Notice of Violation of IEEE Publication Principles

"Detecting New Trends in Terrorist Networks," by Uffe Kock Wiil, Nasrullah Memon, and Panagiotis Karampelas in the Proceedings of the 2010 International Conference on Advances in Social Networks Analysis and Mining (ASONAM), August 2010, pp.435-440 After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, this paper has been found to be in violation of IEEE’s Publication Principles. This paper has copied portions of text from the sources cited below. The lead author, Nasrullah Memon, was found to be solely responsible for the violation. The original text was copied without attribution (including appropriate references to the original author(s) and/or paper title) and without permission. “Social Network Analysis and Information Fusion for AntiTerrorism” by Pontus Svenson, Per Svensson, and Hugo Tullberg in the Proceedings of the 2006 Conference on Civil and Military Readiness (CIMI), May 2006 and Data Mining: Concepts and Techniques (second edition), by Jiawei Han and Micheline Kamber Morgan Kaufmann, Elsevier, 2006

Detecting New Trends in Terrorist NetworksUffe Kock Wiil∗, Nasrullah Memon∗†, and Panagiotis Karampelas†

∗The Maersk Mc-Kinney Moller InstituteUniversity of Southern Denmark, 5230 Odense M, Denmark

email: {ukwiil,memon}@mmmi.sdu.dk†Information Technology

Hellenic American University, Athens, 10680, Greeceemail: pkarampelas@hau.gr

Abstract—This paper discusses new trends in terrorist net-works. We investigate a new case study regarding the recentDenmark terror plan and present analysis of the thwarted plot.Analyzing covert networks after an incident is practically easyfor trial purposes. Mapping clandestine networks to thwartedterrorist activities is much more complicated. The networksurrounding the recent Denmark terror plan is studied throughpublicly available information. We are able to map a piece ofthe network centered on David Headley, who recently confessedto have planned a terrorist attack to take place on Danish soil.The map gives us an insight into the organizations and peopleinvolved.

Index Terms—David Headley case, open source information,subgroup detection, terrorist network analysis.

I. INTRODUCTION

The events of 9/11 instantly changed the perception ofthe words “terrorist” and “network”, and the United Statesand other countries rapidly started to gear up to fight a newkind of war against a new kind of enemy. In conventionalwarfare, conducted in specific locations, it is important tounderstand the terrain in which the battles will be fought. Inthe war against terror, there is no specific location. After 9/11,we know that the battleground can be anywhere. It is nowclear that the terrorists power base is not geographic; rather,they operate in networks, with members distributed across theglobe. To fight such an enemy, we need to understand the new“terrain”: networks - how they are constructed and how theyoperate.Advanced and emerging information technologies like inves-tigative data mining (IDM) offer key assets in confronting asecretive, asymmetric networked enemy. IDM is a powerfultool for intelligence and law enforcement agencies fightingterrorism [1]. IDM is a combination of data mining andsubject-based automated data analysis techniques. Data miningis an approach which uses algorithms to discover predictivepatterns in datasets. Subject-based automated data analysis ap-plies models to data to predict behavior, assess risk, determineassociations, or perform other types of analysis [2].How can we mine terrorist networks? Traditional methods ofmachine learning and data mining, taking a random sample ofhomogeneous objects from a single relation as input, may notbe appropriate. The data comprising terrorist networks tend tobe heterogeneous, multi-relational, and semi-structured. IDMembodies descriptive and predictive modeling. By considering

