Given Enough Eyeballs, All Threats Are Shallow
Sep 5, 2008 at 20:20
Jeff Carr in Issues, Research, intelligence, OSINT

[Ed's Note: CTlab is very pleased to present a timely piece by intelligence guru and fellow blogger, Jeffrey Carr, known to many of us through his ever-perceptive and deeply contemporary work at IntelFusion. In this guest post, Jeff tackles that slippery beast, open source intelligence, and tells us what led him to found the Gray Goose project that has attracted so much recent attention.   - Tim]


One of the conundrums of Intelligence is the oft-quoted concern that we don't know what we don't know. This has never been truer than it is today, when the physical world and the cyber world are merging in revolutionary ways, and accordingly, propagating revolutionary threats. 

Two defining characteristics of this new reality are speed and innovation, and both are due to the availability of Open Source software and tools. A programmer with no financial resources, and operating under full anonymity, can download free tools to create a variety of malware sufficient to shut down a small country's complete network infrastructure. 

Coders with malicious intent are implementing Google's development philosophy "launch early and iterate" whilst the institutions erected to protect a nation's infrastructure are still using processes created a generation ago. You cannot defeat an agile enemy with static processes. 


Linus’s Law

When Eric S. Raymond wrote his now-famous essay "The Cathedral and the Bazaar", he created a maxim that he called Linus's Law: "Given enough eyeballs, all bugs are shallow." Open Source advocates have long proposed that security can more readily be assured when many people can examine the code versus close source code, which leaves detecting code vulnerabilities in the hands of a few. Not only has the development paradigm been shifting towards open standards, it is gaining ground in the Intelligence Community. 

The DNI Open Source Center has come a long way since its inception on November 1, 2005 , yet open source intelligence (OSINT) still does not receive the same recognition and respect as other intelligence disciplines. Some argue that OSINT is not a discipline at all, it's simply "going out and grabbing what's already out there" (Bean 2007). With all due respect to intelligence professionals of this persuasion, twenty-something hackers operating with nothing more than a laptop and some free malware are sitting in an Internet café in St. Petersburg making fools of you.

The Gray Goose project was born out of my own frustration at watching U.S. federal agencies as well as our Armed Services struggle to understand and defend against this new type of threat. Even today, 15 years after the launch of the first Internet browser (Mosaic), there is still no agreement as to what cyber warfare is or how to fight it. This is not the case in both Russia and China . China may have the world's most effective cyber espionage program, and Russia has successfully outsourced cyber warfare to criminal organizations like the Russian Business Network for its military operations in Chechnya in 2002 and Georgia in 2008. 

After I wrote about the cyber component to the Georgian conflict, I received an email from a forward-thinking lead analyst at Palantir Technologies. I was offered the use of a sophisticated analytics suite to conduct some open source analysis on the Georgia cyber attack. The recent issuance of Intelligence Community Directive 205, "Analytic Outreach" [PDF] gave me some hope that a bridge could be established connecting intelligence community professionals with independent volunteers with the necessary expertise. 

On August 22, 2008 , I announced at my IntelFusion blog the creation of an Open Source intelligence project, Social Network Analysis and Cyber Warfare, and asked for volunteers. My post was picked up by the Zero Intelligence Agents blog [Ed's Note: part of the CTlab family], which in turn was noticed by Wired's DangerRoom blog. Once that happened, I had over 100 volunteers in 72 hours - from college students to high-ranking members of the IC. A few of the members of the final team whose participation is not confidential are listed below, as examples of the expertise garnered through this request for assistance:


Who Will Footnote the Future?

The latest issue of Studies in Intelligence has a fascinating historical article entitled “An Intelligence Role for the Footnote: For and Against”, originally written in 1964. The “pro” author, John Alexander, referred to the introduction of footnotes identifying source material as “revolutionary”. The "con" author, Allen Evans, argued that since the entire role of intelligence is to “project the customer’s view near or far into the coming weeks or years, who will footnote the future?”.

This remarkable piece of intelligence arcana aptly illustrates how much the World Wide Web has changed things. OSINT is the “footnote” of the IC. It’s the child who’s looked at askance by the adults, as he rushes in for dinner covered in mud.

In a few days it will be time for the DNI Open Source Conference 2008. The response has been tremendous. Over 1,000 people had to be wait-listed. I hope that this outpouring of interest will send a positive message to the powers-that-be in the IC. At the same time, I fear that a natural inclination on the part of some to resist change and protect territory will continue to hamper its acceptance.


A Gray Goose is Not a Black Swan

Although our collection and analysis effort is still nascent, it has already demonstrated the efficacy of the spirit of the IC’s Analytic Outreach directive, i.e. in matters of sufficient import, collaboration can occur on both sides of the black gate. I don’t believe that this is an outlier. Rather, I view it as a model effort that will set an example for future collaborations. If the Gray Goose project teaches us anything, I hope it will prove that we do not have to wait for official channels to adopt innovative solutions. We simply have to be willing to put our ideas to flight, and see what happens.


Jeffrey Carr writes on intelligence issues related to Web 2.0, Unrestricted Warfare, and Security Informatics at the IntelFusion blog.

Article originally appeared on The Complex Terrain Laboratory (/index.html).
See website for complete article licensing information.