Mitch Silber, Executive Managing Director and Head of K2 Intelligence’s Analytics and Intelligence Solutions practice, made a series of media appearances last week commenting on the failure to maintain surveillance on Tamerlan Tsernaev in the months after his return to the US.
Much of the media interest stems from Silber’s NYPD monograph Radicalization in the West: The Homegrown Threat. Mitch published a piece in the New York Daily News on Sunday, April 21st building upon the work in that report.
On Tuesday and Wednesday, Mitch appeared on Piers Morgan Tonight on CNN to talk about radicalization and monitoring the domestic threat. Thursday brought the publication of Judith Miller’s Wall Street Journal Op-Ed on How to Stop Terrorists Before They Kill which quoted Mitch and the monograph. That same night, he appeared on CNBC’s The Kudlow Report. Friday saw a report that ran on Anderson Cooper 360, The Situation Room and special reports that ran on CNN throughout the weekend. Finally, Fox News hosts the Journal Editorial Report, which ran twice over the weekend, where Mitch spoke to Paul Gigot at length about the connection between counterterrorism surveillance and the growing sophistication of corporate monitoring.
One of Mitch’s primary roles at K2 Intelligence is overseeing our development of new technologies—repurposed from the war on terror to civilian uses—for analytics and monitoring.
Here’s how Mitch made the connection in response to Paul Gigot’s disbelief that US counterintelligence failed to stay on top of Tamerlan Tsernaev after his return from a “zone of conflict.”
Mitchell Silber: It’s the question that I’m asking myself. It’s the question we dealt with every day at the NYPD. I think what we didn’t have was a connection of the trip overseas, the lead by the Russians, and then when Tsarnaev returned, when the older brother returned, how come someone wasn’t monitoring his social media to see the change? Because change is really the indicator that someone is moving in a new direction. And if you had seen those postings on his YouTube page, you would see that he had gone in a different direction since his return.
Paul Gigot: So do you think he should have been under some kind of wiretap or, even short of that, maybe surveillance by a cyber unit within the Boston PD or the FBI?
Silber: Yes. I think, for his YouTube page, which I looked at a couple of days ago. It was not something that was locked. It was open for anyone to look at. So frankly, if it’s an open website, anyone could have looked at it. That seems to be one of those basic steps that should have been done, is monitoring of the cyber. And it’s interesting that monitoring cyber on the counterterrorism side has also made this transition on the corporate side day-to-day. We’re seeing corporate clients also want to go monitor social media to detect different types of threats.
Gigot: Not terrorists?
Silber: Not terrorists. Hostile takeovers and proxy fights.
Mitch could have gone further. K2 Intelligence does monitoring work that goes far beyond social media. Our Analytics and Intelligence Solutions division has developed software that enables firms to monitor their internal email, phone traffic and instant messages for behavioral changes that might indicate corruption, intellectual property theft or insider trading. Using this kind of monitoring to focus on behavior before content allows a company to conduct targeted investigations early on, before a problem becomes a threat to the enterprise.
As more and more technologies developed to combat terrorism around the world are adapted for civilian uses, K2 will continue to expand its capabilities in this new and growing field.
Anyone following the recent business press will be aware that the boards and senior management of companies have found themselves under increasing scrutiny from investors, activist shareholders and hedge funds.
Their agendas may appear different but these stakeholders all have in common a desire to release unrealised value in their holdings. The debate between them is largely about:
- what is best for shareholders;
- how to maximize the long-term value of a company; and
- the role activist investors can—or should—play in improving share prices and managing companies.
Even the best run company can find itself at the centre of a contest that consumes time and distracts management attention.
The factors that fuel activism – undervalued targets, access to cash, 24/7 media coverage and a weak economy – are all abundant today. Add activists’ improved ability to exert influence on the strategic direction and management of a company and it’s easy to understand how board seats have become both increasingly valuable and increasingly contentious.
In this new environment inaction is never a defence. Companies have to take action.
This might include a thorough deep diligence evaluation of current board members, their qualifications and potential undiscovered problems, as well as careful thought around board decisions and communications.
Such a strategy would typically include an analysis of the opposition’s board nominees, of your own board members’ weaknesses and the overall impact of board change. In these situations, it is easy to focus entirely on the counterparty and forget that your own board can quickly turn from an asset into a vulnerability.
