Thursday, March 09, 2006
Why terror financing is so tough to track down
The haul, details of which were only recently made public, speaks volumes about a remarkable evolution in the funding of terrorism. What was once a global network financed by elusive donors and administered by Al Qaeda "fund- managers" has now fragmented into a constellation of franchises that sustain themselves primarily through crime.
This, experts say, is partly a result of the vigorous multinational effort since 9/11 to break up the Al Qaeda network and stanch the cash flows that sustained terror attacks. But it's also due to the reduced cost of mounting terror attacks, they say.
Estimates suggest that the 9/11 attacks may have cost as much as $500,000 to stage. By contrast, the Madrid bombings of 2004 are believed to have cost no more than $15,000, and last year's London attacks perhaps $2,000.Four bombs, four rucksacks, some train tickets, a little gasoline, and a few phone calls.
"Terrorist financing is very different today," says Loretta Napoleoni, author of "Modern Jihad: Tracing the Dollars Behind the Terror Networks." "Five years ago, we had large movement of funds which went through the international financial system.
"Now we are just talking about four friends who raise £1,000 to stage an attack," she adds. "The unit cost of terrorist financing has crashed to the floor. They [terrorists] don't need another 9/11. They can do a small thing and create the same hysteria."
But those who track terror financing haven't adjusted their strategies accordingly, says Gus Hosein, an antiterrorism expert at the London School of Economics: "What we are seeing is terror done on the cheap and yet all the regulations to monitor financial transactions and crack down on this are looking for larger sums."
A flood of information
The 9/11 attacks startled the world into action to combat terror finance. More than 130 countries have signed on to a UN convention requiring legislative action and financial supervision to spot the dirty money. Scores of charities and individuals have been blacklisted both by the UN and by individual jurisdictions.
Hundreds of millions of dollars of assets have been frozen. Many countries set up dedicated terrorist finance units to coordinate action, like the US Treasury's Office of Terrorism and Financial Intelligence. Some passed laws to make financing terrorism a specific crime.
Many of the ideas emanated from a set of recommendations issued by the Paris-based think tank Financial Action Task Force [FATF], in October 2001.
Vincent Schmoll, a senior policy analyst at FATF who says the recommendations have taken on a certain "moral authority" with countries that might otherwise drag their heels, lists the main areas where progress has been made: freezing assets, notification of suspicious transactions by financial institutions, and growing efforts to tackle the informal money transfer system, known as hawala, which operates below the official financial system's radar.
But there have been problems with some initiatives. Banks desperate to avoid a black mark for letting suspect money through the net have zealously filed their "suspicious activity reports," resulting in an avalanche of paperwork for overwhelmed financial investigators. Some estimates put the number of filings in the US alone at 13 million a day.
Islamic charities, meanwhile, complain bitterly about being singled out for attention. One London-based charity that helps fund Palestinian social projects, Interpal, protests that it was blacklisted by America even though it had been cleared in Britain. "It means we cannot take any donations in US dollars, which is obviously a major obstacle to getting funds," complains one employee.
While charity forms an important pillar of the Islamic faith, intelligence chiefs have long suspected that alms sometimes end up financing terrorists.
'Following the money' - few arrests
Despite the flurry of activity, however, actual convictions for financing terrorism have been few and far between. Last September, a Spanish court sentenced Imad Yarkas to 27 years for helping fund the 9/11 attacks; two months earlier, Yemeni cleric Mohammed Ali Hassan al-Moayad was sentenced to 75 years in the US for conspiring to provide financial support to Al Qaeda and Hamas.
The reason for the dearth of other convictions may be that the authoritieschoose to "follow the money," rather than haul in suspects, says Bill Tupman, a professor at Exeter University in Britain who has studied terrorism for decades.
While the 9/11 commission said that tracking Al Qaeda financing had proven "a very effective way to locate terrorist operatives and supporters and to disrupt terrorist plots," Professor Tupman explains that intelligence services face a difficult choice of whether to confiscate the money and bring a criminal case, or follow the cash and see where it ends up.
