Intelligence&security analysis

MetaTerror: The Potential Use of MMORPGs by Terrorists

By Andrew Cochran

Co-Editor's Note: Roderick Jones, a friend of several of us here who runs the private intelligence practice of Concentric Solutions Int'l, submitted this concept paper, and I wanted to post it for your consideration. Please send your comments to him as well as to me. Andrew Cochran)

The "Metaverse" is a phrase that was first used in Neal Stephenson's science fiction novel Snow Crash. In this science fiction novel written in 1992, the Metaverse can be accessed via public-access computer terminals where you then control your character known as an avatar. This phrase and concept has now become a reality through a number of what are known as Massive Multi-player Online Role Playing Games (MMPORGs). While some of these games, such as World of Warcraft, have a clear gaming identity the purest version of a digital 3-D world to emerge so far has been Second Life created in San Francisco by Linden Labs. Second Life allows for a high degree of flexibility within its user created content and has a currency (known as the Linden) that can be freely exchanged against the US dollar. Second Life now boasts over four million users with probably a tenth of that number being active participants. No identification is required to open a basic account, but to own ‘virtual-land' a paypal or credit card account is required. A number of Real-Life companies have established commercial interests in Second Life in order to test new products or simply to increase the exposure of their brand. Real-Life universities and non-profits have also established learning centers within Second Life to take advantage of the dispersed learning environment.

As Second Life develops a number of factors are becoming apparent about the way in which people use the world. The first is the rapid nature of the personal connections formed within Second Life (SL) between their in-world characters (avatars). The founder of Second Life, Philp Rosedale, has speculated that the artificial barrier between people, in the form of a computer screen, actually enhances the communication process rather than hinders it. Therefore, people within Second Life are willing to interact with strangers in a way that they would not in Real Life. Communication is conducted through a form of Instant Messaging but there are plans to introduce a Skype style VOIP into the world. Therefore, Second Life is one of the more potent of the new social networking environments to have recently emerged. These in-world connections have led to the formation of a number of groups and also successful SL companies that have acted as the interface between real-life companies and SL. A company such as Reebok, will therefore hire an SL company such as Rivers Run Red, or Millions of Us, to design and maintain its in-world presence. These SL companies benefit from being able to have their staff dispersed across the world and thus are able to work collaboratively without being in the same location. This decentralization means that a wide range of skills can be applied to a project from a variety of localities.

While the makers of Second Life (Linden Labs) pursue an admirable utopian ideal these metaverse systems can potentially also be used by those seeking to pursue a radical agenda. Many of the overwhelmingly positive features of Second Life can be adapted for negative Real Life means. The rapid and potent way in which communication takes place would seem to be an ideal platform for recruitment into radical groups, especially given the age range of those engaged in the world, which is typically 18-34. The teaching capabilities of the world can clearly be adapted for use by terrorists.

Streaming video can be uploaded into Second Life and a scenario can easily be constructed whereby an experienced terrorist bomb-maker could demonstrate how to assemble bombs using his avatar to answer questions as he plays the video. Using the decentralized organization effect, already successfully used by SL companies, the bomb-maker and his pupils can be spread around the globe and using instant language translation tools (available in the world) could be speaking a variety of languages. Just as Real Life companies such as Toyota test their products in Second Life so could terrorists construct virtual representations of targets they wish to attack in order to examine the potential targets vulnerabilities and reaction to attack. But possibly by far the most useful tool currently available to radical groups is the ability to transfer in-world money between avatars that can be translated into real currency. The Second Life currency of Lindens (approximately $270L to $1US) can be bought using a credit card in one country and credited to one avatar (account) and can be given to a co-conspirator avatar in another country. The person controlling this second avatar can then convert these lindens to the real-world currency wherever they are based using a local credit card or paypal equivalent. Clearly the ability to transfer money in this fashion is a very useful function. While Linden Labs sets a limit on the amount of currency an avatar can buy or sell (typically $5000US) this is likely to change and $5000 gets you a long way in many parts of the world.

In his excellent book on the economics of "Synthetic Worlds," Edward Castronova examines the issue of terrorism and describes future virtual world where flight simulators can be meshed onto other software to dry-run potential future 9/11s. While this dramatic scenario is not unrealistic it neglects the current potential impact of these worlds, which is the turning of their clearly positive social attributes to radical ends. You can obtain more information here.

Roderick Jones

Concentric Solutions

By Andrew Cochran on March 1, 2007 3:00 PM

Ed note: This is Part 1 of a paper written in June 1999 by Lisa Krizan of the Joint Military Intelligence College. It is reprinted here by permission. Part 1 and 2 were published as complete documents, as chapters in a book (thus the odd footnote and figure numbering) and also as a general overview of the intelligence process on the Society for Competitive Intelligence Professionals (SCIP) website. This paper discusses basic intelligence techniques and methods, and is part of our series on the "Secret Amateur Spy." Addition parts of this series will appear in both the Location Intelligence and Directions on Data newsletters. The next part of this series will appear in the October 11th Directions on Data newsletter.

Part I - Intelligence Process

Intelligence is more than information. It is knowledge that has been specially prepared for a customer's unique circumstances. The word knowledge highlights the need for human involvement. Intelligence collection systems produce ... data, not intelligence; only the human mind can provide that special touch that makes sense of data for different customers' requirements. The special processing that partially defines intelligence is the continual collection, verification, and analysis of information that allows us to understand the problem or situation in actionable terms and then tailor a product in the context of the customer's circumstances. If any of these essential attributes is missing, then the product remains information rather than intelligence.18

The intelligence profession, already well established within government, is growing in the private sector. Intelligence is traditionally a function of government organizations serving the decision-making needs of national security authorities. But innovative private firms are increasingly adapting the national security intelligence model to the business world to aid their own strategic planning. Although business professionals may prefer the term "information" over "intelligence," the author will use the latter term to highlight the importance of adding value to information. According to government convention, the author will use the term "customer" to refer to the intended recipient of an intelligence product - either a fellow intelligence service member, or a policy official or decision maker. The process of converting raw information into actionable intelligence can serve government and business equally well in their respective domains.

