Half a lie, philosophically Must, ipso facto, half not be But half the lie still got to be A vis-a-vis the truth you see?
There is a large number of online image composites that incorrectly identify various individuals as the Ukraine call leaker Eric Ciaramella. The following are a few of the more notable examples.
In Image 1, the individual identified as Eric Ciaramella is David Edelman, he was President Obama’s Special Assistant for Economic & Technology Policy in 2014.
Image 1: False identification of David Edelman as Eric Ciaramella
In Image 2, the individual identified as Eric Ciaramella is Hugo Verges, he is French President Emanuel Macron’s advisor for Latin America. This image was taken prior to the state diner on April 24, 2018.
Image 2: False identification of Hugo Verges as Eric Ciaramella
In Image 3, the person identified as Eric Ciaramella is Alexander Soros. These images were taken over a period of several years. Alexander is the son of George Soros.
Image 3: False identification of Alexander Soros as Eric Ciaramella
In Image 4, the person identified as Eric Ciaramella is Eric Hochberger. He is Adam Schiff’s daughter’s Alexa boyfriend.
Image 4: False identification of Eric Hochberger as Eric Ciaramella
In Image 5, the person identified as Eric Ciaramella is Rostyslav Pavlenko. He is the Head of Situation Analysis Service of the Secretariat of President of Ukraine. Eric Ciaramella and Jennifer Perino did attend this meeting, but opted out of the group photo. The source of this Image is USUF.
Image 5: False identification of Rostyslav Pavlenko as Eric Ciaramella
The following is a complete catalog of the participants in the Washington, DC, November 9, 2015 meeting titled “Representatives of the All-Ukrainian Council of Churches and Religious Organizations meeting with Obama Administration officials”.
Image 6: Catalog of meeting participants (including some absent from the photo)
If you are looking for a confirmed Eric Ciaramella’s photo, you can find it in the Mechanics of Deception (one of the links), as well as in Image 7 below. All images have been deepfake verified.
Image 7: L-R Yaroslav Brisiuck, Urii Stets, Erci Ciaramella, and Elizabeth Zentos
Note regarding false image source and distribution: It may be of some relevance or just a coincidence that at least one of the composite images that misidentifies Alexander Soros as Eric Ciaramella originated from the email address email@example.com. This address is associated with Karrisa Olsen, the wife of a Fackcheck.org reporter Angelo Fichera.
I’ve been asked by a number of people if the images seen in the video of the October 11 Minnesota riots that took place during President Trump’s rally show Ilhan Omar, Tim Mynett, and Isra Hirsi. Running the video footage through face recognition (FR) came back inconclusive with the following match rates:
Face recognition for Ilhan Omar = 52% Face recognition for Tim Mynett = 71% Face recognition for Isra Hirsi (Ilhan Omar’s daughter) = 56%
The reason for these low scores is that the Persons Of Interest (POI) that resemble the three individuals have key facial features such as the nose, mouth, lips, chin, either obscured or distorted. That said, several other video analytics did find multiple partial matches on general personal characteristics such as ethnicity, body size, face build, hand size, and scarf wrapping style. Tim Mynett’s glasses for example, matched at 94%.
Face Cover and Proximity Evaluating the appearance of the various POIs in the footage shows that they didn’t cover their faces at all times. In several instances, POI-1, who resembles Ilhan Omar took the scarf of her face. POI-4, an accomplice of POI-1 (of the same ethnicity), didn’t cover her face at all and was wearing her head scarf in a casual non-traditional Somali wrap. POI-2, who partially matched Tim Myentt also periodically removed his face cover. This suggests that at least some of the participants didn’t have extreme privacy concerns or believed that alternately appearing without a face cover wouldn’t be detrimental. From the spatial awareness point of view, POI-1-4 repeatedly moved in and out of the Field Of View (FOV) and operated at a very close proximity to the photographer. In at least 2 occasions reaching as close as 18-36 inches from the camera.
Image 1: POI-1 and her accomplice POI-4 frolicking with uncoverd faces in front of the camera
Motion Dynamics Following the FR, I also performed motion analysis of the four POIs identified. Motion pattern analysis examines the movements of individual objects in a field of view and classifies them according to their trajectory, velocity, and movement pattern. In a typical public gatherings such as demonstrations, airport/subway passenger traffic, sport events, street traffic, etc. individuals and crowds tend to exhibit certain patterns of motion like loitering, flowing at the speed of traffic, coordination, queuing, pacing, etc. The results of this analysis flagged the following anomalies:
POI-1 who resembles Ilhan Omar didn’t move organically within the FOV as did the other demonstrators. She loitered around the camera with another female accomplice (POI-4 of the same ethnicity) and seemed to be more interested in being observed by the camera and less in joining the demonstration at the police bicycle barricades a few feet away from them, where the action was taking place.
At one point in the footage, POI-1 that resembles Ilhan Omar turned to walk away towards the camera, she noticed the camera, and quickly turned around and used both hands to adjust the scarf on her face. She then did a 180 degree pirouette and walked right back in the same direction towards the camera. Typically, this would not be the pattern of motion for a person who is trying to avoid being seen. Rather, one would expect her to turn her back to the camera and walk to either side or straight ahead into the crowd to avoid being identified (see Video 1).
POI-1 who resembles Ilhan Omar exhibited coordinated motion with POI-2 (they frequently shared the FOV). Both moved fluidly, slowly, and deliberately as if to provide image capture opportunities.
POI-2 who matched Tim Mynett also interacted with the camera on multiple occasions in the same way as POI-1 did. On at least one occasion, he walked right across the FOV with a clear profile shot and at one point deliberately pulled down his scarf exposing his face and faced the camera. He was aware of his action because he made direct eye contact with the center off the lens (Video 1).
Video 1: POI-1 and POI-2 coyly promenading in front of the camera
Image 2: The Minnesota riot video POI match analysis details
Linkage and Geospatial Analysis Running a linkage analysis on several entities involved in this video shows a direct relationships between the actors and Ilhan Omar. For example, Andy Mannix, who recorded the video of the riot is a MinPost reporter that knows Ilhan Omar and Tim Mynett.
Mannix, also knows Cory Zurowski from his days in the Minnesota City Pages newspaper. In 2016, Zurowski published a fictitious biographical piece about Ilhan Omar (he didn’t verify any of Ilhan’s bio claims) and in that article had a little Freudian slip and fall and identified Ilhan Omar’s real family name as Elmi, but then promptly changed it back to Omar. Andy Mannix also happens to be married to Briana Bierschbach, a former AP reporter who currently works for Minnesota Public Radio as a political correspondent. Bierschbach interviewed Ilhan Omar on multiple occasions and wrote several supportive articles about her. The Bierschbach Omar stories are political puff pieces that are light on investigative facts and heavy on personal aggrandization and read like a press release written by Tim Mynett (who is Ilhan Omar’s PR manager/latest romantic interest). The common theme in all of these writings is to highlight Omar’s heroic qualities and whitewash the dubious details about her and her family’s history.
