Data Mining at Work

Predicting and Preventing Terrorism

June 10, 2004

Terrorists live and work with us. They do business with us. They are our customers. As a result, we have huge volumes of data that describe them, their behavior, and their transactions. We can harness this data and analyze it with data mining technology in order to predict and prevent future terrorist acts. There are no technological barriers to this approach. Data mining is our most powerful analytic technology. We should start using data mining today in the fight against terrorism.


Analytics are everywhere, and the benefits of their application can be profound. On the heels of our Report on Customer Data Mining[1], a Report in which we urged you to apply the power of data mining to your businesses to strengthen your customer relationships, we came across an article urging the application of data mining for preventing terrorism. The article was an op-ed piece by Newton Minow, a former chairman of the Federal Communications Commission and the current chairman of the Technology and Privacy Advisory Committee to the Department of Defense (DoD). You might remember him as the fellow who, in his role as FCC Chairman, called television the “vast wasteland.” Minow’s editorial was published in the June 7th edition of the Wall Street Journal. Titled, “Seven Clicks Away,” the report began:

“As the 9/11 Commission examines whether the tragedy of Sept. 11 could have been prevented, we should ask if seven clicks of a computer mouse might have alerted us to the danger.

  • Click one: Government officials compare airline passenger lists with a list of suspected terrorists. They identify two men, Nawaq Alhamzi and Khalid Al-Midhar, who had been seen at a terrorist meeting in Malaysia. Both purchased tickets for American Airlines flight 77 on Sept. 11, 2001, using their real names, addresses, phone numbers and frequent flyer numbers.
  • Click two: Checking publicly available address information, officials discover that Salem Al-Hazmi and Mohamed Atta, who share the same street address as Nawaq Alhamzi, are also flying on Sept. 11, on AA flights 77 and 11, respectively. A third man, Marwan Al-Shehhi, who shares an address with Al-Midhar, has purchased a seat on United Airlines flight 175.
  • Click three: A quick check of phone numbers identifies five men--Fayez Ahmed, Mohand Alshehri, Wail Alshehri, Waleed Alshehri and Abdulaziz Alomari--who also use the same Florida number as Atta. All six men are scheduled to fly on Sept. 11, on AA flights 11, 77 and 175.
  • Click four: A search of public records reveals that Satam Al Suqami shares a post office box with Alshehri and has purchased a ticket on AA 11. Another man, Hani Hanjour, is booked on AA 77, and is a former roommate of the original suspects, Alhamzi and Al-Midhar.
  • Click five: Officials scan an INS watch list for expired visas and find Ahmed Alghamdi, who has booked a flight on UA 175 along with Al-Shehhi, Ahmed and Alshehri.
  • Click six: Address information reveals that Alghamdi uses the same mailing address as Hamza Alghamdi, Saeed Alghamdi, Ahmed Alhaznawi and Ahmed Alnami. The first two men have tickets for UA 175, the second two for UA 93, all for Sept. 11. Alhaznawi, it turns out, had once roomed with Ziad Jarrah, who is also booked for UA 93 that day.
  • Click seven: Officials check frequent flier numbers and find that Majed Moqed used Al-Midhar’s number to purchase a seat on AA 77.

In seven clicks of a mouse we could have identified 19 men, two of whom are suspected terrorists, all flying on the same day on only three different flights…We do know…that this information was readily available… Advanced information technology exists that would have connected these dots. That technology is called data mining…”

Wow! Could data mining really have prevented or, at least, predicted the events oHf September 11? Minow thinks so, and we agree. Let’s take a closer look at these seven clicks and learn how.


First, let’s get past Minow’s concept of a click. They’re really a metaphor for the application of information technology. No analytic technique of application can, in a single click, produce the results that Minow describes. In reality, each click is really the execution of a query, an analytic application, or a data mining model against a set of data in a data warehouse.

Data Sharing and SQL Queries

Here’s an analytic approach to implement the seven clicks.

Objective: identify terrorists who plan to fly together

Approach: identify individuals who for a given date:

  • Purchased tickets
  • Share current or previous addresses or telephone numbers
  • Are known or suspected terrorists
  • Have expired visas

The approach can achieve this objective quite easily with SQL queries and a little data sharing between the airlines and the government. The data already exists in airlines’ data warehouses and government agency databases, and the queries are quite simple! Table A shows the data and the queries needed.

Seven Clicks Away with SQL Queries
Table A. The data and the SQL queries against the data to implement the seven clicks are presented in this table.

The approach will produce the list of nineteen names, but the approach used is too simplistic and makes too many assumptions. Most significantly, it’s built on hindsight. This data warehousing and SQL query approach will work if terrorists plan a future act similar--identical, really--to past acts. We don’t think that’s very likely.

It’s very important to study history. History does repeat, but what repeats are PATTERNS, not identical events. So let’s make sure that we share the data and run the queries described above, but let’s not think that their results will prevent future terrorism. Instead, let’s use their results as input to more sophisticated analyses. There’s lots information technology that we can bring to bear against this problem, specifically data mining. We completely agree with Minow, data mining can be the key to PREDICTING and preventing future terrorist acts.


We don’t work for the DoD, and we’re certainly not expert or experienced in any aspect of terrorism, nor do we wish to oversimplify or to trivialize the heinousness of terrorist acts. That said, we feel that much of the analysis of terrorists and terrorism shares many characteristics with the analysis of customers and of customer relationships. Here’s what we mean.

  • TERRORISTS ARE PART OF OUR SOCIETY. From the analyses of terrorist acts, we’ve learned that terrorists live in our communities, work next to us, and enjoy all the religious and social freedoms of our society.
  • TERRORISTS DO BUSINESS WITH US. Terrorists use our travel, telecommunications, and Internet infrastructures to plan their acts. They enrolled in flying schools to learn to pilot airliners. They use our banking systems to fund their plans.
  • TERRORIST ACTS ALL HAVE BUSINESS OR COMMERCIAL CHARACTERISTICS. Airline customer and transaction data was key to the analysis of 9/11. A car rental transaction led to solving the 1993 World trade Center attack. Fertilizer purchases helped solve the Oklahoma City bombing.

Given these characteristics, we know that we’re collecting and managing huge volumes of data about terrorists BECAUSE TERRORISTS ARE OUR CUSTOMERS. The data warehouses of financial services companies, telecommunications companies, and travel companies all contain data on terrorist identities, transactions, and behavior. In addition, the transaction data of every company with which terrorists do business can provide information on their activities.

Two issues prevent the use of this data to predict and prevent terrorism: 1) harnessing the data and 2) analyzing this data. These issues have technology and political dimensions. We’ll let folks like Newton Minow address the politics. We’ll comment on the technology ...

Sign in to download the full article


Be the first one to comment.

You must be a member to comment. Sign in or create a free account.