Greg Mann, Managing Director,
Xanalys Ltd, UK
firstname.lastname@example.org [PRIMARY contact]
Julian Russell, Xanalys Consultant, Hong Kong email@example.com
All technology used in the task was designed and developed by Xanalys
· PowerCase (Investigative Case Management program) and Link Explorer (database query, analysis and visualization) are commercially available products.
· The automated document visualization and review application was developed in 2009 as part of a UK Government sponsored research project. It incorporates PowerIndexer, Xanalys’ text mining/entity extraction technology.
No customization of the tools was required for this task. The task did suggest a number of improvements we would like to make with regards to workflow, UI, and integration – the overall solution could be optimized to improve efficiencies in data processing.
Our goals in the task were:
· Provide useful visualization tools at a number of stages during the workflow to help analysts gain a complete understanding of a document and its relationship to the rest of the document set.
· Gain a better understanding of the challenges the analyst faces when combining new data with old.
· To automate the document review process as much as possible by using text mining and data research tools
· Provide an approach which would support a distribute team, i.e. the solution didn’t reside with one person, but the data could be accessed and analyzed by any number of people, even if they hadn’t read the documents directly.
Xanalys have been designing and developing investigative and analytical software for over 20 years. Our customers include Public Safety, Finance, Insurance and Investigative organizations from across the globe.
Company Website: www.xanalys.com
MC1.1: Summarize the activities that happened in each country with respect to illegal arms deals based on a synthesis of the information from the different report types and sources. State the situation in each country at the end of the period (i.e. the end of the information you have been given) with respect to illegal arms deals being pursued. Present a hypothesis about the next activities you expect to take place, with respect to the people, groups, and countries.
The 103 individual reports were processed chronologically (by order received).
Analysis and visualisation was conducted at 3 key stages.
1. For a quick understanding of document content, the analyst submits each document for automatic entity extraction. A visualisation automatically displays content, and links to both previous documents and entities previously tagged “of interest”.
2. Documents then enter PowerCase for automated entity extraction to produce a visual “Index Plan” highlighting entities in the document. The analyst confirms, matches and unifies entities against existing database records using automated tools. Additional observations are tagged on the documents/entities. This task took 2 days.
3. The document database is queried visually using Link Explorer (LE). Query results are displayed as associational, temporal and spatial charts and Excel reports. Network analysis, database exploration, and filtering tools are used by the analyst to visualize answers to their questions.
In this diagram, the analyst starts by Exploring from BUKHARI to determine whether he is associated with an Account and whether there is any transaction activity on it – the Explore is performed to a depth of 3 levels in the database. The resulting associations also display a possible discrepancy in the data.
We spent around a week exploring the data.
This chart is then displayed as a Transaction time-chart which clearly shows the flow of money through the accounts. NOTE that during document research, a possible anomaly in the data was identified.
Since before 1992 a group of Ukrainians have smuggled surplus Soviet arms to numerous violent organisations internationally. A Ukrainian managed ship transported weapons from Ukraine to Kenya, destined for Sudan on 3 occasions in 2008, once being ransomed by pirates. A Ukrainian air-freight company using Ukrainian aircraft was contracted to transport weapons from Pyongyang to Urmia.
In 2008 two Ukrainians were executed (Italy/Kiev) after they diverted a consignment of arms for Kurdistan, from NK to Thailand. The weapons were seized by authorities.
Visual analysis of events in Dubai shows consecutive meetings with the Russians in the Barj-el-Arab hotel in Dubai over a week in April 2009.
Russians now control the arms dealing organisation.
An organisation in Medellin is acquiring weapons. They previously tried American suppliers however Venezuelans gave them contact with Russian arms suppliers using two Internet message boards.
They met the Russians in Dubai on 22/4/2009.
Weapons delivered soon.
An organisation exists in Barcelona, acquiring illegal weapons. They previously contacted an American - now deal with a Russian supplier using two Internet message-boards. They passed this contact to a Colombian group. Visual analysis of the money transactions show money sent indirectly to the Russians, whom they met in Dubai 22/4/2009.
Weapons delivered soon.
After a police raid in February 2007 seizing arms and arresting members of the terrorist group Lashkar-e-Janghvi, the remainder are regrouping and acquiring new weapons.
There are probably 17 members in this Karachi faction. In July 2008 arms were delivered to a house in Lyari town. On11/11/2008 they sent money to the Russians, whom three of them met in Dubai on 19/4/2009.