He adds that the lack of criminal convictions may also be due to the fact that terror funding is a complex jigsaw, and no one agency holds all the pieces. Banks may have one piece, counterterrorist units another, but others may be held by partners overseas, requiring better international cooperation. "There is plenty of information," says Tupman, "but then there was plenty of information at the time of 9/11 ... the problem is putting it all together."
A new center of experts
If the problem is putting it all together, the solution, according to Britain's Chancellor of the Exchequer Gordon Brown, lies in unified action. Among a series of measures outlined last month was a plan to bring national experts together in a unit that would work at "cracking" terror finance in the same way that wartime mathematicians collaborated in cracking the Nazi Enigma code.
But while international efforts focus on the big money that helped finance 9/11 and establish terror cells in Europe, Al Qaeda has moved on. Experts say terrorists are no longer waiting for Osama bin Laden's moneymen to dole out the cash. Instead they are, according to Professor Wilkinson, "accumulating funds themselves for attacks through petty crime, ID theft, fraud of many sorts, money laundering, and smuggling of money and commodities across porous borders."
Tupman says the metamorphosis mirrors that of groups such as Irish republicans and South American narcoterrorists.
"If you are going to survive, you have to create income streams," he says. "And if you stay in the legal world, it's confiscated, so you end up following the examples of people who run illicit businesses." The alliance between organized crime and terrorists is increasingly profitable, he says. But successful terror cells will always need to launder money to find somewhere safe to park it until it is needed, perhaps buying property for cash or investing in trusts that yield an income.
The trick for the authorities is to snare the dirty money at the point that it tries to enter the legitimate system. Those points should be the frontline in the war on terror, says a UN expert, who spoke on condition of anonymity because of continued involvement in the affair. "It's where you incorporate companies, it's with the bankers and fiduciary trusts and lawyers that help you mutate these things on a weekly basis, buying assets that are portable, that you can move easily, so you always get money wherever you go."
But for open societies that pride themselves on freewheeling financial centers, snaring the villains without hindering the operations of the innocent can be difficult. Are cities like London, whose easy-come-easy-go attitudes bring boundless international capital, going to sacrifice financial freedom to catch a few money launderers? Napoleoni thinks not.
"After all," she says, "you can open a bank account in Turkey and use a cashpoint anywhere in Europe to withdraw the funds. "How are you going to stop that?"
Liquid crystals show promise in controlling embryonic stem cells
Liquid crystals, the same phase-shifting materials used to display information on cell phones, monitors and other electronic equipment, can also be used to report in real time on the differentiation of embryonic stem cells.
Differentiation is the process by which embryonic stem cells gradually turn into function-specific types of adult cells or so-called "cell lineages," including skin, heart or brain cells.
The main challenge facing stem cell research is that of guiding differentiation along these well-defined, controlled lineages. Stem cells grown in the laboratory tend to differentiate in an uncontrolled manner, resulting in a mixture of cells of little medical use.
Now, University of Wisconsin-Madison researchers at the NSF-funded Materials Research Science and Engineering Center (MRSEC) have shown that by straining mechanically the cells as they grow, it is possible to reduce significantly and almost eliminate the uncontrolled differentiation of stem cells.
In an article in the March issue of Advanced Functional Materials, the team reports on a liquid crystal-based cell culture system that promises new ways of achieving real-time control over interactions between synthetic materials and human embryonic stem cells, including the possibility of straining embryonic stem cells as they grow.
"Stem cells tend to be smaller and have a slightly more compact shape than the differentiated cells," says chemical and biological engineer Sean Palecek. "Differentiated cells appear to be much more spread and they appear to exert different levels of force on the matrix in which they are grown. That force can be read to a liquid crystal. Through simple changes of liquid crystal texture and color, our cell culture system is able to report, in real time, the cell interactions with the underlying support on which they are grown."
Currently, researchers have several methods of monitoring cell differentiation. The easiest, says Palecek, is to just look at the cells and use cell morphology as a cue. A more accurate method uses molecular markers. Antibodies are placed against these markers to determine if they bind to the cell. That system, while more accurate, does not provide real time data and cells often have to be killed in order to analyze the markers.
