Xanalys Ltd
Xanalys Indexer
Xanalys PowerCase
Xanalys Link Explorer
VAST 2010 Challenge
Text Records - Investigations into Arms Dealing
Authors and Affiliations:
Greg Mann, Managing Director,
Xanalys Ltd, UK
greg.mann@xanalys.com [PRIMARY contact]
Julian Russell, Xanalys Consultant, Hong Kong jarussell@ieee.org
Tool(s):
All technology used in the task was designed and developed by Xanalys
·
PowerCase (Investigative Case Management
program) and Link Explorer (database
query, analysis and visualization) are commercially available products.
·
The automated
document visualization and review application was developed in 2009 as part of
a UK Government sponsored research project. It incorporates PowerIndexer, Xanalys’ text
mining/entity extraction technology.
No customization of the tools was required for this task. The task did
suggest a number of improvements we would like to make with regards to
workflow, UI, and integration – the overall solution could be optimized to
improve efficiencies in data processing.
Our goals in the task were:
·
Provide useful
visualization tools at a number of stages during the workflow to help analysts
gain a complete understanding of a document and its relationship to the rest of
the document set.
·
Gain a better
understanding of the challenges the analyst faces when combining new data with
old.
·
To automate the
document review process as much as possible by using text mining and data
research tools
·
Provide an approach
which would support a distribute team, i.e. the solution didn’t reside with one
person, but the data could be accessed and analyzed by any number of people,
even if they hadn’t read the documents directly.
About Xanalys
Xanalys have been designing and developing investigative and analytical software
for over 20 years. Our customers include Public Safety, Finance, Insurance and
Investigative organizations from across the globe.
Company Website: www.xanalys.com
Video:
http://www.screencast.com/t/NmJhZjM4MTAt
ANSWERS:
MC1.1: Summarize the activities that happened in each country with
respect to illegal arms deals based on a synthesis of the information from the
different report types and sources.
State the situation in each country at the end of the period (i.e. the
end of the information you have been given) with respect to illegal arms deals
being pursued. Present a hypothesis
about the next activities you expect to take place, with respect to the people,
groups, and countries.
The
103 individual reports were processed chronologically (by order received).
Analysis
and visualisation was conducted at 3 key stages.
1. For
a quick understanding of document content, the analyst submits each document
for automatic entity extraction. A visualisation automatically displays
content, and links to both previous documents and entities previously tagged
“of interest”.
2. Documents
then enter PowerCase for automated entity extraction to produce a visual “Index
Plan” highlighting entities in the document.
The analyst confirms, matches and unifies entities against existing
database records using automated tools. Additional observations are tagged on
the documents/entities. This task took 2
days.
3. The
document database is queried visually using Link Explorer (LE). Query results
are displayed as associational, temporal and spatial charts and Excel reports.
Network analysis, database exploration, and filtering tools are used by the
analyst to visualize answers to their questions.
In this diagram, the analyst starts by Exploring
from BUKHARI to determine whether he is associated with an Account and whether
there is any transaction activity on it – the Explore is performed to a depth
of 3 levels in the database. The resulting associations also display a possible
discrepancy in the data.
We spent around a week exploring the data.
This chart is then displayed as a Transaction
time-chart which clearly shows the flow of money through the accounts. NOTE
that during document research, a possible anomaly in the data was identified.
Activities in Each Country and Hypotheses
Ukraine
Since before 1992 a group of Ukrainians have smuggled
surplus Soviet arms to numerous violent organisations internationally. A
Ukrainian managed ship transported weapons from Ukraine to Kenya, destined for
Sudan on 3 occasions in 2008, once being ransomed by pirates. A Ukrainian
air-freight company using Ukrainian aircraft was contracted to transport
weapons from Pyongyang to Urmia.
In 2008 two Ukrainians were executed (Italy/Kiev)
after they diverted a consignment of arms for Kurdistan, from NK to Thailand.
The weapons were seized by authorities.
Visual analysis of events in Dubai shows consecutive
meetings with the Russians in the Barj-el-Arab hotel in Dubai over a week in
April 2009.
Russians now control the arms dealing organisation.
Colombia
An organisation in Medellin is acquiring weapons. They
previously tried American suppliers however Venezuelans gave them contact with
Russian arms suppliers using two Internet message boards.
They met the Russians in Dubai on 22/4/2009.
Weapons delivered soon.
Venezuela
An organisation exists in Barcelona, acquiring illegal
weapons. They previously contacted an American - now deal with a Russian
supplier using two Internet message-boards. They passed this contact to a
Colombian group. Visual analysis of the money transactions show money sent
indirectly to the Russians, whom they met in Dubai 22/4/2009.
Weapons delivered soon.