links (relationships between the entities), more information ismade available to the mining process. Mathematical methodsused in the research on IDM [1] [2] [3] [4] are clearlyrelevant to intelligence analysis and may provide tools andtechniques to discover terrorist networks in their planningphase and thereby prevent terrorist acts from being carried out.Relevant patterns to investigate include connections betweenactors (meetings, messages), activities of the involved actors(specialized training, purchasing of equipment), and informa-tion gathering (time tables, visiting sites).IDM offers the ability to firstly map a covert cell, and tomeasure the specific structural and interactional criteria of sucha cell. IDM aims to connect the dots between individuals andmap and measure complex, covert, human groups, and orga-nizations. The methods focus on uncovering the patterning ofpeoples interaction, and correctly interpreting these networksto assists in predicting behavior and decision-making withinthe network. IDM borrows techniques from social networkanalysis (SNA) and graph theory for connecting the dots.In IDM a number of variations exist in the literature. Oneis known as link analysis (see for example [5] [6]). Linkanalysis research uses search and probabilistic approaches tofind structural characteristics in the network such as hubs, gate-keepers, pulse-takers [7], or identifying potential relationshipsfor relational data mining. Link analysis alone is insufficient asit looks at one side of the coin and ignores complex nonlinearrelationships that may exist between the attributes. Anotherapproach depends purely on visualization, such as NetMap[8]. Unfortunately, these tools that depend on visualizationalone - despite being useful to provide some insight - areinsufficient and rely on the user to carry out many tedious andtime consuming tasks, many of which could be automated.Uncovering a relationship among or within attributes (connect-ing the dots) is an important step, but in many domains it ismore important to understand how this relationship evolved.Hence, understanding network dynamics and evolution isneeded to complete the picture. Once we understand thedynamics and evolution of these relationships, we can searchfor ways to disconnect the dots if and when needed. Thisbrings about several new tasks [9]: (i) subgroup detection;(ii) object classification; (iii) community detection; (iv) objectdependence; (v) detecting hidden hierarchy; and (vi) under-standing topological characteristics.

2010 International Conference on Advances in Social Networks Analysis and Mining

978-0-7695-4138-9/10 $26.00 © 2010 IEEE

DOI 10.1109/ASONAM.2010.73

435

2010 International Conference on Advances in Social Networks Analysis and Mining

978-0-7695-4138-9/10 $26.00 © 2010 IEEE

DOI 10.1109/ASONAM.2010.73

435

2010 International Conference on Advances in Social Networks Analysis and Mining

978-0-7695-4138-9/10 $26.00 © 2010 IEEE

DOI 10.1109/ASONAM.2010.73

435

In this paper, we use IDM techniques to study new trendsregarding the recent Denmark terror plan, in which DavidHeadley recently confessed to conspiring between October2008 and October 2009 with his associates to plan and carryout terrorist attacks, including murder and maiming, againstthe facilities of Jyllands-Posten, a Danish newspaper, and twoof its employees, Editor A and Cartoonist A [10].In Section 2, we briefly present the case study of the recentDenmark terror plan. Section 3 introduces IDM techniques todetect key players. In Section 4, we report and discuss ouranalysis results from the case study. Section 5 concludes thepaper and presents future research directions.

II. CASE STUDY

David Coleman Headley [11], formerly known as DaoodSayed Gilani, (born June 30, 1960) is a Pakistani-Americanbusinessman based in Chicago. He recently confessed toinvolvement with terrorist plots against India and Denmark.David Coleman Headley and Tahawwur Hussain Rana wereaccused by U.S. federal authorities in Chicago, in complaintsunsealed on 27 October 2009, of plotting against the employ-ees of a newspaper in Copenhagen. Headley is accused of trav-eling to Denmark to scout the building of the Jyllands-Postennewspaper, and a nearby Synagogue, for an attack by terrorists[10]. On December 8, 2009, the FBI also accused Headley ofconspiring to bomb targets in Mumbai, India; providing mate-rial support to Lashkar-e-Taiba, a militant Pakistani extremistgroup; and aiding and abetting the murder of U.S. citizens[10]. There are some online data sources containing structuredterrorist information like http://www.trackingthethreat.com/,http://www.globalsecurity.org/ , etc. As we did not find theinformation about the entities present in the David Headleycase from these manually updated online sources, we harvestedthe information [17][20] about the David Headley networkfrom publicly available news and information sources. Theharvested information was combined with the informationpresent in iMiner database [20], prepared from gathering thedata from http://www.trackingthethreat.com/ and the result isshown in Figure 1.The rectangle in Figure 1 shows the main entities under ourinvestigation and connected directly with the David Headleycase. We have applied IDM techniques over the network andapplication of these techniques is discussed in the followingsections.

III. IDM TECHNIQUES FOR DETECTING COMMUNITIESAND KEY PLAYERS

In this section, we discuss various techniques to detect thecore members of a terrorist network.

A. Subgroup/Community Detection

One of the most common interests in analyzing terroristnetworks is the search for the substructures that may bepresent in the network. Subgroups are subsets of actors amongwhom there are relatively strong, direct, intense, frequent, or

positive ties. We use a bottom-up approach for the detection ofsubgroups [9]. This approach begins with basic groups, andseeks to see how far this kind of close relationship can beextended. The notion is to build outward from single ties toconstruct the network. The substructures that can be identifiedby bottom-up approaches include cliques, n-cliques, s-cliques,and k-plexes.We discuss each concept briefly [12] [21]:

• A clique is defined as a maximal sub-graph in whichevery member of the graph is connected to every othermember of the graph. Every member is connected to n-1 others and the distance between every pair is 1. Inpractice, complete cliques are not very useful. They tendto overlap heavily and are limited in their size.