From the geospatial point of view, having Mannix, Mynett, Hirsi, and a crypto Omar within a radius of 10 feet of each other, without either one of them being aware of the others is suspicious to say the least. This act reminds me of the plot line in the P. G. Wodehouse’s novel “Jeeves Takes Charge”. In it, Jeeves’s makes the following observation to Bertie Wooster:
“Any undertaking that requires the presence of four people all in one place, all at the same time, while two of them are unaware of the fact, is fraught with the possibility of mishap sir.”
Image 3: Andy Mannix, Briana Bierschbach, Cory Zurowski, and their Ilahn Omar linkage
Prophetic Visions of Fake News Mannix’s social media activity prior to the rally may also be relevant to this discussion. On October 10 at 11:40 AM, almost a day before the riots started, using what seems to be a prophetic vision, he twitted the following prediction for the upcoming event:
“There will also inevitably be a lot of fake [news] or unsubstantiated claims…”
Suspiciously, the only viral fake news story that came out of this event is associated with the footage that he recorded.
Image 4: Andy Mannix’s prophetic tweet about future fake news relating to the Minnesota Trump rally
It certainly seems that the whereabouts of Ilhan Omar, her daughter Isra Hirsi, and Tim Mynett during the riots fit into the debate about ‘unsubstantiated news claims’. What is not clear though, is what role did Mannix and his progressive reporter network played in engineering this event.
Conclusion My take on this is that based on the positive match for Tim Maynett and Isra Hirsi and the multiple partial matches for Ilhan Omar there is a strong possibility that this was a publicity stunt with a look-alike done for the purpose of crowd sourcing a false identification. One possible reason for doing this might be to use this incident to discredit the ‘conspiracy theorists’ by showing that Omar was at a different location at the time this video was shoot. This would then allow her PR team to leverage the false match and use it to repudiate other successful searches that positively confirmed her second husband as her brother.
This also suggests that someone on the Omar team seems to be concerned about the previous usage of video analytics to identify her dubious family linkage and is trying to develop some counter narrative to address it.
On July 24th at 8:32 AM EST, all eyes and ears were turned to the former special counsel, the honorable Robert Mueller. Going into the hearings, the Republicans hoped to expose multiple structural cracks in the report. The Democrats, on the other hand, tried to get just one conclusive evidence of collusion and election tampering to justify impeachment.
Just like other interested citizens, I have been following the Russian collusion and DNC email hacking saga since 2016, so naturally, I expected that special counsel Mueller would address some of the key findings in the report, but alas, my hopes for insight and clarity were dashed. What promised to be simple Q&A session turned out to be a painful, 454 minute game of charades where you never get to figure out any of the answers.
At 8:54 AM, 48 minutes and 18 seconds into his sworn testimony, Robert Mueller–the consummate DC political bureaucrat–activated his industrial strength fog machine and deployed a force field deflector shield. This set in motion a reoccurring pattern of ducking, dodging, and sidestepping direct and specific questions about his pet project report.
Despite the lack of clarity in his answers and his alarming unfamiliarity with his own work (e.g. not knowing who Fusion GPS was), I found the session to be insightful and a veritable treasure trove in terms of body language, image artifacts, and audio content worthy of analysis. Special counsel Mueller spoke for about 7 hours and provided a rare opportunity to capture his conversational patterns, facial characteristics, and behavioral fingerprint when under duress while in a single continual homogeneous session–and all of this in a well lit environment in front of high resolution cameras. For video analytics, It don’t get no better than this!
A Note About Lie Detection Nonverbal queues or AKA body language is a form of communication. It is similar to verbal communications expect that it’s done through facial expressions, gestures, touching, physical movements, posture, bling, tone, timbre, and various speech and voice characteristics. Nonverbal behavior comprises a large percent of all interpersonal communication and can provided insight into a person’s thoughts and feelings.
The theory behind the ability to detect lies from body language is that most people who are lying find it difficult to maintain physical and mental comfort under ongoing questioning. The result is observable distress in their speech and appearance. This is because disguising the truth requires significant amount of left brain creative processing, that in turn, increases cognitive load as the person struggles to ‘make up’ answers to what would otherwise be fast memory recollection responses.
That said, there is no such thing as an accurate lie detector. Polygraphs or professional body language readers can sometimes spot person’s discomfort and stress as they relate to certain topics of conversation and then focus on these areas for further analysis. If the annals of polygraph testing teach us anything, it is that professional liars like Aldrich Ames, Robert Hanssen, and Kim Philby (who ironically wrote the chapter about catching double agents), were resistant to lie detection.
It is also relevant to note that criminal courts usually don’t accept polygraph tests or body language reading as evidence because they are considered unreliable by academic psychologists (Christine Blasey Ford may disagree with this finding) and by reputable scientists. In addition, the person who administers and assesses the test has a great deal of control over how the test is conducted and its outcome. This, by itself, can completely skew or invalidate the test.
An Experienced Counter Intelligence Officer When evaluating Mueller’s testimony, it is important to remember that he is a professional with years of experience in debriefings (over 80 congressional testimonies), legal depositions, interrogations, and counter intelligence work. This was evident in his testimony. With a few exceptions, he avoided taking the bait from hostile questioners’ and utilized common counter-interrogation techniques such as draining the clock by asking for questions to be repeated (18 times), requesting the speaker to cite and point to the specific references in his copy of the documents (9 times), endlessly paging though his folder without finding or reading any of the referenced content (7 times), and answering at length about unrelated issues.
Special counsel Mueller’s most frequent deflection tactic was to use I-phrases such as “I can’t get into…” or “I’m not going to…”. The former special special counsel declined to answer all relevant questions about topics such as the Steele Dossier, Fusion GPS, the usage of paid informants, and the genealogy of the FISA applications. As can be seen in Table 1, out of about 230 total questions, Mueller dodged about 198 and only provided vague non-committal responses to 10 others. This amounted to failing to answer about 87% of all questions.
This was quite a performance for the shining knight of justice, especially if you consider the DOJ mission statement of:
“To enforce the law and defend the interests of the United States according to the law; to ensure public safety against threats foreign and domestic; to provide federal leadership in preventing and controlling crime; to seek just punishment for those guilty of unlawful behavior; and to ensure fair and impartial administration of justice for all Americans.”
