Tag Archives: Terrorism

#Westgate Tweets: A Detailed Study in Information Forensics

My team and I at QCRI have just completed a detailed analysis of the 13,200+ tweets posted from one hour before the attacks began until two hours into the attack. The purpose of this study, which will be launched at CrisisMappers 2013 in Nairobi tomorrow, is to make sense of the Big (Crisis) Data generated during the first hours of the siege. A summary of our results are displayed below. The full results of our analysis and discussion of findings are available as a GoogleDoc and also PDF. The purpose of this public GoogleDoc is to solicit comments on our methodology so as to inform the next phase of our research. Indeed, our aim is to categorize and study the entire Westgate dataset in the coming months (730,000+ tweets). In the meantime, sincere appreciation go to my outstanding QCRI Research Assistants, Ms. Brittany Card and Ms. Justine MacKinnon for their hard work on the coding and analysis of the 13,200+ tweets. Our study builds on this preliminary review.

The following 7 figures summarize the main findings of our study. These are discussed in more detail in the GoogleDoc/PDF.

Figure 1: Who Authored the Most Tweets?

Figure 2: Frequency of Tweets by Eyewitnesses Over Time?

Figure 3: Who Were the Tweets Directed At?

Figure 4: What Content Did Tweets Contain?

Figure 5: What Terms Were Used to Reference the Attackers?

Figure 6: What Terms Were Used to Reference Attackers Over Time?

Figure 7: What Kind of Multimedia Content Was Shared?

Analyzing Tweets Posted During Mumbai Terrorist Attacks

Over 1 million unique users posted more than 2.7 million tweets in just 3 days following the triple bomb blasts that struck Mumbai on July 13, 2011. Out of these, over 68,000 tweets were “original tweets” (in contrast to retweets) and related to the bombings. An analysis of these tweets yielded some interesting patterns. (Note that the Ushahidi Map of the bombings captured ~150 reports; more here).

One unique aspect of this study (PDF) is the methodology used to assess the quality of the Twitter dataset. The number of tweets per user was graphed in order to test for a power law distribution. The graph below shows the log distri-bution of the number of tweets per user. The straight lines suggests power law behavior. This finding is in line with previous research done on Twitter. So the authors conclude that the quality of the dataset is comparable to the quality of Twitter datasets used in other peer-reviewed studies.

I find this approach intriguing because Professor Michael Spagat, Dr. Ryan Woodard and I carried out related research on conflict data back in 2006. One fascinating research question that emerges from all this, and which could be applied to twitter datasets, is whether the slope of the power law says anything about the type of conflict/disaster being tweeted about, the expected number of casualties or even the propagation of rumors.  If you’re interested in pursuing this research question (and have worked with power laws before), please do get in touch. In the meantime, I challenge the authors’ suggestion that a power law distribution necessarily says anything about the quality or reliability of the underlying data. Using the casualty data from SyriaTracker (which is also used by USAID in their official crisis maps), my colleague Dr. Ryan Woodard showed that this dataset does not follow a power law distribution—even thought it is one of the most reliable on Syria.


Moving on to the content analysis of the Mumbai blast tweets:  “The number of URLs and @-mentions in tweets increase during the time of the crisis in com-parison to what researchers have exhibited for normal circumstances.” The table below lists the top 10 URLs shared on Twitter. Inter-estingly, the link to a Google Spreadsheet was amongst the most shared resource. Created by Twitter user Nitin Sagar, the spreadsheet was used to “coordinate relief operation among people. Within hours hundreds of people registered on the sheet via Twitter. People asked for or off ered help on that spreadsheet for many hours.”

The analysis also reveals that “the number of tweets or updates by authority users (those with large number of followers) are very less, i.e., majority of content generated on Twitter during the crisis comes from non authority users.”  In addition, tweets generated by authority users have a high level of retweets. The results also indicate that “the number of tweets generated by people with large follower base (who are generally like government owned accounts, cele-brities, media companies) were very few. Thus, the majority of content generated at the time of crisis was from unknown users. It was also observed that, though the number of posts were less by users with large number of followers, these posts registered high numbers of retweets.”

Rumors related to the blasts also spread through Twitter. For example, rumors began to circulate about a fourth bomb going off. “Some tweets even speci fied locations of 4th blast as Lemington street, Colaba and Charni. Around 500+ tweets and retweets were posted about this.” False rumors about hospital blood banks needing donations were also propagated via Twitter. “They were initiated by a user, @KapoorChetan and around 2,000 tweets and retweets were made regarding this by Twitter users.” The authors of the study believe that such false rumors and can be prevented if credible sources like the mainstream media companies and the government post updates on social media more frequently.

