Bitcoin 2.0 and the Segway Bike

Bitcoin 2.0 and the Segway Bike

gAtO Imagine – some of the business side applications we can build with future triggered events being executed by Autonomous Cyber Robots. All build on the basic Bitcoin 1.0 code but not using the coins but the blockchain – there be treasure in that blockchain but it’s all math ugh!!!.


Ok first what is Bitcoin 2.0? Basically it’s a new way to have a cyber robot or a cyber drone that can do what you instruct them to do. It is a timestamp triggered event and you can now just add business rules to it that will work in cyberspace.

What do you do online today?

  • Shop for things and have them delivered
  • Online banking
  • Buy and sell stocks and bonds
  • Send donations to Charities or political organizations

So now you can build cyber-business rules to be execute on the web and put them into one of these cyber robot or a cyber drone. I use these 2 terms because when people hear drones they think attacks and such and yes you can now build digital FINANCIAL  warriors that can execute based on events, millions of them and they can be used for good and evil.

timeStamp- or -blockchain-trigger event – robots with business rules- example//

  • Send 100 Bitcoins to my family every 6 months after I die.
  • Buy or sell stocks ambiguously  – Digital Business Contracts – or Personalities
  • Any transaction that can be performed on the web!
  • Set up a corporation by an Ethereum digital actors
  • Any Business rule that can executed digitally 

gAtO lOvE Ethereum //= it is a platform and a programming language that makes it possible for any developer to build and publish next-generation distributed applications. https://www.ethereum.org/  Next Generation Smart Contracts and a Decentralize Application Platform. Non-geek cyber-business rules OK…

GAtO used to lug around an Osborne luggable computer… 1.0 laptops – but gAtO was cool aligning 10MB (yes 10 Mega Bytes) hard rives the size of a large home freezer. The good old computers days… Out of hardware back to Biz -mEoW

MasterCoin – The Master Protocol facilitates the creation and trading of smart properties and user currencies as well as other types of smart contracts. Mastercoins serve as the binding between bitcoins (BTC), smart properties and smart contracts created on top of the Mastercoin Protocol. Non-geek cyber-business rules OK…

Similar Alt-coins but both the same (going after the business side) in a way but these seem to be a new wave of Bitcoin 1.0 off shoots. Now NameCoin and Trusted coin are on a different course, since they are more into the digital Notary service that can be done with any blockchain type Bitcoin off shoot. And LiteCoin 84 Million -versus- 21 Million in Bitcoins another fight but of a different financial play on this alt-coin. LiteCoin is around $10 bucks Per so we have to keep an I on them too.

Once again these another development are being built on the shoulder of the great Satoshi Nakamoto work. GaTo as a technologist love all these new and exciting toys to play with. Then I think about the Segway Bike I alway wanted one but then again really, I’m I really ready to give up walking? Back in 2001 it was so cool, it was the evolution of the bicycle or was it???

13 years later this evolution the revolution of the bicycle is seem by most as the Mall Police ride by. Ok maybe in Seattle or San Francisco I can see that but really. Now Bicycle Cops are everywhere but real cops on a Serway Bike – you know maybe I don’t really want one anymore. But I wonder if I can buy one with Bitcoins? ummm

DogE-Coin is hot with the young bloods as a NEW digital currency that’s taking Reddit and other places by storm- I know gAtOCoin, maybe I’ll start one of my own, there only about 500 Alt-Coins around and growing all built on the Bitcoin core code. Bitcoin is only 5 Years Old -Wow- Imagine in another 3-5 years // world wide currencies all over doing different things creating the NEW Cyber-System D-(system) that no government can controls, of the people and by the people. Double -Wow

gAtO’s bet is on Bitcoin, simple it has payed it’s dues, from an underground play toy to International financial deals like flying to the Moon on Virgin Air, I wonder if I can buy that with Litecoins- you listening Richard Branson I’m mining Namecoin too Richard.

The new Bitcoin business Investors and Incubators are hopping with new Bitcoin 2.0 ideas, but is it different if it’s control by the users, not the sole players like the bankers and older financial players. But truth be told these will bring newer workable solutions that will trickle down to the normal person. We must be careful because these new worldwide cyber solution will have little government controls so the game is changing and the ability to jump on this but NOT to give up privacy with government toys like TPM – Trusted Computer Platform – yes July 2015 all Windows 8 devices will have TPM 2.0 in control of your devices. The US solution cyber Kill Switch.

AT least Apple has not added TPM into it’s hardware but they banned against Bitcoin -Steve told you to Innovate Apple- But that’s another battle.

You can trust your government spying on you IF you have nothing to hide RIGHT!!! – gAtO oUt

Digital System D

System D is a slang phrase pirated from French-speaking Africa and the Caribbean. The French have a word that they often use to describe particularly effective and motivated people. They call them débrouillards. To say a man is a débrouillard is to tell people how resourceful and ingenious he is. The former French colonies have sculpted this word to their own social and economic reality. They say that inventive, self-starting, entrepreneurial merchants who are doing business on their own, without registering or being regulated by the bureaucracy and, for the most part, without paying taxes, are part of “l’economie de la débrouillardise.” Or, sweetened for street use, “Systeme D.” This essentially translates as the ingenuity economy, the economy of improvisation and self-reliance, the do-it-yourself, or DIY, economy.



Tor Website 36% are Criminals Sites

gAtO iS CrAwLliNg websites-We just completed our new crawl of Tor URL that we found. We started with 2,000 URL’s and we got about 550 positives from this first run. This will change since some sites go up and down for no rhyme or reason. I went back to verify one site that my crawl picked up with all kinds of good information but later when I went back it would not come up. So this is an ongoing thing in order to map out all of Tor’s hidden service websites. From the preliminary data Pedo sites are about 18% of the sites we discovered another 4-6% guns and assassins and another 14-16% of different criminal type’s of sites or scams. So that is over 36% of the sites we found were criminal type, that is not good for anyone.

Crawling Tor Hidden Service - websites

Crawling Tor Hidden Service – websites

Tor is an excellent software for being private and having some level of safety but this new light is not good for the people that want to use Tor and the Dark Web to do good things and positive things. Now we see that the bad guys are all over Tor-Dark Web we hope this list will help it become better.

This list is only available to Law enforcement, governments and selected security companies, you must be verified first before you can get a hold of this list of Onion websites in Tor. This is not a free list (we have to recover our cost of r&d) and this is only the first steps we have gained over 12,000 new URL in Tor from this crawl and will be doing more crawls and adding more information to the list.

What really freaked us out was the undocumented website that are not in any hidden wiki in Tor and the number of them being put out by criminals. Now some of the other information that we collected see list below will give us a baseline like — Last-Modified: — will give us an indication of how active they are. The —Server: & Web Application:— will give us the web app they use and from the looks of things some are vulnerable to all kinds of hacking attacks. Tor websites are the same as any site and if you don’t update your website, well your vulnerable to hacking from anyone and in Tor you don’t have a clue because they are protected just like the site.

This will be an ongoing crawl for the next year or so, so expect the list to grow and as new data is collected more will be revealed about the how, and the use of Tor and who uses Tor will become not just theories but facts that we can verify – gAtO OuT 

Internal URL’s – 













    [size_upload] => 0

    [size_download] => 124

    [speed_download] => 7












Crawl Date:










Web Application:



Government Spying on everyone -Thanks Microsoft

gAtO lEaRnOn 01-01-213 we hear that Microsoft buys Skype and makes changes to allow Police surveillance. Then on 01-07-2013 we hear that a professor at the Warsaw University of Technology, Wojciech Mazurczyk, found a way to insert secret 70 bits of data and add secret information similar to steganography.spy-spy

Lawful Intercept is what it’s called and we just heard punch – counter-punch from the government. I just posted about corporations and governments using offensive cyber weapons to fight crime, but this looks like just plain old spying on citizens like China, Iraq and Syria does. Skype is owned by Microsoft and we know that Word and other products have back doors for them to snoop and governments to use in criminal cases. I guess they do it the proper way and get a real FISA document to monitor us it’s citizens.

mEoW 12-30-2012 our re-elected President Obama signs FISA Warrantless Wiretapping Program. STOP – SAY WHAT. mEoW – Forget about gun control how about the privacy of citizens, are we becoming like China, Iraq and Syria the more I find out about this the crazier it becomes. I hate Skypes but now finding this out NO WAY DUDE-

I did a little digging and I found a document from the Straford hack from the LutzBoat crew and this has been on the play board for a long time. More and more governments that play nice with the America and Microsoft will have to live with the fact that they are spying on us, the people. I voted for Obama but I’m pretty sure any president would want to be able to justify this abuse of power to monitor it’s citizens, what get’s me is we scream and yell when other countries do it but here we are doing to ourselves and nobody is talking about this- Hay press wake up. I have nothing to hide but if you do you have been warned – enjoy your government spying on you behind your back – gAtO oUt

Lab Notes:

IT security continues to be the greatest challenge facing government CIOs worldwide. Most experts agree that governments require stronger partnerships between the public and private sectors for both better protection of government IT systems from intruders and for greater visibility into operators’ network traffic to fight crime. However, government systems and intelligence activities constitute a very sensitive information environment. Governments must proceed with caution when forming technology partnerships for hardening their IT network security. Melissa E. Hathaway, who in February 2009 was named to be the Obama Administration’s top cyber security official, points out how

Lawful Intercept


Criminals, predators and hackers now use chats, blogs, webmail and Internet applications such as online gaming and file-sharing sites to hide their communications.