The key operative word here is “ensure”, not try, attempt, or do your best, but to verify and confirm.
Chart 1: The distribution of Mueller’s instances of dodging or refusing to answer questions during his testimony
Mueller’s Response Algorithm Special counsel Mueller was selective in what questions he deflected. To the casual observer, it may have seemed that he was laconic across the board, but that wasn’t’ the case. In multiple non–sequential instances, he provided elaborate and definitive responses to questions but these were almost exclusively from Democratic Congress and Intelligence Oversight Committee members. With a few exceptions, most of his verbose responses could be categorized as being damaging to President Trump.
Image 1: Special counsel Mueller’s Tag Cloud of the types of words and phrases that he used to avoid answering the questions. The operative sentence that proceeded most of these words was ”I’m not going to…”
As can be seen in Table 1, the taxonomy of his answers contains a large variation of the first person “I”, “I’m”, and “my”. This suggests that Mueller felt a strong affinity to the document. He never used the form “we”, “our”, or “the team” which would have been more appropriate considering his repeated assertions that the report was a large team effort and that no single individual has mastered its content.
Response to Question
I stick with the language that is in front of you
I will leave the answer to our report
I’m not going to discuss other matters
I’ll refer to the report
I can’t say I understand the statistics
I direct you to the report for how its characterized
I rely on the language in the report
This is one of those area which I decline to discuss and will direct you to the report
Again, I send you to the report
I have to pass on that
I rely on the report
This is outside my purview
That is outside my purview
Outside my purview
I refer you to the report
This is still outside my purview
I will refer you to the report on that episode
I’m going to ask you rely on what we wrote about that incident
I’m again would refer you to the report and the way its characterized in the report
I’m not going to get into that
I can’t get into that. That’s internal deliberation of the justice department
I direct you again to the report
Whatever was said will be in the report
I can’t answer that questions
That’s not in my purview
I can’t get into that
I can’t get into that
I am not going to get into it
I would refer you to the coverage of this in the report
I would refer you to the report
I send you back to the report
I refer you to the write-up of this in the report
I can’t beyond what’s in the report
I can’t get into internal deliberations
I can’t get into the evidentiary findings
Can’t get into that
I will leave it as it appears in the report
I’m just going to have to refer you to the report if I could
I don’t want to speculate
I rely on the wording of the report
With regards to Steele, that beyond my purview
It’s not within my purview
As I said before and said again, it’s not within my purview
I refer you to the report on that
That’s an area in which I cannot get into
I’m not going to get into what we may or may not have included in our investigation
I’m not going to get into subsidiary details. I refer you again to the page 91-92
I can’t speak to that
I am under orders that don’t allow me to give you an answer to that particular question
I can’t get into the discussion on that
I’m not going to be involved in the discussion on that…
I’m not going to go further in terms of discussion…
I can’t get into our investigative moves
I’m not going to get into that any further than I already have
I can’t speak to that
I would say I rely on what’s in the report
That letter speaks for itself
I’m not going to go beyond that
I refer you to the court proceedings on that issue
I’m not going to get into that
I can’t speak to that
I’m not going to talk to that
I’m not going to speak that
I’m not going to get into what was in Mr. Comey’s mind
I’m not going to delve more into the details of what happened
I’ll leave that to the attorney General
I’m not going to get into ta discussion on that
Again, I refer you to the report
I refer you to the lengthy dissertation on exactly whose issues that appears in the report
I can’t speak to that
That was outside out purview
I’m not going to speak to that
And I am not going to answer that question, sir
I’m not going to speak anymore to that
I’m not going to answer that
I have nothing to add
I’m not going to add to what I have stated before
I feel uncomfortable discussing anything to do with the Stone indictment
I’m not going to speculate
I’m not going top discuss that
Not going to talk about that
I’m not going to answer that
I’m not going to talk about that issue
I’m not going to get into that. It’s a little of track
I have to say the letter itself speaks for itself
I go back to the latter. The letter speaks for itself
I can’t answer that question in a vacuum
We have not specified the persons mentioned
I’m not going to speculate
I’m going to pass on that
I’m not going to comment
I’m not going to go into details of the report
Those areas, I’m going to stay away from
I’m not going to get into those matters to which you refer
I’m not going to speak to the series of happenings as you explained them
I’d have to refer you to the reports on that one
I’m not going to speculate
I can speak to the half of the half of your question that’s on the screen being accurate
I’m not going to speak to that
Again, I’m not going to discuss the issues related to Mr. Steele
Again, I pass on answering that question
That’s about all I’ll say on this aspect of it
I’m going to pass on that
I take your question
I’m not going to speculate along those lines
I’m not going to opine on that. I don’t have the expertise in that arena to opine
I cannot agree with that. Not that it’s not true, but hat I can’t agree with it…
That portion or that matter does not fall within our jurisdiction
I direct you to the report for how its characterized
I’m not going to discuss any other alternatives
I can’t speak to that. That would be in levels of classification
I’m going to stay away from one particular or two particular situations
I’m not going to talk about specifics
I’m not going to speak to that
I’m not going to get into that. It goes into internal deliberations
Again, I’m going to pass on that
As I said before, this is an area that I cannot speak to
Again, I’m not going to speak to that issue
Questions such as that should go to the FBI
And I’m not going to discuss that
I’m not going to get into that
And again, I’m not going to respond to that
Again, I can’t respond
Again, I can’t speak to it
Again, I can’t answer that
Again, I’m not going to go there
I think you understand I cannot get into either classified or law enforcement information
I can’t respond to that question, it’s outside my jurisdiction
Again, I can’t speak to that
I can’t go into it
I’m no longer in the Federal government, so I’ll pass
I don’t want to wade into those waters
I defer to the report on that
I can’t get into a discussion on it
I can’t answer that
I can’t get into that
Again, it’s the same territory that I’m loath to get into
I’m not going to talk to that
I’m not going to talk to that
That I can’t get into
And I can’t get into that area
I can’t answer that question
I’m not going to get into that
I cannot get into that
I will not get into that
I leave that to you
Table 1: Sampling of reasons from about 200 instances for Mueller’s refusal to answer questions
The Evaluation Process Special counsel Mueller’s testimony consisted of over 750,000 video frames. Evan a trained interrogator could only process a small percentage of this data. Add to this the observer’s distraction, blinking, and fatigue and it becomes virtually impossible for a human to be able to accurately capture the fine nuances of all of these these frames or sequences for content. At best, a person would be able to provide a summarized ‘gut feeling’ about the overall session and reference some vague (and often inaccurate) actions such as ‘he touched his nose’ which could suggest that he was lying.
