Enrico Bertini,
University of Konstanz, Enrico.Bertini@uni-konstanz.de
Christian
Rohrdantz, University of Konstanz,
Christian.Rohrdantz@uni-konstanz.de
Fabian
Fischer, University of Konstanz,
Fabian.Fischer@uni-konstanz.de
Florian
Mansmann, University of Konstanz,
Florian.Mansmann@uni-konstanz.de
Tobias
Schreck, University of Konstanz, Tobias.Schreck@uni-konstanz.de
1:
KNIME - Konstanz Information Miner for Data Analysis
[http://www.knime.org]
2:
Tableau - Initial Investigations [http://www.tableausoftware.com]
3:
Apache Lucene - Full Text Search [http://lucene.apache.org]
4:
Nicejava - Java imaging library
[http://code.google.com/p/nicejava/]
5:
IBM Word-Cloud Generator
[http://www.alphaworks.ibm.com/tech/wordcloud]
6:
EVA - Epidemic Visual Analyzer for Twitter Data - Own Development.
7:
Own C++ Programs for additional preprocessing.
8: Wireshark -
Analysis of PCAP Files [http://www.wireshark.org]
9: KOSAI (Konstanzer Situational Awareness Interface) - Own
Development.
10: MySQL - Database for Data Storage
[http://www.mysql.com]
11:
Jigsaw - Analyze Document Collections
[http://www.cc.gatech.edu/gvu/ii/jigsaw/index.html]
12:
KIAWordCloudVis - Konstanz Intelligence Agency Word Cloud
Visualization - Own Development.
13: NER - Stanford Named Entity
Recognizer [http://nlp.stanford.edu/software/CRF-NER.shtml]
14:
Mallet - MAchine Learning for LanguagE Toolkit
[http://mallet.cs.umass.edu/topics.php]
Video:
ANSWERS:
In Mini-Challenge 1, you used microblog data to characterize an epidemic spread. In Mini-Challenge 2, you conducted cyber security analysis for situational awareness of a corporate network infrastructure. In Mini-Challenge 3, you investigated terrorist activity in the region.
For the Grand Challenge, you are charged with investigating the cause of the epidemic.
In particular, you need to address the following:
Are any terrorist activities related to the current epidemic?
Describe the series of events, planned or otherwise, that led to the current epidemic.
The Vastopolis area is threatened by several known active terrorist groups and has recently witnessed two incidents which are very likely to have been caused by terrorists. Yet, so far there is not enough information available to make any assured statements of which of the terrorist groups were responsible for the alleged attacks. Nevertheless, the intelligence information available suggests that some groups command enough knowledge and skills to stand behind the attacks, while other groups can be discarded because the attacks either do not match their profile or they are currently too weak.
Incident I - Chemical Truck Attack
The first incident took place on May 17th, 2011, and relates to a truck accident on the interstate 610 bridge in the evening of that day. The bridge leads over Vast River and as an effect of the accident the truck's cargo, probably some sort of chemicals, was spilled into the river. It is very likely that this spill lead to an outbreak of diarrhea on May 19th, that spread from the bridge to the southwest down the river.
Evidently, the spread was caused by contaminated drinking water which was pumped out of the river. To assure this the actual cargo of the truck has to be verified and water samples have to be taken and tested. Given that the hypothesis about a waterborne spread of the infection holds, it can be considered to be very likely that the accident of the truck transporting hazardous material located at a critical spot was caused with purpose.
This assumption is further supported by information about an attack on a transport companies' computer network. It seems possible that this network intrusion served the purpose to gather knowledge about truck routes and cargo and that such information was extracted successfully. It still has to be verified whether the crashed truck was sent by that company and whether information of its cargo and route were accessed during the network intrusion. If so, among the known terrorist groups active in the Vastopolis area it seems to be most likely that the "Network of Dread" stands behind the truck accident. However the possibility that other unknown groups committed the attack cannot be excluded. The suspicion of the "Network of Dread" is triggered by several hints: On May 1st, 2011, communication was intercepted that indicates attacks across the country. Just one day later, on May 2nd, several threatening emails were sent to VastPress using encrypted emails and a small botnet which probably came from the mentioned group. This suggests that the group most probably also commands the advanced IT skills necessary to intrude a company network.