We have been active in contests for corporate control for over 30 years from when Jules Kroll defended clients from the first wave of Wall Street raiders in the early 1980s.
Contests have matured and today are played out more publicly, but the role of investigator remains key – from assisting board directors with their strategy, working with outside counsel to evaluate claims and proposals, to developing a response to facts and allegations raised by the agitators.
We advise on questions such as what are the strengths and, particularly, the weaknesses of the bidder? Is the bid offer, especially where shares are involved fairly valued? What regulatory issues are involved?
When answering these questions you should focus on the commercial track record of any agitator. Have they run successful businesses in this sector and if not, how do they plan to? It is also essential to carefully value share offers. We have worked on a number of hostile and post transaction projects where it was clear, once we have investigated the operation, that the acquirer’s shares were spectacularly over-valued.
In short, we identify potential risk and separate fact from fiction. In doing so we help our clients to unlock opportunities and develop strategies to ensure that their board of directors remains a strong asset.
Whistleblowing was until recently a fairly marginal means of detecting corruption, but recent regulatory developments have prompted a real change in corporate behaviour, particularly in the way companies manage their overseas operations.
Most of this is for the better, but two worrying trends have emerged:
- companies spending large amounts of time and money investigating baseless whistleblower claims; and
- and whistleblowers going directly to regulators or law enforcement, putting their company very much on the back foot.
In both robust systems in place allow a more effective response and a more considered defensive strategy.
As investigators, the questions we are most frequently asked by our clients are:
- How accurate are these allegations? – Do they sound plausible? Do they mention current staff by name or are they lacking in detail (and perhaps mere fishing exercises)? Not every claim can be investigated: resources are finite and your need a clear system in place to allow you to prioritise.
- Who else might know about it and how long have we got before they call? – You should assume in every case that an external agency or regulator has the same information as you, particularly when the tip is anonymous. The important thing is to investigate serious, credible allegations immediately, using internal or external means. Regulators take a dim view of ignoring corruption allegations, but tend to look favourably on proactive efforts to investigate.
- What is the potential impact of these claims and what do we do about it? – Impact depends in large part upon response. The most famous cautionary tale in this area involves Siemens, who spent more than $1 billion on its FCPA issues over the years. But some professional advisers have been guilty of overplaying the potential severity and failing to reassure their clients of the beneficial effects of prompt action and early reporting.
- Is the scope of the problem limited to the allegations identified by the whistleblower? A company’s initial responsibility will be to evaluate and respond to a whistleblower’s particular claims, but regulators will expect broader questions to be asked about the prevalence of similar behaviour across the company.
- How did it happen? You cannot prevent corruption – you can only minimise the number of occurrences and their impact. Assuming the board was not complicit in the activity (in which case “how” is an easy question to answer…), you should carry out a preliminary assessment that should consider three factors: credibility of the allegations; their seriousness; and whether they require immediate action. Next steps very depending on the investigation but typically we would advise: Immediately stop the conduct, set up a dedicate team, depending on – internal or external - availability and capability of resources at hand. Then you draw a detailed plan that carefully defines the scope and the work that falls under it – then investigate. Following these steps leaves a clear trail for any external agencies reviewing your response.
Reducing corruption is not easy, but the steps required are clear enough: strengthening due diligence in all areas of risk; reviewing and stress testing systems and controls; and reviewing the means by which suspect activity is reported.
Your sector, region, customers (e.g. b2c, b2b, government) and degree of exposure to third parties or regulation will all have on effect on the procedures you adopt, but every company can build effective defences. Very rarely do we see fraud and corruption in a company with well-designed compliance systems in place.
There are additional reasons why the need to design a strong whistleblower programme is now more acute. The US Department of Justice and the UK’s Office of Fair Trading are already offering bounty payments to whistleblowers, and the SFO and FCA are thought to be considering following suit.
With greater potential financial reward, the incentives for a whistleblower to file a report to external agencies will increase. However, for a company, it is clearly advantageous for the allegation to be reported internally so that management are not first made aware from an external source. So, what can a company do to encourage someone considering making a report to file it internally?
- In many countries, a whistleblower is still seen as a “snitch” or a “grass”. Whistleblowers are frequently ostracised for their actions, losing their employment and income, and threatened with litigation around confidentiality. Irrespective of how noble or altruistic their objectives, fostering and enabling a culture that encourages staff to report genuine concerns without fear is to be encouraged.
