HomeFeaturesDailyBriefingsRapidReconSpecial ReportsAbout Us

« August 2008 | Return to PrincipalAnalysis | January 2009 »

September 16, 2008

United States of America

Open Source Intelligence

A ThreatsWatch Symposium

By ThreatsWatch | September 16, 2008

Open source intelligence (OSINT) is, for lack of a universally-accepted formal definition, information of value that you don't have to steal with spies or technical means. It can be free or you might have to pay for it but the thrust is that it is not classified or otherwise restricted by a government entity. To an extent we all use OSINT every day for any decision of substance; you identify a question that needs to be answered, you gather information that will help you make an informed decision, you process or analyze that information, and you make a decision based on the outcome of your analytic process. You don't need a spy or satellite to tell you which car to buy; in many cases a government doesn't need either of those tools to help it decide whether or not to take some kind of political action against an adversary. A simplistic comparison to be sure, but at the other end of the spectrum consider that all global business runs on OSINT, not secrets.

As a matter of fact, most of the information (later processed into intelligence) national and military decision-makers need to operate can be obtained via open sources (estimates range from 80%-90%), and the value of OSINT has been demonstrated numerous times over the last several years. Acknowledging these facts, this year's Office of the Director of National Intelligence OSINT Conference focused on the issue of the "decision advantage" OSINT can provide. While it was not an expressed target of the conference, there were numerous discussions about the role social network(ing) and related tech and practices could benefit the IC, something we can do for every -INT but given the related revolution taking place outside of SCIFs worldwide it made the conference a particularly apropos environment.

ThreatsWatch had the pleasure of discussing relevant issues with a number of current and former intelligence practitioners at this year's Open Source Intelligence Conference: Robert Stede, intelligence community analyst and technologist; Bob Gourley, former Chief Technology Officer at the Defense Intelligence Agency and currently CTO of Crucial Point LLC; Matt Burton, former analyst at the Defense Intelligence Agency and currently a consultant to the intelligence community; and Jack Holt, OSD Public Affairs.

TW: The promotion of OSINT as a peer –INT has been going on for some time now, though I don't think I'm going out on a limb when I say that earlier efforts have fallen short. Do you think what was said at this conference – combined with that you're seeing in the trenches - backs up the assertion that OSINT is finally coming into its own?

Robert: Is it coming into its own? It is and it isn't. OSINT's ubiquity is both a pro and con. It permeates everything in intelligence. If you take away the rules and customs of secrets, all you have left is OSINT, which is knowledge. Some diagram OSINT's role or place in intelligence as one of many circles in a Venn diagram; I see it as a cornerstone upon which the foundation of all intelligence is built. You can use the finest materials to build your house but if the construction is shoddy it's all for naught. Today, IC culture and expenditures drive us to buy fancy fixtures and molding, not invest in good architecture up front. The priorities of the Community are also backwards when it comes to sharing and collaboration. The tools and tech we use are serviceable; it's a rehab of our culture that needs to take place if we're going to deal with future mysteries and puzzles. We need to divorce ourselves from hierarchy and promote self-forming networks of trusted peers. Fears about reaching out to those who know better than you also has to be curtailed. Rewards for collaboration with peers inside and outside the wire need to be addressed if we ever want to know the truth. I don't expect this change to happen for a while; we are notoriously slow to understand and respond to emerging threats and concerns for our nation.

Jack: I believe OSINT is coming into its own primarily because the institutions that performed the function previously have been disbanded. USIA was a primary source of intel on cultures, norms, and attitudes in prior years and could give us an idea of who the thought leaders were on certain topics or areas. That information has not been readily available to an expeditionary force. OSINT has given us back that capability.

Matt: I'm not down in the trenches anymore, so I can't say. In my opinion, it would be best for open source intelligence if the term "OSINT" went away completely. The big reason it isn't a mainstay is because it's unclassified, and I think the OSINT label only highlights that when customers come across it. OSINT is not a separate INT. Rather, it comprises all the other INTs we normally use: photos, electronic, people...public satellite imagery is simply unclassified IMINT. Why call it something else that makes it look untrustworthy?