Qosmos provides law enforcement agencies with a powerful solution to identify a target using multiple virtual IDs and intercept all related IP- based communications. Any trigger, such as a “user login = target” initiates intercept of all IP traffic related to the “target.”

Example of recognized applications and protocols

VoIP Email (POP, SMTP)

Webmail (Gmail, Hotmail, Live Mail, SquirrelMail, Yahoo mail, etc.)

Instant Messaging (Aim, SNM, Skype, Yahoo, Google Talk, QQ, Maktoob, Paltalk, etc.)

Online games (World of Warcraft)

Online classified ads

Audio/Video (H.323, SIP, MGCP, RTP, RTCP, MMSE, RTSP, SHOUTcast, Yahoo Video,

MSN Video, SCCP, etc.)

Web applications (Dailymotion, Google, eBay, Google Earth, HTTP, MySpace, Wikipedia,

YouTube, etc.)

Example of information extracted

Caller, phone number, called party, duration of call

Webmail login, email address, sender, receiver, subject matter, attached documents

Instant messaging sender, receiver, contact lists and status

Forum login, IP address, MAC address, mobile ID (IMSI, IMEI)

Protocols identified even for unidirectional traffic (e.g. email by satellite).





Dutch government to give law enforcement authorities the power to hack into computers. This also means hidden servers on tor

gAtO ThInK – It’s time to fight back and tighten the security!

The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations.

The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations.

In a letter that was sent to the lower house of the Dutch parliament on Monday, the Dutch Minister of Security and Justice Ivo Opstelten outlined the government’s plan to draft a bill in upcoming months that would provide law enforcement authorities with new investigative powers on the Internet.

According to the letter, the new legislation would allow cybercrime investigators to remotely infiltrate computers in order to install monitoring software or to search them for evidence. Investigators would also be allowed to destroy illegal content, like child pornography, found during such searches.

These investigative powers would not only cover computers located in the Netherlands, but also computers located in other countries, if the location of those computers cannot be determined.

However, if the investigators can establish that a computer of interest is located in a foreign country, they will have to ask for assistance from the authorities in that country.

In his proposal, Opstelten used a case in which investigators from the Dutch National Police infiltrated “hidden” Tor websites that hosted child pornography, as an example of a situation in which the geographical location of the computers couldn’t be determined.

The Tor network allows its users to set up so-called “hidden services” that are only accessible from within the network using special addresses. When accessing such a service, a user’s connection is routed through several random Tor nodes, which prevents him from determining the real Internet Protocol (IP) address of the server hosting the service.

The Dutch police investigation referenced by Opstelten in his letter took place in August 2011 and two of the infiltrated Tor websites were hosted on servers located in the U.S.

The new legislation will provide strict safeguards for the proposed investigative powers, Opstelten said. Law enforcement authorities will only be able to exercise such powers when investigating offenses that carry a maximum prison sentence of four years or more and only after obtaining authorization from a judge, he said. Furthermore, all such actions will be automatically logged and the logs will be accessible for later review.

Cybercrime is a serious problem that needs to be tackled, but the proposed measures are not the right ones and they pose a serious risk to cybersecurity, Ot van Daalen, the director of Dutch digital rights organization Bits of Freedom, said Friday.

First of all, allowing police investigators to hack computers in other countries might encourage other governments to introduce similar legislation, but not necessarily with the same limitations, van Daalen said. “This could escalate into a digital arms race.”

The proposed legislation would create an incentive for governments to keep software vulnerabilities secret because they would need to exploit those vulnerabilities to attack systems used by cybercriminals, van Daalen said.

There are already security companies and independent researchers that sell zero-day exploits — exploits for unpatched vulnerabilities — to governments instead of reporting the vulnerabilities to vendors. In addition, some governments have openly admitted to developing military cyberoffensive capabilities.

Van Daalen believes that expanding the potential use of such exploits by law enforcement agencies will help the zero-day exploit market grow, which in turn will result in fewer vulnerabilities being reported and patched.

Governments could also pressure vendors to delay fixing vulnerabilities, van Daalen said. An example of this was when the Dutch government convinced Microsoft to delay the blacklisting of the DigiNotar digital certificates on Windows computers in the Netherlands for a few days in order to allow the government to take measures, despite the fact that the issue represented a security risk for all Windows users in the country, he said.

“There’s no doubt that there’s already a growing (and disquieting) market in the for-fee disclosure and exploitation of vulnerabilities, and this proposal could certainly further legitimize it: the possible advantages in terms of action against criminals (leaving aside ethical objections) have to be balanced against the likely, deleterious effects on the community of Internet users as a whole,” said David Harley, a senior research fellow at antivirus vendor ESET, via email on Friday.

Harley agrees with van Daalen that the proposed legislation could have a global impact. “It’s not possible to guarantee that the effects of these measures will be restricted to criminal elements: if the proposal succeeds in its present form, collateral damage in terms of the application of monitoring and attack technologies could be worldwide,” he said.

“Is it really feasible to take this approach effectively without breaching the sovereignty of other states? Even if agreement could be reached with other states on international legislation, does this proposal take into account the quid pro quo of giving foreign agencies such sweeping rights of access to the systems of its own citizens?,” Harley asked. “It seems to me that there’s a parallel here with the fact that many in the U.S. seem quite happy with alleged cyberespionage and sabotage against Iran yet show surprise and discontent that those claims have been used as justification for similar action by other nations.” – gATO OuT



The deep Dark Web -Book Release

gATO hApPy – 

AVAILABLE @ AMAZON – http://www.amazon.com/dp/B009VN40DU

AVAILABLE @SmashWords website  @http://www.smashwords.com/books/view/247146

I learned that I hate WORD: – but it’s the general format for publishing  – text boxes- get imbedded and you can’t format to EPUB or .mobi or anything – solution after going lOcO gAtO – was copy and paste into txt editor – save as RTF then copy paste back into a new WORD document and then reformat everything from scratch – and copy over the pictures – as you can tell I had fun-..-ugh mEoW F-F-F-F as much fun as a hairball but if it get’s the message out “FREEDOM OF SPEECH IN CYBERSPACE” then we done our job, anyway I hope you read it Thank you Pierluigi a best friend a security gAtO ever had – gATO oUt

This Book covers the main aspects of the fabulous and dangerous world of -“The Deep Dark Web” . We are just two cyber specialists Pierluigi Paganini & Richard -gAtO- Amores, with one passion and two souls we wanted to explain the inner working of the deep dark web. We have had a long collaboration in this efforts to document our findings we made infiltrations into the dark places inaccessible to many to give a you the reader a clear vision on the major mystery of the dark hidden web that exist today in the Tor Onion network..

The Web, the Internet, mobile cell devices and social networking has become commonly used words that identify technological components of daily Internet user’s experience in the cyberspace. But how much do we really know about cyberspace? Very, very little, Google / Yahoo / Bing only show us 20% of the Internet the other 80% is hidden to the average user unless you know were to look.

The other 80% of the Internet is what this book is about the “Deep Dark Web”, three words with millions of interpretations, mysterious place on the web, the representation of the hell in the cyberspace but also the last opportunity to preserve freedom of expression from censorship. Authorities and corporation try to discourage the use of this untapped space because they don’t control it. We the people of the free world control this network of Tor -Onion Routers by volunteer around the world.

The Deep Dark Web seems to be full of crooks and cyber criminals, it is the hacker’s paradise, where there are no rule, no law, no identity in what is considered the reign of anonymity, but this is also the reason why many persecuted find refuge and have the opportunity to shout to the world their inconvenient truths.

The Deep Dark Web is a crowded space with no references but in reality it is a mine of information unimaginable, a labyrinth of knowledge in the book we will try to take you by the hand to avoid the traps and pitfalls hopefully illuminating your path in the dark.