"This newly devised cell culture system enables a new paradigm in stem cell research," says chemical and biological engineer and MRSEC Director Juan de Pablo. "Ultimately, we hope to use liquid crystalline materials to transmit desired sets of physical and chemical cues to stem cells so as to control their differentiation, as well as report back specific responses of the cells or tissue.
"This research is also significant as an example of our unique effort to integrate advanced materials engineering and embryonic stem cell research, an effort that will help accelerate the rate at which the benefits of stem-cell based therapies are brought to society," de Pablo adds.
source:http://www.scienceblog.com/cms/liquid_crystals_show_promise_in_controlling_embryonic_stem_cells_10168.html
Coming Out as a Cancer Survivor: A Guide for Software Developers
A Personal Perspective on the Responsibilities of a Cancer-surviving Software Developer
By Douglas Reilly
My family has a genetic predisposition towards cancers of all sorts. My father died of cancer in 1975. At home, of course, we talked about what was going on in some detail. However, my father did not feel able to inform his employers of his condition, and I would not be surprised if only one or two close friends at work were aware of it. My brother Bobby died of cancer in 1997, and not a lot had changed. Bobby was fearful of his employer knowing the details of his illness and so the succession plans that would have made things easier for both of them were not in place. As a result, neither my brother nor his employer was properly prepared for his death.
I was first diagnosed with cancer in 1998. Luckily for me, we had just entered the new era of cancer survivorship, officially ushered in by Lance Armstrong. Lance was a testicular cancer survivor. Having been diagnosed in 1996, he not only recovered but returned to racing and scored the first of his seven Tour de France victories in 1999. By the time I was diagnosed with primary liver cancer (which is now considered cured, as I will define "cured" below) in 1998, Lance was on the comeback trail and to people like me (cancer survivor and cyclist), he was already a hero.
Thanks to the inspirational example of people like Lance, and to advancements in the medical treatment of many types of cancer, many people now feel able to deal with cancer more openly. Following my recent diagnosis with Mucinous Adenocarcinoma, not only do I keep my clients informed of my condition, I also post my daily struggles with cancer survival on my blog. My honesty has probably cost me a client or two, but this is more than compensated for by the feeling of trust and comfort I have with the clients I retain.
Employee vs. Consultant
If you find yourself in a similar situation and decide to "come out", the issues you face will be somewhat different depending on whether you are an employee or a consultant. I have been a full time consultant since 2001, and was a 4-day a week employee and part time consultant for many years before that. In my case, I have multiple clients, and had to worry only if all my clients decided not to continue to work with me.
As an employee, the issues are really all tied to your employer. What sort of relationship do you have with your employer? Is it a friendly relationship? Do you have a warm-and-fuzzy feeling about how they might react? Is there any law that might require you to let your employer know about your illness? For instance, in the United States, there is a law (The "Americans with Disabilities" Act) that provides some protection, and also stipulates some special treatment for folks with disabilities (and cancer could be considered a disability for this law). To get the benefits of the law, you likely have to be completely open about your condition.
Characterizing Your Cancer
For purposes of this discussion, we can place cancers into one of three broad categories:
Curable/Cured
A number of cancers can be considered curable. Many early breast cancers, early colon cancers and early prostate cancers can be cured, often with surgery alone, sometimes with surgery and other treatments. My liver cancer was considered cured in 1998 when the entire cancer was determined to be primary from the liver (meaning that the cancer originated in the liver and did not spread beyond the liver), and the tumor was completely removed.
If your cancer is cured, you can simply go on with your life, although some cancers are only considered cured after a number of years of "clean" reports. My liver cancer was considered cured immediately after surgery, since the surgeon was certain all traces of cancer were removed; Lance Armstrong's testicular cancer was considered cured only after 5 years of clean scans. Cancer as a curable disease may be a new concept to your boss or clients and they may require some education on this point. One of my clients had a relative who had died of a colon cancer that spread to the liver, and he found it difficult to regard as curable my totally different primary liver cancer. I was able to convince him through education, and to this day he is a good, reliable client.