Bob: The nature of the world is changing. More and more is available in open sources. And with our IT systems we can bring the sum total of that to the desktop of our analysts. With social media we can apply more brains to racking and stacking and sorting. So you could argue that OSINT is of growing importance. But what OSINT could have told us that Putin was about to invade Georgia, or that he would mount a sophisticated deception effort to manipulate Western diplomats? Or that he would continue to say he will withdraw but had no intentions of doing so for weeks after the country was crushed? Could you argue that our newfound love affair with OSINT led us to believe we could know Putin's intent? Did OSINT contribute to yet another failure?

TW: We saw the senior representatives of a number of IC entities get up and talk about their OSINT efforts at a fairly meta-level. Not a day goes by and one of those entities (DHS) gets hammered by Congress for falling down on the job with regards to OSINT. With the benefits so obvious, why do you think it is so hard to turn vision into reality?

Robert: Attitude. The IC's attitude has not changed. If it's the first resort, shouldn't it be funded first?

Jack: I believe part of the problem comes from legacy thinking; the rest is people protecting their rice bowls.

Matt: I'm not familiar with the report, but it's probably a combination of things: execs being unwilling to be the first to take the leap, preferring that one of their peers do it first; middle managers who clog the flow of new ideas between desk workers and executives; and desk workers being stuck in their ways, unwilling and unable to learn a new business practice on their own.

TW: We heard a lot about "cognitive diversity" and the value that it can bring to analytic problems. Since OSINT is more or less tailor made for such an approach, how come there has not been a more significant outreach to SMEs outside the IC? We've done it in the past with classified works.

Robert: There's a fear of showing "our hand." We hear this stupid notion of the "Washington Post Test: If it can be ran in the Washington Post, it's bad." I think we need to be working with whomever, wherever them may be. And it was Dan Butler who said we need a little more humility to accomplish this. With a little more humility we can put our questions to a trusted network of groups, individuals, or machines. I would also argue that we could leverage our own citizens by just placing our puzzle pieces out there. We would be taking a large risk, but would feel that the return would be just as big. We have to face the reality that we cannot do this work alone and we have to grow into it.

Jack: Outreach to other SMEs will come more easily as we work through re-framing the environment to bring better understanding of the global information environment to the legacy thinkers. Example is how we've made a totem pole of "strategic communication" with no real understanding of what it is. SC is a process of identifying the strategically important publics for mission success and then finding a way to tell them what we're doing. That has a big IC component, an operational component, and a public affairs component. And, for example, if public affairs doesn't avail itself of the intel then the command is speaking without intelligence. We've seen and heard enough of that.

Matt: Haven't thought about this. A few possibilities: maybe it's a lot easier to get outsiders to help us when we have classified info to show them. Or maybe, because those outsiders already work with this OSINT day in and day out, there's no need to ask them for their input; it's already out there. Global Futures is the only such outreach effort I know of. Any others?

TW: Play king for a day; how would you re-align the current OSINT budget for your agency (or the community); what would you do with a 10% increase in funding?

Robert: More people with the right mindset; people for whom sharing is the default setting. If we all don't share or realize that we can't do it all, it's going to hurt our team. There are hundreds of people who wanted to be here in Analyst X's chair; if Analyst X is being introverted and unwilling to share what they know, that person is hurting far more than helping.

If I couldn't break the manpower ceiling I'd move to enable all of our data to be interoperable. There are two things that run concurrent through any information: space and time. Linking information by place would get us off and running in the right direction to integrate a multi-discipline community for multi-disciplinary problems.

Jack: More investment should be made in people. Collection and analysis is primary with training in the available products, processes, and the technologies available. Then investment in making the technologies shareable across the community.