Cybercrime, hacktivism, intelligence, cyber warfare are all pieces of this complex puzzle in which we will try to make order, don’t forget that the Deep Dark Web has unbelievable opportunity for business and governments, it represents the largest on-line market where it is possible to sell and acquire everything, and dear reader where there is $money$  you will find also banking, financial speculators and many other sharks.

Do you believe that making  money in Deep Web is just a criminal prerogative? Wrong, the authors show you how things works in the hidden economy and which are the future perspectives of is digital currency, the Bitcoin.

This manuscript proposes both faces of the subject, it illustrates the risks but also legitimate use of anonymizing networks such as TOR adopted by journalist to send file reports before governments agents censored his work .

Here are some question we may answers to:

How many person know about the cyber criminals and their ecosystem in the deep web? 

How many have provided information on the financial systems behind the “dirty affairs”? 

How the law enforcement and governments use Dark Web?

Let’s hold your breath and start the trip in the abyss of knowledge to find answers to the above questions. We hope that with this book you can learn something new about – The Deep Dark Web.


The Deep Dark Web -Book

gAtO sAy -mEoW you all- we have a new book coming out soon “The Deep Dark Web” and just wanted to write this as the foreword for the book, I thought it was interesting …//looking for peer review of book…write us

This book is to inform you about “The Deep Dark Web”. We hear that it’s a bad place full of crooks and hackers, but it is more a place were you have total anonymity as an online-user and yes there are ugly places in the dark web but it’s a small part of it. What it really is all about it’s freedom of expression, freedom of speech worldwide, supported by “us/we” the users of the network. It’s not controlled by any government, but blocked by a few like Syria, Iran, Ethiopia, China to name a few governments that want to deny their own people free access to information, to speak freely about their grievances and unite to tear down there walls of oppression.

Pierluigi and I (gAtO) share a passion for cyber security we write different blogs Pierluigi has http://securityaffairs.co/wordpress/ and my site is uscyberlabs.com . We also write at other blogs and print media. We did’nt know it at the time but, we were writing cyber history as the 2011- 2012 cyber explosion took off we were at ground zero writing about Stuxnet, HBGrays, the LulzPirates, Anonymous but the Arab Spring was an awaking :

The recent revolution in Egypt that ended the autocratic presidency of Hosni Mubarak was a modern example of successful nonviolent resistance. Social Media technologies provided a useful tool for the young activist to orchestrate this revolution. However the repressive Mubarak regime prosecuted many activists and censored a number of websites. This made their activities precarious, making it necessary for activists to hide their identity on the Internet. The anonymity software Tor was a tool used by some bloggers, journalists and online activists to protect their identity and to practice free speech.

Today we have lot’s of anonymity communication tools I2P, Freenet, Gnunet and Tor to name a few. Why did the TorProject.org Tor-.onion network become the facto application to get free, private, anonymized Internet access. My conclusion is it’s humble beginnings with “Naval Research Project & DARPA (Defense Advanced Research Project Agency) ” sponsored, maybe you heard of DARPA they kinda created the Internet a long time ago. The government wanted to have a communication secure media that would piggy-bak on the establish Internet. From my point of view when they saw how good this worked the government used it to allow it’s agents to quietly use the network for CIA covert operations (just to name a few alphabet soup government agencies that use it). For example a branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

Journalist got a hold of this tool and they too were able to file reports before governments agents censored their interviews and film footage. The EFF (Electronic Frontier Foundation) got a hold of the Tor-networks and promoted it to maintaining civil liberties online. When the common business executive visited a foreign country (like China know to monitor foreigners Internet access) they now had a way to securely connect to their corporate HQ data-center without being monitored and giving away IP (Intellectual Properties). The Tor-Network became to good and the bad guy’s moved in to keep their illegal business safer from the law. The Internet Cyber-criminal has used the claer-web since the start so of course they went over to the Tor-.onion network because it works if you use it right and keeps you anonymous online.

With all this happening and the “Year of the Hack 2011” you can see why security geeks like Pierluigi and I became intrigued with this subject and we teamed up to write this manuscript hoping to answer some of the questions our friends, and peers were asking us about this mysterious hidden world call the deep dark web. We outlined a table of content and started to write about it in our blogs and the story unfolds from here to you. We hope to educate you on how this network works without too much geek talk (ok just a little). We cover the cyber criminals and their ecosystem we cover the financial currency (bitCoins) that is replacing fiat currencies all over the world during this unstable financial times. We tried to cover all the good , the bad and the ugly of the .onion network. We hope it will answer some of your questions but I am sure that more question will come up so feel free to come to our websites and give us a shout and ask your questions about the deep dark web…. – gAtO oUT 


Cyber Militia Models -Offensive

Offensive Cyber Militia Models

Volunteer based non-state actors have played an important part in many international cyber conflicts of the past two decades. In order to better understand this threat I describe three theoretical models for volunteer based offensive cyber militias: the Forum, the Cell and the Hierarchy. The Forum is an ad-hoc cyber militia form that is organized around a central communications platform, where the members share information and tools necessary to carry out cyber attacks against their chosen adversary. The Cell model refers to hacker cells, which engage in politically motivated hacking over extended periods of time. The Hierarchy refers to the traditional hierarchical model, which may be encountered in government sponsored volunteer organizations, as well as in cohesive self-organized non-state actors. For each model, I give an example and describe the model’s attributes, strengths and weaknesses using qualitative analysis. The models are based on expert opinion on different types of cyber militias that have been seen in cyber conflicts. These theoretical models provide a framework for categorizing volunteer based offensive cyber militias of non-trivial size.

1. Introduction

The widespread application of Internet services has given rise to a new contested space, where people with conflicting ideals or values strive to succeed, sometimes by attacking the systems and services of the other side. It is interesting to note that in most public cases of cyber conflict the offensive side is not identified as a state actor, at least not officially. Instead, it often looks like citizens take part in hactivist campaigns or patriotic hacking on their own, volunteering for the cyber front.

Cases like the 2007 cyber attacks against Estonia are a good example where an informal non-state cyber militia has become a threat to national security. In order to understand the threat posed by these volunteer cyber militias I provide three models of how such groups can be organized and analyze the strengths and weaknesses of each.

The three models considered are the Forum, the Cell and the Hierarchy. The models are applicable to groups of non-trivial size, which require internal assignment of responsibilities and authority.

1.1 Methodandlimitations

In this paper I use theoretical qualitative analysis in order to describe the attributes, strengths and weaknesses of three offensively oriented cyber militia models. I have chosen the three plausible models based on what can be observed in recent cyber conflicts. The term model refers to an abstract description of relationships between members of the cyber militia, including command, control and mentoring relationships, as well as the operating principles of the militia.

Note, however, that the description of the models is based on theoretical reasoning and expert opinion. It offers abstract theoretical models in an ideal setting. There may not be a full match to any of them in reality or in the examples provided. It is more likely to see either combinations of different models or models that do not match the description in full. On the other hand, the models should serve as useful frameworks for analyzing volunteer groups in the current and coming cyber conflicts.

In preparing this work, I communicated with and received feedback from a number of recognized experts in the field of cyber conflict research. I wish to thank them all for providing comments on my proposed models: Prof Dorothy Denning (Naval Postgraduate School), Dr Jose Nazario (Arbor Networks), Prof Samuel Liles (Purdue University Calumet), Mr Jeffrey Carr (Greylogic) and Mr Kenneth Geers (Cooperative Cyber Defence Centre of Excellence).

2. The forum

The global spread of the Internet allows people to connect easily and form „cyber tribes“, which can range from benign hobby groups to antagonistic ad-hoc cyber militias. (Williams 2007, Ottis 2008, Carr 2009, Nazario 2009, Denning 2010) In the case of an ad-hoc cyber militia, the Forum unites like- minded people who are “willing and able to use cyber attacks in order to achieve a political goal.“ It serves as a command and control platform where more active members can post motivational materials, attack instructions, attack tools, etc. (Denning 2010)

This particular model, as well as the strengths and weaknesses covered in this section, are based on (Ottis 2010b). A good example of this model in recent cyber conflicts is the stopgeorgia.ru forum during the Russia-Georgia war in 2008 (Carr 2009).

2.1 Attributes

The Forum is an on-line meeting place for people who are interested in a particular subject. I use Forum as a conceptual term referring to the people who interact in the on-line meeting place. The technical implementation of the meeting place could take many different forms: web forum, Internet Relay Chat channel, social network subgroup, etc. It is important that the Forum is accessible over Internet and preferably easy to find. The latter condition is useful for recruiting new members and providing visibility to the agenda of the group.

