Friday, April 23, 2010

Drive-by Reviews Of Analytic Methods (

Everyone has heard of a drive-by shooting but what about a "drive-by review"?

I am teaching a graduate seminar in Advanced Analytic Techniques this term. The core of the course is a series of student projects that hyperfocus on the application of a particular analytic technique (such as patent analysis or social network analysis) to a discrete topic (such as the political situation in Turkey or the future of oil and gas exploration in the Caspian Sea). The best of these projects wind up in The Analyst's Cookbook.

Each week, however, in addition to diving deep into these individual techniques and topics, we also work as a group to come to some conclusions about a number of other techniques. In preparation, each of the students selects, reads and summarizes a number of articles on whichever technique is under the microscope for the week.

They then post these summaries and links to the full text of the articles on our Advanced Analytic Techniques blog. Each Thursday, we sit down and have a discussion about the readings. We also run a short exercise using the technique. From the combination of discussion and exercise, we try to answer four questions:

  • How do we define this technique?
  • What are the strengths and weaknesses of this technique?
  • How do you do this technique (Step by step)?
  • What was our experience like when we tried to apply this technique?
Once we think we have pretty good answers to these questions, we post what we have developed to the blog in order to capture our collective thinking on the technique in question.

Obviously, this is where the term "drive-by review" comes from. Such an exercise only serves to familiarize the students with the technique under consideration. The blog format, however, permits us to open this series of exercises up to practitioners, academics and intel studies students at other institutions for comment and additional insights -- which is what I am doing with this post.

This year, due to the very large size of the class, we are actually able to do a little comparative analysis. I have divided the team into two halves. We explore the techniques collectively but each team comes to it own conclusions independently. It is sort of like getting a second opinion after a visit to the doctor.

Last week we took a look at Delphi and this week we are examining Roleplaying. Over the last couple of weeks we have looked at Best Practices, Red Teaming and Imagery Analysis.

Don't hesitate to jump in! We learn from your experience and expertise.
Reblog this post [with Zemanta]

Monday, April 19, 2010

The Whole Of The Cyberthreat In A Single Tweet (

According to ReadWriteWeb, Raffi Krikorian, a developer for Twitter, posted a complete version of a single "tweet", or 140 character Twitter message, this weekend on

You can see the results for yourselves below:


In addition to the 140 (or less) characters in a tweet, this map shows all of the metadata thrown off by each and every post.

Some of this stuff is harmless but it is surprising how little metadata it takes to uniquely identify a particular computer. Don't believe me? Check out Panopticlick. Based on their fairly clever method, it only takes about 33 bits of data to uniquely ID a computer.

Note, I said ID the computer, not the user behind it. Likewise, knowing which 33 bits of data one needs to hide or dirty up helps the bad guys hide themselves and makes it difficult if not impossible to determine attribution by technical means alone.

More importantly, it leaves the rest of us, who do not know how much personal and identifying data we are providing, at the mercy if those who do. "Those who do" doesn't just include criminals either. It includes corporations and governments as well.

What to do about all of this is beyond me (though I think Jeff Carr at IntelFusion does some of the best thinking on the subject) but it is charts like this one that, for me, highlight the importance of this issue.
Reblog this post [with Zemanta]