A few weeks ago, Security Debrief hosted a superb session with one of the most intriguing people I have ever met. A former judge, Ms. Shannen Rossmiller characterizes herself as a “cyber operative.” Her function can best be described as a nontraditional intel gatherer for cyber counter intelligence.
She is an independent contractor who now works primarily with the FBI. What began as a personal quest has turned into the archetype for one of the ways we need to fight back against our nation’s unconventional enemies who use the cyber world to their advantage. Former Director of the CIA Jim Woolsey has proposed the development of a Citizen Cyber Corps (CCC) using Shannen as his model.
She works over the Net on jihadi radicalization and recruitment issues. This is a case of the anonymity of the cyber world working for the good guys. The Judge has multiple cyber identities, and she is highly effective at spoofing the enemy and using the Web against them. Her collection efforts have led to the arrest and conviction of several dangerous radicals. She is justifiably proud of her record but is also unfailingly humble as to her extraordinary abilities. She speaks no Arabic nor Farsi, no Urdu nor Pashto, and is not a cultural expert.
Despite these seeming gaps in her abilities, she is a new cyber warrior on a new battlefield. As a judge who knows the law, and respects the rules, she takes all the right measures to ensure her work leads to a conviction. She will work with the FBI and the IC, eventually producing an operational plan aimed at specific malefactors; then she executes it. She has developed a protocol to deal with the info gathered that did not exist before. She develops multiple identities that allow her, in some cases, to verify her own bonafides with the bad guys. She says that some of her personas have been around for quite a while, some are used once and disappear.
Could others do this sort of work? There would clearly be quality control issues. Not everyone is a judge/lawyer, with the mind set, experience and knowledge that comes with those roles. The CCC would need extensive training and oversight if it were expanded on Shannen’s model.
I asked her how she developed her personas? “Research, observation, trial and error” was her answer. Could this effort be expanded to allow for manipulation, capture or hindrance of more bad guys? That would require a really well-developed team – linguists, tech support, cultural experts, intel, criminal, Koranic scholars, etc. What are we waiting for?
The bad guys are using encryption and all sorts of cyber tricks as ways of protecting themselves. Now we have the good guys doing this! Bravo. This should be a major effort on the part of law enforcement and the IC. We don’t want people doing this on their own, but let’s use it legally and effectively.