| Submit your comments on this article |
| Home Front: WoT |
| Pre-9/11 phone records help NSA detect patterns |
| 2006-05-23 |
| Armed with details of billions of telephone calls, the National Security Agency used phone records linked to the Sept. 11, 2001 attacks to create a template of how phone activity among terrorists looks, say current and former intelligence officials who were briefed about the program. The template, the officials say, was created from a secret database of phone call records collected by the spy agency. It has been used since 9/11 to identify calling patterns that indicate possible terrorist activity. Among the patterns examined: flurries of calls to U.S. numbers placed immediately after the domestic caller received a call from Pakistan or Afghanistan, the sources say. USA TODAY disclosed this month that the NSA secretly collected call records of tens of millions of Americans with the help of three companies: AT&T, Verizon and BellSouth. The call records include information on calls made before the Sept. 11 attacks. Verizon and BellSouth released statements last week denying they had contracts with the NSA to provide the call information. A Verizon spokesman said the company's statement did not include MCI, the long-distance company that Verizon acquired in January. The "call detail records" are the electronic information that is logged automatically each time a call is initiated. For more than 20 years, local and long-distance companies have used call detail records to figure out how much to charge each other for handling calls and to determine problems with equipment. In addition to the number from which a call is made, the detail records are packed with information. Also included: the number called; the route a call took to reach its final destination; the time, date and place where a call started and ended; and the duration of the call. The records also note whether the call was placed from a cellphone or from a traditional "land line." "They see everything," says Sergio Nirenberg, director of systems engineering at Science Applications International Corp., a Fortune 500 research and engineering company that works with the federal government. Nirenberg said he does not have direct knowledge of the NSA database. The disclosure of the call record database has raised concerns among lawmakers, such as Sen. Ron Wyden, D-Ore., that the records give the government access to information about innocent Americans. President Bush has insisted that intelligence efforts are only "focused on links to al-Qaeda and their known affiliates." The intelligence officials offered new insight into one way the database of calls is used to track terrorism suspects. The officials, two current U.S. intelligence officials familiar with the program and two former U.S. intelligence officials, agreed to talk on condition of anonymity. The White House and the NSA refused to discuss the template or the program. Using computer programs, the NSA searches through the database looking for suspicious calling patterns, the officials say. Because of the size of the database, virtually all the analysis is done by computer. Calls coming into the country from Pakistan, Afghanistan or the Middle East, for example, are flagged by NSA computers if they are followed by a flood of calls from the number that received the call to other U.S. numbers. The spy agency then checks the numbers against databases of phone numbers linked to terrorism, the officials say. Those include numbers found during searches of computers or cellphones that belonged to terrorists. It is not clear how much terrorist activity, if any, the data collection has helped to find. Not every call record contains the same level of detail. Depending upon how a business has its phone system set up, the call detail records might not register complete information on an outgoing call, Nirenberg says. The records might note only the general number of the business, not the desk extension or, in the case of a hotel, the room extension. Incoming calls that don't go through the switchboard and are dialed directly would have complete call detail records, Nirenberg says. Not all local calls generate a call detail record, Nirenberg says. But that's not to say that phone companies can't create a record for local calls. "It's just a matter of whether they enable that function" that allows that to happen, he says. Cellphone calls, on the other hand, create call detail records in almost every case. Toll calls — meaning those that aren't technically long-distance but still cost extra — also generate call detail records, he says. "If they charge you separately for it, they have a call detail record," Nirenberg says. The current and former intelligence officials say that the point of the database is to create leads. The database enables intelligence analysts to focus on a manageable number of suspicious calling patterns, they say. |
| Posted by:Dan Darling |
| #10 We were kind of freaked by one guy who was in cell phone calls exactly 40hrs a week. (You can't listen in so...) After making a study of him for a month or so my friend couldn't figure it out. Most of his calls were made to him. I commented that maybe he was a bookie or a pimp or drug dealer. See what his numbers map to. We always simled about that guy and threw him out of or data analysis after one of the guys called him and figured out quickly he was a bookie. |
| Posted by: 3dc 2006-05-23 22:16 |
| #9 Pakistan could call Britain, who calls from a hotel and texts someone in code to enact another calling tree or e-mail notification so clusters of calls don't show up, but most aren't bright enough to figure it out. I think this is a great use of computers, but I think it would also pick out the criminals operating with cell phones. Call girls, drug dealers, and other illegal businesses would show clusters of incoming calls. Then there are the real traitors, who do understand how it all works and thought they had it all covered but are sweating it out as they wait to see if they are snagged in someone's else's web. Pretty tough to cover electronic tracks made years ago :) |
| Posted by: Danielle 2006-05-23 14:59 |
| #8 I wonder what the tinfoil beanie set would make of the phrase "control sample." |
| Posted by: James 2006-05-23 13:51 |
| #7 These guys are wedded to their kewl cell phones. They won't be able to give them up for long. The Number 1s and #2s, perhaps, but not the #3s and the cannon fodder... all it needs is the end of the thread to pull to unravel the whole thing. And, the call histories can't be changed by stopping now, not to mention that radically changing a pattern of behaviour is equally revealing. Or so, based on reading entirely too many novels, I suspect. |
| Posted by: trailing wife 2006-05-23 13:10 |
| #6 Same technology's being used by Frito Lay to decide where to stock what products and by credit bureaus to reduce lending risks. You give a whole lot more info to your grocery store, if you pay with a credit card, than NSA could possibly extract from the call records. |
| Posted by: lotp 2006-05-23 12:15 |
| #5 I think this is being setup as a cover for the succesful infiltration of i-slamic cells. |
| Posted by: Bright Pebbles 2006-05-23 11:11 |
| #4 you always know it's a very effective terror fighting tool when the Dem party comes out demanding answers and more information on how it works. Remember, some of these folks are on our intelligence committe and defense committies. In the old days we used to call them traitors. |
| Posted by: 2b 2006-05-23 08:45 |
| #3 The orignal aspect of this type of report is for engineering and billing purposes. (Engr being primary) To quote: CDLs are generally used to answer questions about a specific call that has completed and about which some question has arisen. They are also used to spot large numbers of call failures or short duration calls that are associated with specific equipment, and are also used to provide an indication as to why specific types of call failures occurred. Note that performance management statistics and call processing exception reports also provide critical information about abnormal call behavior. Performance management statistics provide an overall view of system performance (e.g. number of calls, equipment usage) and aggregate various failures so that problem areas can be spotted. Call processing exception reports provide information about failures associated with a specific call. Information from both the CDL and from exception reports may be necessary to diagnose a call. The key word is diagnose. They are used to solve problems when you the customer has a complaint or when some equipment fails. |
| Posted by: 3dc 2006-05-23 01:18 |
| #2 Bastards. Thanks for giving away one of the most useful tools to find terrorists in our midst. |
| Posted by: ed 2006-05-23 01:04 |
| #1 Call detail records are useful up to a point. With the CRAB WALK of CDMA they might not tell the complete story and dropped calls don't aways have a reasonable reason for the drop encoded in the message.... One of the problems with a Call Detail Log.. esp in cellular is that their can be too much useless information in it. Only a few people have a real feel for the truely useful info. In that sense mining them can be an art. |
| Posted by: 3dc 2006-05-23 01:00 |