The Forum mobilizes in response to an event that is important to the members. While there can be a core group of people who remain actively involved over extended periods of time, the membership can be expected to surge in size when the underlying issue becomes “hot“. Basically, the Forum is like a flash mob that performs cyber attacks instead of actions on the streets. As such, the Forum is more ad-hoc than permanent, because it is likely to disband once the underlying event is settled.

The membership of the Forum forms a loose network centered on the communications platform, where few, if any, people know each other in real life and the entire membership is not known to any single person (Ottis 2010b). Most participate anonymously, either providing an alias or by remaining passive on the communication platform. In general, the Forum is an informal group, although specific roles can be assumed by individual members. For example, there could be trainers, malware providers, campaign planners, etc. (Ottis 2010b) Some of the Forum members may also be active in cyber crime. In that case, they can contribute resources such as malware or use of a botnet to the Forum.

The membership is diverse, in terms of skills, resources and location. While there seems to be evidence that a lot of the individuals engaged in such activities are relatively unskilled in cyber attack techniques (Carr 2009), when supplemented with a few more experienced members the group can be much more effective and dangerous (Ottis 2010a).

Since most of the membership remains anonymous and often passive on the communications platform, the leadership roles will be assumed by those who are active in communicating their intent, plans and expertise. (Denning 2010) However, this still does not allow for strong command and control, as each member can decide what, if any, action to take.

2.2 Strengths

One of the most important strengths of a loose network is that it can form very quickly. Following an escalation in the underlying issue, all it takes is a rallying cry on the Internet and within hours or even minutes the volunteers can gather around a communications platform, share attack instructions, pick targets and start performing cyber attacks.

As long as there is no need for tightly controlled operations, in terms of timing, resource use and targeting, there is very little need for management. The network is also easily scalable, as anyone can join and there is no lengthy vetting procedure.

The diversity of the membership means that it is very difficult for the defenders to analyze and counter the attacks. The source addresses are likely distributed globally (black listing will be inefficient) and the different skills and resources ensure heterogeneous attack traffic (no easy patterns). In addition, experienced attackers can use this to conceal precision strikes against critical services and systems.

While it may seem that neutralizing the communications platform (via law enforcement action, cyber attack or otherwise) is an easy way to neutralize the militia, this may not be the case. The militia can easily regroup at a different communications platform in a different jurisdiction. Attacking the Forum directly may actually increase the motivation of the members.

Last, but not least, it is very difficult to attribute these attacks to a state, as they can (seem to) be a true (global) grass roots campaign, even if there is some form of state sponsorship. Some states may take advantage of this fact by allowing such activity to continue in their jurisdiction, blaming legal obstacles or lack of capability for their inactivity. It is also possible for government operatives to “create” a “grass roots” Forum movement in support of the government agenda. (Ottis 2009)

2.3 Weaknesses

A clear weakness of this model is the difficulty to command and control the Forum. Membership is not formalized and often it is even not visible on the communication platform, because passive readers can just take ideas from there and execute the attacks on their own. This uncoordinated approach can seriously hamper the effectiveness of the group as a whole. It may also lead to uncontrolled expansion of conflict, when members unilaterally attack third parties on behalf of the Forum.

A problem with the loose network is that it is often populated with people who do not have experience with cyber attacks. Therefore, their options are limited to primitive manual attacks or preconfigured automated attacks using attack kits or malware. (Ottis 2010a) They are highly reliant on instructions and tools from more experienced members of the Forum.

The Forum is also prone to infiltration, as it must rely on relatively easily accessible communication channels. If the communication point is hidden, the group will have difficulties in recruiting new members. The assumption is, therefore, that the communication point can be easily found by both potential recruits, as well as infiltrators. Since there is no easy way to vet the incoming members, infiltration should be relatively simple.

Another potential weakness of the Forum model is the presumption of anonymity. If the membership can be infiltrated and convinced that their anonymity is not guaranteed, they will be less likely to participate in the cyber militia. Options for achieving this can include “exposing” the “identities” of the infiltrators, arranging meetings in real life, offering tools that have a phone-home functionality to the members, etc. Note that some of these options may be illegal, depending on the circumstances. (Ottis 2010b)

3. The cell

Another model for a volunteer cyber force that has been seen is a hacker cell. In this case, the generic term hacker is used to encompass all manner of people who perform cyber attacks on their own, regardless of their background, motivation and skill level. It includes the hackers, crackers and script kiddies described by Young and Aitel (2004). The hacker cell includes several hackers who commit cyber attacks on a regular basis over extended periods of time. Examples of hacker cells are Team Evil and Team Hell, as described in Carr (2009).

3.1 Attributes

Unlike the Forum, the Cell members are likely to know each other in real life, while remaining anonymous to the outside observer. Since their activities are almost certainly illegal, they need to trust each other. This limits the size of the group and requires a (lengthy) vetting procedure for any new recruits. The vetting procedure can include proof of illegal cyber attacks.

The command and control structure of the Cell can vary from a clear self-determined hierarchy to a flat organization, where members coordinate their actions, but do not give or receive orders. In theory, several Cells can coordinate their actions in a joint campaign, forming a confederation of hacker cells.

The Cells can exist for a long period of time, in response to a long-term problem, such as the Israel- Palestine conflict. The activity of such a Cell ebbs and flows in accordance with the intensity of the underlying conflict. The Cell may even disband for a period of time, only to reform once the situation intensifies again.

Since hacking is a hobby (potentially a profession) for the members, they are experienced with the use of cyber attacks. One of the more visible types of attacks that can be expected from a Cell is the website defacement. Defacement refers to the illegal modification of website content, which often includes a message from the attacker, as well as the attacker’s affiliation. The Zone-H web archive lists thousands of examples of such activity, as reported by the attackers. Many of the attacks are clearly politically motivated and identify the Cell that is responsible.

Some members of the Cell may be involved with cyber crime. For example, the development, dissemination, maintenance and use of botnets for criminal purposes. These resources can be used for politically motivated cyber attacks on behalf of the Cell.

3.2 Strengths

A benefit of the Cell model is that it can mobilize very quickly, as the actors presumably already have each other’s contact information. In principle, the Cell can mobilize within minutes, although it likely takes hours or days to complete the process.

A Cell is quite resistant to infiltration, because the members can be expected to establish their hacker credentials before being allowed to join. This process may include proof of illegal attacks.

Since the membership can be expected to be experienced in cyber attack techniques, the Cell can be quite effective against unhardened targets. However, hardened targets may or may not be within the reach of the Cell, depending on their specialty and experience. Prior hacking experience also allows them to cover their tracks better, should they wish to do so.

3.3 Weaknesses

While a Cell model is more resistant to countermeasures than the Forum model, it does offer potential weaknesses to exploit. The first opportunity for exploitation is the hacker’s ego. Many of the more visible attacks, including defacements, leave behind the alias or affiliation of the attacker, in order to claim the bragging rights. (Carr 2009) This seems to indicate that they are quite confident in their skills and proud of their achievements. As such, they are potentially vulnerable to personal attacks, such as taunting or ridiculing in public. Stripping the anonymity of the Cell may also work, as at least some members could lose their job and face law enforcement action in their jurisdiction. (Carr 2009) As described by Ottis (2010b), it is probably not necessary to actually identify all the members of the Cell. Even if the identity of a few of them is revealed or if the corresponding perception can be created among the membership, the trust relationship will be broken and the effectiveness of the group will decrease.

Prior hacking experience also provides a potential weakness. It is more likely that the law enforcement know the identity of a hacker, especially if he or she continues to use the same affiliation or hacker alias. While there may not be enough evidence or damage or legal base for law enforcement action in response to their criminal attacks, the politically motivated attacks may provide a different set of rules for the local law enforcement.

The last problem with the Cell model is scalability. There are only so many skilled hackers who are willing to participate in a politically motivated cyber attack. While this number may still overwhelm a small target, it is unlikely to have a strong effect on a large state.

4. The hierarchy

The third option for organizing a volunteer force is to adopt a traditional hierarchical structure. This approach is more suitable for government sponsored groups or other cohesive groups that can agree to a clear chain of command. For example, the People’s Liberation Army of China is known to include militia type units in their IW battalions. (Krekel 2009) The model can be divided into two generic sub- models: anonymous and identified membership.

4.1 Attributes

The Hierarchy model is similar in concept to military units, where a unit commander exercises power over a limited number of sub-units. The number of command levels depends on the overall size of the organization.

