EDL Internal Security Monitoring

Document originally published on the Tennesee Educator by an unknown author How the CIAs Social Network Analysis is being applied to Facebook and the EDL Why the EDL must self-assess its internal security. Social Network Analysis or SNA has long been a useful tool in the covert intelligence communitys tool bag by which to determine how best to manipulate and take down terrorist cells and destabilize terrorist networks. In March of 2007, Lieutenant Russell G. Schuhart II delivered his masters thesis on the topic at the Naval Post Graduate School in Monterrey, California, a school known for turning out top Naval Intelligence Officers and supporting the advancement of U.S Warfare theory in generalno pun intended. Schuharts Thesis, entitled Hacking Social Networks: Examining the Viability of Using Computer Network Attack Against Social Networks offers a great deal of insight into how the U.S. Intelligence Community currently functions in regards to destabilizing terrorist cells and or other covert groups that end up in the CIAs crosshairs. For the purpose of this article, I ask the reader to ask themselves this question: Could SNA be used by the CIA to destabilize non-covert organized groups of people interacting on Facebook? For the sake of argument, lets say yes. And for our purpose here, we shall use the English Defence League, or the EDL as example of a group that could become a target of such an operation in the future. I for one believe that SNA has already been applied in varying degrees to the EDL, and caution its leaders to be vigilant in the future to this regard. Therefore, what I will lay out below is how the CIA, MI6, and other agencies might one day come after the group or may already be attempting to manipulate the group.

In Schuharts thesis, the following is noted: SNA was designed to destabilize covert networks that are difficult to penetrate. This work presents a possible way to improve SNAs performance against a covert social network by employing the Computer Network Attack (CNA) model. The CNA model is used by computer network security to represent the traditional approach to hacking a computer network. The CNA model should be able to improve the accuracy of SNA when applied to a covert social network by standardizing the destabilization process and allowing for frequent challenges of operating assumptions. SNA Terminology and Theory In Social Network Theory, the actors, or members of a target group, or terrorist cell are called nodes. You can think of a node as a circle with a name on it on an organizational chart. The idea is to either isolate nodes, turn them into double agents, feed some of them disinformation, turn them against one another or simply take them out of the equation, such as the CIA and SEAL Team 6 recently did in killing Osama Bin Laden. A mode is a group of actors, or a terrorist cell, or in the case of our example all the members of the EDL. Schuhart states in his thesis that: If all the actors come from the same set (group, religion, party, school, etc.), then it is a one mode network. If the set of actors come from two different groups (two different political parties, groups, teams, etc.) then it is a two mode network. Note that an actor/node can be an event or a location. If a group of people are meeting at a location, it would be a two mode network. The first mode is the group of people and second is the location or the meeting itself. Any number of modes beyond two is generally referred to as a multimode. Furthermore, Schuhart states that a tie is used interchangeably with relationship to express the shared bond among actors or nodes. Thus we can state that the EDL, being that it is made up different and convergent groups of actors (nodes) from different cities that come together or mobilize for direct group action, that the group as a whole would be considered by intelligence agencies to be a multimode. Application of SNA to the EDL The next step an intelligence agency would use in running a destabilization operation against the EDL would be to map out the organization on a chart (sociogram or sociomatrix) and determine exact relationship amongst individual members (nodes). This is akin to the Scotland Yard Detective in a movie charting out the clues and suspects of a crime on a large blackboard. According to Schuharts Thesis: SNAs greatest potential lies with its ability to display relational data. This is most commonly done as a sociomatrix or as a sociogram. Both sociograms and sociomatrices have been in use since the 1930s and are a product of the science of sociometry which studies affective relations among actors such as like/dislike or love/hate (Wasserman and Faust, 77). Once the relationships have been mapped out, the intelligence agency can then begin to determine where the vulnerable or weak links in the chain are. In the case of the EDL, the most likely methods that the CIA or MI6 will use against the organization are the following: 1. Disinformation