Pakistan
After a police raid in February 2007 seizing arms and
arresting members of the terrorist group Lashkar-e-Janghvi, the remainder are
regrouping and acquiring new weapons.
There are probably 17 members in this Karachi faction.
In July 2008 arms were delivered to a house in Lyari town. On11/11/2008 they
sent money to the Russians, whom three of them met in Dubai on 19/4/2009.
The money flow to Russia can be confirmed visually by
this transaction chart from account to account over time, despite errors in the
first source report.
They are planning to soon attack a mass gathering at
the National Stadium, Karachi. ID cards may have been acquired for the
remaining Karachi terrorists.
Yemen
Yemen is a consumer of illicit weapons, both for an
anti-Yemeni Government insurgency from Sha’ab-al-Muminin, and also for sale into
neighbouring Saudi, supplying several groups including locals and anti-Saudi
government militants.
In 2007 one Yemeni tried to buy weapons from an
American visiting Colombia.
A group of Yemeni’s met Russian arms dealers in Dubai
on the 19/4/2009. Payment for this deal was probably by transfer of diamonds on
20/12/2008 to Russia by a money launderer.
A Yemeni government arms buy-back program may become a
channel for arms to be sold back to the illegal dealers.
Nigeria
The Ukrainian organisation has an office in Nigeria
which communicates with head office using emails disguised as a type ‘419’
fraud, and weapons thinly disguised as engineering equipment.
In 2008 they transhipped three cargoes of weapons
through Kenya to South Sudanese forces in contravention of an arms embargo.
The Nigerian representative met the Russians in Dubai
on 15/4/2009, to continue working with them.
Kenya
Ukrainian weapons are transhipped through to Sudan.
A seizure of illegal weapons, at the home of one of
the local arms dealers in Narok, was designed to discredit senior police, these
weapons probably came from police issued for training in Ngong, and also stolen
from a British military base in Nanyuki where one of those arrested works. Ammunition
is also regularly stolen by police from the police range. Police Superintendant
arrested in connection with the seizure.
The local arms dealers were acquitted of the crime,
indicating political intervention, they met the Russians in Dubai on 17/4/2009,
they died later in hospital.
Arms dealing will continue by the corrupt police and
civilians involved.
Thailand
An aircraft carrying weapons from Pyongyang to Urmia
diverted to Thailand on 10/3/2008.
The aircrew held meetings with suspected insurgents
from the Shan State Army South (SSAS).
Later authorities detained the aircrew and the weapons.
The Thai arms dealer will obtain weapons from the
Russians for the SSAS, they met in Dubai on 17/4/2009.
Kurdistan
Kurds operating from Turkey, Iran, and Syria purchased
arms from NK through the Ukrainians, expected to be delivered in Urmia on
12/3/2008, but were seized en-route.
31/12/2008 they ordered more weapons. Three of the
Kurds travelled to Dubai to meet the arms dealers. Three other Kurds also travelled
to Dubai on 18/4/2009.
Gaza
The organisation Matyr’s Front of Judea is obtaining
arms to attack targets in Gaza/West Bank. They met Russian arms dealers on
18/4/2009 in Dubai to conclude the arms purchase. They intended to drive a
non-traceable car to Dubai to deliver the money however the car was stolen.
Planning an attack: May 2009 in Gaza/West Bank.
MC1.2: Illustrate the associations among the players in the arms
dealing through a social network. If
there are linkages among countries, please highlight these as well in the
social network. Our analysts are interested
in seeing different views of the social network that might help them in counterintelligence
activities (people, places, activities, communication patterns that are key to
the network).
Charts are created by using Link Explorer to Query the
document database (charts are essentially “answers” to queries). Queries can be
created “from scratch” using the drag-and-drop query editor, or by selecting
elements on a chart and moving them to a new chart.
The document processing workflow ensures that Events,
Persons, Transactions, etc are recorded as entities/associations as described
in the document. Matching and merging of entities between documents (during the
research stage) ensures that document sub-graphs are pulled together, thereby
creating a large network of intelligence data – Link Explorer can traverse this
graph to pull back and visualise the data as required by the Analyst.
In this task, we used Link Explorer Link, Hierarchy,
Transaction and Event charts, as well as automatically pushing data to the
integrated Bing Mapping facility.
Arms Dealers
The original Ukrainian arms dealers were Leonid Minsky
and Igor Sviatoslavich,
both now dead. This organisation has links to Nigeria through an office there,
and a representative in Pyongyang, who may be Soltan Zadeh, since he has
contact with Pyongyang. Also in Ukraine is Arkadi Borodinski organising the
charter flights of arms.
The Russian arms deals include Nicholai Kuryakin,
Mikhail Dombrovsky and money launderer Georgiy Gunter.
