Monday, November 20, 2023

Recent Technological Developments Relevant to Espionage and Information Warfare


In Qiao Liang and Wang Xiangsui’s “Unrestricted Warfare,” written in 1995, they describe how militarily and politically weak Communist China can triumph over a stronger power such as the United States. They do this by using an extremely broad concept of weaponry, to wit: "Everything that can benefit mankind can also harm him. This is to say that there is nothing in this world that cannot become a weapon.” They go on to give examples of these new types of weapons: stock-market crashes, computer viruses, and rumors or scandals on the Internet. They argue that four fundamental elements of war - soldiers, weapons, battlefield, and purpose – “have changed so that it is impossible to get a firm grip on them. When that day comes, is the war god’s face still distinct?” (Liang, Q. & Xiangsui, 2015).

This paper examines two examples of this expanded type of weapon: a Russian troll farm called the Internet Research Agency used to create dissent and conflict within the United States, and social network analysis and graph databases that could be used to track employees and recruit assets from inside Iran’s Natanz Uranium Enrichment Facility.


The Internet Research Agency

The Internet Research Agency was a Russian company operating from July 2013 to July 2023 that maintained social media accounts for the purpose of spreading propaganda, altering public opinion, and sowing dissent. It was owned and financed by Yevgeny Prigozhin of Wagner Company fame (Volchek, 2021) and was used to influence European public opinion of Ukraine and the upcoming invasions. In the United States, the IRA’s purpose was to influence social media with the goal of eroding trust in American media organizations, spreading distrust in American politicians and political parties, and generally to inflame tensions.

The IRA created user accounts and various Facebook groups with titles such as "Heart of Texas," "United Muslims of America," "Being Patriotic," "LGBT United," "Don't Shoot," "Blacktivist," "BlackMattersUS," and "SecuredBorders", among others. The IRA then used these groups to organize protests or even dueling protests/counterprotests including:

  • A Black Lives Matter protest (not organized by IRA) and a Blue Lives Matter counterprotest (that was organized using the "Heart of Texas" group) held in Dallas, Texas, on 10 July 2016.
  • A "Safe Space for Muslim Neighborhood" rally in Washington, D.C., on 3 September 2016 was organized using the "United Muslims of America" group.
  • As mentioned in Zegart (2022), the "Heart of Texas" and "United Muslims of America" Facebook groups were used to organize dueling protests on 21 May 2016 in Houston, Texas.
  • "BlackMattersUS" and "United Muslims of America" groups were used to organize anti-Trump protests.
  • The "Being Patriotic" group was used to organize multiple pro-Trump rallies throughout Florida.
  • "United Muslims of America" was used to organize the "Support Hillary, Save American Muslims" rally.
  • A vigil for the Pulse nightclub shooting victims was organized using the "LGBT United" group.
  • Etc.

The supposed ultimate goal of the IRA in the United States was to influence the 2016 election. While this may be true, supporters of this supposition make several assumptions that must be explicitly stated:

  • Social media platforms allow anyone to create groups and use them to organize meetings and protests.
  • For each group IRA created, numerous non-IRA groups with the same concerns existed.
  • It is likely that the IRA groups were used by Americans for our own purposes, e.g. to schedule our own rallies.
  • The influence of the IRA was small in comparison to the biases enforced by various social media companies.
  • The various problems the IRA supposedly tried to inflame were already concerns for multiple decades, including:
    • The growing influence of Islam and other foreign cultures.
    • Illegal immigration.
    • Fear of government overreach and doubts of its legitimacy.
    • Contempt of elected officials and other government employees.
    • Contempt that elected officials and other government employees have of their constituents.
    • Doubts about the intentions of US intelligence agencies.
    • Distrust of traditional and social media outlets.
  • For people concerned about those problems, the IRA was doing nothing but "preaching to the choir."

For those of us who already distrust mainstream media, it is not clear if the IRA had any influence on us, since we rely on other methods for gathering information and arriving at conclusions (multiple alternative news sources, discourse and debate, historical reference, plausibility, consistency, evidence of the senses, correspondence with reality). Further, the ultimate responsibility for an individual's beliefs and actions lies with himself, despite the "NPC" (non-player character) description that is often applied to those that continue to trust media and government.

