The Ultimate Needle in the Haystack: Finding Terrorists Through Their Passwords
The terror attacks last week in Manchester and over the weekend on the London Bridge and Borough Market in central London were appalling and has left many of us in shock. Even the idea that self-radicalized, disenchanted young men would attack young concert-goers with sophisticated bombs or use a van as a weapon and then jump out of the vehicle to stab bystanders with knives is as scary as it is unpreventable in modern society. After these brazen attacks, however, British Prime Minister Theresa May spoke out about the internet acting as a safe haven for terrorist plotting:
“We cannot allow this ideology the safe space it needs to breed – yet that is precisely what the internet, and the big companies that provide internet-based services provide. We need to work with allied democratic governments to reach international agreements to regulate cyberspace to prevent the spread of extremist and terrorism planning.”
So, let’s try and take her position, drilling down on some terror-related passwords from our historical PitchFork* database of about 4 billion compromised cyber prints.
As we look at ISIS, clearly there are a lot of wannabes. In fact, the vast majority of these accounts using these passwords don’t belong to real terrorists. But in making sure there’s not a few “flight school enrollees", every single account must be vetted, and if valid, shared across all law enforcement platforms. In fact, Ms. May does have an important point here, which is, we need to think globally in terms of law enforcement information sharing. The one found needle in the haystack could be that one piece of the puzzle that stops a terror attack and saves lives.
Years ago I was a member of a crime consortium list serve. About 1,500 global members talked about cyber crime and the various ways to investigate and prosecute online criminals. Members shared ideas on how to move cases along, including information on where to send subpoenas to get access to online accounts at ISP’s. We’d all follow the rules and protocol on credit card fraud cases, phishing scams, ransomware - almost any online case - except child porn. If someone was working a child pornography case and needed access to any account anywhere, the rules were broken, protocol went out the window, and even pensions were put at risk. Information moved much faster without restrictions in these cases. Employees at ISP’s gave up account information, in violation of their corporate privacy policies, and didn’t care if they got fired for it. Saving an innocent child from exploitation meant everyone moving quickly to save that kid. It was quite amazing to see global law enforcement kick into another gear.
With respect to those exploited children, the same sense of urgency and sharing needs to happen on all terror leads and cases on a global scale.
*At Insedia, we’re happy to share expanded data from Pitchfork with any law enforcement agency.
Join Us. We are waiting for you!Sign Up Today!
We welcome you to our community where you can gather and share information on debts and issues which may have your life unsettled. Together we thrive!