Faraz Zaidi, Labri, INRIA
Bordeaux - Sud Ouest, faraz.zaidi@labri.fr [PRIMARY contact]
Paolo
Simonetto, Labri, INRIA Bordeaux - Sud Ouest,
paolo.simonetto@labri.fr
Daniel Archambault, INRIA Bordeaux - Sud
Ouest, daniel.archambault@inria.fr
Pierre-Yves Koenig, Labri,
INRIA Bordeaux - Sud Ouest, Pierre-Yves.Koenig@labri.fr
Frédéric
Gilbert, Labri, INRIA Bordeaux - Sud Ouest, frederic.gilbert@labri.fr
Trung-Tien Phan-Quang, Labri, INRIA Bordeaux - Sud Ouest,
phanquan@labri.fr
Ronan Sicre, Labri, sicre@labri.fr
Mathieu
Brulin, Labri, mathieu.brulin@labri.fr
Remy Vieux, Labri,
vieux@labri.fr
Morgan Mathiaut, Labri, mathiaut@labri.fr
Antoine
Lambert, Labri, antoine.lambert@labri.fr
Guy Melançon,
LaBRI,
INRIA Bordeaux - Sud Ouest, [Faculty
adviser]
The Tulip
framework allows for the visualization, drawing, and editing of
graphs. All the parts of the framework have been built in order to
visualize graphs of more than 1,000,000 elements. The system allows
navigation, geometric operations, extraction of subgraphs, metric
computations, graph theoretic operations, and filtering.
The Tulip
architecture provides the following features :
· 3D visualizations
· 3D modifications
· Plug-in support for easy evolution
· Building of clusters and navigation into it
· Automatic drawing of graphs
· Automatic clustering of graphs
· Automatic selection of elements
· Automatic Metric colouring of graphs
Video:
ANSWERS:
GC.1: Please describe the scenario supported by your analysis of the three mini-challenges in a Debrief.
Our most likely candidate for the embassy leak is employee 30. By considering the layout of the offices at the embassy, most of the suspicious transmissions to the IP address 100.59.151.133 were sent from a location near office 15, employee 30's office. Employee 30 is one of the few employees who was not in the classified zone during any of these transmissions. Additionally, most offices were probably empty when the transmission was sent with the notable exception of transmissions from employee 31's computer when he or she was probably not in the office. The transmissions were not sent from a single computer. Rather, they were sent from many different computers at the embassy. Our best candidate for the embassy leak is employee thirty as he or she is one of the few workers able to send all of these transmissions. The leak probably occurred near the end of January as most of the transmissions occur around or after January 17th.
If employee 30 is the embassy leak, then we believe that this employee is @terekhov. The embassy employee takes part in a criminal network most like scenario B. The criminal network we discovered in the Flitter social network is topologically equivalent to scenario B. The only differences from this template is that the employee has a degree of 39, one less than the suggested degree of 40, and two of the handlers have a slightly elevated degree of six. If our hypothesis is correct, and the presented candidate network is the criminal network present in the Flitter social network community, then the fearless leader has Flitter name @irvin. Most of Irvin's international contacts are in Otello in the country of Posana. However, the vast majority of his Flitter contacts lie within Flovania and are well distributed throughout the country.
We observed at least one suspicious activity on the video where two suitcases were exchanged after a meeting that took place at 3:24 in the second segment of video or 8:24 in absolute video time. The meeting seemed to be between someone in dark clothing and someone in light clothing. As we know the video surveillance was conducted near the embassy, we hypothesize that this meeting is between the employee and the handler who is in the same city. However, as the fearless leader lives in Koul, it is possible that we witnessed a meeting between @irvin and one of the middlemen. Either way, we would recommend reviewing this sequence of video, and we hope that it helps identify suspects which may be involved with these activities.
In summary, we hypothesize that employee 30 was the embassy leak and sent the information to IP address 100.59.151.133 near the 17th of January or afterwards. We believe this employee is @terekhov and the employee communicates with @irvin in a fashion that most likely resembles scenario B. Finally, we observed a suspicious event on the surveillance video at 3:24 in the second segment or at 8:24 in absolute video time. During this incident, a pair of briefcases were exchanged. It is unclear if this was an exchange between the employee and a handler or a middleman and the fearless leader.
GC.2: Who are the major players in the scenario and what are their relationships?
In task 1, we believe that employee 30 is the embassy leak. We suspect this employee has the Fitter name @terekhov and communicates on many different computers (an example of one of these transmissions is provided below) to a server external to the embassy. The suspicious activity is shown in Figure 1. where the top row represents the computer activity of employee 30 and the second row, represents activity on the computer of employee 31. Employee 31's computer has been idle for quite some time, but a large transmission is suddenly sent from his post. As employee 30's computer is active, the employee is probably in the office and could use employee 31's to send this transmission.
Figure 1
@terekhov, employee 30 at the embassy, has three handlers: @bottenbruch, @schapiro, and @usdin. The employee is in Prounov and his handlers are in Koul, Koul, and Prounov respectively. The handlers each contact their own respective middlemen: @henders in Koul, @greitane in Prounov, and @tolun in Solvenz. The fearless leader is in Koul and has Flitter name @irvin. Figure 2 shows the final solution for the minichallenge 2, where the criminal network resembles Case B as described in the problem statement.
Figure 2
We observed at hour 3:24 of video two, as shown in Figure 3, an exchange of suitcases that is probably of interest. Since the embassy is nearby, we suspect that this was a transfer of information between a handler and the employee. However, this exchange could be between other elements of the criminal network. It is difficult to say which elements of the criminal network are exchanging information here.
Figure 3