2. Creating tension and conflict between varying factions of the EDL(modes) which in this case would be the varying individual city groups 3. Using disruption of communications to prevent contact between groups 4. Using law enforcement pressure through government to prevent group contact Lets take a look at each on these methods. Disinformation & Creating Tension and Conflict go hand in hand: 1. A government agent plant could infiltrate a single EDL City group (mode) and inform members of one group that another group are working for the government. This would create tension between groups and lessen the effectiveness of the organization. 2. A government agent plant could send one EDL group disinformation about another groups leader, such as Leader A of City A wants to dethrone Tommy and become the new leader of the EDL. This would serve to cause paranoia between (nodes) or individual actors of the organization and effectively weaken the effectiveness of the leadership. 3. A government agent could inform one City group (mode) that an event has been cancelled, thereby lessening the impact of the group effort in a demonstration. 4. A government agent could plant false information in the press to associate the EDL with some known evil, or connect them to a crime or treasonous act that would mark the group as bad for the nation. * Note I believe this has been used against the EDL from the start by the British Medias attempt to associate the EDL with Fascists Right Wing Skinhead groups, etc., 5. A government agent could hack the Facebook account of a known member and filter in false information into the Facebook news thread of the EDL, or vulgar information to make the group look bad. *Note I believe this has been done at varying times in the growth of EDLs Facebook page. 6. Planting rumors that one members girlfriend is sleeping with another member, or some variation of this type of conflict intrusion. Disruption of Communications: 1. Government use of cell phone blocking technologies that could black out communications of the group during an event. 2. Government use of cell phone blocking technologies that could shut down leaders communications within home cities. 3. Government shutdown of internet communication via phone lines, or the main trunk lines of the internet. *Note This recently happened in the Mideast uprisings. 4. Government infiltration and or cooperation of Facebook executives to shut down communication between members at and around planned event times. *Note We believe this is already in place. We believe the courtship of Facebook CEO Mark Zuckerberg by G-8 government ministers has laid the groundwork for such cooperation. Law Enforcement Pressure through government persuasion to inflict legal restraint of members 1. Members could be arrested without just cause 2. Government agents could rile up Muslim groups to create havoc that can later be blamed on

the EDL 3. Buses coming into a city could be blocked, or held up by law enforcement 4. Various vagrancy laws, etc., can be applied to remove undesirables from the streets How the Intelligence Agencies collect their information about EDL In the case of the EDL, MI6 and the CIA will be using all available data to include each and every newspaper article, photos, and interviews given by the EDL to record the names and personal information about the relationships between EDL members. Once again, this information is mapped out on a large diagram, so as to pinpoint any weak links in the chain. The intelligence community combs through EDLs Facebook thread looking for dissention or arguments between members that they may be able to exploit in order to create tension amongst the group. According to Schuharts study: A classic example of using public records to construct a social network was the reconstruction of the September 11 th hijackers by Valdis Krebs in his Mapping Networks of Terrorist Cells. Krebs used information from major newspapers, released data about the relationships amongst the hijackers from law enforcement agencies, and Internet search engines to determine how the network interacted. Krebss study is proof that social network data collection can require creativity when the actors are not accessible. Schuhart also states the long term success of covert groups such as terrorist cells depends upon their ability to keep secrets, and prevent discovery of membership. With the EDL, this is not practical. However, the EDL leadership could use the above information to help them protect the integrity of the EDL movement by taking the time to ensure internal controls and security are taken into consideration in planning going forward. Here are a few suggestions if they have not already been considered: 1. City leadership should meet regularly as a group with HQ in order to discuss any information that may be pertinent to the integrity of the movement and to determine whether or not government infiltration is taking place. Have interesting new members suddenly appeared from nowhere? Have certain members voiced concerns that they did not have before? Is a member acting differently, paranoid, or suddenly came into money, or taking trips that they could not afford before. 2. An emergency communications network should be established amongst the individual Cities. How will you communicate should the power grid suddenly go down, or the plug pulled on Facebook. A courier system should be established and perhaps some degree of secrecy should be cloaked around this system, such as only the group leader and the designated couriers know who is responsible to see communications get out should they be blocked. 3. Community Service Activities should be conducted in order to establish community relations. Toy drives for kids at Christmas, a day spent helping the elderly, all in the name of the EDL. This will help build a positive image of the EDL and gain community support for the movement. 4. The Press Corp should be invited to accompany the EDL and reporters from overseas new organizations such as the Rolling Stones Magazine or Mother Jones and others should be invited to come learn about the movement. 5. EDL leadership should apply their own SNA or Social Network Analysis: in other words, map out your own organization on a large wall chart and with your best minds,