The Intelligence Process in Government and Business

Production of intelligence follows a cyclical process, a series of repeated and interrelated steps that add value to original inputs and create a substantially transformed product. That transformation is what distinguishes intelligence from a simple cyclical activity.19 In government and private sector alike, analysis is the catalyst that converts information into intelligence for planners and decision makers.

Although the intelligence process is complex and dynamic, several component functions may be distinguished from the whole. In this primer, components are identified as Intelligence Needs, Collection Activities, Processing of Collected Information, Analysis and Production. To highlight the components, each is accorded a separate Part in this study. These labels, and the illustration below, should not be interpreted to mean that intelligence is a uni-dimensional and unidirectional process. "In fact, the [process] is a multidimensional, multi-directional, and - most importantly - interactive and iteractive."

The purpose of this process is for the intelligence service to provide decision makers with tools, or "products" that assist them in identifying key decision factors. Such intelligence products may be described both in terms of their subject content and their intended use.

Any or all of these categories may be relevant to the private sector, depending upon the particular firm's product line and objectives in a given industry, market environment, and geographic area.

A nation's power or a firm's success results from a combination of factors, so intelligence producers and customers should examine potential adversaries and competitive situations from as many relevant viewpoints as possible. A competitor's economic resources, political alignments, the number, education and health of its people, and apparent objectives are all important in determining the ability of a country or a business to exert influence on others. The eight subject categories of intelligence are exhaustive, but they are not mutually exclusive. Although dividing intelligence into subject areas is useful for analyzing information and administering production, it should not become a rigid formula. Some intelligence services structure production into geographic subject areas when their responsibilities warrant a broader perspective than topical divisions would allow.22

Similarly, characterization of intelligence by intended use applies to both government and enterprise, and the categories again are exhaustive, but not mutually exclusive. The production of basic research intelligence yields structured summaries of topics such as geographic, demographic, and political studies, presented in handbooks, charts, maps, and the like. Current intelligence addresses day-to-day events to apprise decision makers of new developments and assess their significance. Estimative intelligence deals with what might be or what might happen; it may help policymaker's fill in gaps between available facts, or assess the range and likelihood of possible outcomes in a threat or "opportunity" scenario. Operational support intelligence incorporates all types of intelligence by use, but is produced in a tailored, focused, and timely manner for planners and operators of the supported activity. Scientific and Technical intelligence typically comes to life in in-depth, focused assessments stemming from detailed physical or functional examination of objects, events, or processes, such as equipment manufacturing techniques.23 Warning intelligence sounds an alarm, connoting urgency, and implies the potential need for policy action in response.

How government and business leaders define their needs for these types of intelligence affects the intelligence service's organization and operating procedures. Managers of this intricate process, whether in government or business, need to decide whether to make one intelligence unit responsible for all the component parts of the process or to create several specialized organizations for particular sub-processes. This question is explored briefly below, and more fully in Part VII.

The structure of Army special operations forces, their capabilities and characteristic mission profiles, and the role of intelligence in supporting them are described in a newly disclosed U.S. Army field manual.

There are nine distinct missions for Army special forces, including: unconventional warfare, direct action, counterproliferation, foreign internal defense, psychological operations, and "special activities," which is the DoD euphemism for covert action.

"Special activities fall under Executive Order 12333, United States Intelligence Activities," according to the Army field manual. "They require a presidential finding and congressional oversight. ARSOF [Army Special Operations Forces] conduct them abroad in support of national foreign policy objectives, but in a manner that USG [US Government] participation is neither apparent nor publicly acknowledged."

The 200-page Army field manual, which remains in effect, was issued in 2001. A copy of the unclassified document was obtained by Secrecy News.

See "Army Special Operations Forces Intelligence," Field Manual FM 3-05.102, July 2001:

http://www.fas.org/irp/doddir/army/fm3-05-102.pdf

Students at Mercyhurst College created a wiki-based resource on global disease to support the National Intelligence Council, while demonstrating the utility of the wiki approach for intelligence analysis.

"The fundamental question had to do with the impact of chronic and infectious diseases on US national interests over the next 10-15 years," said Prof. Kristan J. Wheaton, whose class produced the wiki.

"The 26 students in the class worked for the 10 weeks of the course on the project, producing over 1000 pages of analysis on every country in the world. They also wrote global, regional and national interest reports. They even produced a process report that talks about how they did what they did and several videos to accompany the reports. The project was completed using entirely open sources."

"The final product is interesting on a number of levels," Prof. Wheaton told Secrecy News, "not the least of which is the way in which wiki technology facilitated the analysis." A description of the activity with a link to the final product can be found on the National Intelligence Council web site here:

http://www.dni.gov/nic/research_globaldisease.html

The security classification regime in use within the federal executive branch traces its origins to armed forces information protection practices of the World WarI era.

The classification system - designating information, according to prescribed criteria and procedures, protected in accordance with one of three levels of sensitivity, based on the amount of harm to the national security that would result from its disclosure - attained a presidential character in 1940 when President Franklin D. Roosevelt issued the initial executive order prescribing these information security arrangements. Refinements in the creation, management, and declassification of national security information followed over the succeeding decades, and continue today. In many regards, these developments represent attempts to narrow the bases and discretion for assigning official secrecy to executive branch documents and materials. Limiting the quantity of security classified information has een thought to be desirable for a variety of important reasons: (1) promoting an informed citizenry, (2) effectuating accountability for government policies and practices, (3) realizing oversight of government operations, and (4) achieving efficiency and economy in government management. Because security classification, however, was not possible for some kinds of information deemed in some quarters to be "sensitive," other kinds of designations or markings came to be applied to alert federal employees regarding its privileged or potentially harmful character. Sometimes these markings derived from statutory provisions requiring the protection of a type of information; others were administratively authorized with little detail about their use.