Each sub-unit can specialize on some specific task or role. For example, the list of sub-unit roles can include reconnaissance, infiltration/breaching, exploitation, malware/exploit development and training. Depending on the need, there can be multiple sub-units with the same role. Consider the analogy of an infantry battalion, which may include a number of infantry companies, anti-tank and mortar platoons, a reconnaissance platoon, as well as various support units (communications, logistics), etc. This specialization and role assignment allows the militia unit to conduct a complete offensive cyber operation from start to finish.

A Hierarchy model is the most likely option for a state sponsored entity, since it offers a more formalized and understandable structure, as well as relatively strong command and control ability. The control ability is important, as the actions of a state sponsored militia are by definition attributable to the state.

However, a Hierarchy model is not an automatic indication of state sponsorship. Any group that is cohesive enough to determine a command structure amongst them can adopt a hierarchical structure. This is very evident in Massively Multiplayer Online Games (MMOG), such as World of Warcraft or EVE Online, where players often form hierarchical groups (guilds, corporations, etc.) in order to achieve a common goal. The same approach is possible for a cyber militia as well. In fact, Williams (2007) suggests that gaming communities can be a good recruiting ground for a cyber militia.

While the state sponsored militia can be expected to have identified membership (still, it may be anonymous to the outside observer) due to control reasons, a non-state militia can consist of anonymous members that are only identified by their screen names.

4.2 Strengths

The obvious strength of a hierarchical militia is the potential for efficient command and control. The command team can divide the operational responsibilities to specialized sub-units and make sure that their actions are coordinated. However, this strength may be wasted by incompetent leadership or other factors, such as overly restrictive operating procedures.

A hierarchical militia may exist for a long time even without ongoing conflict. During “peacetime“, the militia’s capabilities can be improved with recruitment and training. This degree of formalized preparation with no immediate action in sight is something that can set the hierarchy apart from the Forum and the Cell.

If the militia is state sponsored, then it can enjoy state funding, infrastructure, as well as cooperation from other state entities, such as law enforcement or intelligence community. This would allow the militia to concentrate on training and operations.

4.3 Weaknesses

A potential issue with the Hierarchy model is scalability. Since this approach requires some sort of vetting or background checks before admitting a new member, it may be time consuming and therefore slow down the growth of the organization.

Another potential issue with the Hierarchy model is that by design there are key persons in the hierarchy. Those persons can be targeted by various means to ensure that they will not be effective or available during a designated period, thus diminishing the overall effectiveness of the militia. A hierarchical militia may also have issues with leadership if several people contend for prestigious positions. This potential rift in the cohesion of the unit can potentially be exploited by infiltrator agents.

Any activities attributed to the state sponsored militia can further be attributed to the state. This puts heavy restrictions on the use of cyber militia “during peacetime“, as the legal framework surrounding state use of cyber attacks is currently unclear. However, in a conflict scenario, the state attribution is likely not a problem, because the state is party to the conflict anyway. This means that a state sponsored offensive cyber militia is primarily useful as a defensive capability between conflicts. Only during conflict can it be used in its offensive role.

While a state sponsored cyber militia may be more difficult (but not impossible) to infiltrate, they are vulnerable to public information campaigns, which may lead to low public and political support, decreased funding and even official disbanding of the militia. On the other hand, if the militia is not state sponsored, then it is prone to infiltration and internal information operations similar to the one considered at the Forum model.

Of the three models, the hierarchy probably takes the longest to establish, as the chain of command and role assignments get settled. During this process, which could take days, months or even years, the militia is relatively inefficient and likely not able to perform any complex operations.

5. Comparison

When analyzing the three models, it quickly becomes apparent that there are some aspects that are similar to all of them. First, they are not constrained by location. While the Forum and the Cell are by default dispersed, even a state sponsored hierarchical militia can operate from different locations.

Second, since they are organizations consisting of humans, then one of the more potent ways to neutralize cyber militias is through information operations, such as persuading them that their identities have become known to the law enforcement, etc.

Third, all three models benefit from a certain level of anonymity. However, this also makes them susceptible for infiltration, as it is difficult to verify the credentials and intent of a new member.

On the other hand, there are differences as well. Only one model lends itself well to state sponsored entities (hierarchy), although, in principle, it is possible to use all three approaches to bolster the state’s cyber power.

The requirement for formalized chain of command and division of responsibilities means that the initial mobilization of the Hierarchy can be expected to take much longer than the more ad-hoc Forum or Cell. In case of short conflicts, this puts the Hierarchy model at a disadvantage.

Then again, the Hierarchy model is more likely to adopt a “peace time” mission of training and recruitment in addition to the “conflict” mission, while the other two options are more likely to be mobilized only in time of conflict. This can offset the slow initial formation limitation of the Hierarchy, if the Hierarchy is established well before the conflict.

While the Forum can rely on their numbers and use relatively primitive attacks, the Cell is capable of more sophisticated attacks due to their experience. The cyber attack capabilities of the Hierarchy, however, can range from trivial to complex.

It is important to note that the three options covered here can be combined in many ways, depending on the underlying circumstances and the personalities involved.


Politically motivated cyber attacks are becoming more frequent every year. In most cases the cyber conflicts include offensive non-state actors (spontaneously) formed from volunteers. Therefore, it is important to study these groups.

I have provided a theoretical way to categorize non-trivial cyber militias based on their organization. The three theoretical models are: the Forum, the Cell and the Hierarchy. In reality, it is unlikely to see a pure form of any of these, as different groups can include aspects of several models. However, the strengths and weaknesses identified should serve as useful guides to dealing with the cyber militia threat.

Disclaimer: The opinions expressed here should not be interpreted as the official policy of the Cooperative Cyber Defence Centre of Excellence or the North Atlantic Treaty Organization.


Carr, J. (2009) Inside Cyber Warfare. Sebastopol: O’Reilly Media.
Denning, D. E. (2010) “Cyber Conflict as an Emergent Social Phenomenon.” In Holt, T. & Schell, B. (Eds.)

Corporate Hacking and Technology-Driven Crime: Social Dynamics and Implications. IGI Global, pp 170-

Krekel, B., DeWeese, S., Bakos, G., Barnett, C. (2009) Capability of the People’s Republic of China to Conduct

Cyber Warfare and Computer Network Exploitation. Report for the US-China Economic and Security

Review Commission.
Nazario, J. (2009) “Politically Motivated Denial of Service Attacks.” In Czosseck, C. & Geers, K. (Eds.) The Virtual

Battlefield: Perspectives on Cyber Warfare. Amsterdam: IOS Press, pp 163-181.

Ottis, R. (2008) “Analysis of the 2007 Cyber Attacks Against Estonia from the Information Warfare Perspective.” In Proceedings of the 7th European Conference on Information Warfare and Security. Reading: Academic Publishing Limited, pp 163-168.

Ottis, R. (2009) ”Theoretical Model for Creating a Nation-State Level Offensive Cyber Capability.” In Proceedings of the 8th European Conference on Information Warfare and Security. Reading: Academic Publishing Limited, pp 177-182.

Ottis, R. (2010a) “From Pitch Forks to Laptops: Volunteers in Cyber Conflicts.” In Czosseck, C. and Podins, K. (Eds.) Conference on Cyber Conflict. Proceedings 2010. Tallinn: CCD COE Publications, pp 97-109.
Ottis, R. (2010b) “Proactive Defence Tactics Against On-Line Cyber Militia.” In Proceedings of the 9th European

Conference on Information Warfare and Security. Reading: Academic Publishing Limited, pp 233-237. Williams, G., Arreymbi, J. (2007) Is Cyber Tribalism Winning Online Information Warfare? In Proceedings of

ISSE/SECURE 2007 Securing Electronic Business Processes. Wiesbaden: Vieweg. On-line:


Young, S., Aitel, D. (2004) The Hacker’s Handbook. The Strategy behind Breaking into and Defending Networks. Boca Raton: Auerbach.

Keywords: cyber conflict, cyber militia, cyber attack, patriotic hacking, on-line communities

Rain Ottis
Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia 


Cyber Security Sucks

gAtO rEaD –People have been working on computer system security for at least 30 years. During this time there have been many intellectual successes. Notable among them are the subject/object access matrix model, access control lists, multilevel security using information flow and the star-property, public key cryptography, and cryptographic protocols. In spite of these successes, it seems fair to say that in an absolute sense, the security of the hundreds of millions of deployed computer systems is terrible:

a determined and competent attacker could destroy most of the information on almost any of these systems, or steal it from any system that is connected to a network. Even worse, the attacker could do this to millions of systems at once.