Matt: Systems and training. Give the systems guys some of that budget and ask them to built a JWICS-to-Web port. We have to get the Web at the desk of every single analyst, and do it in a way that keeps them from having to switch machines. As long as the two networks are segregated, there will be a psychological barrier between "JWICS, where I do my work," and "The computer where I check my Gmail."

TW: If you had to draw a line in the National Intelligence Priorities Framework - stuff that would exclusively be handed over to OSINT practitioners outside the IC – where would it be drawn? If you could focus more OSINT on a given mission(s) which one(s) would they be?

Robert: I couldn't really say. You could throw them all over the fence if you wanted. They're just questions.

Jack: I see this as a complete package where someone gathers, another analyzes, another speaks, and the communication is whole. IC monitors and analyzes while PA discusses and puts back and every interaction changes the environment. To build to more understanding.

Matt: My first-hand experience in the various intelligence domains is limited. Bottom line though is that I'm sure they could all probably do with a healthy injection of more unclassified information.

TW: Best thing you heard an IC senior say? Worst/most disturbing/annoying?

Bob: Without a doubt, the best thing I heard any IC senior say was Glenn Gaffney stated he believes it to be our responsibility to field an infrastructure with the ability to enable IC users to mashup data. We owe this to today's analysts and tomorrow's; and we must build an infrastructure that will let tomorrow's users do things like mash up data in ways we might not even imagine. Seeing a senior IC leader articulate a vision on mashups really left me feeling like the community is in great hands.

As a runner up, I have to say it was Director Hayden's quoting of the great master of operational Intelligence Vince Fragromene. Vince was quoted as having taught Director Hayden that "if you live by SIGINT you die by SIGINT", meaning that you cannot simply trust any single source for an assessment. Vince and others drummed that lesson into my head as well, and I saw time and time again how important it is to seek every possible source that has information or context on a particular situation. It is also critically important to know the strengths and weaknesses of every source. For example, HUMINT might reveal intentions, but if a Human said it then it could also be a lie. ELINT might reveal a precise location but if a parameter is captured wrong it may totally mis-identify the radar that is there. SOSUS might actually be a bottom bounce hit and the Sub may actually be way far away vice close. Imagery might have been taken at the time the activity was over or may be taking pictures of fake targets. The lesson is, you must use every possible source and you must know its weakness. And the reason Director Hayden was telling us about Vince's lesson was it is even more important to OSINT. Just because it is said does not mean it is true.

Robert: "Here's some money. Go do this." Actually, I like Secretary Gates' speech last year discussing the need to have individuals like John Boyd. Boyd's mantra about choosing what to be is great. Either you go off to "be someone" or you "do something." We need more "do," because right now, we have a large "say-do" gap.

Jack: Everything Glenn Gaffney said was the best thing along with Gen. Hayden. I don't recall anything disturbing but that is probably because if disturbing statements are made then impact is being had.

Matt: The best thing was an astonishing policy opinion stated in private by a very senior person in the community; I'd rather not run the risk of upsetting him, but needless to say it was very positive. The worst thing was also said during a private conversation with another senior: In the context of FISA, wiretapping, telco immunity, etc: "These people share their lives online, then complain about invasion of privacy." This is disturbing in the context of the conference because it demonstrates a lack of awareness of how online communities work.

As one speaker at the conference noted, a lot of long-time intelligence practitioners doubt the value of OSINT and they chaff at the thought that freely available information is more valuable than secrets. More to the point, they consider any efforts to more effectively integrate freely available information into the intelligence business to be anathema and entertaining such change is a threat to national security. The threat however, is in not pursuing such a course of action, because it is abundantly clear that our adversaries - particularly non-state adversaries - are doing it and in many cases eating our lunch in the process. It was easy to dismiss al-Qaeda on 9/10/01; not so much the day after, and they managed their far-flug and clandestine operation without the trappings and "benefits" of our intelligence community. Making full use of OSINT is not simply a trendy thing to do, but a vital aspect of any effort designed to reboot the intelligence community. We appreciate your time and thank you for participating in this discussion.