In the current environment, still affected by the long shadow of the terrorist attacks of September 11, 2001, several issues have arisen regarding security classified and controlled information. Volume is a concern: 8 million new classification actions in 2001 jumped to 14 million new actions in 2005, while the quantity of declassified pages dropped from 100 million in 2001 to 29 million in 2005. Expense is vexing: $4.5 billion spent on classification in 2001 increased to $7.1 billion in 2004, while declassification costs fell from $232 million in 2001 to $48.3 million in 2004, according to annual reports by the Information Security Oversight Office (ISOO) of the National Archives and Records Administration (NARA). Some agencies were recently discovered to be withdrawing archived records from public access and reclassifying them. Critically evaluating this activity, ISOO has indicated that the federal government needs to apply a more ntegrated approach among the classifying agencies. The force of, and authority for,information control markings, other than security classification labels, have come under congressional scrutiny, prompting concerns about their number, variety, lack of underlying managerial regimes, and effects. Among those effects, contend the Government Accountability Office and the manager of the Information Sharing Environment for the intelligence community, is the obstruction of information sharing across the federal government and with state and local governments. These and related matters, including remedial legislation (H.R. 984), are examined in this report, which will be updated as events warrant.

By Robert R. Raffel

The role of intelligence in an airport environment has long been a subject of debate and uncertainty. How much intelligence is out there? Of what quality or usefulness is available information relative to airport security? Could airport security officials properly use intelligence if they could receive it?

Appropriate collection, analysis and dissemination of information useful to an airport is problematic enough; the availability and usefulness of intelligence is even more so.[1] Further, even given the availability of information, what processes have been, or need to be established to leverage the product into something useful? Despite these issues, which are daunting, there are avenues open to the airport security practitioner to receive useful information and to maximize intelligence collection, reception and dissemination.

The Issues

Civil aviation has often been an area of terrorist interest and activity. Long before the events of 11 September 2001, terrorists targeted airports and aircraft. The Rome and Vienna massacres of 1985 were launched against airports themselves. The hijacking of TWA 847 that same year, together with a variety of attacks occurring before and after those events served to identify aviation with terrorism in the public mind. For the terrorist, civil aviation assets remain high-value targets. The vulnerability of general aviation, an area subject to little regulation or security oversight, adds other issues to the calculus of security.[2]

Despite the historical connections between terrorism and civil aviation, public discussion of how best to address issues of information and intelligence in this sphere has been drawn-out, confusing and inconclusive. Each aviation incident brings forth an outcry for better information and intelligence sharing; why, the critics ask, didn't we know more beforehand? Or, conversely, if you knew, why weren't we told?[3]

These issues are also discussed in the airport environment. Airport operators have long felt that timely information and intelligence sharing could help them in their handling of security operations. Proactive security managers realize the importance of preparedness: information outlining threats to airports can help reduce risk. However, most managers are constrained by their inability to access accurate, systematically collected and processed information and by staffing limitations. Little, if any information or intelligence is airport-specific and information that is broader in scope is seldom useful. Finally, an individual airport security coordinator (ASC), depending on his or her own interests and unique capabilities, may have access to varying sources of information.[4] However, the data are often captured on an ad hoc basis rather than in a coordinated, process-driven approach to information sharing and analysis.

Another discrepancy exists in the distinction between openly acquired information and classified intelligence involving the clandestine collection of data or the accumulation of potentially sensitive information. Given the technological explosion of the past decade, information of all types has become ever more readily accessible. In fact, the very availability of information creates a dilemma for the airport security analyst: it is often difficult to separate the useful from the merely repetitive. Intelligence, on the other hand, becomes restricted from public dissemination, is closely held and controlled, and subject to rigorous requirements governing need-to-know. Although efforts have been made at higher governmental levels to share classified information with airports, a lack of standardization and consistency-indeed, the absence of an organized program-have hampered communications.[5]

The issues then, are several:

What types of information are helpful to the airport security operator?

Is it feasible, or even appropriate, for the airport to receive intelligence?

What organizations presently exist to facilitate this function?

Finally, is there a system-wide approach or model that might be used to facilitate the best use of these products?

Open-source information

One of the products of our national effort to counter terrorism since 9/11 has been the application of various types of open-source information to airport security. Pre-9/11 information-sharing groups supporting airports, such as the Airport Law Enforcement Agencies Network (ALEAN), have organized to assist in this task.[6] In its Web page, ALEAN states one of its goals is to "facilitate the rapid exchange of information concerning airport-related crimes." Since 9/11, ALEAN has served as a conduit for information and open-source material directed primarily at the airport law enforcement manager and practitioner. Other national airport and air carrier organizations predating 9/11, such as the American Association of Airport Executives (AAAE), the Airports Council International-North America (ACI-NA), and the Air Transport Association (ATA), among others, have also served to facilitate the full and rapid flow of information to the airport and air carrier communities. Although these entities do not convey intelligence they nonetheless provide means by which useful facts may flow quickly to predesignated groups.

Since 11 September, other groups have formed, some with the primary purpose of forwarding information of use in counter-terrorist activities. One example is the Florida THREATCOM network, which functions at a state level. It is part of the state of Florida's Regional Domestic Security Task Force. It provides information and links for security and law enforcement practitioners. The Florida Department of Law Enforcement (FDLE) also mounts an informative page on domestic security, with a tip line to their Office of Statewide Intelligence.

Cognizant of terrorists' ability to leverage electronic information systems, Florida has also set up "Secure Florida", which seeks, as its Web page states, "To protect...Florida by safeguarding our information systems, reducing our vulnerability to cyber attacks, and increasing our responsiveness to any threat."[7] Groups such as these exist in many other states and throughout the Web, sponsored by everyone from federal and state organizations to think tanks to individuals. Finally, the Florida Division of Emergency Management publishes a daily status briefing, which covers a wide range of topics of interest to the emergency management and law enforcement communities. Many other states have similar organizations that make such information available on a regular basis. The challenge in this area is to identify and prioritize sources that are helpful to the airport security manager.