The money flow to Russia can be confirmed visually by this transaction chart from account to account over time, despite errors in the first source report.
They are planning to soon attack a mass gathering at the National Stadium, Karachi. ID cards may have been acquired for the remaining Karachi terrorists.
Yemen is a consumer of illicit weapons, both for an anti-Yemeni Government insurgency from Sha’ab-al-Muminin, and also for sale into neighbouring Saudi, supplying several groups including locals and anti-Saudi government militants.
In 2007 one Yemeni tried to buy weapons from an American visiting Colombia.
A group of Yemeni’s met Russian arms dealers in Dubai on the 19/4/2009. Payment for this deal was probably by transfer of diamonds on 20/12/2008 to Russia by a money launderer.
A Yemeni government arms buy-back program may become a channel for arms to be sold back to the illegal dealers.
The Ukrainian organisation has an office in Nigeria which communicates with head office using emails disguised as a type ‘419’ fraud, and weapons thinly disguised as engineering equipment.
In 2008 they transhipped three cargoes of weapons through Kenya to South Sudanese forces in contravention of an arms embargo.
The Nigerian representative met the Russians in Dubai on 15/4/2009, to continue working with them.
Ukrainian weapons are transhipped through to Sudan.
A seizure of illegal weapons, at the home of one of the local arms dealers in Narok, was designed to discredit senior police, these weapons probably came from police issued for training in Ngong, and also stolen from a British military base in Nanyuki where one of those arrested works. Ammunition is also regularly stolen by police from the police range. Police Superintendant arrested in connection with the seizure.
The local arms dealers were acquitted of the crime, indicating political intervention, they met the Russians in Dubai on 17/4/2009, they died later in hospital.
Arms dealing will continue by the corrupt police and civilians involved.
An aircraft carrying weapons from Pyongyang to Urmia diverted to Thailand on 10/3/2008.
The aircrew held meetings with suspected insurgents from the Shan State Army South (SSAS). Later authorities detained the aircrew and the weapons.
The Thai arms dealer will obtain weapons from the Russians for the SSAS, they met in Dubai on 17/4/2009.
Kurds operating from Turkey, Iran, and Syria purchased arms from NK through the Ukrainians, expected to be delivered in Urmia on 12/3/2008, but were seized en-route.
31/12/2008 they ordered more weapons. Three of the Kurds travelled to Dubai to meet the arms dealers. Three other Kurds also travelled to Dubai on 18/4/2009.
The organisation Matyr’s Front of Judea is obtaining arms to attack targets in Gaza/West Bank. They met Russian arms dealers on 18/4/2009 in Dubai to conclude the arms purchase. They intended to drive a non-traceable car to Dubai to deliver the money however the car was stolen.
Planning an attack: May 2009 in Gaza/West Bank.
MC1.2: Illustrate the associations among the players in the arms dealing through a social network. If there are linkages among countries, please highlight these as well in the social network. Our analysts are interested in seeing different views of the social network that might help them in counterintelligence activities (people, places, activities, communication patterns that are key to the network).
Charts are created by using Link Explorer to Query the document database (charts are essentially “answers” to queries). Queries can be created “from scratch” using the drag-and-drop query editor, or by selecting elements on a chart and moving them to a new chart.
The document processing workflow ensures that Events, Persons, Transactions, etc are recorded as entities/associations as described in the document. Matching and merging of entities between documents (during the research stage) ensures that document sub-graphs are pulled together, thereby creating a large network of intelligence data – Link Explorer can traverse this graph to pull back and visualise the data as required by the Analyst.
In this task, we used Link Explorer Link, Hierarchy, Transaction and Event charts, as well as automatically pushing data to the integrated Bing Mapping facility.
The original Ukrainian arms dealers were Leonid Minsky and Igor Sviatoslavich, both now dead. This organisation has links to Nigeria through an office there, and a representative in Pyongyang, who may be Soltan Zadeh, since he has contact with Pyongyang. Also in Ukraine is Arkadi Borodinski organising the charter flights of arms.
The Russian arms deals include Nicholai Kuryakin, Mikhail Dombrovsky and money launderer Georgiy Gunter.
Dombrovski is communicating under the pseudonym of ‘joetomski’ on email and ‘JT’ – establishing this fact opens up the network between suppliers and consumers.
