The command experimented with tools from a dozen companies.
The Special Operations Command last August began using data mining tools to dive deep into social media to track money laundering, Steven Aftergood of the Federation of American Scientists reported today on his blog Secrecy News.
The operation, “Project Quantum Leap,” is run by the Washington office of the Tampa-based command. Under the program, officials experimented with using social media monitoring tools in a major money laundering case being investigated by the Immigration and Customs Enforcement’s bulk cash smuggling center, according an unclassified report obtained by Aftergood.
Special Operations Command used tools from roughly a dozen companies. The report said the first experiment “was successful in identifying strategies and techniques for exploiting open sources of information, particularly social media, in support of a counter threat finance mission,” a reference to efforts to disrupt an adversary’s financial support structure.
“Major lessons learned were the pronounced utility of social media in exploiting human networks, including networks in which individual members actively seek to limit their exposure to the Internet and social media,” the report said.
The report cautioned that the lessons learned in the current experiments may not apply in the near future as social media evolves. “We are currently in a ‘window’ of opportunity for exploitation of social media sources for application to CTF [counter threat finance] or other SOCOM NCR missions. This window could be as narrow as 18-24 months before the social media phenomenon transforms. This future transformation is unknown and could offer additional opportunities, or existing opportunities could be closed, but the only thing that is certain is that there will continue to be rapid change.”
The Command also addressed potentially pesky legal problems in the report. “Legal review of the appropriate use and application of social media data is in its infancy. Social media is transforming notions of privacy and distinctions between personally identifiable information (PII) and self-reported public information will have to be established by precedent in case law.”
We’ll have more on this soon.
NEXT STORY DISA Turns on First Joint IT Node