Local Intelligence

Given the lack of specificity involved with most national-level intelligence, the best information is often local. Most airports, especially those located near large population centers, have access to local law enforcement intelligence groups. Most law enforcement agencies now keep close track of gang-related activity, for example. They also contain intelligence units that have the potential to provide useful information on airport-related activities of these groups and individuals, who also can do great harm. Given criminal activity at airports (e.g., narcotics and arms smuggling, organized and gang-related theft rings, etc.), area-specific information may actually prove better able to identify threats and thus be more useful than information at higher levels.

Another point in favor of paying close attention to local intelligence is that it tends to be more attainable. As mentioned above, most law enforcement agencies have criminal intelligence capabilities, which can be accessed and leveraged by the airport security manager. This information is especially helpful in airport vulnerability analyses, where thorough knowledge of threats helps produce a better understanding of risk.[8]

Some airport managers, recognizing the importance of this type of information, have established groups composed of local and federal law enforcement agencies that meet at regular intervals. At these meetings, principals discuss and exchange local threat information, status of current operations and other matters of mutual interest. Along with information exchanges, groups such as these benefit from the expanded network created and avail themselves of the opportunity to be woven into the tapestry of airport-related law enforcement. This is especially vital today, when an increasing number of law enforcement agencies are involved in aspects of airport security.[9]

Finally, airports themselves can leverage information collection opportunities. Most airport employees require ID media to accomplish their tasks, and airport security staffs receive information relating to each badged individual. This information, although subject to strict rules regarding dissemination, may be and has been used for counterterrorist and criminal investigations. Airport employees themselves, if given guidance and the right incentives, can be used as sources of information about suspicious activities and persons. Orlando International Airport, for example, has established close relationships with local police intelligence units. Gang activity is present both in the community and the airport, in itself a small city that tends to mirror the surrounding area. The airport-police partnership has resulted in the identification and arrests of suspicious individuals on several occasions.

DHS/TSA Information-Sharing Opportunities

Although the process is still evolving, TSA is working on methodologies to collect, analyze and appropriately disseminate intelligence to airports. The Federal Security Director (FSD) is the designated point of contact for the Airport Security Coordinator (ASC). This relationship is partly regulatory but is also a vehicle for sharing aviation-security-related information. [10] FSD's and ASC's who work to develop and cement close working relationships have a unique opportunity to engage in information and intelligence-sharing. In such an arrangement, the FSD gains the airports' insights into local threat groups and airport history with regard to terrorist and criminal activity. The airport, for its part, gains the FSD's access to wider sources of information.[11] Possibilities also exist in the area of vulnerability analysis. The FSD has the bigger picture and should be aware of national and international threat activity; the airport recognizes its inherent vulnerabilities. This situation is ideal for partnership and development of risk identification and mitigation strategies.

A good example of TSA airport coordination involved dissemination of information by TSA to airports concerning the threat of portable anti-aircraft missiles. Following a terrorist attempt to down a civilian aircraft over Mombasa, Kenya, in 2002, US officials began a concerted effort to educate local law enforcement and security officials about these weapons. TSA officials contacted airports and passed on information and graphics outlining the threat. Airports and their law enforcement entities then teamed with TSA, FBI, and other agencies to take remedial actions. Although the efficacy of this effort may be a matter of debate, it is an example of the possibilities of collaborative approaches to information-sharing.

Trend Analyses

One of the most valuable deliverables in a well-organized information-sharing environment involves trend analysis. Airports, as has been pointed out, are usually acutely aware of local events and, to a somewhat lesser extent, demographics. Governmental organizations, at local and federal levels, have a wider scope of information collection capabilities. The opportunities for airport-local-federal partnerships abound. Using some of the collection sources mentioned above or by creating and leveraging new ones the security manager can attain unique capabilities. Information about seemingly unrelated activities can be collected, analyzed and culled for possible trends. Although some of this is already underway, greater emphasis can and should be placed on it.

The communications infrastructure to carry out the activity needed for effective trend analysis exists in various degrees of maturity. The civil aviation community, multifaceted and even chaotic to the untrained eye, is actually an interconnected network of entities that has spent years perfecting communications.

Some work of that type is being accomplished by different agencies, most at the federal level. A notable example is a new partnership program between elements of the Department of Homeland Security and local law enforcement. The program involves training local police to make and report spot observations. These reports are entered in a database available to other local and federal law enforcement groups around the nation. The database can be used to search for and produce information on similar events. As this program expands, the potential for trend analysis will grow exponentially.

This type of innovative approach to data collection and federal/local partnership is indicative of the wider federal vision involving airport security assets in addition to law enforcement.[12] These initiatives appreciably widen the intelligence collection effort and greatly enhance information gathering capabilities.

Conclusion

Information and intelligence are useful to the airport security practitioner. Much information is available through open sources, but challenges involve prioritization and analytical capability. Local intelligence, given the relative ease of collection and immediate applicability to the individual airport, has value to the airport security manager. Issues involving appropriate collection, analysis and utilization of information can be addressed through innovation and partnerships with local and federal actors. Even intelligence may be shared, given the proper foundation and development of a suitable process. Finally, more work needs to be done in the area of trend analysis. The full realization of the potential in airport security assets is contingent upon leveraging existing infrastructures and designing a useful process for exploiting them.

Footnotes:

[1]Information used here in contrast to intelligence, as in the collection of "secret information" (Webster's, Fourth Ed.). For purposes of this article, the words information and intelligence shall be considered separately.

[2]General aviation aircraft and airports continue to grow in size and complexity. The growing popularity of fractional aircraft sales and rentals further adds to the complexity.

[3]This kind of information became an issue of debate after the bombing of PAA 103 on 21 December 1988. Investigators discovered that on 5 December 1988 a threat had been sent to the US Embassy in Helsinki, Finland. The threat stated that "some time within the next two weeks" a bomb would be placed upon a Pan Am flight flying from Frankfurt into the United States. This information was distributed selectively by the Federal Aviation Administration and the State Department, giving rise to the charge of "a double standard-the intentional choice to warn some people but not others." Report of the President's Commission on Aviation Security and Terrorism, May 15, 1990.

