I wonder what the DNI will think of this new threat...
'Warcraft' Sequel Lets Gamers Play A Character Playing 'Warcraft'
Saturday, June 14, 2008
Thursday, June 12, 2008
When Tom Dempsey of the US Army's Peacekeeping and Stability Operations Institute ("the US military's premier center of excellence for mastering stability and peace operations...") agreed to sponsor a strategic intelligence project with my graduate students last winter, I have to admit I was nervous. I had worked with Tom before and I knew he was going to ask tough questions and demand good, well researched and thoroughly analyzed answers. That didn't bother me, though. That is just another day at the office. What bothered me was the topic.
I knew Tom was interested in security sector reform in Africa and that is a tough nut to crack from here in Erie. It requires our very best student analysts to use their most sophisticated open source skills to acquire and then analyze relevant and reliable information from Africa. Its not impossible; just hard to do and in a ten-week course, there is not much room for failure.
Fortunately, the team that put together A Strategic Study Of Security Sector Reform In Sub-Saharan Africa was top quality and their wiki based product is available as of today for public viewing (Tom was even kind enough to link it to the PKSOI site). Specifically, the students were asked to provide answers to the following questions (part of their Terms of Reference):
- What international or regional authorities, bilateral partnerships, or non-governmental organizations currently are and are likely to remain major players in security sector reform, specifically with regard to the civil oversight, administration of justice, and law enforcement sectors, in Liberia, Sierra Leone, Democratic Republic of Congo, and Sudan?
- What are the strategies and resources that are being used and are likely to continue to be used to build capacity and sustainability in the civil oversight, administration of justice, and law enforcement sectors in Liberia, Sierra Leone, Democratic Republic of Congo, and Sudan? Why have these strategies been selected and, if appropriate, why are they likely to continue to be used? Can any of these strategies be used as benchmarks for effectiveness?
- What are the likely short (12 months), medium (2-3 years), and long term (3-5 years) impacts of civil oversight, administration of justice, and law enforcement reform policies currently in place in Liberia, Sierra Leone, Democratic Republic of Congo, and Sudan?
If you are not particularly interested in security sector reform in any of the four targeted countries (Liberia, the Democratic Republic of Congo, Southern Sudan or Sierra Leone) and you are already familiar with wiki-based analytic projects (like this one and this one and this one), you might still find the methods used in the study to be of some interest. The students used a multi-method approach (much like the study on the role of non-state actors in sub-Saharan Africa) that included comparative case study analysis, accelerated analysis, social network analysis and a matrix-style analysis. The multi-method approach allows analysts to essentially triangulate their estimates and can be very effective if, as here, done correctly.
Of particular interest from a methodological standpoint are the social network analyses and the multi-attribute matrix. The social network analysis examined the connections between each of the organizations within the country in order to determine a wide variety of qualities (such as "closeness" and "betweenness") attributable to each of the organizations examined. The chart below is one of the 3-D graphs of a social network of agencies in Sierra Leone built using the amazing UCINET software.
The multi-attribute matrix looked at each of the programs in all four countries against the stated goals of those programs with respect to security sector reform and made estimative evaluations about how successful each of the programs was likely to be in meeting those criteria. Some of the programs did not do very well because they were small, some did not do well because they were only partially designed to impact the security sector and some did not do well because the political environment was not conducive to the methods that the program was using. Whatever the reason, in the end, the students were able to give a rough estimate of what were likely to be the most and least effective programs attempting in whole or in part to reform the security sector in the four countries. Combined with the data from the other methods used in the analysis, they were able to come up with some pretty nuanced answers to the questions they had been asked and some interesting trends in general.
The Virtual Jihad Project
Non-state Actors In Sub-Saharan Africa
A Wiki Is Like A Room...
You know when you have published a good post when a ton of people reply with links or other resources on the same topic. Here is a quick list of some additional steganographic and other resources (in no particular order) received by SAM over the last 48 hours:
- The Steganography And Analysis Research Center
- Information Hiding: Steganography & Digital Watermarking
- Steganography Detection with Stegdetect
- Center For Information Technology Integration
- Secure Communications Operational Tradecraft
- Pictorial Semiosis: The Way Pictures Mean
- The NSA's Kid's Page
(Thanks to Greg, Mark, Linda, Jeffrey, J. and Rex and all the others who read, participated or commented!)
Tuesday, June 10, 2008
As a child, I remember being fascinated by the story about the ancient Greek king, Histiaeus, who reportedly shaved a servant's head and tattooed a secret message on it. By the time the servant entered hostile territory, the message was hidden by hair. I thought at the time that this was immensely clever. It was also my introduction to steganography, or the art of hiding messages more or less in plain sight.
Today's steganographers have gotten pretty sophisticated and are able to hide documents in the pixels of a picture. The picture below, for example (from the game Forbidden Kingdom), contains an entire MS Word document.
Really. No kidding.
I used a clever little program called "s-tools" and the tutorial on MakeUseOf to convert my GIF image into a GIF image with a secret message. If you want to find out what the message is, you need to click on the image above. When the new page opens up with the larger image of the picture, right click and "save image as". You got it right if you have saved an image called steganography.gif. Then download the software and follow the instructions (Note: The site to download the software appears to be Slovenian. I have downloaded the software to two separate computers and virus checked both downloads with two separate virus checkers. McAfee SiteAdvisor also gives the site a green light. Still, as with any software, take care in downloading it to your computer). You will also need to know the passphrase, which is "sam" (lower case, no quotes) and the encryption algorithm, which is IDEA. It is extremely user friendly -- all drag and drop and point and click.
Of course, once you start looking for steganography tools, they are easy to find and there is some concern that terrorists or organized crime gangs are using steganography techniques to hide instructions or other data of interest. All the more reason to understand it, to my way of thinking.
S-tools itself has been around since 1996 (you get a little pop-up when you first open the software that indicates that the program has been built taking into account the "new" features available in Windows 95...). It is so old that I suspect that the bad guys have already found it and used it and the good guys have already figured out how to crack it. Still, if you are not familiar with steganography and want to understand it better, I recommend this exercise (I think it would generate some real classroom interest as well).
Posted by Kristan J. Wheaton at 11:43 AM