Stratfor's dirty laundry and open source intelligence.

02 March 2012

The latest revelation by Wikileaks of what happens behind the scenes in the twenty-first century began publication on Monday. Called the GI Files (for Global Intelligence), it is said to be made up of approximately five million e-mail messages and associated documentation copied from the e-mail servers of Strategic Forecasting, Incorporated (Stratfor) by adherants of the Anonymous meme and passed on to Wikileaks some time last year. Due to the gargantuan volume of data Wikileaks has opted to release smaller quantities of information every day rather than overwhelm everyone with information. Predictably, spin control efforts on all sides started up soon after and it's starting to get difficult to find useful information out there. Criticisms of the leak were the first thing to be posted by many; I'll not speak to many of those because there are as many criticisms as there are opinions, and people can fight that out as they will. It isn't of interest to me. However, there are a few points that I think need to be cleared up.

Stratfor bills itself as a "provider of geopolitical analysis," which is a fancy way of saying that their business is hoovering up information about world politics (more specifically, they have specialists in certain fields gather information about their field, put the information together, and figure out what it means). They then sell their briefings and services to whomever wants to pay for them, be it private individuals with lots of money to burn (reportedly, a Stratfor subscription can cost around $20kus per year), corporations, or possibly even government agencies (if they felt like it). A lot of Stratfor's information seems to be what is referred to as open source intelligence, or freely available information, everything from newspaper articles to Twitter feeds to blog posts, to whatever else an analyst can get their hands on, though there are allusions that certain analysts working for Stratfor had cultivated contacts in some places one wouldn't expect a corporation to have access. That last bit, I guarantee, caused a spike in the number of extra cups of coffee, "one last" cigarettes smoked, and sweat-soaked brows inside the DC Beltway.

Disclaimer: I'm only going to talk about OSINT (open source intelligence) in this post. If I actually did have a job as an intelligence officer I wouldn't even have this blog, let alone be writing about my job.

Stratfor does for profit what intelligence agencies do every day, basically. They collect information relevant to some field of inquiry and then sift through it to figure out what it all means and what it says about something going on. If anything directly applicable to whatever it is you're doing comes up, the proper officials are notified. Most raw intel is, frankly, crap: lots of information that has nothing to do with what you're keeping an eye on, some wild rumors, jetwash from people who clearly don't know what they're talking about but get published anyway, and duplicates from multiple sources. In a given body of text (let's say a magazine article) there might be one or two pieces of relevant information. The classic OSINT sources are newspapers and newscasts from around the world but just about every online service out there is now a potential source because people love writing about what's going on around them. Once all of that has been waded through the duplicates have to be reduced to a single entry because there's no sense in having the same thing in a report dozens of times (though it might be worth noting how often it appeared in the original data set because that suggests trustworthiness, or at least how widely disseminated information is at time t). Then you have to consider the sources: which are reasonably trustworthy, which aren't, which might be on to something, which might be disinformation, and which are of high importance. Ideally, such an information gathering effort has multiple teams, with at least one dedicated to gathering information and separate teams to analyze it.

Then the hard work takes place, making sense of it all. The questions that must be answered are "What does all of this mean?", "What is going on?", and "Does this apply to anything we're doing?" This process takes a lot of time because it's not just reading, but thinking, considering, and understanding each fact in context. The analyst has to figure out not only what the facts are saying separately and together, but what they're saying in a number of different contexts, at different times (Before or after the bombing? At the same time as the press conference or shortly afterward?). Often, the analyst is also tasked with figuring out how to write a report that isn't unnecessarily panic inducing or anesthetic to the reader. Most importantly, the question "Do all of these facts make sense when you put them together?" must be answered. These aren't necessarily easy questions to answer and this work is time consuming. There is software out there that's supposed to help speed the process up a bit but not a lot of it gets published, or even talked about because it's highly task-specific (i.e., it was written by a particular group to fit their very specific requirements and chances are it wouldn't do the right thing for anyone else). This is why their reports are said to be three weeks to a month out of date; it took that long to go through the data, make sense of it, and write a report. If anything, this might be fast for the production of finished intelligence product.

We now need to consider some of Stratfor's analysts bragging that they've got contacts in fairly arcane places, places that corporations rarely have lines of communication. In particular, the boasts of having a Mossad agent or two on the payroll (more cigarettes, swearing, and cold sweats on the other side of the Atlantic) or access to some of the stuff seized from Osama Bin Ladin's compound when it was raided last year. So far, I'm inclined to think that those e-mails were just that - boasts. No civilian in their right mind would boast on an internal mailing list that they had access to such information as disks taken from Osama Bin Ladin's compound; that's the domain of military intelligence, which would suggest to counter-intelligence that there was a leak. Whenever CI suspects a leak, Shit Gets Real(tm), and everybody even vaguely connected to the leak gets shaken down, military or not once word gets out, and the possibility of word getting out is enough to earn one a crash course in discretion from one's cow-orkers. Now, let's assume that it was jetwash: $analyst's mouth is writing checks that $analyst's ass can't cash. Hardly a career-enhancing move. So, barring further evidence my inclination would be to not make too much of it.

