The probability of a crime or an attack involves assessing risk, which is the objective of data mining. Making a determination involves the analysis of data pertaining to observed behavior and the modeling of it, in order to determine the likelihood of its occurring again. Closely linked to risk is the probability of threats and vulnerability, such as a weakness or flaw in a system, a hole in security or a back door placed in a server, which increase the likelihood of a hacker attack taking place. As with the deductive method of profiling, almost as much time is spent profiling each individual victim as rendering characteristics about the offender responsible for the crime.
An estimate of the probability of a crime or attack occurring is made using documented historical data, such as crime reports or documented terrorist attack procedures. For a security professional, this may entail the documented statistics on car thefts for a building over a one-year period. For a criminal profiler, it is the reconstructive techniques, such as wound-pattern analysis, bloodstain-pattern analysis, bullet-trajectory analysis, or the results of any other accepted form of forensic analysis that can be performed, that have a bearing on victim or offender behavior.
However, for a counter-intelligence analysts, predicting the risk of a terrorist attack is much more difficult because such events seldom occur or only occur rarely. Still, although a crime, such as embezzlement or a bomb attack rarely happens, there is a need to make some intelligent estimates of the probability it may happen and to perform a risk analysis. Obviously, threat occurrence rates and risk probabilities can be estimated from crime reports or other historical data. However, other seemingly unrelated data, using data mining techniques, may serve the same purpose; for example Department of Motor Vehicle information containing ownership and insurance information along with model, make, and year may serve as a viable input into a neural network for detecting vehicles smuggling narcotics or weapons by generating a probability score at a border point of entry.
This is where data mining techniques can be used to transform vast amounts of data generated from multiple sources in order for investigators and analysts to take preventive action to discover, detect, and deter crime and terror. Data mining tools can enable them to use quantifiable observations to construct predictive models in order to identify threats and assess the probability of crimes and attacks rapidly and to uncover perpetrators, as with criminal profiling, by analyzing forensic and behavioral evidence.
The new Patriot Act expands the ability to monitor multiple phone calls; it also facilitates the search of billing records with nationwide search warrants and the hunt into the flow of money. Under the new law, the police can conduct Internet wiretaps in some situations without court orders, and the powers of the federal courts are expanded. The new act also updates wiretapping laws to keep up with changing technologies, such as cell phones, voicemail, and e-mail. Coupled with data mining techniques, this expanded ability to access multiple and diverse databases will allow the expanded ability to predict crime.
Security and risk involving individuals, property, and nations involves probabilities that data mining models can be used to anticipate, predict, and in the end reduce. Decision makers need to be aware that every day more and more data is being aggregated, which can be mined for profiling criminals, as well as for uncovering patterns of behavior involving medical shams, insurance fraud, cyber crime, money laundering, bio-terrorism, entity theft, and other types of digital crimes, which data mining could be used to identify and prevent, such as the attacks of 9/11.
We always remember where we were, at the time that a tragic event took place. On 9/11, I was sitting in seat 6D on a Boston tarmac, taxiing for a take-off to New York City that never took place (Figure 1.6). Forensic data mining introduces a new methodology to criminal analysis and entity profiling that we must use to ensure such attacks do not occur again. As is the case throughout the book, case studies will be provided to illustrate how data mining technologies are being applied to solve crime and deter terror. What follows is the first.
Figure 1.6: September 11, Boston to New York, 8—30AM.