[4]Airport operators are required to designate an "airport security coordinator" (ASC) to (among other tasks) "...serve as the airport operator's primary ...contact for security-related activities and communications with TSA [Transportation Security Administration]". 49 CFR 1542, Sec. 1542.3.

[5]Following the PAA 103 bombing, the position of Federal Security Manager (FSM) was established, in line with the recommendations of the President's Commission on Aviation Security and Terror­ism. One of the duties of the FSM was to "...serve as the conduit for all aviation-related intelligence." President's Commission on Aviation Security and Terrorism, 60. This function included the sharing of certain levels of classified information with designated civilian airport security managers, who were granted a security clearance by the FAA's Office of Civil Aviation Security. This program fell into disuse after the events of 9/11 and the subsequent transfer of aviation security responsibilities from FAA to TSA.

[6]Since its beginnings in 1990, ALEAN has grown to include over 85 domestic airports and several foreign airports. Information and training in airport-specific areas of interest to airport law enforcement officers has long been an ALEAN strength.

[7]Mission Statement, Secure Florida Web page.

[8]The model referred to here is the threat + vulnerability = risk equation. Airport security managers should know their air­ports' vulnerabilities; consequently, the more he or she understands about the threat, the more accurate the assessment of risk becomes.

[9]In the pre-9/11 airport security environment, FAA Federal Security Managers (see below) often developed such groups. Commonly called Threat Assessment Groups, or "TAG Teams", they played an important role in bringing law enforcement, information and airports together. Normally composed of federal, local and state law enforcement organizations having interests in and operations involving airports, they became a valuable tool for the Security Managers. Never formalized, this approach in most instances, did not survive the tidal wave of change that followed the US governmental response to the 9/11 attacks.

[10]The FSD position was created under the Aviation and Transportation Security Act (ATSA) Public Law 107-71. See 49 USC, Section 44933. Under the ATSA, each commercial service airport is assigned an FSD. The "legacy" position was the FAA's Federal Security Manager (FSM), itself formed by Public Law following the PAA 103 disaster. However, under the FAA, FSM's were never allowed the wide range of powers and authority that FSD's currently enjoy. The position of Airport Security Coordinator (ASC) predated that of the FSD, but was also recodified under the ATSA (See Section 1542.3). Under the ATSA, the ASC "Serves as the airport operator's primary and immediate contact for security-related activities and communications with TSA."

[11]Before 9/11, the FSM was authorized to share certain levels and types of classified information with the ASC, who was permitted to apply for the appropriate clearance through FAA. Although this arrangement fell into disuse after the events of 9/11 and subsequent reorganizations, there are indications that TSA is seeking to reestablish the process.

[12]Law enforcement and security are not synonymous terms, although DHS has often confused the two. For more detail on this subject, refer to my article "Security and Law Enforcement: An Airport Model" in Aviation Security International, February 2005.

---------------------------

Robert T. Raffel is Senior Director of Public Safety for the Greater Orlando Aviation Authority and a member of the US Army Reserve. He has published articles in law enforcement and other journals on airport security issues.

Il ‘pentito' Riadh, come riporta Marcella Andreoli nel suo pregevole lavoro "Il telefonista di Al Qaeda" (Baldini Castaldi Dalai, Milano, 2005), che delinea compiutamente il quadro delle varie attività dei mujaheddin operativi a Milano prima dell'11 settembre 2001, così rappresentava alcuni aspetti operativi di natura logistica: "Ci muovevamo abbastanza bene nel vostro Paese. Avevamo imparato ogni meccanismo per farla franca. Da voi basta avere soldi in contanti per superare parecchi ostacoli. Ad esempio, pagare le bollette della luce o quelle del gas con assoluta regolarità:

un modulo in posta o in banca ed è fatta. Nessuno ti chiede chi sei nè da dove vengano i soldi. La stessa cosa vale per pagare l'affitto dei covi. I padroni di casa pretendono soltanto la puntualità nei versamenti. E noi eravamo puntualissimi".

Il contante, è quasi superfluo sottolinearlo, diventa sicuramente l'ossigeno essenziale per la vita di una cellula terroristica, soprattutto nel caso di struttura binaria con funzioni di logistica, anche se, come opportunamente rilevato, ‘...nella stragrande maggioranza dei casi, la progettazione e l'esecuzione di attentati terroristici, nonchè la costituzione di aggregazioni dedite al terrorismo, richiedono mezzi finanziari piuttosto limitati...' (app. 5 pag. 91 in Osservatorio strategico 2007, a cura del Cesdis).

La quantificazione dei costi complessivi relativi agli attacchi aerei dell'11 settembre 2001 si aggira intorno ai 500.000 dollari, costituendo di per sé un dato inquietante e particolarmente degno di attenzione alla luce del fatto che la reperibilità di una somma di denaro di quel importo non risulterebbe affatto ardua.

Solo qualche mese fa, forse per il puro caso di un cambiamento di scalo aereo, tre algerini sono stati individuati presso l'aeroporto di Genova con 500.000 euro circa in contanti, non certo posseduto quale semplice argent de poche!

Le cifre devono far ragionare, secondo una corretta analisi d'intelligence, allo scopo di considerare con la dovuta attenzione quale debba essere il monitoraggio dei flussi di denaro verso aggregazioni terroristiche, od ancora prima, verso quelli che potrebbero essere potenziali gruppi jihadisti individuabili proprio dal tipo di scambi economici o dal particolare approvvigionamento di contante.

Lo dice Riadh: ‘Da voi basta avere soldi in contanti per superare parecchi ostacoli'.

L'autofinanziamento e l'auto-approvvigionamento può avvenire attraverso il compimento di varie attività illecite, come la commissione di furti, rapine, sequestri o, in modo più sistematico, per la stessa organizzazione che comporta, attraverso la gestione del narco-traffico. Il c.d. spaccio di droga, classificabile secondo la sua struttura e organizzazione come ‘imprenditoria illecita', proprio recentemente ha visto ormai prevalere su quel ‘mercato' il controllo dell'etnia magrebina, soprattutto, per quanto riguarda il primo livello di consumo, quello della c.d. erba (hashish, marijuana ecc.), anche se ormai il fenomeno si sta fisiologicamente dilatando e potrebbe raggiungere presto il controllo del più interessante, in termini economici, smercio della cocaina. Questo tipo di attività costituisce, insieme alla falsificazione e allo smercio di documenti relativi all'identità personale, quella condotta tipica volta a contribuire finanziariamente al jihad dall'interno dello stesso raggruppamento oppure dall'esterno grazie ad una struttura parallela o fiancheggiatrice.