How much harm is actually being done by attacks on these insecure systems…;)  mEoW mEoW

There is no accurate data about the cost of failures in computer security. On the one hand, most of them are never made public for fear of embarrassment. On the other, when a public incident does occur, the security experts and vendors of antivirus software that talk to the media have every incentive to greatly exaggerate its costs. But money talks. Many vendors of security have learned to their regret that although people complain about inadequate security, they won’t spend much money, sacrifice many features, or put up with much inconvenience in order to improve it. This strongly suggests that bad security is not really costing them much.

Of course, computer security is not just about computer systems. We don’t have “real” security that guarantees to stop bad things from happening, and the main reason is that people don’t buy it. They don’t buy it because the danger is small, and because security is a pain.

  • Since the danger is small, people prefer to buy features. A secure system has fewer features because it has to be implemented correctly. This means that it takes more time to build, so naturally it lacks the latest features.
  • Security is a pain because it stops you from doing things, and you have to do work to authenticate yourself and to set it up.
    A secondary reason we don’t have “real” security is that systems are complicated, and therefore both the code and the setup have bugs that an attacker can exploit. This is the reason that gets all the attention, but it is not the heart of the problem.
    Will things get better?
  • Certainly if there are some major security catastrophes, buyers will change their priorities and systems will become more secure. Short of that, the best we can do is to drastically simplify the parts of systems that have to do with security:

– gAtO oUt 


Cyber Crime Units Around The Globe

Cyber Crime Units Around The Globe

Chile PDI




Computer Crime & Intellectual Property Section
United States Department of Justice


Welcome to the Belgian online reporting service




European Network and Information Security Agencies

Interpol – CyberCrime

Ireland’s National Police Force

Iran Cyber Police

Italy Police

Lithuanian Criminal Police Bureau is a specialized police agency


Portugal BICI


Police in Sweden




Hong Kong Police Force

India Central Bureau of Investigation

Royal Thai Police

Japan Cyber Unit

Korea CTRC

Pakistan Police

Philippine Criminal Investigation Group

Australia Federal Police

NASA Office of Inspector General


US -Monitors Social Media


Social Media Web Sites Monitored by the NOC 

This is a representative list of sites that the NOC will start to monitor in order to provide situational awareness and establish a common operating picture under this Initiative. Initial sites listed may link to other sites not listed. The NOC may also monitor those sites if they are within the scope of this Initiative. Tool  Link  User/Password Required 
General Search 
Collecta http://collecta.com No
RSSOwl http://www.rssowl.org/ No
Social Mention http://socialmention.com/ No
Spy http://www.spy.appspot.com No
Who’s Talkin http://www.whostalkin.com/ No
Shrook RSS reader http://www.utsire.com/shrook/ No
Hulu http://www.hulu.com No
iReport.com http://www.ireport.com/ No
Live Leak http://www.liveleak.com/ No
Magma http://mag.ma/ No
Time Tube http://www.dipity.com/mashups/timetube No
Vimeo http://www.vimeo.com No
Youtube http://www.youtube.com No
MySpace Video http://vids.myspace.com/ No
Global Incident Map http://globalincidentmap.com/ No
Google Flu Trends http://www.google.org/flutrends/ No
Health Map http://www.healthmap.org/en No
IBISEYE http://www.ibiseye.com/ No
Stormpulse http://www.stormpulse.com/ No
Trends Map http://www.trendsmap.com No
Flickr http://www.flickr.com/ No
Picfog http://picfog.com/ No
Twicsy http://www.twicsy.com No
Twitcaps http://www.twitcaps.com No
Twitter/API http://www.twitter.com Yes
Twitter Search 
Monitter http://www.monitter.com/ No
Twazzup http://www.twazzup.com No
Tweefind http://www.tweefind.com/ No
Tweetgrid http://tweetgrid.com/ No
Tweetzi http://tweetzi.com/ No
Twitter Search http://search.twitter.com/advanced No
Twitter Trends 
Newspapers on Twitter http://www.newspapersontwitter.com/ No
Radio on Twitter http://www.radioontwitter.com/ No
Trendistic http://trendistic.com/ No
Trendrr http://www.trendrr.com/ No
TV on Twitter http://www.tvontwitter.com/ No
Tweet Meme http://tweetmeme.com/ No
TweetStats http://tweetstats.com/ No
Twellow http://www.twellow.com/ No
Twendz http://twendz.waggeneredstrom.com/ No
Twitoaster http://twitoaster.com/ No
Twitscoop http://www.twitscoop.com/ No
Twitturly http://twitturly.com/ No
We Follow http://wefollow.com/ No
It’s Trending http://www.itstrending.com/news/ No
Facebook http://www.facebook.com Yes
MySpace  http://www.myspace.com Yes
MySpace (limited search) http://www.myspace.com No
Blogs Aggs 
ABCNews Blotter http://abcnews.go.com/Blotter/ No
al Sahwa http://al-sahwa.blogspot.com/ No
AllAfrica http://allafrica.com/ No
Avian Flu Diary http://afludiary.blogspot.com/ No
BNOnews http://www.bnonews.com/ No
Borderfire http://www.borderfirereport.net/ No
Borderland Beat http://www.borderlandbeat.com/ No
Brickhouse Security http://blog.brickhousesecurity.com/ No
Chem.Info http://www.chem.info/default.aspx No
Chemical Facility Security News http://chemical-facility-security-news.blogspot.com/ No
ComputerWorld Cybercrime Topic Center http://www.computerworld.com/s/topic/82/Cybercrime+and+Hacking No
Counter-Terrorism Blog http://www.counterterrorismblog.com/ No
Crisisblogger http://crisisblogger.wordpress.com/ No
Cryptome http://cryptome.org/ No
Danger Room http://www.wired.com/dangerroom/ No
Drudge Report http://drudgereport.com/ No
El Blog Del Narco http://elblogdelnarco.blogspot.com/ No
Emergency Management Magazine http://www.emergencymgmt.com No
Foreign Policy Passport http://blog.foreignpolicy.com/ No
Global Security Newswire http://gsn.nti.org/gsn/ No
Global Terror Alert http://www.globalterroralert.com/ No
Global Voices Network http://globalvoicesonline.org/-/world/americas/haiti/ No
Google Blog Search http://blogsearch.google.com No
Guerra Contra El Narco http://guerracontraelnarco.blogspot.com/ No
H5N1 Blog http://crofsblogs.typepad.com/h5n1/ No
Homeland Security Today http://www.hstoday.us/ No
Homeland Security Watch http://www.hlswatch.com/ No
Huffington Post http://huffingtonpost.com/ No
Hurricane Information Center http://gustav08.ning.com/ No
HurricaneTrack http://www.hurricanetrack.com/ No
InciWeb http://www.inciweb.org/ No
Informed Comment http://www.juancole.com/ No
Jihad Watch http://www.jihadwatch.org/ No
Krebs on Security http://krebsonsecurity.com/ No
LA Now http://latimesblogs.latimes.com/lanow/ No
LA Wildfires Blog http://latimesblogs.latimes.com/lanow/wildfires/ No
Livesay Haiti Blog http://livesayhaiti.blogspot.com/ No
LongWarJournal http://www.longwarjournal.org/ No
Malware Intelligence Blog http://malwareint.blogspot.com/ No
MEMRI http://www.memri.org/ No
MexiData.info http://mexidata.info/ No
MS-13 News and Analysis http://msthirteen.com/ No
Narcotrafico en Mexico http://narcotraficoenmexico.blogspot.com/ No
National Defense Magazine http://www.nationaldefensemagazine.org No
National Terror Alert http://www.nationalterroralert.com/ No
NEFA Foundation http://www.nefafoundation.org/ No
Newsweek Blogs http://blog.newsweek.com/ No
Nuclear Street http://nuclearstreet.com/blogs/ No
NYTimes Lede Blog http://thelede.blogs.nytimes.com/ No
Plowshares Fund http://www.ploughshares.org/news-analysis/blog No
Popular Science Blogs http://www.popsci.com/ No
Port Strategy http://www.portstrategy.com/ No
Public Intelligence http://publicintelligence.net/ No
ReliefWeb http://www.reliefweb.int No
RigZone http://www.rigzone.com/ No
Science Daily http://www.sciencedaily.com/ No
STRATFOR http://www.stratfor.com/ No
Technorati http://technorati.com/ No
Terror Finance Blog http://www.terrorfinance.org/the_terror_finance_blog/ No
The Latin Americanist http://ourlatinamerica.blogspot.com/ No
Threat Level http://www.wired.com/threatlevel/ No
Threat Matrix http://www.longwarjournal.org/threat-matrix/ No
Tickle the Wire http://www.ticklethewire.com/ No
Tribuna Regional http://latribunaregional.blogspot.com/ No
TruckingInfo.com http://www.truckinginfo.com/news/index.asp No
United Nations IRIN http://www.irinnews.org/ No
Ushahidi Haiti http://haiti.ushahidi.org/ No
War on Terrorism http://terrorism-online.blogspot.com/ No
WikiLeaks http://wikileaks.org/ No
WireUpdate http://wireupdate.com/ No