• An n-clique is a sub-graph in which every person isconnected by a path of length n or less.

• A group is an s-clique, if it has local maximal SMI(Segregation Matrix Index). That a group G has localmaximal SMI means that no other group has a higherSMI value. In addition, no other group has the same SMIvalue with one more element or one less element than G.

• A k-plex is a sub-graph in which every person is con-nected to at least n-k other people in the graph (recall ina clique everyone is connected to n-1, so this relaxes thatcondition) [12].

In addition, we have used the most popular CNM algorithm(which discovers clear communities in the network) introducedby Clauset, Newman and Moore which maximizes modularitywith greedy approach [13]. The CNM algorithm runs fatserthan any of the other alogrithms. It runs in O(md log n)time, for a network with n vertices and m edges, where d isthe depth of the dendrogram. Beside community structure andsubgroup detection, the other important aspect in the terroristnetwork analysis is to classify nodes with different roles withincommunity or even in whole network.

B. Object Classification

In traditional classification methods, objects are classifiedon the attributes that describe them. A particular importantchallenge is to classify in a large network those individualswho play key roles - such as leaders, facilitators,communications ”go betweens”, and so on. To understand thecalculations used to single out the core members in a network,we need to discuss some measures of object classification[10], [14]:

• Degree. A basic measure of SNA that turns out to beimportant in IDM is the degree of a node - that is, thenumber of other nodes directly connected to it by edges.In a graph (network) describing a terrorist network, nodesof high degree represent ”well connected” people, oftenleaders.

• Closeness. This measure indicates for each node howclose it is to other nodes in a graph. Analysts consider thismeasure a good indication of how rapidly information canspread through a network from one node to others. This

436436436

Fig. 1. The David Headley terrorist network.

measure relates to the closeness or the distance betweennodes. A core member (central actor) can reach otheractors through a minimum number of intermediary po-sitions and is therefore dependent on fewer intermediarypositions than a peripheral actor.

• Betweenness. The measure gives each node a scorethat reflects its role as a stepping-stone along geodesic(shortest) paths between other pairs of nodes. The ideais that if a geodesic path from node A to node B (theremay be more than one) goes through node C, then nodeC gains potential importance. Such nodes - or the peoplethat they represent in a terrorist network - can haveimportant roles in providing connections (for example,facilitating communications) between sets of nodes thatotherwise have few other connections, or perhaps no otherconnections. This measure explores an actor’s ability(say for example, node C) to be “irreplaceable” in thecommunication of two random actors (say for example,nodes A and B). It is of particular interest in the studyof destabilizing terrorists by network attacks, because atany given time the removal of maximum betweennessactor seems to cause maximum damage in terms ofconnectivity and average distance in a network.

We used both object classification and subgroup/communitydetection techniques in the analysis to deduct the realistic

results. The application of the theory is presented in the nextsection.

IV. ANALYSIS RESULTS

We have collected information about the network usingthe iMiner harvesting facility [9] and developed a networkas shown in Figure 1. The network has some interestingcharacteristics, if weighted against different SNA measures.By identifying the cohesive parts of the network with differentalgorithms, it has been found that David Headley is the mostimportant node (Figure 1) followed by Kashmiri and Rana.The degree, closeness, and betweenness of the different nodesas shown in Figure 1 are also in agreement with the importanceof these nodes as shown in Figure 2.The different clique based and k-plex sub-graph detection al-gorithms also reveal the same results regarding the importanceof different nodes. The number of sub graphs containing DavidHeadley is the highest as shown Figure 3.David Headley is the most irreplaceable node of the network(as shown in Figure 3), since its absence makes the maximumof sub-graphs incomplete. This may be due to the fact thatHeadley is the most socialized member of the network andhas many links with common people outside the network. Incontrary to 9/11, where the terrorists rarely interacted with theoutside world and hiding themselves from media, this time

437437437

Fig. 2. Centrality measures of the Headley network.