September 8, 2008


Al-Qaeda's Progression On Pakistan's Demise

Schizophrenic Pakistan And The Coming Vacuum That Invites al-Qaeda

By Steve Schippert | September 8, 2008

The slow-motion insurgency in Pakistan is picking up pace in short order, and the elected Pakistani government shows no signs of stopping its rapid descent into disorder, fracture and weakness. What was once the Pakistani tinderbox has become a blaze, and Al-Qaeda is feeding the flames. And while all is not lost, there is little to instill confidence that the blaze will recede and avoid an inferno.

Identity Crisis And Live Rounds

In June, the United States bombed a Pakistan border post manned by the Frontier Corps, a national militia whose components and individual units are locally recruited and manned. Think of it as an American National Guard-like setup. And, as the ABC News report showed at the time, there was "outrage" in Pakistan about the attack.

At the time, the American military said they were pursuing a Taliban ambush that came across the border and attacked them in Afghanistan. This proved, of course, quite true and was not refuted. Outrage was the cry of the day, however, and one which plays right into al-Qaeda's game of divide and conquer.

The ABC article also noted at the time that "[v]illagers said US and Pakistani forces opened fire on each other." Not very descriptive and a lot left to the imagination. Namely, who shot first?

Well, the following excerpt is from Sunday's New York Times Magazine, and it sheds a whole lot of light on the subject. US bombers were called in to hit the Taliban units and positions - and initially the Taliban positions only - that were in retreat.

The mystery, at least part of it, was solved in July by four residents of Suran Dara, a Pakistani village a few hundred yards from the site of the fight. According to two of these villagers, whom I interviewed together with a local reporter, the Americans started calling in airstrikes on the Pakistanis after the latter started shooting at the Americans.

“When the Americans started bombing the Taliban, the Frontier Corps started shooting at the Americans,” we were told by one of Suran Dara’s villagers, who, like the others, spoke on condition of anonymity for fear of being persecuted or killed by the Pakistani government or the Taliban. “They were trying to help the Taliban. And then the American planes bombed the Pakistani post.”

Power Play: Khyber Pass NATO Supply Route Closed

In the past few days, Pakistan has shut down the Khyber Pass route, through which 70% of the NATO supplies reach the forces in Afghanistan. The official line is that Pakistan fears for the safety of the fuel tankers, which can be blown up inside Pakistan enroute to the Khyber Pass border crossing. However, it appears more than that and is more troubling than puzzling.

Much of the official Pakistani government 'outrage' could at one point have been considered 'for domestic Pakistani consumption,' playing to popular disfavor that Pakistan appears a tool of the United States in the War on Terror. But shutting down that critical supply line is something different.

If it has not been by the time of this publishing, it will soon be reopened. It is entirely too critical to the US and NATO forces in Afghanistan. Certain 'pressure' will certainly be applied to the appropriate points to ensure its reopening. But the government of Pakistan is making a point: "We are in control."

But who is "we," precisely? With an ally shooting at our planes bombing the same Taliban-al-Qaeda alliance that seeks to eliminate and ultimately replace the Pakistani government, this is a fundamental question. Yet, from within the same Pakistani government, some other "we" will shortly see to it that the supply route through the Khyber Pass is reopened.

Why is this important?

Al-Qaeda: Sowing Chaos

With the Pakistani government apparently in a hopeless crashing spiral of disarray and disunity, the Taliban-al-Qaeda alliance stands ready to assert themselves as a solution to a vacuum that may likely appear once the descent gets far and deep enough. This is what al-Qaeda does.

They are winning the fight for the hearts and minds of Pakistanis in FATA - the Pakistani government has failed them for decades - and are now pushing for the hearts and minds more aggressively deeper into Pakistan. Zawahiri recorded his last message in English - commonly a second language of Pakistanis whose first language varies from Urdu or Pashto or others. A widening of the reach.