Now, the $20k/year question: Why Stratfor is important. A common criticism of Stratfor is that their intelligence reports are always a couple of weeks out of date and don't really tell you anything that you can't figure out for yourself with Google. This is true. This is also a huge time (and therefore, money) sink. In the private sector most of us aren't paid to browse the web for hours on end, which is one of the ways OSINT is gathered. Even if part of your job is keeping up with what's going on in a certain field that time is still questionably spent. If the information a particular person picked up is used (i.e., actionable) then it was money well spent. If not, it's overhead and cuts into profits. It was work that didn't really contribute solidly to the bottom line, and from a corporation's point of view that's the important thing. At least in the United States, outsourcing certain business functions to companies that specialize in them is the way to go and keeping an eye open is apparently no different. Again, when you look at the bottom line which of the two is likely to be cheaper (assuming a real business need for military-style intelligence):

  • Hiring a company that specializes in open source intelligence to gather, analyze, and interpret information.
  • Spending x millions of $currency{'local'} setting up and running an intelligence arm.
Chances are, it's the former. Spend a couple of million dollars financing an in-house intelligence department, or spend a couple of thousand dollars buying the same reports. There isn't really a decision to be made there. Hiring Stratfor (or one of its competitors) gives you more bang for your buck.

As for the hijinks that are occasionally exposed on Stratfor's internal mailing lists it's only somewhat surprising that there are people shooting their mouths off. Internal mailing lists in general are boring for everyone but the people on them, and even then sometimes there is a perceived need to liven things up a little bit. Some unprofessional behavior is unavoidable in such a forum, but smart people will keep it within certain bounds and not annoy the higher-ups too much. Pet names for projects and people are common because acronyms (like facts) start wearing on you after a while and you can't keep track of what's what without a scorecard (or cutesy names like PROJECT RABID PANTHER). So, Stratfor personnel screwing around in official fora are par for the course. Nothing to see here, move along.

Speaking to the authenticity of the e-mails, I remind everyone once again that cryptographic signatures are commonly used in corporate communications to prove not only that messages have not been tampered with, but were likely sent by the person the public key corresponds to. I would advise people watching the GIfiles releases to see which messages have digital signatures on them (or signs that there were once digital signatures) and which don't. Also, I would advise checking the files that are published to see if they support digital signatures and if so, which have them and whether or not they can be verified. To speak to the accusations that the e-mails are all fakes, it's difficult to forge five million e-mails effectively. Hell, it's difficult forging any significant volume of data effectively - just ask anyone running a Call of C'thul'hu LARP who wants to make a mythos tome for the players. The obvious tactic is to make lots of files full of garbage, but this is plainly not what was done. It could be done with software but the output is characteristically... weird. Nonsensical. Think Luna Lovegood on acid. The e-mails published so far have none of the syntactic idiosyncrasies of Markov chain generators or dictionary digesters. I rather doubt that Anonymous has enough people on task at any time to write several million e-mails (with consistent SMTP headers, incidentally) that are all internally consistent when consideded as discussion threads or conversations, plus all of the .pdf, .docx, and .xlsx files that are part of the archive. Unless Anonymous has an artificial intelligence that they're not talking about, and I think it's a little too early in the timeline for that.

So, to sum things up, all of the Stratfor revelations are not terribly different from what one would expect of a company whose sole business is to keep an eye on things and figure out what might be coming down the pike. There doesn't seem to be any shortage of them these days, but as one would expect they make an effort to minimize their exposure because they're (obviously) high-value targets for compromise. I can't speak to their accuracy because I've never been a customer of theirs (nor have I worked for any, to the best of my knowledge) but I'd expect it to be roughly the same as that which the United States government has officially stated (when last I checked, the figure was hovering on the low side of 10%). Stratfor certainly isn't doing anything new, but they are noteworthy in that they are a corporation and not a government agency. I think we're going to see some interesting things, and some things that are going to piss a lot of people off are going to come to light, but ultimately we're not seeing much that is either groundbreaking or apocalyptic.

Then again, I might be wrong because we've seen only a small fraction of what was leaked thus far. Time will tell, and I've got crow in the freezer waiting to defrost and a bottle of white wine in the rack for such an occasion.