Fig. 3. Sub-graph detection in the David Headley network.

the trend has changed. The people involved in the conspiracyare even connected with the superstars of Bollywood (filmindustry of India) [19]. A U.S. Department of Defense officialwho is following the case closely and spoke on condition ofanonymity because of the criminal investigation in progresshas stated:

• “The present and future is less about individual groupsconducting attacks, and more about combinations of indi-viduals, and groups and facilitators that come together...Together they have the resources, the means, and theinsights to execute those attacks”. [18]

The people involved in conspiracies are common people or atleast they behave like common people and make it difficult forthe investigators to distinguish and identify them. This fact isemphasized in the following statement:

• “Foreigners on reaching their destination in India andchecking in at a hotel or hostel are required to fill in andsign a form for scrutiny by the immigration authority. It isthe responsibility of the management of the establishmentto get the forms filled in and to ensure their submissionto the town/city immigration authorities along with thepassport of the individual. Headley’s passport should havebeen scrutinized in over 12 towns during his nine visitsand passed through the hands of at least three dozenofficers but not one of them found anything unusual init”. [16]

The ties with the outside world and film industry can alsoprove essential in strategies of fund raising or even for using

the film industry to convert black money to white, whichis of course not a new thing. Although, it has not beendisclosed whether Headley had a talk with Bollywood starsabout financing; it is surely a relevant suspicion.As seen in Figure 3, the sub-graph detection mechanisms usingcliques do not clearly identify the key nodes. However, the k-plex algorithm clearly identifies the key nodes (Kashmiri andHeadley).Therefore, we have further investigated the network using thek-plex algorithm to find out additional features of interest.Finding sub-graphs with minimum size of 3 using the k-plexalgorithm yielded 21 groups or k-plexes. All groups detectedalong with their members, density, size, and cohesion indexare listed in Table 1. The statistical graph shown in Figure4 by plotting the density, cohesion index, and size againsteach k-plex shows that k-plex5 and k-plex10 are the ones withhighest bars representing that these are the most connected andimportant parts of the graph. The other valuable informationthat these k-plexes identify is that Kashmiri is the channelof communication between the terrorist organization and theother members of the graph as he is the only common memberin both k-plexes. If we analyze k-plex5 alone it contains themembers like Al-Qaeda and HUJI (Harkat-ul-Jihad-e-Islami)along with Kashmiri, thus the members of this cell have theexpertise to carry out a terrorist attack.In case of k-plex10, it contains people which can be associatedwith strategic analysis and planning. They do not have exper-tise and experience to carry out terrorist attacks directly. Thus,analysts (planners) are separate from attackers as k-plex10has people who can carry out analysis, initial investigation,and surveillance to prepare a master plan of the attack andk-plex5 can really implement such a plan. As in any project,the project manager is the person who coordinates the analysisand implementation teams of the project. This analysis showsthat a similar role was played by Kashmiri in this conspiracy.Our analysis points out a new dimension in criminal inves-tigation and counterterrorism research which indicates thatterrorist organizations are using third party surveillance teamsfor the investigation and analysis part of their attack. Thesethird party teams consist of people that are not linked with anysort of terrorism directly - possibly white collar people thathave passports of countries like Canada or even the UnitedStates. Therefore, law enforcement agencies have some sort oftrust in them and they can freely travel to any destination toscout. It is possible that multiple terrorist organizations sharesuch teams each for their own cause. In the David Headleynetwork, terrorist organizations such as Al Qaeda, HUJI andLeT (Lashkar-e-Taiba) may be sharing the same group ofpeople for surveillance.This theory is also supported when we weigh the nodes ofthe graph with the CNM algorithm [13] for detecting thecommunities. The application of the CNM algorithm on theHeadley network resulted in the graph containing 3 commu-nities as shown in Figure 5 (the communities are named G1,G2, and G3). G3 is the community of analysts and surveyorsand this group consists of people that would not be suspected

438438438

Fig. 5. Community structure in the David Headley network.

Fig. 4. Subgroups (k-plexes) in the David Headley network.

to be terrorists - people that are connected with famouspeople, that have worked for the law enforcement agencies,and that are influential enough to getting clearance (visa) tovisit any country. G1 and G2 are the communities containingthe terrorist organizations that are using the G1 communityfor the best of their interest - in this case terrorism.