AI based video analytics on the other hand, can easily process each video frame in a consistent, repeatable manner, and with no observer bios. The objective of my evaluation of Mueller’s testimony was not to determine if he was lying with certainty, but rather to identify recurring patterns of stress that are associated with deception and correlate them to the topics of conversation.
Special counsel Mueller did a great job obfuscating the report details but the large high quality volume of video and audio in his testimony made it possible to analyze the session and find anomalies and various patterns that could provide insight into his mindset.
In this project just as in several of my previous posts (1, 2,3), I used AI based video analytics, text, and speech analysis platforms. These included:
For the text/speech, I used a hybrid approach to word and phrase speech pattern analysis. The textual analysis evaluated these types of speech categories:
I-words (I, Me, My, I’m)
For the video analytics, I established special counsel Mueller’s facial and other video objects baseline using several on-line sources and the main testimony video. The baseline cataloging included his unique facial expressions such as Microexpressions and other visually detectable actions like use of hand gesture, hand related activities, head motion, mouth movement, gaze, etc.
Image 2: Sampling of special counsel Mueller’s Microexpressions such as (L-R): loathing/anger, surprise, fear, happiness
Image 3: Sampling of special counsel Mueller’s’ body dynamics as related to left hand usage
Following the creation of a facial baseline catalog, I proceeded with the ML training using his unique data sets for non-facial activity such as paging through the report folder, eye blink rate, gaze, etc.
Image 4: Sampling of image set used to train the machine learning (ML) to identify special counsel Mueller flipping pages through his report folders
After the training was completed, I ran the first 15 minutes of special counsel Mueller’s testimony through the engine and performed a search for known classified objects such as him ‘reading the report’.
Imager 5: Sample search results of instances of Mueller looking at the report
I noted the detections and examined several thousand video frames prior, during, and after the detections to capture the actual ground truth. The visual search results of the 15 minute video segment correlated to within a 83% match rate against the baseline catalog created with the ML training set. I then used the missed detections to re-train the ML again and repeated this cycle several times on random video segments of his testimony until the match rate stabilized at about 94%.
In addition to creating a catalog of special counsel Mueller’s microexpressions I also created a library of sequences of his composite facial expressions. These sequences were close consecutively spaced combinations of microexpressions and other body activity that were 0.5-3.5 seconds long. One example for these types of composite expressions was eye flutter combined with ‘lip twitching’ or some other mouth movement.
In this sequence, Mueller typically stared at the speaker while his bottom lip would involuntary twitch or quiver several times or his lips would tighten; he would then break eye contact with the speaker and rotate his head downwards, recompose, then bring his head upwards and re-establish eye contact with the speaker.
Image 6: Sample of a typical special counsel Mueller sequence showing mouth activity and breaking eye contact with the speaker. The context here is Rep Jim Jordan’s asking Mueller to confirm if Joseph Mifsud was interviewed, did he lie, and is he Russian or Western Intelligence
Once I completed calibrating special counsel Mueller’s video object catalog and the library of sequential expressions, I conducted searches for facial anomalies. Anomalies are defined as any variations from his standard single image or sequence patterns such as unusual cycle of head, eye, or mouth movements.
For example, based on his standard detection for “blinking”, special counsel Mueller’s blinking interval baseline was established to be 3–7 seconds with a blinking duration of approximately 1/10th-1/3rd of a second (see Image 7-8).
Image 7: Sample of one baseline feature in special counsel Mueller’s visual object catalog showing his normal blink pattern.
Image 8: Sample detections of special counsel Mueller’s normal blinking pattern throughout his testimony. Special counsel Mueller’s blinking follows a pattern of a full single closure of the eyelid at a 3-7 second interval
Any blinking variation form this base line generated an anomaly that was then evaluated manually before becoming certified as a new pattern of interest. This exception was then further evaluated in the context of the topic of conversation and the microexpressions involved.
One such anomaly was associated with special counsel Mueller’s unusual blinking pattern. On closer examination, it turned out that what on the surface appeared to be unusual blinking was in fact a reoccurring cycle of rapid flutter of the eyelids. This unusual sequence was also at times accompanied by certain head, tongue, and lip movements.
After mapping this ‘Flutter Cycle” to the topic that was being discussed at the time of the event, it became clear that this was some sort of an involuntary display of distress and/or fear. It was so prevalent that it could even be used to predict what questions were being discussed.
Some of the subjects that triggered this ‘Flutter Cycle’ were:
DOJ and FBI media leaks
Christopher Steele, the dossier and its funding sources
Fusion GPS and its work with the DNC, HRC, and foreign governments
Glen Simpson and Natalia Veselnitskaya
The meeting at the Trump Tower
Informants and surveillance (i.e. Mifsud, Downer, Halper, etc.)
The FISA warrants
DOJ and FBI leaks
Image 9: An illustration of special counsel Mueller’s typical Flutter Cycle.
The Flutter Cycle sequence was characterized by 2-5 rapid flutters of the eyelids and an upward eye roll, head, mouth, and accompanying tongue movements. This Flutter Cycle sequence seen in the left side of the collection in Image 10 (also, see 1:26:00 in the video) corresponds to questions by Rep Steve Chabot of Mueller’s investigation of the relationship between Glen Simpson, Natalia Veselnitskaya, and the latter’s visit to Trump Tower.
The same type of events were observed during other pointed inquires such as Rep Louie Gohmert’s challenging special counsel Mueller’s credibility due to his refusal to answer basic questions (see 1:33:30 in the video).
Image 10: (L-R) A sampling of three anomalies a complex facial flutter, lip twitching, and simple eye flutter sequences
Several other interesting anomalies that turned out to be repeating patterns in special counsel Mueller’s facial expression and composite sequences were:
Lip Twitching – Associated with microexpressions such as fear and surprise
Downward Head Nodding – Associated with other defensive posture the was triggered by breaking eye contact with the speaker
Flattened Mouth or Lips – Associated with signs of frustration as in ‘Iwant to answer this question, but I really shouldn’t’
Prolonged Blinkless Stare – Associated with angry and combative response to some question
Imager 11: Samples of special counsel Mueller’s dozens of “flutter cycle” episodes during the Q&A
The Jolly Affable Mueller Not all of special counsel Mueller’s testimony was marked by doom and gloom. On a number of occasions (mostly when talking to Democratic representatives), he showed himself to be charming, in high spirits, engaged, and animated. Mueller had no inhibitions about making remarks regarding the report’s failure to exonerate President Trump and the possibility of persecuting President Trump after he left office. He freely cited legal sources and DOJ procedures and protocols and provided detailed rationale for his team’s action and conclusions.