Appare evidente la circostanza per cui è sicuramente più agevole analizzare determinate condotte illecite e di conseguenza individuarne la potenzialità di pericolo e la dimensione concreta che queste possono realizzare in termini di finanziamento a raggruppamenti terroristici, piuttosto che classificare e monitorare tecniche e comportamenti apparentemente leciti. Infatti, gli strumenti attraverso i quali singole cellule del terrore alimentano le loro attività sono estremamente difficili da individuare, in quanto caratterizzati dall'utilizzo di canali estremamente elusivi tesi a mascherare ogni operazione sospetta.

Comunque, una semplice operazione di finanziamento personale contratta presso un istituto bancario italiano certamente non apparirebbe icto oculi sospetta. I sintomi di eventuale allarme non si concentrerebbero certo sugli aspetti tecnici dell'operazione, infatti, per ottenere un banale prestitempo è sufficiente produrre il proprio contratto di lavoro, anche se a tempo determinato, e la relativa busta paga sul cui ammontare il prestito viene concesso, in correlazione quindi al periodo di lavoro ed alla remunerazione, senza nessuna richiesta di garanzia di tipo reale. Ancora, un eventuale fido ad una ditta artigiana che si occupa di ristrutturazione di case ed alloggi non comporta particolari difficoltà in termini di garanzie, è sufficiente, infatti, produrre l'ultima dichiarazione dei redditi od indicare il volume d'affari dell'impresa, il tutto facilitato eventualmente da qualche conoscenza personale all'interno dell'istituto bancario. Inoltre, l'operazione forse apparentemente neutra dal punto di vista tecnico ben può racchiudere finalità ‘perverse' nel momento in cui il medesimo soggetto, dopo aver contratto il prestitempo anzidetto, si rechi presso altro istituto bancario e compia la medesima richiesta per i medesimi importi, sempre contenuti, fornendo la stessa documentazione!

Fortunatamente, la condotta de qua può essere ora rilevata da una sorta di ‘centrale rischi', istituita da non molto tempo, tuttavia, se gli importi non superano una certa soglia, si potrebbe eludere tale controllo ‘incrociato', consentendo a chi opera con precise finalità, di ottenere così somme più rilevanti.

Lo scopo di queste brevi riflessioni (forse già obsolete visto il diabolico muoversi vorticoso degli strumenti operativi del jihad) è proprio quello di sensibilizzare al massimo gli operatori nel campo della sicurezza su questo tipo di operazioni, apparentemente non illecite né apertamente elusive, ma nel concreto estremamente efficaci se dirette ad ottenere finanziamenti al terrorismo. Finanziamento e autofinanziamento a tutto campo che si dirige:

a) ad alimentare, in territorio europeo, i raggruppamenti del terrore sotto l'aspetto logistico;

b) a supportare le famiglie dei c.d. kamikaze;

c) a contribuire all'azione terroristica in territorio afgano ed irakeno, compreso l'addestramento e l'invio di combattenti in quelle regioni.

Sul punto a), è opportuno ribadire che risulta ovvio come gli aspetti logistici, nel caso di strutture binarie o multiple, possano essere costituiti anche dal mantenimento della moschea o del sito di preghiera del momento, indispensabile luogo di ritrovo per il dispensamento della dottrina e quant'altro, e del relativo Imam, necessario riferimento gerarchico dal punto di vista ideologico religioso, consentendo ai gruppi terroristici, compresi i loro fiancheggiatori, di operare nella clandestinità,

I canali bancari non ufficiali e tra questi le operazioni di money transfert, che eludono ogni eventuale segnalazione in riferimento agli importi superiori ai 12.500 euro, non sono operazioni di auto-approvvigionamento, a meno che non derivino da quell'appoggio logistico-finanziario da parte di organizzazioni o individui simpatizzanti, ma meri strumenti per inviare il denaro contante,

mentre l'ottenimento di un finanziamento personale o addirittura un mutuo costituiscono ben altra efficacità in termini di concreta realizzazione di moneta sonante.Per poter meglio capire ed interpretare i canali ed i metodi utilizzati dagli jihadisti per approvvigionarsi in modo elusivo di denaro, è quanto mai opportuno domandarsi che cosa sia successo, presso i vari istituti bancari italiani, nell'arco di tempo che va dal 1993 ad oggi, considerando, al fine di una corretta analisi, come spartiacque il settembre 2001, relativamente alle richieste, da parte di cittadini magrebini, egiziani o arabi, di prestiti personali e/o finanziamenti vari, all'ottenimento di questi e all'eventuale carico di contenzioso che ne è sorto.

Sicuramente le norme antiriciclaggio sono utili ed efficaci al fine di controllare ed effettuare una vera e propria griglia di monitoraggio per valutare soggetti ed operazioni sospette.

Infatti, il GAFI (Gruppo di Azione Finanziaria Internazionale) suggerisce agli intermediari finanziari di prestare la massima attenzione a tutte le operazioni di pagamento e di incasso che possano avere legami con territori e Stati definiti ‘non cooperativi' nella lotta al riciclaggio del denaro di illecita provenienza. Lo stesso GAFI si occupa di provvedere all'osservazione di quei Paesi ‘non cooperativi' e di valutare le attività e i comportamenti assunti dagli stessi, provvedendo ad aggiornarne l'elenco.