Once you are cured, I believe there is no requirement that you tell future employers or clients about your prior illness, unless the follow-up treatment will require cooperation from the new employer or client.
Treatable
A large number of cancers are not, strictly speaking, curable. For instance, my recently diagnosed mucinous adenocarcinoma is not considered curable. However, treatment for such cancers can often lead to it becoming more of a chronic disease. Through various internet groups, set up for people who have mucus-creating tumors, I know of people who have survived as few as 2-3 years, or as long as 10 years. It is difficult to predict the exact length of time you might have, if diagnosed with a treatable cancer. However, in the case of my disease, even 2 years can be a long time. Nevertheless, it is unlikely that most folks can simply curl up in their rooms for two or more years without some form of employment.
Not Curable/Not Treatable
If your doctors tell you that there is no cure for the disease, and there is no reasonable treatment for the disease, or if given an explanation of all that is involved with treatment, you decide the possible gain is not worth the likely cost (both physically, emotionally and financially), then the cancer can be considered incurable. In this case, read the next paragraph, and then go and spend time with your family.
One advantage we computer people have is that we should be able to use our computer skills to keep up-to-date on the latest advancements in treatment for our disease. For instance, the rare cancer, Gastro Intestinal Stromal Tumor (GIST) was once considered a largely untreatable and incurable disease. In about 2002, Gleevec appeared on the market as a treatment for Chronic Myelogenous Leukemia (CML). Shortly after the medication was introduced, it was discovered that Gleevec could also be used to treat GIST tumors. Keeping abreast of developments in the treatment of our disease is the one thing that we, as computer people, can and should do. There are several useful sites in this regard, as well as groups where you can find information and support. For example:
Around the Office
There are a number of things that I have found helpful in my dealings with coworkers and clients. First things first: if a coworker has a "need to know" about your health situation, let him or her know one time in fairly general terms what you are going through. Then, wait for your coworkers to come back to you if they have more questions. If they have more questions, then answer them at whatever level you are comfortable. You will discover that some people are very uncomfortable about cancer, and will never speak of it again.
Try not to make discussion of your treatment something that comes up every day. Unless you want to be known as "cancer guy (or gal)", let others lead any further discussion of what is going on with your care.
Next thing is this: cancer treatments can change the way your body looks, whether that be loss of hair, weight loss or gain. Depending upon the workplace, coming in bald after a chemo treatment might or might not be considered appropriate and acceptable. If it is not acceptable in your workplace, most insurance will pay for at least a part of the cost of a hairpiece. Get a good quality hairpiece! You are worth it, and looking good can help restore your morale and confidence. Many hospitals also have a "Looking Good, Feeling Better" program that can help women with makeup tips as well, which can minimize the effect of loss of hair.
If you lose or gain a lot of weight, make sure you buy clothes that fit! I made the mistake of thinking that my weight would come back, and so wore clothes that made me look like a rag picker. A client who had been working with me throughout my liver cancer, without a word of concern, got very nervous when I lost a lot of weight and showed up in clothes that were way too big. In fact, on this occasion, the weight loss had been caused by a surgery that did not involve any active cancer (though it was to prevent a possible future disease). I have learned my lesson and, recently, when my cancer treatment caused me to lose weight I immediately went out and purchased new clothes that fit me correctly. When the same client saw me, he commented that I "looked great", even though I had lost about 10 pounds. That was money well spent.
Part of the reason I lost so much weight after my precautionary surgery was that I felt so great afterwards that I started exercising, walking and riding my bicycle. When I rode a 2-day, 170-mile bike ride for a charity, I made sure all my clients knew I was doing the ride, and made a point of letting them know that I finished it. Nothing helps someone accept a cancer survivor more than realizing that the cancer survivor is in better shape than they are!
