How did MI5 find the suspected terrorists in the U.K. in order to foil their plot to down multiple transatlantic airliners? By casting a net over the entire countries telecommunications and looking for needles in that huge haystack? Apparently not; rather by good old-fashioned detective work:
Given that the four British men who carried out last July’s suicide bombings in London were radicalised in Pakistan, British officials have been acutely interested in potential links between UK-based al-Qaeda sympathisers and established militants in Pakistan.
Based on the information from Pakistan, MI5 began its watching operation last year. The BBC last night reported the operation began in July, but The Scotsman understands it started several months earlier.
Arrest in Pakistan led MI5 to airline terror plot suspects The Scotsman, 11 Aug 2006
I heard British Home Secretary John Reid say on the radio yesterday that they had been following the specific group of plotters since December. But how did MI5 find them those plotters in the first place?
According to the Scotsman:
In the initial stages, counter-terrorism officers watched from a distance. By sifting telephone records, e-mails and bank records, the MI5 officers built up what insiders call "concentric circles" of information, gradually connecting each suspect to others and building up a detailed picture of the conspiracy.
The operation, Whitehall officials said yesterday, was "very definitely MI5-led." The men arrested had long been on the security service’s list of more than 1,000 "priority" targets: people thought likely to provide active support for terrorism.
So they started with a small haystack and sorted from there.
Speaking of insiders:
Social Network Analysis [SNA] is a mathematical method for ‘connecting the dots’. SNA allows us to map and measure complex, and sometimes covert, human groups and organizations.
Early in 2000, the CIA was informed of two terrorist suspects linked to al-Qaeda. Nawaf Alhazmi and Khalid Almihdhar were photographed attending a meeting of known terrorists in Malaysia. After the meeting they returned to Los Angeles, where they had already set up residence in late 1999.What do you do with these suspects? Arrest or deport them immediately? No, we need to use them to discover more of the al-Qaeda network. Once suspects have been discovered, we can use their daily activities to uncloak their network. Just like they used our technology against us, we can use their planning process against them. Watch them, and listen to their conversations to see…
- who they call / email
- who visits with them locally and in other cities
- where their money comes from
The structure of their extended network begins to emerge as data is discovered via surveillance. A suspect being monitored may have many contacts — both accidental and intentional. We must always be wary of ‘guilt by association’. Accidental contacts, like the mail delivery person, the grocery store clerk, and neighbor may not be viewed with investigative interest. Intentional contacts are like the late afternoon visitor, whose car license plate is traced back to a rental company at the airport, where we discover he arrived from Toronto (got to notify the Canadians) and his name matches a cell phone number (with a Buffalo, NY area code) that our suspect calls regularly. This intentional contact is added to our map and we start tracking his interactions — where do they lead? As data comes in, a picture of the terrorist organization slowly comes into focus.
Connecting the Dots — Tracking Two Identified Terrorists by Valdis Krebs, orgnet.com, 2002-2006.
Coincidence? Or did Valdis accurately deduce how MI5 works? Or did MI5 follow Valdis’s prescription?
Whichever of the above possibilities, it seems this method works better than throwing a dragnet over a haystack consisting of all telephone and electronic mail records for an entire country and then expecting to find needles in it.
-jsq
PS: Thanks to Valdis for the heads-up.