The following chart was created by using the “Suspected Arms Dealers” tags entered during the document processing stage in a Link Explorer query, then running the Explore function to return selected links from the database.
April Meeting in United Arab Emirates
The planned Dubai meetings during the week of April 15 - 23 provide the single most significant pivot point to pull the different social networks together.
The document database was queried to return all Events associated with UAE. This was then Explored to reveal the participants in planned meetings. The following chart shows this query with the Location object excluded to reduce clutter on the chart (primary all the links to the locations). Events include not only the April meetings, but also early travel planning, etc.
The underlying query was then constrained to reveal only events in the UAE during the week of April 15. Flag icons were used to show the nationalities of the groups attending the meetings with the Russians.
The creation of these charts takes only minutes: use Query Editor to create a query/chart, explore on selected/class entities to mine further data, display appropriate chart types.
The Account objects were also plotted using Link Explorers integrated Bing Mapping capability.
Objects were automatically geocoded by Bing using the “country” values stored in each of the Account objects. Directional link lines were hand drawn on the resulting chart.
This map was created in a matter of seconds by Link Explorer.
Descriptions of other social networks:
Venezuelan’s identified include Jhon, Beto, Jorge and an important unnamed member of the group. The had previous contact with American arms dealer, perhaps Rayleigh, however Beto made contact with the Russians through two Internet message boards.
The Columbian organisation contact is named Pillo. He may have been in contact with an American arms dealer Rayleigh. He has been in telephonic contact with the Venezuelan named Jhon who gave him a connection to the Russians, whom they met in Dubai.
Arms dealers collaborating in Yemen include Aden as-Sallal, (who met with American arms dealer Raleigh in Colombia), and Saleh Ahmed, selling weapons in Saudi with Haik Hasain.
Saleh Ahmed has telephonic contact with Russian Dombrovsky. Co-operating with the Yemeni’s and Russian arms dealers is diamond merchant and money launderer Georgiy Gunter.
Ahmed, Haik, and another unnamed dealer (not Aden) met Dombrovsky and Kuryakin in Dubai, following which Ahmed became critically ill a few weeks later and expected to die soon.
Nigerians are linked to Kenyans through the transshipments of arms from Ukraine to Sudan.
The British national in a shipping agency in Nairobi facilitating the transhipment of arms may be Oliver Thatcher, arrested with two local arms dealers Thabiti Otenio and his wife Nahid Owiti.
The only identified corrupt police is Wanjohi Onyango arrested following arms seized at Otenio’s home. Accusations against senior police officials cannot be supported by links to the crime. There links between Otenio and unnamed government officials in acquiring government tenders.
Otenio and Owiti met the Russian in Dubai.
The principle arms dealer in Thailand is Boonme Khemkhaengare. He meets with the Financial Officer of the Shan State Army South, Lim Chanarong. Boonme has also met with Russian arms dealer Nickolai Kurakin at arms shows.
The Kurds can be identified by examining telephone data focusing on Kurmanji language tags.
Kurds participating in acquiring arms include Sattari Khurshid in Iran who has telephonic contact with the seller in Ukraine, Baltasar in Syria, Hakan in Turkey, and Celik in Turkey who has telephonic contact with an arms dealer using a Bosnian registered phone who is probably Minsky who tells him to meet an associate in Dubai.
Hakan and Celik and third Kurd named Kaya travelled together to Dubai to meet the two Russians. Travelling to Dubai on a different day were Baltasar and two other Kurds named Adad and Ashur.
Three arrested members of Lashkar-e-Jhangvi were Abdul Rana ul Baqi, Ismail and Yousef. The Ameer of the group is Chhota Hasan and their faction leader Qari Hussain. There may be 17 still active members in Karachi including Akram Basra, a leader of the Lashkar-e-Jhangvi Azeem Bhutani, Maulana Haq Bukhari, Mudassar Nausherwani, possibly Iman Ullah.
Others who appear to be conspiring with the above include Muhammed Balochi, Ullah ali Jinnah and “Mai”.
Bhutani, Mengal and Nausherwani met with the Russians in Dubai.
The leader of the MFJ operating from Lebanon is Muhammed Kasem. Another principal MFJ member is Abdullah Khouri in Gaza whom Kasem rents an apartment from.
With another MFJ member, Muhammed Anka, they met the Russian arms dealers on 18/4/2009 in Dubai to conclude the arms purchase.