ALL” web content generated by international terrorist groups, including web sites, forums, chat rooms, blogs, social networking sites, videos, virtual world, etc.

We have developed various multilingual data mining, text mining, and web mining techniques to perform link analysis, content analysis,  web metrics (technical sophistication) analysis, sentiment analysis, authorship analysis, and video analysis in our research.

This data sheet illustrates the potential extent to what is possible using such techniques. New methods of harvesting data from open websites – and from some closed ones which require infiltration – allow one to harvest the entire back catalog of conversations from an entire forum. At the very least this can allow intelligence agencies to refine threat perceptions by gauge long term shifts in opinion and reactions to world events.

ii) intelligence reform & sharing

Within the intelligence community, an internet mentality and networking tools are being used in an attempt to end stove piping. Agencies in the United States, following the 9-11 Commission’s finding that insufficient information sharing had contributed to national vulnerability, had a particular imperative to end the stove piping of intelligence.

Recent developments include the establishment of a National Counterterrorism Center (NCTC), a multi-agency center analyzing and integrating intelligence relevant to terrorism, and of an Information Sharing Environment (ISE) to facilitate intel sharing between “Federal, State, local, and tribal governments and the private sector”. The ISE Architecture Framework (2008) document (pp 73-74) envisages a range of applications that closely reflect Internet tools. These include conferencing, an inter agency directory of people, VOIP, collaborative work spaces, application sharing and broadcasting. (For other documents on this new information environment, see


In 2005, D. Calvin Andrus, the chief technology officer for the Central Intelligence Agency’s Center for Mission Innovation, wrote a paper called The Wiki and the Blog: Toward a Complex Adaptive Intelligence Community in which he made the case that blogs and a common wiki system (based on Wikipedia), and the instant feedback and user-driven content that characterize them, would solve the problems facing the Intelligence community:

Once the Intelligence Community has a robust and mature Wiki and Blog knowledge sharing web space, the nature of Intelligence will change forever.  This is precisely the prescription we are looking for. (p. 26)

By 2009 when Time Magazine covered “Intellipedia”, the product of Andrus’ concept, it was hailed as a major triumph.

they say [Intellipedia] is transforming the way U.S. spy agencies handle top-secret information by fostering collaboration across Washington and around the world. Rolled out in 2006 to skeptical veterans at CIA headquarters in Langley, Va., Intellipedia has grown to a 900,000-page magnum opus of espionage, handling some 100,000 user accounts and 5,000 page edits a day.

In another example of Web 2.0 being embraced by the intelligence community, a social networking tool for analysts across different US intelligence agencies called A-Space (Analytic Space) was launched in late 2008.

3. Where radicalization can fit in

The PREVENT strand of the UK Counter Terror strategy “CONTEST” deals explicitly with radicalisation. Remember also that under the 2000 Terrorism Act in the UK, a group that ‘promotes or encourages terrorism’ is included in the category of terrorist groups; a list of ‘unacceptable behaviours’ was published on 24 August 2005 for which non-UK citizens could be deported, including public speaking and running a website that promoted criminal activity or terrorism; and the Terrorism Act 2006 criminalised ‘glorification’ of terrorism.

The list of relevant convictions at British courts in 2007 illustrate that the Internet has been used variously to coordinate and recruit among militant affiliates and sympathizers. For example, in July 2007, Younis ‘Irhabi 007’ Tsouli, Waseem Mughal and Tariq Al Daour were convicted for incitement to commit an act of terrorism through the internet. The same month, in a separate case, Irfan Raja, Awaab Iqbal, Aitzaz Zafar, Usman Malik, and Akbar Butt, were convicted for downloading and sharing extremist terrorism-related material, including Abdullah Azzam’s Join the Caravan. Raja had met the others, who knew each other at Bradford University, through a chatroom. (This conviction was subsequently quashed in appeal.) Mohammed Atif Siddique was found guilty of collecting terrorist-related information, setting up websites showing how to make and use weapons and explosives, and circulating inflammatory terrorist publications in October 2007. Samina Malik, who adopted the Internet nickname ‘the Lyrical Terrorist’, was given a nine-month suspended jail sentence in December 2007.

The issue of radicalization and coordination, whether online or not, becomes particularly important when one considers the number of cases, homegrown perpetrators are known to have traveled to Pakistan for guidance from underground groups before conducting operations. After 9/11, the UK Government did not initially conclude that the so-called ‘home grown’ aspect of terrorism was necessarily a security threat to the UK. The assumption, which had held since the mid 1990s, was that the UK would continue to be an exporter of militant Islamist terrorism. Irate French officials had called London, where suspects in attacks on French soil were apparently clustered, ‘Londinistan‘. The New York Times, three days after the 7 July 2005 bombings in London, carried the headline ‘For a Decade, London Thrived as a Busy Crossroads of Terror‘. However, a number of incidents brought the problem home, and indicated the importance of the close link enjoyed by the UK and Pakistan.

A number of British citizens and foreign citizens resident in the UK are known to have travelled to Afghanistan and Pakistan for terrorist training and/or dealings with Al Qaida figures. Some of the individuals convicted of terrorist plots in the UK since 2000 are known or believed to have had such training. They include Richard Reid, the “shoe bomber” who tried to blow up a transatlantic airliner; Dhiren Barot, who planned “dirty bomb” attacks in the US and UK [see Operation Rhyme]; Omar Khyam, the “fertiliser bomber” who aimed to attack shopping centres and nightclubs; and Mohammed Siddique Khan, one of the London suicide bombers. Others who were trained in Al Qaida’s terrorist camps remain at large.

If the Internet plays a role in maintaining contact between prospective militants in the UK and supporters in Pakistan, not only are the challenges and opportunities presented by the Internet important, but so too is the Internet’s role in radicalization. Beyond the UK, Europol’s annual terrorism situation and trend report, TE-SAT 2008, details further arrests in France; nine arrests in the Glasvej case in Denmark; three arrests resulting in two convictions in another Danish case; four arrests in Bulgaria. Europol notes the trend:

More terrorism propaganda is being produced and distributed over the Internet than ever before. … [The] al-Qaeda media campaign during 2007 produced propaganda in a number of European languages, indicating increasing efforts to reach non-Arabic speaking Europeans.

Concluding note

The authorities face a difficult battle in catching up with young, tech savvy  operators on the Internet. It is important to recognize how recently the Internet became a factor in counter terrorism. The first popular Web browser, “Mosaic”, was released at late as 1993. Yet only two years later the team behind it would make the largest initial IPO in history when their company, Netscape, went public and launched the dot com bubble. Militants and other underground movements have been the quickest to exploit the Internet as a cheap and direct means of communicating to prospective supporters, and have gained an early mover advantage. This was vividly illustrated in May 2007, when a trial of three men suspected of inciting terrorism using Internet chatrooms, videos, and forums, was interrupted by the presiding judge. Mr Justice Peter Openshaw paused the trial at Woolwich Crown Court to note:

the trouble is I don’t understand the language. I don’t really understand what a website is.


In addition to the sources already included on your reading list, the following recently released report may be particularly useful