Image 12: The suave, charming, engaged, and animated Mueller in action
Mueller’s predictable patterns of distress were almost always associated with ‘difficult’ questions on topics such as the role of Fusion GPS, spying on President Trump, and Christopher Steele. Images 13 and 14 show a typical triggering events of a Flutter Cycles.
Image 13: Samples of Mueller’s Flutter Cycle episodes during Q&A session dealing with him leaking report details to the media Image 14: Sample of Mueller’s Flutter Cycle episodes during Q&A session dealing with separating the grand jury materials from the report
Analysis Results Special counsel Mueller’s body language and facial sentiment analysis shows high levels of discomfort and tension when discussing certain parts of the report. He exhibited many facial signs of distress that included:
Multiple Flutter cycles
Mouth quivering cycles
Self shooting and fidgeting behavior
Sudden breaking of eye contact
Rapid downward head movement
Tightening of the mouth and lips
I didn’t have a baseline for incidents where special counsel Mueller was being untruthful so I can’t explicitly call out potential incidents of lying during his testimony. However, the baseline of his normal conversational dynamics vs. the ones he exhibited show signs of clear distress which strongly suggest that at least from special counsel Mueller’s perspective, not all questions were equal and not all of his answers were factual.
Special counsel Mueller distress patterns consistently overlapped with certain trigger topics and his verbal response to almost all of these interactions was a variation on the “I’m not going to…”. He deviated from this pattern only a handful of times and actively engaged the questioner. One of these back alley knife fight sessions involved Rep Ben Cline’s stating that Andrew Weissmann was running a rogue investigation that was based on flawed legal theory that was overturned unanimously by the Supreme Court.
As the question was being asked, special counsel Mueller became defensive; he shifted uncomfortably in his chair, exhibited his Flutter Cycle, and replaced his poker face and laconic I-word response pattern with a passionate and verbose defense of Weissmann (see 3:19:40 in the video or sound file below).
Image 15: Sample of one of Mueller’s distress patterns that includes his Flutter Cycle and shifting in his seat
Recording 1: Exchange between Rep Cline and Mueller about Weismann’s legal foundation of his obstruction of justice investigation
During this segment which lasted about two minutes, special counsel Mueller argued, spoke over Cline, and attempted several times to repeat his assertions about Weismann. This continued even after the subject of the questions changed to Obama’s culpability in Obstruction of Justice when he announced publicly that the HRC private email server did not pose any threat to national security. Mueller, without much difficulty, exhibited a decent mastery of the report’s content, cited specific areas in it that included a lengthy dissertation and in general tried to rehabilitate himself and his team.
Conclusion The overwhelming majority of special counsel Mueller’s testimony failed to illuminate any of the big questions about the DNC email hack, the genesis of the Steele Dossier, the DNC/Fusion GPS relationship with Russian state actors, and the 2016 surveillance on the Trump campaign. In fact, his answers raised even more questions about the real power behind the throne and R&R within the special counsel team.
If it is indeed the case, as special counsel Mueller confirmed in multiple answers, that no single individual on his vast team had intimate familiarly with the whole report, then who compiled the final version of the document? Was this just a collation of multiple taskforce reports that were later combined into a single master? And if that is the case, who was the person that harmonized all the individual versions in order to make sure that the index, footnotes, format, dates, people, places, reductions, and events were in sync?
Image 16: The Special Counsel Team and testimony attendees
It is noteworthy that special counsel Mueller continued to play the I-phrase card and refused to address any of the procedural questions about the compilation of the report. Even though, this information had little bearing on the report’s content and that there is nothing classified or proprietary about the way the DOJ writes and edits their documents.
Even though special counsel Mueller attempted to obfuscate the report’s composition methods and authors, the writing style, document layout, context, and several other administrative clues strongly suggest that Andrew Weismann was the architect and Aaron Zebley was chief editor of the document. This is also likely the reason why special counsel Mueller insisted that Zebley be present by his side and be sworn in.
The evidence from the video analytics, speech dynamics, and the decision tree special counsel Mueller used to answer the questions (i.e. question objective vs. answer strategy) shows a decent mental agility and the ability to alternate between complete ‘radio silence’ and ‘singing like a canary’ on demand.
To those who believe that special counsel Mueller was just a senile old man with little familiarity with the content of the report, consider the fact that his verbose answers show that he had a pretty good grasp of the document. He also artfully navigated the many minefields in the report without blowing up a leg in the process. Some experts in the MSM have been suggesting that Mueller’s poor verbal performance and optics can be attributed to some form of cognitive impairment but this argument is inconsistent with his ability to effectively deliver the following:
Selectively discuss specific topics, most of which were prejudicial towards President Trump
Answer questions that almost exclusively supported the impeachment narrative with certainty and conviction
Justify and emphasize specific areas in the report that exonerated his team from claims of bias towards President Trump and instances of hostile conduct by FBI senior management and its agents (i.e. Comey, Strzok, Page, agent 2, and others)
Utilize the “I’m not going to…” strategy to answer any questions about the “insurance policy”
Refuse to address the media leaks that either came from him personally, his direct reports, or his team
Exhibited great mental agility and dexterity during the May 29th, 2019 Mueller news conference
Come up with over 198 different ways of not answering a direct question
The patterns identified by the analytics strongly suggest that all of special counsel Mueller’s behavioral stress patterns matched the typical anxiety profiles and signs of internal struggle that are exhibited by a deceptive suspect during an integration. For the first time in his long bureaucratic career, he found himself at the wrong side of the table with the bright lights in his face and a real possibility of being charged with perjury. For several hours, the fearless hunter became the pray and he clearly didn’t like the experience.
Contextually, the majority of his testimony turned out to be an underhanded attempt to use the Q&A session to justify, promote, and surreptitiously inject political narrative into the public hearing. None of this should come as a surprise as it is the same circular “Impeach Trump” agenda that launched this investigation in the first place. At the end of the day, despite special counsel Mueller’s title and god-like pedigree, it seems that he turned out to be just another DC power broker who placed his bets on the losing presidential candidate.
Image 18: Two pages (a total of 856 words) form the Mueller report dealing with George Papadopoulos being told by Joseph Mifsud about the Russian having “Dirt” on HRC.
Special counsel Mueller’s elaborate 448 page report that took close to two years to complete, cost over 25 million dollars (that’s about $51K per page), involved 19 lawyers, 23 legal researchers, 40 FBI agents, 10 intelligence analysts, 7 forensic accountants, 25 other professional staff, and the unlimited resources of the DOJ, the State department, NSA, and the intelligence community, delivered an indefensible dud.
And it if that is not bad enough, Almost none of the content of the Mueller report can be reconciled with sources like the Ellen Nakashima WaPo June 14, 2016 report about the DNC hack. The dates, timeline of events, the details, and people are completely discombobulated.