Taliban-al-Qaeda ploys have been to instigate an attack and, true to form, exploit the casualties as an American attack on Pakistanis. This has been the case with virtually every US strike on al-Qaeda within Pakistan. It was the idea behind goading Musharraf to lay siege to the Red Mosque in Islamabad, which al-Qaeda cites as Pakistanis' rallying cry against the government. And, unfortunately, it plays well.

The larger al-Qaeda aim is to sow uncertainty, friction, division and conflict internally inside Pakistan. It seeks to exploit the Pakistani-Indian long-standing tension in both Kashmir and Afghanistan in order to stir up conflict anew between the two. It seeks to drive a wedge between Pakistani political and military cooperation and partnership against them. And, it seeks to ultimately present itself to the Pakistani people as the solution to an interminable - and un-Islamic - mess.

And Pakistan currently is exhibiting the Three Faces of Eve, with locals in areas that strongly support the Taliban-al-Qaeda alliance, a military which is at least partly comprised of senior leaders opposed to them and more friendly to the United States and Westernization in general, and a political class that is so divided and Balkanized that it lacks the ability to effectively govern. And from the latter comes the emerging vacuum.

Al-Qaeda's Liquidation of Assets

It grows daily. It's new president, Benazir Bhutto's widower Asif Ali Zardari who leads the Pakistani Peoples Party (PPP), only months ago was in prison under charges of graft, taking kickbacks so brazenly that he is known to Pakistanis as "Mr. 10%." But thanks to Musharraf's sacking of justices and the resulting dismissal of charges, Zardari is here now to fill the populist shoes of his assassinated wife.

He is atop a Taliban-al-Qaeda hit list intended to accelerate the pace and scope of the coming vacuum. Also on the list is Chief of Army Staff General Kiyani, a Musharraf appointee who is American trained with American friends. As well, the PPP's Rehman Malik, advisor to the Interior Ministry - under which command of the Frontier Corps falls. Likewise, top leaders of the Awami National Party (ANP) make the list. The ANP is the majority ruling party in the North West Frontier Province (NWFP), and its capital is Peshawar, long a favorite roost for al-Qaeda. At least four of its top leaders have already gasped their last breaths.

And the PPP's Pakistani Prime Minister Raza Gilani is clearly on the list. Though he was not in it at the time, his motorcade came under sniper fire last Wednesday. Of particular note is that the round pierced through the double-layered bullet proof glass in the limo. The kind of rounds required to do that simply are not sold over the counter at the Peshawar Bass Pro Shops.

The change in tactics is clear: Just as in Bhutto's assassination, snipers and close range small arms are seen as more effective than the traditional suicide bombing for al-Qaeda's high value targets. The first attempt on Bhutto's life failed, recall. And that was a bombing that struck the vehicle but failed to kill her. A handgun at close range did not.

The intended targets are equally clear: All political and military figures seen as sympathetic to the United States and its pursuit of al-Qaeda.

Nawaz Sharif: Bought & Paid For By Al-Qaeda

Equally clear and critically important is that Nawaz Sharif is, as he has ever been, safe from the long knives of al-Qaeda. And al-Qaeda is executing a longer, drawn out 'Night of the Long Knives,' eliminating its foes inside Pakistan, sewing strife and chaos - the conditions under which it thrives, especially in under-developed (but not undeveloped) nations.

Nawaz Sharif, under current law, cannot be elected to office. Yet he craves the presidency for all the power and control it holds. And if al-Qaeda can create a large enough vacuum through political eliminations, key military assassinations and general accompanying chaos through a wave of terror, the law will not matter and Nawaz Sharif can rise to power as the only remaining national political figure of significance in Pakistan.

