DARPA Scanner To Search E-mail For "Insider Threats"
By Claire Shefchik
A new project from DARPA (Defense Advanced Research Projects Agency) and George Institute of Technology will begin scanning e-mails, text messages and file transfers to pick up on what it calls “insider threats,” the university announced earlier this month.
Analysts “may now have the bandwidth to investigate five anomalies per day out of thousands of possibilities. Our goal is to develop a system that will provide analysts for the first time a very short, ranked list of unexplained events that should be further investigated,” project investigator David A. Bader of Georgia Tech School of Computational Science and Engineering and the Georgia Tech Research Institute (GTRI) said in a news release.
The two-year, $9 million project, led by Science Applications International Corporation (SAIC) in cooperation Oregon State University, the University of Massachusetts and Carnegie Mellon University, will initially use algorithms to detect possible threats from government employees and military personnel, such as sharing classified information or violent tendencies, according to the university.
“Every time someone logs on or off, sends an email or text, touches a file or plugs in a USB key, these records are collected within the organization,” Bader told Fox News–about a quarter-billion per day.
Known as PRODIGAL, the system scans for e-mails to unusual recipients, specific words, and odd file transfers that change over time, though at first only for military volunteers and federal officials. One homeland security expert told Fox it sounds “one step further to a police state.”
Bader is quick to reassure the public that PRODIGAL couldn’t monitor everyone, since it only works on internal systems, not the entire Internet, and can be useful in preventing catastrophes, such as a soldier suddenly turning homicidal.
John Fratamico, SAIC senior vice president and business unit general manager said PRODIGAL “can translate to significant, often critical, actionable insider threat information across a wide variety of application domains.”