This does not mean that the IRA did not have an impact: the Mueller Investigation lasted from May 2017 to March 2019, and though the final report of the Investigation "did not establish that members of the Trump campaign conspired or coordinated with the Russian government in its election interference activities" (Mueller, 2019), the pretext for the investigation was used by various politicians, government employees, and media outlets to foment dissent on their own. This wasn't obviously a part of the IRA's plan, but it was certainly an example of how certain politicians and news agencies are willing to create a tragedy so as not to let it go to waste. Was it an unintended consequence?


An Emerging Technology Useful for Espionage

An emerging technology that is useful for espionage is the field of social network analysis with the support of graph database technology.

Traditional relational databases store data in one or more tables, and each table consists of rows (records) and columns (fields). Graph databases store data in nodes (also called vertices) and edges (lines or arrows connecting nodes). (Robinson, et. al., 2015) This organization is perfect for storing data about social networks.

[Illustration comparing data organization in relational vs graph databases]

What the nodes and edges in a graph DB represent depend on the application. For example:

  • For navigation, the nodes can be cities and the edges can be roads.
  • For an e-commerce recommendation engine, the nodes can represent products and two products are connected by a directed edge if a customer who purchases one product is likely to purchase the other.
  • The nodes can be people and the edges can be various types of relationships (familial, coworker, etc.)

Nodes do not need to be all the same type: one type of node can represent people, and a second type can represent organizations, and an edge connects a person-node to an organization-node when that person is a member of that organization. Similarly, there can be different kinds of edges: besides the membership-edge, there can also be familial-relationship edges linking two people who are of the same family.

By itself, a graph database is useless without a source of data. For social network analysis, populating a graph DB usually involves manually entering specifically chosen people or organizations to seed the graph DB, then augmenting that with data pulled from social media sites.

The investigative applications include:

  • The process of “doxxing” was studied using graph DBs in (Lee, 2022).
  • Relationships between Antifa, journalists, and university professors were investigated in (Lenihan, 2022).
If Antifa were to be designated a criminal organization, graph databases would be immensely useful for investigating that organization. (Jaccourd, et. al., 2023).


The Definition of "Importance" in Graph Databases

For sake of discussion, suppose we are investigating terrorism, and the nodes in our graph DB represent individual terrorists or terrorist organizations, and edges between those two types of nodes represents membership. We also assume that terrorists can be linked with an edge if they are of the same family.

Once our database is populated with terrorists, organizations, and the relationships between them, how do we extract information from all that data? The most obvious approach is to pick a target (a known terrorist), and then investigate all the people related to that target and all the groups (terrorist organizations) to which that target belongs. There are situations where this approach is applicable (like should a terrorist be captured), but in general this approach begs the question: how is a target of interest chosen? This is not a trivial question since there may be tens of thousands of terrorists in our graph database.

This problem - determining which nodes (terrorists or organizations) are most important or influential - is solved in various ways through what are called "measures of centrality." There are numerous measures of centrality, the most basic one being "degree centrality" - the nodes with the most edges are most important, i.e. the terrorists with the most connections to other terrorists or terrorist organizations are most influential.

A different measure that is perhaps more useful is "betweenness centrality". This involves finding the shortest path between all distinct pairs of nodes and counting the number of these shortest paths that pass-through a given node. The nodes with the highest betweenness centrality can be thought as the ones through which the most information passes.

In terms of espionage, it would then make sense to prioritize intelligence-gathering on terrorists with the highest betweenness centrality, since the most information would pass through those terrorists. In terms of counterterrorism, eliminating a terrorist with a high betweenness centrality would cause the most disruption in information flow.

An example of this kind of social network analysis was performed independently by Kieran Healy (Healy, 2013) and Shin-Kap Han (Han, 2009) using data found in David Hackett Fischer's "Paul Revere's Ride" (Fischer, 1995). Fischer includes data on 254 individuals involved in the American Revolution (among them John Adams, Samuel Adams, and Paul Revere) and their memberships in seven Whig groups, including the Tea Party and the London Enemies. Using only this data, it is possible to determine:

  • the number of groups to which any pair of people both belonged (for example, John Adams and Sam Adams both belonged to two groups)
  • the number of people any pair of organizations have in common (the Tea Party and the London Enemies had 10 people in common).

Notice that the starting data (membership lists for the organizations) did not include data about which individuals knew each other, but a social network can be derived from the membership lists - two individuals are related if they share membership in an organization. (Breiger, 1974).