- In an ideal world, we wouldn’t need incentives to encourage reporting of suspicious behaviour. The practical reality, however, is that the perceived risks and drawbacks attached to whistleblowing discourage internal reporting.
Rewards for reporting internally are receiving more attention. While it is unlikely that they will be able to match regulator bounties, we are seeing more discussions from companies around cash payments for tip-offs. It is a complex area, however, and does raise further questions around encouraging staff to breach confidences, make false claims against colleagues or, indeed, to turn a blind eye to suspect behaviour in order subsequently to benefit from it.
Does the market value a strong corporate culture? Is corporate integrity a profitable asset? Which indicators can be used to measure corporate culture and integrity? Should international trade legislation include those aspects into the regulation of certain operations’? What about the financial sector?
A group of experts in Human Resources Management and Corporate Reputation discuss these questions, as well as the role of corporate culture in the development of corporate strategy.
When: May 23, 2013. 9.30 – 11.30 a.m.
Where: Hotel Occidental Miguel Ángel, Madrid, Spain.
Information is a highly valuable corporate asset and companies are supposed to mitigate risks of information loss or infringement of their daily local and international operations.
K2 intelligence invites corporate managers to discuss protection of information, involving aspects beyond IT security: sources and channels of information, treatment of daily documentation, classification of information according to levels of responsibility and confidentiality, organizational structures, etc. The participants analyze different case studies, such as the terrorist attack on a gas refinery in In Amenas, Algeria, where there had been a breach of information.
When: May 21, 2013. 9.30 – 11.30 a.m.
Where: Hotel Occidental Miguel Ángel, Madrid, Spain.
Mitch Silber, Executive Managing Director and Head of K2 Intelligence’s Analytics and Intelligence Solutions practice, spent much of the day appearing on CNBC discussing the manhunt in Boston and tracking terrorists. Mitch is the author of The Al Qaeda Factor: Plots Against the West and the co-author of the monograph Radicalization in the West: The Homegrown Threat.
We thought our friends, colleagues and clients might like to see a partial transcript of his appearances. (Click on each description to see the clips from his appearances on Squawk Box with Rep. Peter King, Squawk Box with former FBI Official Van Harp, and Power Lunch.)
What were the things that surprised you this morning and things that did not surprise you?
Frankly, the fact that they attempted a robbery as we’re hearing seems like such a blatant way to expose themselves to law enforcement intelligence, if they are so stealthy that they can hide out for the first, two, three days after the attack. They have to assume that this would expose them to law enforcement or it seems like that may be where they made their primary mistake. We know nothing about the reason why they would do that.
What else haven’t we learned?
We had the footage of two individuals. It is very unlikely that these two individuals did this with no one else having knowledge of it. Were there other co-conspirators that were part of the plot and were they supposed to be involved with helping these guys get away? Figuring this out is what intelligence analysts are doing right now back in their headquarters.
They’re using very cutting edge technological tools to mine any of the data that they are able to pull from the first suspect who was killed early this morning. So his travel records, phone records, anything that they could look at, Social Security Number to figure out who might be in the ever-expanding circle of people who knew him.
These cutting edge tools would also look on the Internet. And this is a new thing that happened post-9/11. When you are confronted with a potential terrorism threat and knew who the individual was, the first thing you do is go to social media, check on Facebook, check on Twitter.
Let me just pick up the point that you’re making about the technology and people may not realize that the problem of homeland security generates terror suspects in real time. They’re mining the data with a continuing stream.
What is interesting about this accomplice is not only did they identify that there was an accomplice, they stopped a car, thought it didn’t check out and were able to go back and find out where that accomplice and the two people that he was with in the car actually dropped him off, at which station, through the GPS tracking on those people.
This is a very high-tech search at the moment. That’s one of the things that’s very different from immediate post 9/11 time period. Law enforcement, whether it’s the FBI, the NYPD, CIA, the Department of Homeland Security have phenomenal tools. Pre-9/11 some of the hijackers were stopped for speeding violations and ultimately let go and now you have a situation where people were stopped and they check back with the analysts at headquarters and were able to garner more information on them using these tools. Geographically, using their geolocatable tools they’re focusing on the human geography and trying to identify.
Now companies who have only worked with the government for ten years are bringing this technology back to the private sector for investigations.