The Responsibility of a Software Developer
My surviving brother, Tommy, is a unionized worker who delivers muffins. As Tommy explains it, he goes into a store, removes the old, stale muffins, and puts in new, fresh muffins. Were Tommy to become ill and die, it is not likely that a new delivery person would require more than a week or two to get completely up to date on how his route works. As such, any responsibility that Tommy might have to his employer, in making sure they understood his condition and the possible future outcome of the disease, is minimal.
Most software developers are different. While there may be no legal responsibility to make our employers or clients aware of possible longer term health problems, I believe there is a moral responsibility to ensure that, whatever happens to us, our employers or clients are protected and able to continue functioning.
Years ago, wherever I worked, I had a cartoon that hung in my office. It was from an early source code control company, and it showed a woman with two small children at a graveside. A man in a suit walks up, and the caption says, "Do you recall him ever mentioning Source Code?" These days, that is less funny for me than it is poignant.
Even when I got the "all clear" on my first liver cancer, I nonetheless tried to ensure that all clients had the source code that they should have, and I tried to ensure that, where possible, internal support staff were up-to-date on the status of all existing work. More recently, I have made it my habit to deliver new software with the source code, and to assign the client the rights to that source code.
Specifically, as a software developer who has been diagnosed with a serious illness, what should you do? I recommend the following:
- Make certain that source code is where it should be. If that means that the client should have it, make sure they do. If that means that it should be checked into the employer's source code control system, make sure you do.
- Clearly document anything "strange" in the source code you deliver. When I am coding, and I do something in the source code that is either very clever (perhaps too clever) or potentially confusing, I place a comment in the code that will encourage me to return to the code to address the issue. In Visual Studio, placing a TODO comment is a great way of tracking such sections of code. Whether you clearly comment the code, or (better yet) clean up the code, you should make sure that another developer can understand it.
- Make certain you have a "buddy" developer who knows what you are doing. This is a time when you might want to take a young developer under your wing. Whatever happens to your health – win, lose or draw – what better legacy is there than to have brought up a new developer.
- Consider moving to a different job, especially if your illness is not curable. If, as a consultant, you are acting as primary developer on systems for small clients who have no internal support, then you might want to reconsider. If, as an employee, you are the only one with your job title or specific responsibility, then at the very least you should have a succession plan in place. It is also possible that you can use different talents or skills to find an alternative position within the organization. For instance, if you have skill and an interest in writing, then a job in the documentation department might allow you to take a step back from software development, while continuing to leverage your knowledge of that software.
In general, the rule for anyone with a serious illness (especially if that illness is not likely to be curable) is this:
Make sure you are not indispensable!
Early in a career, making yourself indispensable might be a good thing. Being the hero, pulling all-nighters to do what needs to be done, might be a good way to boost your profile within the organization. However, a cancer survivor, especially one whose cancer may not be cured, needs to take a different view.
Summing Up
While this topic might be considered somewhat of a downer, I think that many of the ideas presented here should be considered by software developers regardless of whether they have a serious illness. Might the guy in the next cubicle walk out in front of a bus? Might the gal across the hall have a massive stroke and become unavailable for weeks at a time? Of course. As software developers, we need to recognize the special relationship we have with employers and clients, and to make certain that we have dotted all the i's and crossed all of the t's. We should ensure that, no matter what happens, we have taken care of our responsibilities such that, in the event of our departure, our clients and employers can continue to function normally.
###
Douglas Reilly is the owner of Access Microsystems Inc., a small software development company specializing in ASP.NET and mobile development, often using Microsoft SQL Server as a database. He can be reached at doug@accessmicrosystems.net.
source:http://www.simple-talk.com/2006/03/06/coming-out-as-a-cancer-survivor-a-guide-for-software-developers/
Combating Identity Theft
by Paul Meadowcroft - Head of transaction security of the e-security activities of Thales - Tuesday, 7 March 2006.
Identity theft is the major security concern facing organisations today. Indeed, for the banking industry, it is the number one security priority for 2006. In a recent survey of security budget holders and influencers of UK banks, 73% of respondents cited identity management as the top transaction security concern. The survey also showed that identity management has moved from being fifth to the most important driver for transaction security spend in UK banks. In addition, the number of UK banks assigning separate budgets for identity management has risen from 22% to 60% since 2003.