attempt to determine if the organization has any weak links in the chain, and attempt to discover what vulnerabilities government agents by attempt to exploit. To this regard, intelligence researchers note that SNA has its limits. This fact should be taken advantage of by the EDL. Keep in mind that in drawing this analogy, that I am in no-way implying that the EDL is a terrorist network, but for EDLs own security sake and for its long-term viability, EDL leadership must recognize that the scrutiny they are being put under by the intelligence community is of the same caliber applied to terrorist networks. Schuhart notes the following: Terrorist networks survival is directly proportional to secrecy. Skilled terrorist groups organize into cells to prevent discovery and limit damage if cells are captured by authorities. Traditional data collection methods like surveys and interviews are not applicable to terrorist networks for obvious reasons. SNA must fight against this secrecy to determine which actors are part of the network and what roles they fill. Analysts are forced to rely on intelligence reports, interrogations, and logical deduction as well as educated guessing to gather network data. Invariably, this leads to errors. Some actors may escape detection and other nodes will wrongly be assigned roles and positions to compensate. The model network structure may or may not accurately reflect the actual terrorist network. There is no way for the analyst to know how accurate the model is.

The addition or subtraction of Nodes or Modes EDL needs to also be aware that intelligence agencies in their application of SNA, may attempt to add a node or a mode or subtract one. In other words, if EDL suddenly has a new city applying for membership, at this point I would be suspicious, as it may very well be a group made up entirely of government agents. The government through its use of the methods outlined above may attempt to shut down groups altogether in order to reduce EDL membership. According to Schuharts thesis, one of the intelligence communitys key researchers on the subject of SNA, Professor Kathleen Carley at Carnegie Melon University, has written numerous papers on mapping, destabilizing, and understanding covert networks Schuhart goes on to state that: Unfortunately, Carley has focused more on developing software and methods to compare destabilization strategies than actually proposing how SNA can be used to fight a covert network. Her strategy is to add or remove nodes, but the focus is on removal. Once again, we can see how theory has been put into practice by the CIA in the assassination of Osama Bin Laden. Of course in the case of the EDL, it is unlikely such methods would be used due to the fact that the EDL was not organized to destabilize or terrorize the British government. However, as the EDL may present a problem to the interests of certain British politicians ambition towards conformity with European Union principles, disruption of the organization is definitely on the plate. Schuhart states that SNA is on the rise in its use by intelligence agencies and that: In fact, the newly released joint U.S. Army and U.S. Marine Corps counterinsurgency manual, FM 3-24, includes an appendix that addresses the basics of SNA (E-10). Node Targeting The EDL must also bear in mind how the CIA, MI6 and other intelligence agencies target nodes, or individual members. According to Schuhart, reflecting on research by Dr. Carley: Nodes are targeted for removal based upon their centrality, possession of a unique skill (such as a bombmaking), or their high cognitive demand which is requirement for an emergent leader (Carley 2006, 56). Carley points to her earlier work to explain that emergent leaders are those nodes that display high cognitive load and are worthy of targeting. Overall cognitive load, not simply structural power, is key to tracking who is likely to be the emergent leader. Based on these considerations, we define the emergent leader as the individual with the highest cognitive load (the most people to talk to, the most information to process, the most tasks to do, the hardest tasks to do, the most people to negotiate with to get the job done, etc.)Consequently, emergent leaders, by virtue of their centrality across the entire meta-network are good candidate agents to remove if the goal is to destabilize the network (Carley 2001, 84). Once these nodes are removed, Carley argues, the network will suffer from cascading errors that will reduce the networks ability to function. Schuharts thesis basically attempts to apply CNA, or Computer Network Analysis to SNA. In CNA, the process is more rigid and communications can be exploited by proven hacking strategies that can exploit a terrorist cells communications to gather intelligence on the movements and plans

of the organization. It was noted in the aftermath of the Osama Bin Laden assassination that OBL was using couriers, using pen drives to send out information. In effect, OBL was basically one (node) sitting outside the mode (network) which allowed for him to continue uploading videos onto the internet without allowing his whereabouts to become known. Once the CIA had the courier isolated, the game was up. This is a lesson that should be noted for any organization operating in the modern landscape. Avoiding computer and or digital communications of any kind is a necessity when the most sensitive information needs to get through. Use a courier instead. Conclusion While this essay is in no way a fully exhaustive list of security measures the EDL should employ, it may be looked upon as a starting point for consideration.