The group might also have tried to get radioactive material by ship, because radioactive cargo was found at Vastopolis harbor on May 11th. Several days later, on May 21st, a plot to detonate a dirty bomb with radioactive material in an American city was revealed. Possibly, the group focuses on transport infrastructure to commit their attacks and started planning the next attack right after the Vastopolis incident. Being responsible for the accident or not - the "Network of Dread" has become active and might commit attacks in the near future.
Incident II - Bacteria Attack
The second incident took place in Vastopolis Downtown. In Downtown and Uptown as well as in a funnel-shaped area to the east, including large parts of Eastside, many people were affected by pneumonia symptoms, starting on May 18th, 2011.
Probably, terrorists took advantage of the fact that two crowded events took place in downtown on that day: A basketball game in the Vastpolis Dome and a Technology Convention in the Convention Center. It is likely that a terrorist attack releasing a pathogen took place in parallel at both of these locations and that from there the disease spread airborne to the east, contaminating a wider area. The severity of symptoms, infected people report about, increases on May 19th and May 20th.
Although the facts appear to be explicit, a systematic evaluation of medical reports from the Vastopolis hospitals and interrogation of sick persons hospitalized with symptoms of pneumonia should be made to assure them. The nature of the attack was different from the first alleged attack, the truck accident. Therefore, it is probable that a different terrorist group is responsible. Among the active terror groups in Vastopolis it appears to be most likely, that the "Paramurderers of Chaos" (PoC) committed the attack. The group might have been inspired by a talk that the molecular biologist Prof. Patino gave on new dangers of bioterrorism on April 11th, 2011. The professor stated that it is much easier today "to engineer dangerous microbes with the right equipment".
On April 18th the CDC published an article saying that an easy way to spread a disease would be food poisoning. There was also some biological equipment stolen which could be used to cultivate bacteria from Prof. Patino's Lab at Vast University, on April 26th. Maybe it was this equipment which was found when they arrested members of PoC building a laboratory to cultivate bacteria, on May 13th. But this doesn’t rule out the possibility that they are going to contaminate food, because on May 15th two members of PoC where trespassing near loading docks of a food preparation plant. In any case, the group has shown to be planning attacks and is familiar with biological weapons and bacteria. They appear to be the only terror group in the area that commands the knowledge to breed and distribute pathogens. Again, independent from whether the PoC was responsible for the attack or not, it’s still likely that they are planning an attack, probably via contaminated food.
Further terror groups in Vastopolis have either been stopped in their activities recently or are not considered to be an imminent danger. An example for the latter category is the group "Citizens for the Ethical Treatment of Lab Mice". The group pursues its goals rather overtly and committed rather harmless disruptions like trashing Prof. Patino’s garage and screaming at his neighbors. They might also be the authors of emails sent to VastPress with the threat to use humans for experimental purposes on May 9th, 2011. Groups that have been stopped by the Vastopolis security forces are the "Network of Hate" and the "Psycho Brotherhood" (Pbh). Two strikes against the "Network of Hate" were successful. The security forces recovered all weapons stolen from the armed forces on April 26th, 2011, including three surface to air missiles and 20 military grade rifles. The three surface to air missiles were found in the car of a member of the group "Network of Hate" on May 15th. Five days later (May 20th) all the rifles were found in a container at Vastopolis Airport. The other group, Pbh, apparently tried to build bombs, but two members of Pbh were arrested on May 12th, with enough explosive material for several explosive devices. It is not likely that both of this terror groups have recovered from the strikes against them nor is anything known about planned attacks.
Recommendations
Independent from the occasional successes in fighting terrorism in the Vastopolis area, the recent incidents have once more shown that terror groups are capable and willing to cause major damage. The surveillance of known terror groups should be intensified and also the possibility that new terror groups might have formed should be investigated. The recent incidents have furthermore shed light on vulnerable spots within Vastopolis. It is recommended to intensify the protection of critical infrastructures, e.g. water supply, transport or internet, as well as the protection of public events with high attendance. Further imminent threats concern food supply and the insufficient custody of military equipment. In addition, apparently interregional transport is used for arms trafficking, controls at the harbor and airport have to be amplified. Furthermore, it is recommended to control or observe the audience of public talks that might inspire terrorist, like in the case of Prof. Patino's talk. Finally, hospitals should be prepared for the possibility that attacks, even different attacks at the same time, might put them into extreme situations. An overall emergency plan is required how public authorities should react on terror attacks.