I did a bit of research on this and found that NDTV did use their twitter feed (which has over half-a-million followers) to counter these rumors. For example, “RT @ndtv: Mumbai police: Don’t believe rumours of more bombs. False rumours being spread deliberately.” Journalist Sonal Kalra also acted to counter rumors: “RT @sonalkalra: BBMs about bombs found in Delhi are FALSE. Pls pls don’t spread rumours. #mumbaiblasts.”

In conclusion, the study considers the “privacy threats during the Twitter activity after the blasts. People openly tweeted their phone numbers on social media websites like Twitter, since at such moment of crisis people wished to reach out to help others. But, long after the crisis was over, such posts still remained publicly available on the Internet.” In addition, “people also openly posted their blood group, home address, etc. on Twitter to off er help to victims of the blasts.” The Ushahidi Map also includes personal information. These data privacy and security issues continue to pose major challenges vis-a-vis the use of social media for crisis response.


See also: Did Terrorists Use Twitter to Increase Situational Awareness? [Link]

Did Terrorists Use Twitter to Increase Situational Awareness?

Those who are still skeptical about the value of Twitter for real-time situational awareness during a crisis ought to ask why terrorists likely think otherwise. In 2008, terrorists carried out multiple attacks on Mumbai in what many refer to as the worst terrorist incident in Indian history. This study, summarized below, explains how the terrorists in question could have used social media for coor-dination and decision-making purposes.

The study argues that “the situational information which was broadcast through live media and Twitter contributed to the terrorists’ decision making process and, as a result, it enhanced the effectiveness of hand-held weapons to accomplish their terrorist goal.” To be sure, the “sharing of real time situational information on the move can enable the ‘sophisticated usage of the most primitive weapons.'” In sum, “unregulated real time Twitter postings can contribute to increase the level of situation awareness for terrorist groups to make their attack decision.”

According to the study, “an analysis of satellite phone conversations between terrorist commandos in Mumbai and remote handlers in Pakistan shows that the remote handlers in Pakistan were monitoring the situation in Mumbai through live media, and delivered specific and situational attack commands through satellite phones to field terrorists in Mumbai.” These conversations provide “evidence that the Mumbai terrorist groups understood the value of up-to-date situation information during the terrorist operation. […] They under-stood that the loss of information superiority can compromise their operational goal.”

Handler: See, the media is saying that you guys are now in room no. 360 or 361. How did they come to know the room you guys are in?…Is there a camera installed there? Switch off all the lights…If you spot a camera, fire on it…see, they should not know at any cost how many of you are in the hotel, what condition you are in, where you are, things like that… these will compromise your security and also our operation […]

Terrorist: I don’t know how it happened…I can’t see a camera anywhere.

A subsequent phone conversation reveals that “the terrorists group used the web search engine to increase their decision making quality by employing the search engine as a complement to live TV which does not provide detailed information of specific hostages. For instance, to make a decision if they need to kill a hostage who was residing in the Taj hotel, a field attacker reported the identity of a hostage to the remote controller, and a remote controller used a search engine to obtain the detailed information about him.”

Terrorist: He is saying his full name is K.R.Ramamoorthy.

Handler: K.R. Ramamoorthy. Who is he? … A designer … A professor … Yes, yes, I got it …[The caller was doing an internet search on the name, and a results showed up a picture of Ramamoorthy] … Okay, is he wearing glasses? [The caller wanted to match the image on his computer with the man before the terrorists.]

Terrorist: He is not wearing glasses. Hey, … where are your glasses?

Handler: … Is he bald from the front?

Terrorist: Yes, he is bald from the front …

The terrorist group had three specific political agendas: “(1) an anti-India agenda, (2) an anti-Israel and anti-Jewish agenda, and (3) an anti-US and anti-Nato agenda.” A content analysis of 900+ tweets posted during the attacks reveal whether said tweets may have provided situational awareness information in support of these three political goals. The results: 18% of tweets contained “situa-tional information which can be helpful for Mumbai terrorist groups to make an operational decision of achieving their Anti-India political agenda. Also, 11.34% and 4.6% of posts contained operationally sensitive information which may help terrorist groups to make an operational decision of achieving their political goals of Anti-Israel/Anti-Jewish and Anti-US/Anti-Nato respectively.”

In addition, the content analysis found that “Twitter site played a significant role in relaying situational information to the mainstream media, which was monitored by Mumbai terrorists. Therefore, we conclude that the Mumbai Twitter page in-directly contributed to enhancing the situational awareness level of Mumbai terrorists, although we cannot exclude the possibility of its direct contribution as well.”