Dombrovski is communicating under the pseudonym of
‘joetomski’ on email and ‘JT’ – establishing this fact opens up the network
between suppliers and consumers.
The following chart was created by using the
“Suspected Arms Dealers” tags entered during the document processing stage in a
Link Explorer query, then running the Explore function to return selected links
from the database.
April Meeting in United Arab Emirates
The planned Dubai meetings during the week of April 15
- 23 provide the single most significant pivot point to pull the different
social networks together.
The document database was queried to return all Events
associated with UAE. This was then Explored to reveal the participants
in planned meetings. The following chart shows this query with the Location
object excluded to reduce clutter on the chart (primary all the links to the
locations). Events include not only the April meetings, but also early travel
planning, etc.
The underlying query was then constrained to reveal only
events in the UAE during the week of April 15. Flag icons were used to show the
nationalities of the groups attending the meetings with the Russians.
The creation of these charts takes only minutes: use
Query Editor to create a query/chart, explore on selected/class entities to
mine further data, display appropriate chart types.
Money Transactions
The Account objects were also plotted using Link
Explorers integrated Bing Mapping capability.
Objects were automatically geocoded by Bing using the
“country” values stored in each of the Account objects. Directional link lines
were hand drawn on the resulting chart.
This map was created in a matter of seconds by Link
Explorer.
Descriptions of other social networks:
South America
Venezuelan’s identified include Jhon, Beto, Jorge and
an important unnamed member of the group. The had previous contact with
American arms dealer, perhaps Rayleigh, however Beto made contact with the
Russians through two Internet message boards.
The Columbian organisation contact is named Pillo. He
may have been in contact with an American arms dealer Rayleigh. He has been in
telephonic contact with the Venezuelan named Jhon who gave him a connection to
the Russians, whom they met in Dubai.
Yemen
Arms dealers collaborating in Yemen include Aden
as-Sallal, (who met with American arms dealer Raleigh in Colombia), and Saleh
Ahmed, selling weapons in Saudi with Haik Hasain.
Saleh Ahmed has telephonic contact with Russian
Dombrovsky. Co-operating with the Yemeni’s and Russian arms dealers is diamond
merchant and money launderer Georgiy Gunter.
Ahmed, Haik, and another unnamed dealer (not Aden) met
Dombrovsky and Kuryakin in Dubai, following which Ahmed became critically ill a
few weeks later and expected to die soon.
Africa
Nigerians are linked to Kenyans through the
transshipments of arms from Ukraine to Sudan.
The British national in a shipping agency in Nairobi
facilitating the transhipment of arms may be Oliver Thatcher, arrested with two
local arms dealers Thabiti Otenio and his wife Nahid Owiti.
The only identified corrupt police is Wanjohi Onyango
arrested following arms seized at Otenio’s home. Accusations against senior
police officials cannot be supported by links to the crime. There links between
Otenio and unnamed government officials in acquiring government tenders.
Otenio and Owiti met the Russian in Dubai.
Thailand
The principle arms dealer in Thailand is Boonme
Khemkhaengare. He meets with the Financial Officer of the Shan State Army
South, Lim Chanarong. Boonme has also met with Russian arms dealer Nickolai
Kurakin at arms shows.
Kurdistan
The Kurds can be identified by examining telephone
data focusing on Kurmanji language tags.
Kurds participating in acquiring arms include Sattari
Khurshid in Iran who has telephonic contact with the seller in Ukraine,
Baltasar in Syria, Hakan in Turkey, and Celik in Turkey who has telephonic
contact with an arms dealer using a Bosnian registered phone who is probably
Minsky who tells him to meet an associate in Dubai.
Hakan and Celik and third Kurd named Kaya travelled
together to Dubai to meet the two Russians. Travelling to Dubai on a different
day were Baltasar and two other Kurds named Adad and Ashur.
Pakistan
Three
arrested members of Lashkar-e-Jhangvi were Abdul Rana ul Baqi, Ismail and
Yousef. The Ameer of the group is Chhota Hasan and their faction leader Qari
Hussain. There may be 17 still active members in Karachi including Akram Basra,
a leader of the Lashkar-e-Jhangvi Azeem Bhutani, Maulana Haq Bukhari, Mudassar
Nausherwani, possibly Iman Ullah.
Others
who appear to be conspiring with the above include Muhammed Balochi, Ullah ali
Jinnah and “Mai”.
Bhutani,
Mengal and Nausherwani met with the Russians in Dubai.
Gaza
The leader of the MFJ operating from Lebanon is
Muhammed Kasem. Another principal MFJ
member is Abdullah Khouri in Gaza whom Kasem rents an apartment from.
With another MFJ member, Muhammed Anka, they met the
Russian arms dealers on 18/4/2009 in Dubai to conclude the arms purchase.