Reading the reports, you can’t but stop and appreciate the authors’ Kafkaesque sense of humor. In the example pages shown in Image 18, the report discusses the chain of transmission of the Russian ‘Dirt’ from Joseph Mifsud, to Papadopoulos, to a mysteries western diplomat (Alexander Downer) who then informed the FBI, who naturally became alarmed and started this massive investigation. On the face of it, the document looks solid. It has all of the right trimmings, detailed claims, massive amount of footnotes, intelligence lingo, hush hush sources, and strategic reductions with alarming labels like “Harm to ongoing matter”. It is as convincing as a Vegas levitation magic act.
But, levitating magic acts are always predicated on the audience viewing the scene from a distance and through a carefully controlled field of view–which is exactly what the special counsel Mueller report and testimony turned out to be. Magic doesn’t work if you get a glimpse of the crane and the wires supporting the magician. Once you understand the mechanics of the act, the awe gives way to a letdown.
You can test this premise by substituting any good magic act with the report and special counsel Mueller with any illusionist. Any question you ask the magician about the inner workings of his trick would be deflected using the exact same techniques Special Counsel Mueller used during his testimony. The most important rule in magic is NEVER tell the secret of the trick, just let the magic speak for itself.
Image 19: The levitating magic act
What is ostensibly missing from these two magical pages in Image 18 is that the source of the ‘Dirt’ was none other than Stefan Halper, a paid informant who billed (using DUNS # 078459148) the Federal Government about $656,535 for his services. By the time you factor Halper and Mifsud and their harem of young female assistants, Mifsud and his life of debauchery at his safe house, Downer’s expenses, and at least 11 other IC, CI, and State Department assets that supported Halper in fattening Papadopoulos before he was shish-ka-bobbed by bob, the cost of these two pages to the US taxpayer was probably upwards of a million dollars.
Image 20: The Supposedly dead Mifsud in action and two of his Red Sparrows
So, to those of you who still think that majoring in contemporary English fiction won’t pay the bills, it clearly can! After all, what other line of work pays $1168 per word?
Image 21: Stefan Halper’s government payment record for service provided to the DoD and DOJ from 2016-2018
Summum bonum I have difficulty finding solace in special counsel Mueller’s bragging about the higher good from his recovery of about $40 million from the Paul Manafort persecution. I’m also not sure if we should laugh or cry about the concept of the DOJ becoming a profit center. The problem with the DOJ acting as a collection agency that recovers the cost of prosecution from its targets is the political nature of their victim selection algorithm. Each one of us including the Honorable Mr. Mueller has something in his past, present, or future that could warrant jail time and property seizure. With over 3000 federal and thousands more state laws on the books, we are all guilty of some misdemeanor or a felony. Who in the DOJ then, gets to make the decisions about who/why to persecute and the ultimate greater good? Is it going to be one of the dozens of high power attorneys that regularly walk through the DOJ revolving doors to personally enrich themselves by constantly hopping between government gigs and private practice?
The problem with the whole Manafort affair is that if he was so thoroughly corrupt in 2007, then why didn’t special counsel Mueller investigate him earlier during his 11 year tenure as the director of the FBI. Why did he wait until 2018 to bring these charges?:
“…crimes arising out of payments he received from the Ukrainian government before and during the tenure of President Viktor Yanukovych.”
After all, the DOJ, FBI, and the IC had a supersized file on Manafort going back to 2007, so why wait for all these years?
Image 22: The Triumvirate or Threesome (depending on your view)
Mark Twain once wrote that:
“Anybody can tell lies: there is no merit in a mere lie, [for a good deceit] it must possess art, it must exhibit a splendid & plausible & convincing probability; that is to say, it must be powerfully calculated to deceive.”
Special Counsel Mueller’s report doesn’t come close to Twain’s definition of deceptive genius, but it does have a certain kitschy synthetic Disneyland feel to it. In many ways its similar to another secretive report, the Protocols of the Elders of Zion. Both, share the same conspiratorial elements, treachery, mysterious meetings, made-up events and agendas, secret societies, informants, and intrigue.
All of this hush-hush secret agent man stuff in the report seems very mysterious, but at its core, it’s really a simple criminal matter. If you’ve ever been a juror on a criminal trial, you should be familiar with the routine. If you haven’t, it goes a s follows:
The prosecution and the defense present their case with an opening statement
Both show evidence and present witnesses
Both cross-examine witnesses
Each side delivers their closing arguments
The jury goes into deliberation and comes up with a verdict
In any normal criminal trial in the US, they typically follow the Federal Rules of Evidence, there is no such thing as secret testimony that can’t be verified or evidence that can’t be shown to the jury. If the DA doesn’t want to expose his sources/methods then they get excluded from trial. If witnesses can’t be cross-examined, their testimony is inadmissible. It’s as simple as that. Image 22: Rep Gowdy and DOJ IG Horowitz Q&A session regarding Peter Strzok’s and Lisa Page’s involvement in the Mueller and HRC Email investigations
So, no, I don’t think we can classify special counsel Mueller’s report as a deceptive masterpiece, I would rather categorize it as more of a ‘true story’ type of a tale.
Cicero decreed “fame is the thirst of youth”. Nowhere is this mantra more pronounced than in Hollywood’s superlebrity industry. It may come as a surprise but this same thirst is also the main force behind social network’s rapid rise to stardom.
In a similar fashion to the celebrity business, many of the leading social platforms have developed a following totaling hundred of millions of users (more than all the traditional commercial on-line services combined!). But contrary to the entertainment industry that only parades the rich and famous in static fashion, the social networks provide an effective array of tools to help users realize and enhance their on-line digital personas. Some of the current sampling includes effective mechanisms for self promotion (such as LinkedIn and Facebook) and platforms that foster collaborative efforts on an unprecedented scale (such as Wikipedia). To all but a few New-Luddites, these applications are ushering in the age of technological utopia.
But alas, every garden has its resident snake, and such is the grade A serpent found in Social Network’s Garden of Eden. What many of us don’t realize is that the same characteristics that make the social networks so attractive are also their greatest limitations. As the size and proliferation of these applications continue to increase, so will the pressures on traditional technology organizations to incorporate similar functionality into their line of business enterprise products. So where is the problem you say? Well, incorporating this technology into the old enterprise will most likely be done via acquisition of existing products (like the News Corp purchase of MySpace) which ultimately results in the conversion of free and cool applications to full fledged (and dull!) commercial advertising platforms. Either way it will have certain predictable side effects on the user population not dissimilar to mixing alcohol with sleeping pills. Flanders and Swann have captured the essence of this conflict in their famous song “Have Some Madeira, M’Dear“:
She was young,
she was pure, she was new, she was nice, She was fair, she was sweet seventeen. He was old, he was vile and no stranger to vice, He was base, he was bad, he was mean. He had slyly inveigled her up to his flat, To view his collection of stamps. And he said as he hastened to put out the cat, The wine, his cigar and the lamps,
Have some Madeira, M’Dear!”