[Illustration from (Healy, 2013)]

Centrality measures can then be calculated on that social network. Healy and Shin-Kap Han found that Paul Revere has the highest betweenness centrality of the 254 individuals and ranks high in several other centrality measures. Shin-Kap Han describes Revere's role as a "broker" between not only the people in Fischer's analysis but also between the various classes - artisans and gentlemen, patricians and plebeians, and to make the American Revolution a success, for those people,

"both the identities and interests needed to be articulated and organized as in any effort at extensive, robust, and sustained mobilization. For that, the movement needed men whose socioeconomic status and cultural outlook allowed them to move among the various ranks of society. As a man whose contacts reached deep and wide into the social and political networks, Revere was one of the few who were comfortable in all of these places, each of which became an important part of Boston’s revolutionary movement." (Han, 2009).


Past, Present, and Emerging Technologies for Espionage

Past and current espionage-related methodologies and technologies could be used to recruit individuals working inside Iran's Natanz nuclear facility. For example, wiretapping could have been used to monitor the telephone calls of employees of that facility, and from the conversations, potential assets could be chosen. This would have worked before calls were encrypted. Combining satellite photographs with on-the-ground presence, individuals working in the facility can be identified, traced, appraised, and recruited. Realtime satellite imaging may not be needed, but considerable collaboration between satellite reconnaissance teams and in-person reconnaissance would be necessary.

Another current technology that is applicable are mobile applications such as TikTok, Facebook/Meta, etc. These applications track the user's location, the people the user interacts with, and can be used to build a psychological profile of the user. Further, by manipulating the popular trends displayed by those apps, the companies owning these applications can attempt to influence user opinions.

Can social network analysis be used to recruit an individual working inside a highly secure location, like the Natanz facility? Natanz employees may not be allowed to have applications such as TicTok on their phones. All hope is not lost, however... As described above, Kieran Healy and Shin-Kap Han were able to build a social network using only a list of names and membership lists for organizations – they built a social network using data that predated social network analysis by centuries! The same can be done today, and examples of the organizations that would be helpful in the case of the Natanz facility include:

  • Universities, for their graduation lists and list of faculty members
  • Mosques
  • Fraternal organizations

Additional sources of information include marriage announcements, graduation announcements, flight logs, and so on.



These two examples of contemporary espionage technology – troll farms and social network analysis – represent two examples of the new types of weapons envisioned by Liang and Xiangsui. The Internet Research Agency was effective (in some way) in spreading dissent in the U.S., though they were dwarfed by the attempts at manipulation and “nudging” used by social media companies. Social network analysis would certainly be useful for investigating the operations of criminal organizations and should also be relevant for identifying intelligence assets and evaluating the importance of individuals in facilities like the Natanz Uranium Enrichment Facility.



Breiger, R. (1974). The duality of persons and groups. Social Forces 53(2)
Retrieved from:

Fischer, D. H. (1995). Paul Revere’s ride. Oxford University Press.

Han, S-K. (2009). The other ride of Paul Revere: The brokerage role in the making of the American Revolution. Mobilization: An International Quarterly 14(2): 143-162
Retrieved from:

Healy, K. (2013). Using metadada to find Paul Revere.
Retrieved from:

Jaccourd, L., Molnar, L., & Abei, M. (2023) Antifa's political violence on Twitter: A grounded theory approach. European Journal on Criminal Policy and Research. 29, 495-513 (2023)
Retrieved from:

Lee, Carmen. (2022). Doxxing as discursive action in a social movement. Critical Discourse Studies, 19:3, 326-344, DOI: 10.1080/17405904.2020.1852093

Lenihan, E. (2022). A classification of Antifa Twitter accounts based on social network mapping and linguistic analysis. Social Network Analysis and Mining (2022) 12:12
Retrieved from:

Liang, Q., Xiangsui, W. (tr. 2015). Unrestricted warfare. Echo Point Books & Media.

Mueller, R. S. (2019) Report on the investigation into Russian interference in the 2016 Presidential Election. U.S. Department of Justice.

Robinson, I., Webber, J., Eifrem, E. (2015). Graph databases: New opportunities for connected data. 2nd Edition. O'Reilly Media.
Retrieved from:

Volchek, D. (2021). Inside the ‘propaganda kitchen’ – A former Russian ‘troll factory’ employee speaks out. Radio Free Europe/RadioLiberty.
Retrieved from:

Zegart, A. (2022). Spies, lies, and algorithms: The history and future of American Intelligence. Princeton University Press.

No comments:

Post a Comment