The Office of Operations Coordination and Planning (OPS), National Operations Center (NOC), will launch and lead the Publicly Available Social Media Monitoring and Situational Awareness (Initiative) to assist the Department of Homeland Security (DHS) and its components involved in fulfilling OPS statutory responsibility (Section 515 of the Homeland Security Act (6 U.S.C. § 321d(b)(1)) to provide situational awareness and establish a common operating picture for the federal government, and for those state, local, and tribal governments, as appropriate. The NOC and participating components1 may also share this de-identified information with international partners and the private sector where necessary and appropriate for coordination. While this Initiative is not designed to actively collect Personally Identifiable Information (PII), OPS is conducting this update to the Privacy Impact Assessment (PIA) because this initiative may now collect and disseminate PII for certain narrowly tailored categories. For example, in the event of an in extremis situation involving potential life and death, OPS will share certain PII with the responding authority in order for them to take the necessary actions to save a life, such as name and location of a person calling for help buried under rubble, or hiding in a hotel room when the hotel is under attack by terrorists. In the event PII comes into the Department’s possession under circumstances other than those itemized herein, the NOC will redact all PII prior to further dissemination of any collected information. – gAtO oUt

Reference: http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_ops_publiclyavailablesocialmedia_update.pdf

1.2 What are the sources of the information in the system? 

Members of the public as well as first responders, press, volunteers, and others provide publicly-available information on social medial sites including online forums, blogs, public websites, and message boards. OPS is permitted to establish user names and passwords to form profiles on social media sites listed in Appendix A and to use search tools under established criteria and search terms such as those listed in Appendix B for monitoring that supports providing situational awareness and establishing a common operating picture.

1.3 Why is the information being collected, used, disseminated, or maintained? 

The NOC will identify, use, disseminate, and maintain this information to comply with its statutory mandate to provide situational awareness and establish a common operating picture for the entire federal government, and for state, local, and tribal governments as appropriate and to ensure that this information reaches government decision makers. The aggregation of data published via social media sites should make it possible for the NOC to provide more accurate situational awareness, a more complete common operating picture, and more timely information for decision makers.

1.4 How is the information collected? 

The NOC will identify information directly from third-party social media services. The NOC will access and collect information from various informational streams and postings that the NOC, as well as the broader public, view and monitor. See Appendix A for a list of the types of sites that may be viewed for information. See Appendix B for the types of search terms used in social media monitoring.

1.5 How will the information be checked for accuracy? 

The NOC will identify information from third-party social media services submitted voluntarily by members of the public and compares that information with information available in open source reporting and through a variety of public and government sources. By bringing together and comparing many different sources of information, the NOC will attempt to provide a more accurate picture of contemporaneous activities.

1.6 What specific legal authorities, arrangements, and/or agreements defined the collection of information? 

Congress requires the NOC “to provide situational awareness and establish a common operating picture for the entire federal government and for state, local, and tribal governments as appropriate, in the event of a natural disaster, act of terrorism, or other manmade disaster; and ensure that critical terrorism and disaster-related information reaches government decision-makers.” Section 515 of the Homeland Security Act (6 U.S.C. § 321d(b)(1)). While the NOC may receive PII, PII is not actively collected. Much of the data within this system does not pertain to an individual; rather, the information pertains to locations, geographic areas, facilities, and other things or objects not related to individuals. However, some personal information may be captured. Most information is stored as free text and any word, phrase, or number is searchable.

1.7 Privacy Impact Analysis: Given the amount and type of data Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 6

collected, discuss the privacy risks identified and how they were mitigated. 

There is a risk that the NOC will receive PII or other identifiable information that is not relevant to this Initiative. The NOC has a clear policy in place that any PII incidentally received outside the scope of the discrete set of categories discussed above will be redacted immediately. Also, under this initiative OPS will not: 1) actively seek PII; 2) post any information; 3) actively seek to connect with other internal/external personal users; 4) accept other internal/external personal users’ invitations to connect; and 5) interact on social media sites. Information collected to provide situational awareness and establish a common operating picture originates from publicly available social media sites and is available to the public.

Section 2.0 Uses of the Information 

The following questions are intended to delineate clearly the use of information and the accuracy of the data being used.

2.1 Describe all the uses of information. 

The NOC will use Internet-based platforms that provide a variety of ways to follow activities by monitoring publicly-available online forums, blogs, public websites, and message boards. Through the use of publicly-available search engines and content aggregators, the NOC will continuously monitor activities on social media sites, such as those listed in Appendix A, using search terms, such as those listed in Appendix B, for information. The NOC will gather, store, analyze, and disseminate relevant and appropriate information to federal, state, local, and foreign governments, and private sector partners requiring and authorized to receive situational awareness and a common operating picture.

2.2 What types of tools are used to analyze data and what type of data may be produced? 

NOC analysts will be responsible for monitoring and evaluating information provided on social media sites and will use tools offered by third-party social media sites to aid them in this overall effort. The final analysis will be used to provide situational awareness and establish a common operating picture.

2.3 If the system uses commercial or publicly available data please explain why and how it is used. 

Publicly-available, user-generated data can be useful to decision-makers as it provides “on-the-ground” information to help corroborate information received through official sources.

2.4 Privacy Impact Analysis: Describe any types of controls that may be in place to ensure that information is handled in accordance with the above described uses. 

The risk is that PII will be sent to the NOC unintentionally. This has been mitigated by the clear policy that PII, outside the scope of the discreet set of categories discussed above, inadvertently collected shall be redacted immediately before further use and sharing. The Department is providing notice of all uses of information under this Initiative through this PIA. The NOC will not actively collect or use any PII Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 7

outside the scope of the discreet set of categories discussed above.

Section 3.0 Retention 

The following questions are intended to outline how long information will be retained after the initial collection.

3.1 What information is retained? 

The NOC will retain only user-generated information posted to publicly-available online social media sites. Information posted in the public sphere that the Department uses to provide situational awareness or establish a common operating picture becomes a federal record and the Department is required to maintain a copy.

3.2 How long is information retained? 

The NOC will retain information for no more than 5 years to provide situational awareness and establish a common operating picture. This five-year retention schedule is based on the operational needs of the Department.

3.3 Has the retention schedule been approved by the component records officer and the National Archives and Records Administration (NARA)? 


3.4 Privacy Impact Analysis: Please discuss the risks associated with the length of time data is retained and how those risks are mitigated. 

The risk associated with retention of information is that PII will be retained when it is not necessary and that the information will be kept longer than is necessary. The NOC has mitigated this risk by redacting PII outside the scope of the discreet set of categories discussed above that it inadvertently collects and is working with NARA on a retention schedule to immediately delete PII, upon the approval of this schedule by NARA, as well as to maintain records necessary for further use by the Department.

Section 4.0 Internal Sharing and Disclosure 

The following questions are intended to define the scope of sharing within the Department of Homeland Security.

4.1 With which internal organization(s) is the information shared, what information is shared and for what purpose? Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 8

Information will be shared within the NOC and with government leadership who have a need to know. The NOC is sharing this information for the statutorily mandated purpose of providing situational awareness and establishing a common operating picture.

4.2 How is the information transmitted or disclosed? 

Information will be transmitted via email and telephone and by other electronic and paper means within the NOC and to government leadership where necessary and appropriate. PII will not actively be collected outside the scope of the discreet set of categories discussed above. However, if PII is inadvertently pushed to the NOC, it will be redacted by the NOC before information is shared. The remaining data is analyzed and prepared for reporting.

4.3 Privacy Impact Analysis: Considering the extent of internal information sharing, discuss the privacy risks associated with the sharing and how they were mitigated. 

The risk associated with sharing this information is that PII will be inadvertently collected and shared. The NOC has mitigated this risk by establishing effective policies to avoid collection of PII outside the scope of the discreet set of categories discussed above and to redact it if collected inappropriately. The NOC will only monitor publicly accessible sites where users post information voluntarily.

Section 5.0 External Sharing and Disclosure 

The following questions are intended to define the content, scope, and authority for information sharing external to DHS which includes federal, state and local government, and the private sector.

5.1 With which external organization(s) is the information shared, what information is shared, and for what purpose? 

The NOC will use this Initiative to fulfill its statutory responsibility to provide situational awareness and establish a common operating picture for the entire federal government, and for state, local, and tribal governments as appropriate, and to ensure that critical disaster-related information reaches government decision makers. Information may also be shared with private sector and international partners where necessary, appropriate, and authorized by law.