If you are wondering what this witty Edwardian ditty has to do with the subject of social networks vs. the enterprise, wonder no more.
Over the last decade we have become accustomed to the sweet tasting fruits of strict SLAs, strong security and customer service. Most users now instinctively expect a high degree of 24x7x365 enterprise software availability (which includes corporate email systems). Unfortunately, this is exactly what the social networks cannot deliver (recall Gmail outages). Very much like red carpet celebrities, they look great but when it comes to actual long term commitment and performance they’ll break your heart.
A quick glance at the most common error messages found on any social network (1-6 below) reveals that availability and up-time are their Achilles heel. This in itself is a clear indication that these platforms are not enterprise ready. Their business models are based on casual and non-contractual usage and their applications should not be relied upon to provide any sort of SLA. The error messages we get from our favorite social networks may be adorable, but the causes for these messages are hardly cute and cuddly.
Any enterprise architect worth his weight in salt would immediately identify such error messages as show stoppers for the enterprise product. Big commercial software—suffering from no shortage of good software architects—is fully aware of such system limitations. The real paradox is that even though big soft and media companies would love to exploit the cool and trendy social networks (for commercial purposes of course), they can’t because for the last 20 years they have been preaching the message that any product that cannot be governed by a strict SLA has no place in an enterprise data center.
I recently had an opportunity to discuss the question of social networks vs. commercial software at great length with a fellow airplane passenger who happened to be a SVP of technology in a fortune 500 company (which will remain unnamed here).
As we were preparing for takeoff on a cramped CRJ50, I took out my current reading assignment: The Emerging Science of Spontaneous Order. My neighbor sitting in 1D inquired about the subject of my book and during the course of the bumpy flight and the conversation that ensued, he bemoaned his inability to understand how relatively young startups the likes of Facebook, Twitter and Linkedin were so rapidly able to develop so much rich functionality and capture such a large market share, while other much more mature organizations with much bigger budgets and talent pools were failing to make any such inroads.
His frustration is by no means unique. It is a shared by many large technology companies such as IBM and Microsoft which at present are still scratching their head trying to figure out if this social networks thing is for real and does providing a communication platform for income-challenged teenagers makes any commercial sense. To see just how hesitant the traditional software cartels are to dip their toe in the chilly and profitless waters of the social media, examine the social network landscape. I challenge you to identify even one significant, viral product developed by any of the major software vendors.
One example that illustrates this failure to improvise, adapt and overcome is Microsoft’s difficulty in harnessing the emergence of blogging and SMS as commercially viable services. In 2004, after some soul searching, they concluded that it was unlikely that products like LinkedIn would be commercially viable because—they guessed—few professionals would agree to pay a monthly subscription for them. In 2005 even after it became clear that users were indeed moving en masse to open and free social platforms, Microsoft continued to insist that this was just a fad and what these users really needed in terms of social networking were minor improvements to the MSN subscription service, Office Live, and Windows live platforms.
For Microsoft and other leading commercial software vendors, social networking has to be a subscription based because their entire operating model is based on reoccurring revenue (either via subscription or licensing).
Yes siree, for big soft, it’s one of those ‘damned if you do and damned if you don’t’ scenarios. You may find it hard to believe, but the same organizations that made their fortunes outdoing each other with applications like the spreadsheet are now missing the train big time on what is clearly the next killer platform. In what appears to be a blockbuster sequel to Oedipus Rex, they are powerless to leverage this newfangled phenomenon to make any money or capture market share.
Microsoft is certainly not unique with regard to this model. AOL with its Messenger product is another good example of how to squander your entire user base. Following a slightly different tactic, they offered a “free messaging service” with the small caveat that the user would need to install a fat and intrusive client that would quickly pay for itself by monitoring all of your Internet (and network) traffic all the while serving up unwanted advertisements.
If you think that this form of myopathy affects the big software companies, think again. Traditional communications organizations Nortel which should know better (because of their proximity to the social segments) are still trying to survive the proverbial 7 lean years in the hopes that the public social network phenomenon is just a fleeting narcissistic fad fueled solely by generation X’s and Y’s fascination with exhibitionism. In their vision of market paradise, all future social networks will once again go back to being routed and controlled through their proprietary appliances and just like in the good old days they will once again skim the fat profits on a per-server\user license basis.
Whether you like it or not, the social networks are here to stay. They provide meaningful social interaction, are fun to use, and ultimately do what good software is supposed to do: connect people and give them more control over their lives.
My advice to big software is to heed Dylan’s words: “The Times They Are a-Changin”. Don’t wait any longer; jump in now and contribute to the social networks development effort by providing free and open source applications (Seadragon and Wave would be two great candidates). As contrary as it may seem to your operational philosophy, disregard the immediate profitability question and do it because of the tremendous social benefit these products could offer. I have no doubt that in due time, the money, champagne, and caviar will follow as well.
Having spent a significant amount of time developing fraud detection algorithms and security applications, I have become accustomed to envisioning the common would-be cyber attacker as an inanimate abstract entity completely devoid of human traits; a mere abstraction, a stick figure in my UML and Test Cases. This sterile view of mine however, changed recently when I actually got a chance to spend some time one-on-one with a flesh and blood fraudster.
It started with a seemingly innocuous automated call from “Account Services”. The message informed me that I qualified for a limited time offer to lower my monthly credit card payments. I ignored that first call but shortly afterwards I received a second one. This time I opted to accept the call and was routed to a live representative. I told her that I was not interested in their services and did not want to be contact by them again.
At the tail end of the conversation as I was about to hang up, I inquired about how they got my phone number (it’s both unlisted and on the DNC registry) and to my surprise, the representative said that it came from my bank. When I asked which one, she became evasive, telling me that her company serviced all major banks. That was the moment I realized that I was the target of Credit Card fraud actively in progress.
Suddenly, my stick figure cyber attacker was no longer virtual. Instead, it became a living and breathing human being, an arm’s reach away on the other side of the line. This, I realized, was a rare opportunity to interview an attacker. I asked the individual to call me back on another line and when the phone rang a few seconds later, I raised my foreign accent by a notch, plugged the phone into my MP3 player and hit the Record button.