V. CONCLUSIONS AND FUTURE WORK

The paper has presented investigative data mining tech-niques for analyzing terrorist networks. A new case studyevolving around the David Headley case has been examined

to show the usefulness of the presented techniques. Thecontributions of the paper are twofold:

• We have shown that an investigative data mining system(iMiner [9]) can be used to harvest relevant informationabout a particular terrorist case from open sources. Wehave shown that a terrorist network can be constructedbased on open source information. We have also shownthat the terrorist network can be analyzed to revealrelevant information about the people in the network andtheir connections - such as detecting key persons andsubgroups of the network.

• Our analysis indicates a new dimension of terrorist or-ganizations using third party surveillance teams for theinvestigation and analysis part of their attack. This is incontrast to for instance the 9/11 and other past incidents.Currently, there is much focus on suspected terrorists,which makes it difficult for them to travel to locations andplan attacks. Therefore, involvement of third party (whitecollar) people with no prior record of terrorism relatedactivities may be a new trend that will be generalized inthe future as terrorist organizations try to deal with theincreased levels of surveillance and monitoring by manycountries.

We are working on some new mathematical models whichmay help in detecting white collar terrorism think-tanks. As

439439439

TABLE ISUBGROUPS (K-PLEXES) OF THE NETWORK ALONG WITH THE DETAILS OF MEMBERS, SIZE, DENSITY, AND COHESION INDEX.

K-PLEX SIZE DENSITY COHESION INDEX MEMBERSk-Plex1 3 0.667 3.5 Ilyas Kashmiri, Lashkar-e-Taiba, Al Qaedak-Plex2 3 0.667 3.5 Ilyas Kashmiri, Lashkar-e-Taiba, Harkat-ul-Jihad-e-Islamik-Plex3 4 0.667 2.286 Ilyas Kashmiri, Lashkar-e-Taiba, David Headley, Abdur Rehman (Pasha)k-Plex4 3 0.667 2.333 Ilyas Kashmiri, Lashkar-e-Taiba, Tahwur Hussain Ranak-Plex5 3 0.667 4.667 Ilyas Kashmiri, Al Qaeda, Harkat-ul-Jihad-e-Islamik-Plex6 3 0.667 1.75 Ilyas Kashmiri, Al Qaeda, David Headleyk-Plex7 3 0.667 2.8 Ilyas Kashmiri, Al Qaeda, Tahwur Hussain Ranak-Plex8 3 0.667 1.75 Ilyas Kashmiri,Harkat-ul-Jihad-e-Islami, David Headleyk-Plex9 3 0.667 2.8 Ilyas Kashmiri, Harkat-ul-Jihad-e-Islami, Tahwur Hussain Ranak-Plex10 4 0.833 3.333 Ilyas Kashmiri, David Headley, Tahwur Hussain Rana, Sajid Mirk-Plex11 3 0.667 1.75 Ilyas Kashmiri, David Headley, Drug Enforcement Agencyk-Plex12 3 0.667 1.75 Ilyas Kashmiri, David Headley, Bollywoodk-Plex13 3 0.667 2 David Headley, Tahwur Hussain Rana, Abdur Rehman (Pasha)k-Plex14 3 0.667 2.333 David Headley, Tahwur Hussain Rana, Drug Enforcement Agencyk-Plex15 3 0.667 2.333 David Headley, Tahwur Hussain Rana, Bollywoodk-Plex16 3 0.667 2.333 David Headley, Sajid Mir, Abdur Rehman (Pasha)k-Plex17 3 0.667 2.8 David Headley, Sajid Mir, Drug Enforcement Agencyk-Plex18 3 0.667 2.8 David Headley, Sajid Mir, Bollywoodk-Plex19 3 0.667 2.8 David Headley, Abdur Rehman (Pasha), Drug Enforcement Agencyk-Plex20 3 0.667 2.8 David Headley, Abdur Rehman (Pasha), Bollywoodk-Plex21 3 0.667 3.5 David Headley, Drug Enforcement Agency, Bollywood

the most of the work in terrorist network analysis is borrowedfrom SNA, it is of crucial importance that researchers workwith experts of the intelligence world and design and developnew models to predict terrorist threats.

REFERENCES

[1] Memon, N., Larsen H. L. (2006). Practical approaches for analysis, visu-alization and destabilizing terrorist networks. In the proceedings of ARES2006: The First International Conference on Availability, Reliability andSecurity, Vienna, Austria, IEEE Computer Society, pp. 906-913.

[2] Memon, N., Larsen, H. L. (2006). Practical algorithms of destabilizingterrorist networks. In the proceedings of IEEE Intelligence SecurityConference, San Diego, Lecture Notes in Computer Science, Springer-Verlag, Vol. 3976: pp. 398-411.