Are you able to tell us what New York has been working on this possible Islamic-Russian-Chechnya link that has taken people by surprise?
New York City has been very aware of this for a number of years now. NYPD sent people to Moscow after a number of attacks that were done by Chechens and the idea was always to learn about the attacks and learn about the threat and bring that expertise back to New York City to inform efforts here.
So the fact that it’s a Chechen, and the fact that they may have links overseas both are being considered here in New York. Recent interviews with family, the uncle speaking to a television station and the father of the two sons speaking to the Associated Press suggest they were taken aback by the fact that these two suspects actually were the Marathon bombers.
How long would it take to put this together? Is it newly conceivable that they could have been unaware of all of this activity living right here this entire time?
I think it was unlikely that they were completely unaware. In other plots we’ve seen, uncles, aunts, friends had seen a sign that a person close to them was radicalizing and changing before them. Some were potentially going about building a device. For whatever reason, these family members wanted to look away and not pay attention to it.
As the physical situation appears to congeal into a tighter space, how does law enforcement approach this scenario? What do you think the next few hours will look like?
I think it will be a deliberative and careful process. As you say, they are closing in on the suspect. The search is tightening. One of the concerns is does this individual have explosives attached to his body, has he taken someone hostage.
We’ve seen that in other plots as the net tightened that the individuals decided to use explosives.
Our Executive Managing Director, Mitch Silber, was interviewed on NPR’s All Things Considered about the law enforcement efforts in the aftermath of the Boston Marathon bombing. You can listen to the entire interview here:
We wondered how you would organize what are literally bits of evidence; either shrapnel, or hundreds of digital stills and videos that onlookers took at the marathon finish line.
And we’re going to ask Mitchell Silber of K2 Intelligence – that’s a private investigative and consulting firm. Mr. Silber used to be director of the analytic and cyber units in the New York Police Department’s Intelligence Division, where he supervised the NYPD’s terrorism-related investigations.
SIEGEL: Posed with this case, where do you start? What does this big task force do first?
SILBER: Well, the task force is going to have to have a division of labor. Number one: cameras. There are a number of different cameras in that area. They were all recording and some group has to go through that film and manually watch to see if they can see the conspirators placing the devices in the area. Now, in the task force you may have the FBI, the Boston Police Department, the Massachusetts State Police, the Central Intelligence Agency. So…
SIEGEL: Well, let’s take that task alone first. You would want to have all the different agencies represented? Do you get some kind of a synergy from that effect or would you rather have one agency handle all of the imagery, say?
SILBER: Well, you might hand that job to one particular agency. It might be the Boston police who are charged with looking at the footage from those cameras. As you analyze the explosive devices, that might be something that the Boston Police Bomb Squad, or potentially the FBI, might handle because of their expertise in analyzing different types of explosive devices worldwide.
SIEGEL: We learned today that the investigators have concluded that pressure cookers, ball bearings and, I believe, nails were used in these explosives. How far down the road to a suspect does information like that take you, if your explosives team has gotten that far?
SILBER: Well, I think it speaks to, to some degree, the sophistication of the conspirators. They’re not using some of the devices we’ve seen in some of the more spectacular attacks, like hydrogen peroxide bombs in the London 7/7 bombings. We’re not seeing ammonium nitrate like we saw in Oklahoma City.
Now, in New York, when we had the Times Square bombing in May of 2010 – and there was a vehicle-borne explosive in Times Square – one of the things that we were looking for was some of the elements of the explosive device, like a particular alarm clock. There was this very, almost cartoonish type alarm clock that was supposed to work as the timer. And one of the agencies’ responsibilities was to survey local stores in New York City that might have carried that particular alarm clock.
Boston Bombings Require Extensive Investigation (All Things Considered/NPR)
A group of experts from energy, construction and engineering multinationals attended a round table on regulatory risks hosted by K2 intelligence. The discussion revolved around preventing bribery and corruption in operations overseas, dealing with intermediaries, and international regulatory trends in foreign trade.
Download Algunos consejos para limitar los daños jurídicos en el desarrollo internacional del negocio (in Spanish)
The article covers topics discussed at the breakfast seminar organized by K2 Intelligence: corporate reputation and the role of the Chief Communications Officer in managing brands and other intangible assets
Download the article Reputación Corporativa, un intangible en el ADN del negocio (in Spanish)