The representative identified herself as “Michelle”. She sounded young, in her twenties. She spoke in a monotonous but confident voice, clearly a veteran of many exploits. The sales pitch was entirely script-based. She inquired about my current balance and asked if I had any interest in lowering my monthly payments. When I said, “I sure do,” she asked me for my bank and credit card information in order to “qualify” me. At that point we began a stubborn cat and mouse game where I was trying to get more information about her whereabouts and identity (real-phone number, e-mail, web address) while she was trying to get my bank and account information. This lasted for approximately 10 minutes all told.
It was only after I played back the recording and listened to it several times that I realized how sophisticated the operation was (you can hear the recording below).
The perpetrators of this scam had thought of the minutest details and prepared for every scenario. Some of the more interesting elements of the call included:
Psychological Usage of Ambient Sound—During the duration of the call, I could hear incoming phone calls and chatter in the background. This recording simulating a response hotline was designed to create the illusion that I was talking to a busy call center. The objective of this subliminal messaging is similar to that used during TV fundraisers where operators are filmed sitting behind desks of ringing phones. All of it is meant to convince us that many others have already taken the plunge and that the water is “fine”.
Call Traceability and Legitimacy—When I asked the rep where her call center was located she successfully identified the state that corresponded to the area code that appeared on my caller ID. I decided to test the number from my cell phone. The phone rang several times but when it was finally answered, I was routed to voicemail and encouraged to leave a message. The fact that the number yielded a response at all certainly made it appear legitimate.
Well Scripted Dialogs—During the conversation, the rep responded in a consistent manner to my questions, reminding me (4 times) that I was being given the opportunity to lower my monthly interest payments. When I voiced my concern about the possibility that this call could be fraudulent, she responded calmly by stating (4 times) that even if this was the case, I would be covered for any losses by my credit card issuer as well as the Federal Consumer Protection Act.
Plausibility—When I asked if I could call her back on another line to verify her number, she explained that hers was an outbound only call center. She also insisted that this was merely a screening call and that I was only a step away from being transferred to an account executive who would be happy to provide me with complete contact information.
Professional Composure and Manners—Even though I asked her the same questions a number of times, she remained polite and composed, always maintaining a businesslike demeanor and projecting a image of a legitimate customer service representative.
Effective Use of Higher Authority—When I insisted that not getting a manned phone number for the representative would be a deal breaker for me, she finally offered to transfer me to her manager. I was placed on hold (listening to Beethoven’s Für Elise) and was soon connected to another individual who identified herself as “LaFonda”, the floor supervisor. She sounded a bit older and more mature. She reiterated the previous sales pitch. When I finally told her that without being able to validate their authenticity I would not be able to give her my credit card number, she gave me the impression that they might deviate from their ‘account information first’ protocol. I was placed on hold again but shortly afterwards my original sales associate was back pitching the same story all over again. Finally, after one last failed sales attempt she quickly wrapped up the call and hung up.
Even though the call only lasted a relatively short time, I could not have wished for a better and more illuminating lesson. My mental image of the on-line fraudster has changed irrevocably. Whereas before I viewed fraud as an opportunistic low tech effort executed by crafty individuals, I now view it as a commercial enterprise, in many ways similar to a legitimate telemarketing niche industry. It employs a well trained workforce, cutting edge BI, telecom technology and a large database of would-be “customers”.
In retrospect, the whole experience was both sobering and frustrating. It was sobering because I finally realized that at its core, fraud is propagated via subtle means and recognizing it requires the aggregation of many nuances which individually may appear inconsequential (note that until its collapse, each individual component of Bernard Madoff’s asset management operation appeared to be entirely legitimate). In my case, the red flag went up because of my experience in the financial industry. As a rule, the association between a specific “Credit Card Service” organization and all commercial banks is unlikely. For another individual however, this certainly could have been a plausible explanation and this applies to everything else that was said during the conversation.
The frustration, on the other hand, comes from the realization that my current toolbox of risk analysis and fraud detection routines (which are primarily based on triggers like transaction frequency, amount, location and history) cannot independently identify this type of fraud and will require for at least the foreseeable future some supplemental human supervision.
Mata Hari and her bridesmaids (Robert Hanssen and Aldrich Ames)
Over the years, I’ve had this recurring conversation\argument with security technologists regarding the trust lifecycle. The crux of it revolves around how you go about effectively assigning, monitoring and adjusting individual trust levels. Most of us when questioned about trust will tell you that it’s made up of behavioral elements like:
Indeed, these are all distinct and recognizable traits, but how can we use them to design complex security solutions? After all, how do you code a function that checks if a user has a hidden agenda.
In order for these social concepts to be of any use, we need to understand the nature of trust; we must go “Beyond good and evil”. Under the microscope, trust exhibits the following four characteristics:
It’s transferable—We assign a higher degree of trust to individuals who come recommended by people we already trust
It’s inheritable—we tend to trust a relative of a trusted friend
It’s socially derived—We tend to trust individuals who share our cultural heritage and network
It’s cumulative—We tend to increase our trust levels in individuals who previously have proved themselves trustworthy
These evaluation principals (which are essentially deterministic Turing tests) work very well in social relationships, but frequently fail in complex security environments. The source of the problem is that most of us instinctively tend to classify the world into a “friend”, “foe” or “unclassified TBD” categories. We also like to believe that once categorized, the subject in question will continue indefinitely to conform to our classifications and expectations. This tendency is hard wired into our evolutionary decision making process and to a large degree also forms the basis for many irrational behaviors like anti-Semitism.
After conducting quite a few security sweeps, pen tests, and post mortems on breaches, I have come to conclude that most individuals—given the right opportunity and motive—could spontaneously flip the color of their hat.
The concept of credential-based security (that is, non-expiring clearance) is reminiscent of cheese, especially the cheap Swiss variety, the one with too many holes. Now, don’t get me wrong, I have the same tolerance for curious mice as the next guy, but the text books are full of big rats that were—paradoxically—supposed to guard the cheesy comestibles, not eat or sell them! Recall that Aldrich Ames, Robert Hanssen and Kim Philby, just to name a few, each had the highest top-secret clearance and all the right personal and social attributes. Philby, actually wrote the chapter dedicated to Counter Espionage Methods in the SOE spy training manual used at Camp X.
So ultimately, it’s not the rogue, external, blood thirsty anarchists or money hungry crackers one needs to worry about. Rather they are the trusted senior employees responsible for the daily maintenance, administration and security of the corporate resources. This could run the gamut from as high as the CISO who spies on the CEO’s e-mail all the way down to DBA who is running Select statements on the HR compensation database.
The lesson that I have learned from all of this is that most people regardless of how trustworthy they seem, cannot be completely trusted at all times.