[3] Memon N., Hicks D. L., Larsen, H. L., Uqaili, M. A., (2007). Under-standing the structure of terrorist networks, In International Journal ofBusiness Intelligence and Data Mining, Vol. 2 (4), pp. 401-425.

[4] Memon, N., Hicks, D. L., Larsen, H. L. (2007). How Investigative DataMining Can Help Intellience Agencies to Discover Dependence of Nodesin Terrorist Networks, Proceedings of the Third International Conference,ADMA 2007,. Alhajj, R., Gao, H., Li, X., Li, J., Zaiane, O. (red.).Springer Verlag s. 430-441. ( Lecture Notes in Computer Science; 4632).

[5] Taskar Ben, Pieter Abbeel, Ming-FaiWong, and Daphne Koller. (2003)Label and link prediction. In relational data, in IJCAI Workshop onLearning Statistical Models from Relational Data. Available online athttp://kdl.cs.umass.edu/srl2003 upload/files/taskar-paper.pdf, accessed onJanuary 10, 2010.

[6] M. Barlow, J. Galloway, and H. Abbass. (2002). Mining evolution throughvisualization. In Proceedings of Workshop on Beyond Fitness: Visual-ization Evolution at the 8th International Conference on the Simulationand Synthesis of Living System. Available online at http://www.alife.org/alife8/workshops/15.pdf accessed on January 09, 2010.

[7] Q&A with Professor Karen Stephenson, April 18, 2006. Avail-able online at http://www.elearningpost.com/articles/archives/qa withprofessor karen stephenson/ accessed on January 10, 2010.

[8] DeRosa M., (2004), Data Mining and Data Analysis for Counterterrorism,CSIS Report.

[9] Memon, N. (2007). Investigative data mining: Mathematical modelsfor analyzing, visualizing and destabilizing Terrorist Networks. PhDDissertation, Aalborg University, Denmark.

[10] U.S. Department of Justice Press Release, January 14, 2010 available athttp://www.justice.gov/opa/pr/2010/January/10-nsd-038.html accessed onJanuary 15, 2010.

[11] Abrahm Sami, Story of David Headley-suspect of planning attacks onDanish newspaper, International The News, November 22, 2009 availableonline at http://www.thenews.com.pk/updates.asp?id=91981 accessed onJanuary 15, 2010.

[12] Fershtman, M. (1997). Cohesive group detection in a social network bythe segregation, Social Networks 19, 193-207

[13] Clauset, M. E. J. Newman, and C. Moore. Finding community structurein very large networks. Physical Review E, 70:066111, 2004. Availableonline at http://pre.aps.org/pdf/PRE/v70/i6/e066111 accessed on January10, 2010.

[14] Krebs, V. E. (2202) Mapping network of terrorist cells. Connections24(3): 43-52.

[15] An article published in a comprehensive Punjabi journal ”Wichar”.Available online at http://www.wichaar.com/news/286/ARTICLE/17345/2009-11-20.html accessed on January 15, 2010.

[16] An article published in Deccan Herald. Available online at http://www.deccanherald.com/content/40626/lashkar-e-taibas-us-connection.html ac-cessed on January 9, 2010.

[17] Memon, N., Hicks D., and Larsen H. L. (2007). Harvesting TerroristInformation from Web. In proc. International Conference on InformationVisualization (IV 2007), Zurich, Switzerland, July 4-6, 2007, pp. 664-671.

[18] An article published in The Times Of India. Avail-able online at http://timesofindia.indiatimes.com/india/Pak-Army-officer-linked-to-Rana-Headley/articleshow/5249930.cmsaccessed on January 10, 2010.

[19] An article published in Zopag News Network.Available online at http://www.zopag.com/news/rahul-bhatt-introduced-let-man-headley-to-many-bollywood-actresses/9987.html accessed on January 11, 2010.

[20] Memon, N., Wiil, U. K., Alhajj R., Atzenbeck C., Harkiolakis, N.(2010).Harvesting Covert Networks: The Case Study of the iMinerDatabase. In: International Journal of Networking and Virtual Organi-sations

[21] Balasundaram, B., Butenko, S., Trukhanov, S. (2005). Novel approachesfor analyzing biological networks, submitted in Journal of CombinatorialOptimization, Vol. 10, pp.2339.

440440440