Unitamente ai Paesi ‘non cooperativi' sono stati introdotti i c.d. ‘paradisi fiscali', con particolare attenzione a quelle operazioni che possano essere legate al narcotraffico o ad altre attività criminose.Ulteriore strumento di controllo adottato al momento dagli Istituti bancari è il programma GIANOS, che significa Generazione Indice di Anomalia delle Operazioni Sospette, grazie al quale tutti i mesi vengono segnalati i movimenti anomali che possono essere stati effettuati attraverso un conto corrente. Il sistema in oggetto, estremamente utile sia per il controllo tout court delle operazioni sospette che quale strumento di monitoraggio sui movimenti anomali, segnala le variazioni di "quantità" in riferimento ai normali flussi dell'eventuale conto corrente in esame.Ovviamente, se tutto rimane all'interno delle soglie ‘normali', nulla viene rilevato né segnalato, come nel caso del banale prestitempo o del fido entro ragionevoli parametri, ut sopra evidenziato, che rappresentano quelle normali operazioni ove nulla tecnicamente vi sia da rilevare. E' vero, comunque, che le banche sono dotate di sistemi con i quali vengono segnalati, solo all'interno della filiale, tutte le operazioni effettuate allo sportello e non, compresi i bonifici provenienti dall'esterno, anche e soprattutto in contanti, superiori ad € 2.500. Oltre a ciò, presso alcuni istituti bancari, l'ingresso di un nuovo cliente viene catalogato e quindi monitorato attraverso uno specifico questionario che, attraverso domande specifiche, delinea l'eventuale profilo di ‘pericolosità'. Comunque, mancano al momento i dati globali relativi al numero degli utenti di banche di etnia collegata fisiologicamente a chi sostiene il jihad, ma soprattutto il deficit riguarda la corretta mappatura di coloro che si sono dimostrati insolventi ed hanno generato contenzioso, tutti dati che avendo un risvolto meramente civilistico rimangono all'interno della banca, senza possibilità di essere comunicati alle forze dell'ordine, che magari già indagano sugli stessi personaggi, o rilevati agevolmente dall'intelligence dei vari corpi preposti alla sicurezza. Inoltre, la classificazione dei dati suddetti aiuterebbe a capire in quali città o in quali regioni si presenta maggiormente o esclusivamente codesto fenomeno, riuscendo così più agevolmente a controllare il territorio.

Sicuramente un'eventuale analisi diretta, sine ullo dubio, verso un'etnia specifica ben identificata, come nel caso di specie, si esporrebbe presumibilmente ad una levata di scudi, forse anche (e soprattutto) a carattere politico, in assenza di imputazioni specifiche a soggetti determinati, secondo le regole del nostro diritto penale sostanziale e procedurale, nell'ottica di una violazione dei noti principi costituzionali in tema di razza e di religione. Tuttavia, ben si può ovviare a tali critiche e, quindi, neppure potrebbe sfiorare l'idea del pregiudizio religioso o quant'altro, se un'eventuale richiesta di dati e conseguente classificazione e monitoraggio di questi fosse rivolta agli istituti bancari italiani al fine di conoscere quanti cittadini extracomunitari si affidano ed utilizzano i canali bancari formali e di questi quanti contribuiscono ad alimentare le file degli insolventi e ad accrescere il contenzioso ed, ovviamente, per quale ammontare.

Domande queste che il Ministero dell'Interno ben potrebbe formulare e richiedere alle banche, al di là della c.d. privacy, anche nell'ottica dell'esigenza di prevenire e combattere ogni tipo di finanziamento al terrorismo. Ma quale potrebbe essere l'escamotage per poter ovviare all'inconveniente della mancanza di comunicazione, ad esempio alle procure territorialmente competenti e quindi alla polizia giudiziaria, dei dati degli individui, delle ditte o delle persone giuridiche che hanno agito nei confronti delle banche con fine palesemente fraudolento? Trattandosi di insolvenza e quindi di un aspetto marcatamente patologico, ben potrebbero gli istituti bancari essere sensibilizzati a porgere una formale denuncia-querela ai sensi dell'articolo 641 del codice penale che punisce le condotte d'insolvenza fraudolenta. Financo, in relazione a determinate condotte, si potrebbe ipotizzare il reato di cui all'art. 640 del codice penale che individua e punisce la truffa, se sono stati utilizzati artifizi o raggiri per ottenere un ingiusto profitto, nella fattispecie il prestito di denaro, con danno della persona offesa, la banca. I raggiri o gli artifizi potrebbero enuclearsi, ad esempio, nell'esibizione o produzione di documenti falsi o nelle false indicazioni relative allo svolgimento dell'attività lavorativa od altro.

E' noto ormai, presso quasi ogni filiale dei vari istituti bancari, soprattutto delle grandi città, che numerosi cittadini egiziani o magrebini, infatti, abbiano richiesto un finanziamento personale del tipo prestitempo e poi, dopo aver pagato alcune rate o nessuna, si siano dileguati in territorio italiano o addirittura siano ritornati al paese d'origine dopo essersi fatti finanziare di 5.000 o settemila euro se non di somme maggiori. Il dato singolo di per sé non risulterebbe degno di particolari attenzioni statistiche, ma se lo moltiplichiamo per decine o centinaia ecco che il risultato diventa impressionante, se non addirittura allarmante, in modo particolare se ipotizziamo che quei soldi o parte di essi possano essere stati convogliati nel finanziamento al terrorismo di matrice islamica. La piramide ipotizzata dagli studiosi americani del settore quale elemento di riflessione circa la composizione della struttura terroristica che pesca dalla base per salire verticisticamente in alto ai capi del terrore è quantomeno riduttiva, ricordando più le piramidi di un programma alimentare, oppure l'emblema simbolico tutto massonico effigiato sul one dollar. L'utilizzo di simboli ultronei alla cultura nella quale sono radicati fenomeni come quello del jihad, oggetto di analisi d'intelligence, possono giocare brutti scherzi, conducendo su binari di ragionamento fallaci soprattutto nel campo della raccolta delle informazioni, dell'indirizzo e dell'utilizzo di queste.

La visualizzazione di insiemi concentrici, quasi simile alle svolazzanti volute della scrittura araba, rende di più la realtà della situazione che non è così schematica secondo vettori che procedono ad angolo retto, ma, come la triste realtà del fenomeno insegna, ben più articolata.