In conclusion, the study stresses the importance analyzing a terrorist group’s political goals in order to develop an appropriate information control strategy. “Because terrorists’ political goals function as interpretative filters to process situational information, understanding of adversaries’ political goals may reduce costs for security operation teams to monitor and decide which tweets need to be controlled.”


See also: Analyzing Tweets Posted During Mumbai Terrorist Attacks [Link]

Virtual Worlds Explained

My interest in Virtual Worlds was recently sparked by Caja Thimm’s fascinating research on Second Life (SL) and Larry Pixa’s intriguing work on simulation platforms for disaster training. I was therefore eager to read David Wyld’s new report on “Government in 3D” which explains the in’s and out’s of virtual worlds.

What follows is a series of short excerpts that I found particularly interesting. These range from terrorism and money laundering to game-wide epidemics and the role of the media in virtual worlds.

The Past and Future of Virtual Worlds

  • The US military originally developed the term “serious games” as a more acceptable way to talk about war games with Congress and the public.
  • Simulations for military training can be traced as far back as the Roman Empire, with Roman commanders’ “sand tables” which were a small copy of the physical battlefield used by commanders to test their battle strategies.
  • Just as the radio gave way to the more immersive experience of television, today’s flat, single-user websites will morph into more interactive, immersive multiple-user experiences.
  • There is a growing belief that virtual worlds may well replace the web browser as the way we interface with the Internet. The web allows you to call up information but the virtual environment allows you to experience and visualize data.
  • The word avatar has a specific historic and religious significance, taken to mean in the Hindu tradition the physical embodiment of a divine being.
  • There will be a market need for helping people manage their digital identities.
  • One of the distinct challenges for organizations operating in virtual-world environments will be to make their interface and content available on mobile devices.
  • There will be a need for verifiable data on virtual worlds and activity within them. This will present a collosal market opportunity for firms seeking to become the “Nielsen Ratings” equivalent for virtual worlds and for companies that make it easier to capture quantifiable metrics from these sites.
  • Research will in time become one of the primary products of virtual worlds as we’re building petri dishes for social science with environments such as Second Life.
  • If in five years, Second Life experience is as good as watching the movie Shrek, there will be uses for it that we don’t understand yet.

Intelligence and Terrorism in Virtual Worlds

  • The new Intelligence Advanced Research Projects Activity (IARPA) office is setting up a virtual world code-named “Babel Bridge” in which members of the intelligence community could securely meet, interact, and exchange information such as audio files and images from spy satellites. This “digital war room” is expected to facilitate collaboration and decision-making.
  • Second Life has drawn attention from the FBI and other agencies on matters such as gambling and money laundering.
  • Terrorism in one form or another has been a part of Second Life for some time. Among the terrorist incidents in-world have been bombings at the Australian Broadcasting Corporation’s headquarters and the Reebok store, a shooting at an American Apparel store, and a helicopter being flown into the Nissan building.
  • Real-world terrorists’ use of virtual worlds is a growing concern. Intelligence experts have speculated that virtual worlds will be conducive for real-world terrorist groups to recruit, organize, and even simulate possible attacks.
  • The “Reynard Project“, a proposal by the Office of the Director of National Intelligence, (ODNI) would seek to identify the emerging social, behavioral and cultural norms in virtual worlds and gaming environments. The project would then apply lessons learned to determine the feasibility of automatically detecting suspicious behavior and actions in the virtual world.
  • Some are concerned that virtual worlds provide terrorists with an anonymous arena in which to swap information—and even funds, as virtual-world currencies can be potentially used to move money around the globe in a relatively hard-to-detect manner.
  • The Maldives, Sweden, Estonia, Kazakhstan and Serbia each have embassies in Second Life.

Training and Simulations in Virtual Worlds

  • Crisis response training in virtual environments can provide unique learning strategies. For example, if first responders in a simulated environment fail to put on their reflective jacket when approaching the scene of an accident, their avatar may be hit by a car—a negative reinforcement that could not occur in a real-life training.
  • A disease called “Corrupted Blood” was unleashed into World of Warcraft in 2005 to be a hindrance to act as a hindrance to high-level players as they battled a powerful creature named Hakkar. However, the infection quickly spread by characters moving throughout the game (as in a real-life epidemic), causing an uncontrolled, game-wide pandemic. This episode was addressed as a case study in The Lancet Infectious Diseases, showing lessons that could be learned by real-world epidemiologists and health professionals.
  • In-world activities can pay positive health dividends for the real person behind the avatar. Indeed studies have shown that individuals having their avatars excercise in virtual worlds are more likely to engage in excercise in real life.