5.2 Is the sharing of personally identifiable information outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of DHS. 

PII will not actively be collected. However, if pushed to the NOC and outside the scope of the discreet set of categories discussed above, the PII will be redacted. Any sharing will be compatible with DHS/OPS – 003 Operations Collection, Planning, Coordination, Reporting, Analysis, and Fusion SORN (75 Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 9

FR 69689, published November 15, 2010) and the newly published Department of Homeland Security Office of Operations Coordination and Planning – 004 Publicly Available Social Media Monitoring and Situational Awareness Initiative System of Records. Information is only collected to provide situational awareness and to establish a common operating picture.

5.3 How is the information shared outside the Department and what security measures safeguard its transmission? 

Information will be shared by phone, email, and other paper and electronic means.

5.4 Privacy Impact Analysis: Given the external sharing, explain the privacy risks identified and describe how they were mitigated. 

External sharing risks are minimal as the Initiative will only share PII on a narrowly-tailored category of individuals; only information collected to provide situational awareness and to establish a common operating picture is shared. Any sharing will be compatible with DHS/OPS – 003 Operations Collection, Planning, Coordination, Reporting, Analysis, and Fusion SORN (75 FR 69689, published November 15, 2010). Further, as part of the PCR, DHS has decided to publish DHS/OPS-004 Publicly Available Social Media Monitoring and Situational Awareness Initiative System of Records to provide additional transparency.

Section 6.0 Notice 

The following questions are directed at notice to the individual of the scope of information collected, the right to consent to uses of said information, and the right to decline to provide information.

6.1 Was notice provided to the individual prior to collection of information? 

Yes, notice is provided through this PIA and through DHS/OPS – 003 Operations Collection, Planning, Coordination, Reporting, Analysis, and Fusion SORN (75 FR 69689, published November 15, 2010), and the newly published Department of Homeland Security Office of Operations Coordination and Planning – 004 Publicly Available Social Media Monitoring and Situational Awareness Initiative System of Records

6.2 Do individuals have the opportunity and/or right to decline to provide information? 

Information posted to social media websites is publicly accessible and voluntarily generated. Thus, the opportunity not to provide information exists prior to the informational post by the user.

6.3 Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right? 

Individuals voluntarily post information on social media sites and have the ability to restrict access to their posts as they see fit. Any information posted publicly can be used by the NOC in providing situational awareness and establishing a common operating picture. Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 10

6.4 Privacy Impact Analysis: Describe how notice is provided to individuals, and how the risks associated with individuals being unaware of the collection are mitigated. 

There is no requirement to provide notice to individuals under the framework applied under this Initiative. Information posted to social media approved for monitoring under this Initiative is publicly accessible and voluntarily generated.

Section 7.0 Access, Redress and Correction 

The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.

7.1 What are the procedures that allow individuals to gain access to their information? 

Social media are public websites. All users have access to their own information through their user accounts. Individuals should consult the privacy policies of the services they subscribe to for more information.

For those included in the limited category of individuals upon whom PII may be collected who are seeking access to any record containing information that is part of a DHS system of records, or seeking to contest the accuracy of its content, they may submit a Freedom of Information Act (FOIA) or Privacy Act (PA) request to DHS. Given the nature of some of the information in the SWO and NOC Tracker Logs (sensitive law enforcement or intelligence information), DHS may not always permit the individual to gain access to or request amendment of his or her record. However, requests processed under the PA will also be processed under FOIA; requesters will always be given the benefit of the statute with the more liberal release requirements. The FOIA does not grant an absolute right to examine government documents; the FOIA establishes the right to request records and to receive a response to the request. Instructions for filing a FOIA or PA request are available at: http://www.dhs.gov/xfoia/editorial_0316.shtm.

The FOIA/PA request must contain the following information: Full Name, current address, date and place of birth, telephone number, and email address (optional). Privacy Act requesters must either provide a notarized and signed request or sign the request pursuant to penalty of perjury, 28 U.S.C. §1746. Please refer to the DHS FOIA web site for more information at www.dhs.gov/foia.

7.2 What are the procedures for correcting inaccurate or erroneous information? 

See above.

7.3 How are individuals notified of the procedures for correcting their information? 

Individuals are notified through this PIA, DHS/OPS-003 and DHS/OPS-004. Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 11

7.4 If no formal redress is provided, what alternatives are available to the individual? 

There is no specified procedure for correcting information to DHS; if there were, it relates to a social media-provided process and not a DHS process. Individuals may change their PII as well as the accessibility of their content posts at any time they wish through their user account management tools on the social media sites. Individuals should consult the privacy policies of the services to which they subscribe for more information.

7.5 Privacy Impact Analysis: Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated. 

The information available on social networking websites is largely user-generated, which means that the individual chooses the amount of information available about himself/herself as well as the ease with which it can be accessed by other users. Thus, the primary account holder should be able to redress any concerns through the third-party social media service. Individuals should consult the privacy policies of the services they subscribe to for more information.

Section 8.0 Technical Access and Security 

The following questions are intended to describe technical safeguards and security measures.

8.1 What procedures are in place to determine which users may access the system and are they documented? 

All NOC Media Monitoring analysts have access to media feed aggregation tools and sites which are publicly available. The analysts also have access to the MMC application which is only accessible via a physical connection to an isolated private network established at the NOC Media Monitoring Watch room. In addition to the physical security, the program requires an assigned username and password for access. The system cannot be remotely accessed.

8.2 Will Department contractors have access to the system? 

Yes, as it is required in the performance of their contractual duties at DHS. However, access to the MMC application is limited to NOC authorized analysts who are physically present at the NOC Media Monitoring Watch desk.

8.3 Describe what privacy training is provided to users either generally or specifically relevant to the program or system? 

All DHS employees and contractors are required to take annual privacy training. In addition, media monitoring analysts get specific PII training.

8.4 Has Certification & Accreditation been completed for the system or systems supporting the program? Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 12

No. Tools and sites being used for information collection are publicly available, third-party services. Any certification & accreditation has not been completed for MMC application since the system is housed on non-government furnished equipment on an isolated private network.

8.5 What auditing measures and technical safeguards are in place to prevent misuse of data? 

This PIA will be reviewed every six months to ensure compliance. This will be done in conjunction with a Privacy Office-led PCR of the Initiative and of OPS social media monitoring internet based platforms and information technology infrastructure.

As recommended by the Privacy Office, efforts are underway to implement auditing at the router level for all outbound http(s) traffic and generate audit reports which will be available for each compliance review and upon request. Also, information on sources used to generate all reports can be provided for review by Privacy officials. The MMC application server resides on a secure, firewalled, isolated private network that does not allow inbound access or connection.

8.6 Privacy Impact Analysis: Given the sensitivity and scope of the information collected, as well as any information sharing conducted on the system, what privacy risks were identified and how do the security controls mitigate them? 

Media feed aggregation tools/sites are publicly-available, third-party services. Information is collected by the service itself to establish an account. Thereafter, users determine their level of involvement and decide how “visible” they wish their presence on any given service to be. The ability to choose how much information to disclose, as well as the short period of retention for any information collected by the NOC serves to mitigate any privacy risk.

The only PII collected is of a very limited scope within the discreet set of categories discussed above. However, even that limited amount is secure. NOC does not retain any raw material reviewed during the collection phase. All data entered into the MMC application is carefully reviewed to ensure compliance with the guidelines provided in this PIA. The MMC application is not designed to share information by any means other than sending reports to a pre-approved, predetermined distribution list. The only way to access data in the application is for an authorized user physically connected to a contained system to pull out data, create a separate file and then share that file. Because the system cannot be accessed remotely, and the collected PII is very limited, privacy compromise risks are low.

Section 9.0 Technology 

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics and other technology.

9.1 What type of project is the program or system? 

Third-parties control and operate social media services. Users should consult with representatives of the service provider in order to make themselves aware of technologies utilized by the system.

9.2 What stage of development is the system in and what project Privacy Impact Assessment Office of Operations Coordination and Planning Publicly Available Social Media Monitoring and Situational Awareness Initiative Update Page 13

development lifecycle was used? 

Social media is active at all times and is third-party owned and operated.

9.3 Does the project employ technology which may raise privacy concerns? If so please discuss their implementation. 

Individuals should consult the privacy policies of the services they subscribe to for more information.

Responsible Officials 

Donald Triner

Director (Acting), National Operations Center

Office of Operations Coordination and Planning

Department of Homeland Security