A proposito dell'estrema complessità del fenomeno terroristico, ed alla struttura della stessa organizzazione alqaidista, il dott. Stefano Dambruoso, magistrato esperto della Procura di Milano, è tranciante:" ..L'idea che si ha di Al Qaeda come di un'organizzazione significativamente strutturata, capace di dirigere da posti lontani l'operatività di cellule sparse nel mondo non corrisponde, a mio parere, allo stato dei fatti".

Ed ancora circa il più ampio profilo dei suoi adepti lo stesso afferma: "La realtà è fatta da soggetti attivi che fanno dell'imprevedibilità la loro arma migliore. E' difficile cioè individuare un disegno politico preciso in gruppi che si alimentano in continuazione di soggetti giovanissimi che spesso manifestano la loro volontà di essere attivi anche solo per questioni di propria identità e spirito di emulazione", (intervista su La Stampa del 13 aprile 2007 a cura di Paolo Colonnello dal titolo "Il rischio c'è ma l'Italia non è l'Algeria").

Contraddicendo così le affermazioni del pentito Riadh, che evidentemente faceva riferimento ad una realtà precedente, mutata dopo il settembre 2001, quando evidenzia che i mujaheddin a Milano attendevano ordini precisi dalla mitica Haidora, (le montagne dell'Afghanistan dove i capi alqaidisti si trovavano e, sembra, si nascondono tuttora!) rimanendo frustrati dal fatto di non potersi muovere autonomamente, dopo innumerevoli sopralluoghi nelle città italiane presso obiettivi sensibili.Ora, quindi, quale è la situazione reale dei nostri giorni? Sicuramente non sappiamo quanti potenziali terroristi o fiancheggiatori del jihad si siano approvvigionati presso le banche italiane almeno negli ultimi dieci anni, per poi restare insolventi e non lasciare traccia, e quanti continuino nelle medesime subdole operazioni.

Conclusioni

• Dalla seconda metà degli anni novanta sino ad oggi, gli istituti bancari italiani hanno affrontato e tuttora sono alle prese con un elevato numero di richieste da parte di cittadini extracomunitari di etnia arabo-magrebina di finanziamento a carattere personale (prestitempo, fidi ecc.).
• Gran parte dei finanziamenti erogati hanno dato origine a comportamenti insolventi e quindi all'apertura delle relative pratiche di contenzioso.
• Coloro che si sono resi insolventi sono tornati al loro paese d'origine od hanno semplicemente cambiato città di residenza, senza alcun timore di dover provvedere al rientrodei rispettivi debiti.
• I dati relativi al numero ed alla quantità di prestiti erogati ai cittadini suddetti risultano ad oggi fumosi e non omogenei e, soprattutto, manca una mappatura globale del fenomeno.
• Inoltre, non si conoscono assolutamente i dati relativi alle insolvenze ed al contenziosoprodotto in relazione a quelle pratiche di finanziamento.
• Pertanto, è necessario sensibilizzare gli istituti bancari affinché, oltre a fornire i dati globali del fenomeno, procedano in sede penale a denunciare le insolvenze, fraudolente, prodotte dagli extracomunitari, in particolare di quelli la cui etnia è legata fisiologicamente al terrorismo di matrice islamica.

Monday, May 7, 2007 at 16:32

The U.S. Departments of Treasury, Justice, and Homeland Security today joined together in issuing the 2007 National Money Laundering Strategy, a report detailing continued efforts to dismantle money laundering and terrorist financing networks and bring these criminals to justice.

"The 2007 National Money Laundering Strategy is a direct result of close cooperation by the Departments of Justice, Treasury and Homeland Security, along with our foreign counterparts, and signifies our collective commitment to fight money laundering," said Assistant Attorney General Alice S. Fisher of the Justice Department's Criminal Division. "Implementation of this strategy will greatly assist in efforts to seize and forfeit millions in illegal proceeds that flow through the international financial system."

The 2007 Strategy addresses the priority threats and vulnerabilities identified by the Money Laundering Threat Assessment released in 2006, the product of an extremely valuable investigation into the current and emerging trends and techniques used by criminals to raise, move, and launder proceeds. The Assessment - the first government-wide analysis of its kind - brought together the expertise of regulatory, law enforcement, and investigative officials from across the government, culminating in a comprehensive analysis of specific money laundering methods, patterns of abuse, geographical concentrations, and the associated legal and regulatory regimes.

"The 2007 National Money Laundering Strategy builds upon the groundbreaking work of the Money Laundering Threat Assessment," said Pat O'Brien, Treasury's Assistant Secretary for Terrorist Financing. "Focusing on well-established money laundering methods and emerging trends identified in the Assessment, we have created a robust strategy for combating money laundering, deterring criminals, and addressing areas vulnerable to exploitation."

The 2007 Strategy builds on initiatives and programs pioneered in preceding National Money Laundering Strategies. The constant searching by criminals for new ways to launder and hide dirty money is evidence of our successful regulatory and law enforcement efforts to safeguard the banking system. With an aim at continuing these robust efforts, the 2007 Strategy places an emphasis on bolstering the efficiency of the anti-money laundering processes currently in place.

"In every type of case, from human smuggling and drug trafficking to intellectual property rights violations and illegal alien employment schemes, the need to hide and move ill-gotten gains is a constant. ICE's anti-money laundering initiatives are at the forefront of attacking existing and emerging money laundering threats" said Julie L. Myers, Assistant Secretary for Immigration and Customs Enforcement at the Department of Homeland Security. "ICE's trade transparency unit, bulk cash smuggling initiative and programs targeting illegal money service businesses and stored value card schemes are making it less profitable to commit these crimes."

Additionally, the 2007 Strategy focuses on leveling the playing field internationally, helping to ensure U.S. financial institutions are not disadvantaged through the implementation of controls and standards to combat money laundering and terrorist financing. Indeed, money laundering is a global threat the United States is working to address through international bodies, including the Financial Action Task Force (FATF), and through direct private sector outreach in regions around the world.