Understand that Nawaz Sharif, as reported in the Pakistani press and noted by Michael Scheuer in his first book, received approximately ten billion rupees in "campaign donations" from Usama bin Laden in his first failed run for Prime Minister in the 1980's. This sum is incredibly significant. He was largely bankrolled by bin Laden. A better way to term it is 'payroll,' especially in that part of the world.

Nawaz is not a part of al-Qaeda and is not ideologically inclined as they are. he is, rather, the consummate corrupt and power hungry politician who will take all suitors to seek his ambitions. The long and short of it is that Nawaz Sharif is and has been bought and paid for by al-Qaeda. This is why he does not ever appear threatened. Not then, and not now.

After Nawaz: Hamid Gul Awaits His Destiny

But he will one day have run his course and expended his usefulness to al-Qaeda and will then meet a similar fate as that which al-Qaeda now seeks for Zardari, Gilani, Kiyani and the rest.

Should al-Qaeda ever be able to manufacture that day, there will be but one Pakistani man left to rise and seize the nuclear-armed Pakistan's reins. Hamid Gul. Far more than a useful idiot, as al-Qaeda surely sees Nawaz Sharif, but a friend of bin Laden and former ISI director known as the Father of the Taliban. That's the man who waits partially in the shadows of a slow-motion insurgency. The man who would make al-Qaeda defacto ruler of a nuclear state.

"In a conversation with this reporter in October 2001, Gen. Gul forecast a future [Pakistani] Islamist nuclear power that would form a greater Islamic state with a fundamentalist Saudi Arabia after the monarchy falls." --Arnaud de Borchgrave, August 2004

That's the al-Qaeda progression. Nothing assures its completion, but little impedes it from within Pakistan.

Conclusion: Tough Choices, Limited Control & Influence

The schizophrenic and Balkanized Pakistani government grows weaker by the day, and conflict between the Pakistanis and the United States and India is stoked at an increasing pace. The Pakistani Army lacks the stomach to wage war against fellow Pakistanis in the decisive, face to face manner in which the Taliban-al-Qaeda alliance must be defeated. (Distinguishing between al-Qaeda and the Taliban has rapidly diminishing utility.) The Frontier Corps, part of the Interior Ministry once seen as the only branch of the government solidly loyal to American ally Musharraf, is increasingly infiltrated and staffed by men sympathetic and/or loyal to the Taliban-al-Qaeda alliance. And the Frontier Corps is Pakistan's 'front line defense' against the same.

The next President of the United States will inherit a seemingly irretrievably sinking Pakistan, the solution to which will make Iraq appear a walk in the park. But do not think that without Iraq that the problem of Pakistan would be lesser today. For unless we were ever actually inside Pakistan, boots on the ground, Pakistan's course is and was far beyond our control in the long run. In 2001, they had a choice. Musharraf made it, but could not keep it. The absence of Iraq could not have changed that, no matter how many troops were or were not in Afghanistan.

However, the ultimate solution to the defeat of al-Qaeda in Pakistan is one centered on a popular civilian rejection of al-Qaeda and the Taliban where they lay in Pakistan's tribal areas along the Afghanistan border. This was how al-Qaeda was defeated in Iraq, and decisively so. The central question is how can we (to ideally though not assuredly include Pakistani forces) protect the citizens and their villages in order to embolden them to stand up against the terrorists? We need to identify who they are and how we can gain their trust - and be prepared to do what's necessary to keep it, just as we did in Iraq. But even more fundamentally, do enough of them actually even want to?

What to do moving forward to impede al-Qaeda's sowing of chaos is a path fraught with daunting questions and difficult choices with none of them pleasant. But as Pakistan fails - and its leaders liquidated - the choices become exponentially fewer. The clock ticks and is not our friend.

  • AudioFebruary 2, 2010
    [Listen Here]
    What on Earth can Usama bin Laden, the mystical calculus of climate change and US Homeland Security have in common? Does bin Laden really agree with the President of the United States on matters weather? How is it that the...

Special Reports

Recent Features