Finance and Economy in Virtual Worlds

  • Visitors in Second Life (SL) can exchange their real dollars for Linden Dollars and vice versa. The size of the SL economy has been estimated at $300 million or more, meaning its virtual economy is larger than the gross domestic product of some real nations.
  • There is more trade in Linden Dollars and exchanges between Linden and other currencies than many real-world currencies.
  • There have been well-publicized success stories of Second Life entrepreneurs, including most notably Anshe Chung, a German citizen, who is the first real-life millionaire based on being one of the largest owners of virtual real estate in Second Life.
  • An analysis published in the Harvard Business Review estimates that in-world sales of virtual goods dwarf the external trade of such items−by 20 times more.
  • Second Life had difficulty with “banks” operating in the virtual world, unfettered by real-world banking regulations, reserve requirements, and interest rates in the low single digits. In fact, it had been labeled a “Wild West” financial atmosphere, replete with banks appearing and disappearing, and with virtual bank runs.
  • One of the biggest parts of the Second Life economy in its formative stage was gambling.

Media and Film in Virtual Worlds

  • The news media today are not just reporting on Second Life; they are reporting directly from Second Life. The Reuters news agency has embedded a reporter in-world for over three years. CNN launched a bureau in Second Life, a virtual version of it’s I-Report, whereby Second Life residents routinely submit their news stories and photos of in-world news and events.
  • Machinima is a new type of computer animation (or videos) created entirely within the confines of a virtual world. The term is based on the phrase “machine cinema” and machinima videos can either capture unscripted, live action or can follow scripts and actual plots as determined by the machinima filmaker.

Patrick Philippe Meier

Links: Revolution 2.0, Mumbai Attacks, Response

  • Revolution 2.0 – Obama’s Web Tools Work for Others Too: If I had blogged about this Newsweek article, I would have been quite critical. First, we all know full well that technology can be used for good or ill. Second, the piece focuses exclusively on the negative effects of the Internet’s potential to empower marginalized groups. Third, as a colleague noted, “The writer thinks of marginalized groups like terrorists.  I think of marginalized groups like 90% of the world’s population.”
  • Mumbai Terrorists used Google Earth: In a first in terror strikes in the country, all the 10 terrorists involved in the Mumbai attack got familiar with the terrain of the city by using the Google Earth service, according to sources in the Maharashtra home ministry.
  • Mobiles and Twitter Play Key Role in Mumbai Reporting: Mobiles are yet again playing a key role in citizen reporting as terror attacks grip the Indian city of Mumbai.  Twitter, the microblogging service that is available in India, was especially instrumental in conveying first hand reports as the chaotic events were unfolding in the city.  Twitter users set up aggregator accounts at Mumbai, Bombay@BreakingNews and with the search tag #Mumbai.
  • Citizen Voices and Mumbai Attacks: When news from the developing world dominates the global news agenda, we get a lot of traffic on Global Voices. As the horrific events unfolded in Mumbai this past week, our authors, editors and tech staff began compiling accounts from blogs, Flickr, YouTube and Twitter feeds. You can get a good overview of the use of social media in reporting the Mumbai crisis on our special coverage page.

Web 2.0 Tracks Attacks on Mumbai (Updated)

Twitter, Flickr, Wikipedia, YouTube – a few of the Web 2.0 & mobile applications tracking the Mumbai attacks in quasi real time along with the aftermath. Twitter was apparently faster than CNN in reporting the initial events, according to TechCrunch:


From TechMacro: “the local authority advised TV channels to stop broadcasting sensitive information which may help terrorists tracking army’s movements. It is much less likely that the terrorists are now using Twitter to find way to escape.”

For live, crowdsourcing updates, see the following links on Twitter, Flickr, Wikipedia. The Wikipedia entry already includes a picture (probably taken with mobile phone) of one of the terrorists.

Wired also writes that “local bloggers at Metblogs Mumbai have new updates every couple of minutes. So do the folks at GroundReport. Dozens of videos have been uploaded to YouTube. But the most remarkable citizen journalism may be coming from “Vinu,” who is posting a stream of harrowing post-attack pictures to Flickr.”

Patrick Philippe Meier

Crisis Maps of Mumbai (Updated)

Here are initial crisis maps of Mumbai, please let me know if you know of others.





Al Jazeera Google Map:


My Fox Chicago:


Patrick Philippe Meier