ID theft has increased by 500% since 1999 and now costs the UK economy £1.3bn a year, forcing defences against this crime to evolve rapidly. In the past few years this has led to the emergence of smart card-based integrated authentication networks.
Identity security has developed beyond the simplest form of authentication where one party issues and verifies identities within a closed group of users. While easy to do, this approach is extremely hard and costly to scale upwards and offers no interoperability with other authentication networks.
As such, a more common technique being used widely today is the use of a federated identity network. This allows individuals to use one form of identity to authenticate themselves to a range of different organisations. As such, an individual could use one username/password, token/PIN, digital certificate/passcode issued by one organisation for authenticating themselves to a completely different organisation.
This approach solves many of the problems associated with the closed group identity security approach. For a start, the enormous investment involved in issuing digital certificates on smart cards, for example, can be recouped to some extent, by deriving revenue from allowing other organisations to authenticate their users with the same identity.
There are, however, significant challenges with this approach. Central to this is the level of trust that must be given by an organisation using another organisation’s authentication network. Essentially, an organisation that is joining another’s authentication network must have confidence in the checks that have been carried out to guarantee the identity of the user. Privacy laws have further compounded this as one organisation is unlikely to be able to share any meaningful information with another organisation to prove that these checks are robust. Therefore the ability to use a federated identity approach in a highly scalable environment is limited because of the levels of risk involved in relying upon the work of the issuing organisation.
It is for this reason that a new integrated identity approach has emerged in the last two to three years. In this approach the focus is on a single application being used at the hub of the authentication network which allows all participating organisations to be issuers.
The key lies in the use of an authentication platform that is flexible enough to accept the digital credentials of any participating organisation. An additional advantage of the integrated approach is that it need not err towards the lowest common denominator digital identity solution – i.e. username/password. Therefore, should an organisation within the integrated identity group want to be able to use stronger identity for some, if not all, of its transactions then this is possible without interfering with the requirements of other participants. As such, one organisation may consistently have high transaction values that would justify and require a more robust authentication solution than lower value transactions would. This is based upon a financial risk versus cost of solution basis but does allow for the widespread use of a single smart card-based solution.
As the digital identity market evolves, we will of course see many examples of both issuer-centric federated identity and application-centric integrated identity networks developing. The federated identity model is best suited to small communities with rich, intensive interactions, and with simple risk management requirements. The integrated identity model provides a new perspective on identity management for large application owners, and significantly simplifies the deployment and management of applications which span communities, require a tiered authentication and risk model or raise significant privacy issues.
source:http://www.net-security.org/article.php?id=904
New animal resembles furry lobster
PARIS, France (AP) -- Divers have discovered a new crustacean in the South Pacific that resembles a lobster and is covered with what looks like silky, blond fur, French researchers said Tuesday.
Scientists said the animal, which they named Kiwa hirsuta, was so distinct from other species that they created a new family and genus for it.
A team of American-led divers found the animal in waters 2,300 meters (7,540 feet) deep at a site 1,500 kilometers (900 miles) south of Easter Island last year, according to Michel Segonzac of the French Institute for Sea Exploration.
The new crustacean is described in the journal of the National Museum of Natural History in Paris.
The animal is white and 15 centimeters (5.9 inches) long -- about the size of a salad plate.
In what Segonzac described as a "surprising characteristic," the animal's pincers are covered with sinuous, hair-like strands.
It's also blind. The researchers found it had only "the vestige of a membrane" in place of eyes, Segonzac said.
The researchers said that while legions of new ocean species are discovered each year, it is quite rare to find one that merits a new family.
The family was named Kiwaida, from Kiwa, the goddess of crustaceans in Polynesian mythology.
The diving expedition was organized by Robert Vrijenhoek of the Monterey Bay Aquarium Research Institute in California.
source:http://www.cnn.com/2006/TECH/science/03/08/furry.lobster.ap/index.html
