This form is a web page which was created in MS WORD and therefore can be easily edited that way

We use the SensePlace2 tool that was developed at Penn State as part of the VACCINE project. The tool has a backend wherein text documents can be stored and indexed. We use open-source software ANNIE and OpenCalais to perform entity extraction on the documents. We adapted these tools to add rules and dictionaries of place names in the Vastopolis area. We wrote code in Java to geo-code the extracted location names. We use Excel to store the metadata associated with each text document. Lucene is used to index the text and enable keyword search. We use NodeXL, a tool built by the Schneiderman group and available open-source, which can display and analyze a network graph, to examine the entity-relationship network extracted from the text documents. The networks that were visualized contained three types of entities: individuals, companies, and other organizations. We used the commercially available ArcGIS (from ESRI) to derive spatial plots and Excel to draw timeline plots of selected news articles. We wrote substantial amounts of custom software to augment these tools. For example, to augment ArcGIS so that we can build geographical grids, location-related information, individual-related information, networks among individuals, etc. We compared occurrence of events in the spatial plots both using raw frequency and normalized frequency using the population of the areas. We wrote our own code to match fuzzy strings to find individual names that match across datasets. The custom-code written in Java was built in six man weeks coding by experienced developers.

Video:

mc3-video.flv

ANSWERS:

MC 3.1 Potential Threats: Identify any imminent terrorist threats in the Vastopolis metropolitan area. Provide detailed information on the threat or threats (e.g. who, what, where, when, and how) so that officials can conduct counterintelligence activities. Also, provide a list of the evidential documents supporting your answer

Threats Summary

The military weapons lost included surface-to-air missiles. These missiles could have been used to bring down an airplane but there may be additional ones. Imminent use of these is a major concern. The mass animal deaths on 4/1, the fish dying around 5/19 point to potential additional food-borne attacks in the near future, especially, given one was successful. The theft of computer equipment points to future cyber attacks. The suspicious turkey implies that someone tried to test the security system at the airport and are trying to put a bomb in the cargo to take an airplane down. The explosion at the Smogtown chemical plant could be because someone was trying to make a bomb there. The bomb could have been planted in a turkey or some plane cargo or could be a dirty bomb that could spill into a water-way or farm. The stolen university equipment could be used to make synthetic toxin or other hazardous bio-materials. The immigration officer, people working at Smogtown chemical plant, the computer lab, the bio lab at the university, and the trucking company could be potential targets to follow up. Teddy Rao and Cody Woods, two members of Psycho-Brotherhood escaped from the Center for the Criminally Insane. Two men who had escaped from the Center were later caught. These men caught with enough materials to make several explosive devices. Gun sales in the local area have gone up. The organization Psycho-Brotherhood should be investigated.

Weapons Acquisition and Use

2287 – 4/26/2011 – Military Weapons stolen, 20 rifles, AA missiles

4293 – 4/30/2011 – Park shootout

499 – 5/20/2011 – Military weapons discovered at airport.

The major concern is the missing anti-aircraft missiles that could potentially be used to bring down airplanes. The discovery of military weapons at the airport may mean that the weapons are going to be used at a different location. The rifles discovered at the airport should be investigated further as to whether these were the same rifles that were lost or whether these are different ones. Rifles should be easy to check using their IDs.

Prediction: There may be an attempt to shoot down airplanes in the near future, or use as an IED in a crowded area, as modern AA missiles primarily use shrapnel to inflict damage. It could cause mayhem if they are detonated in a crowded area, like a stadium, possibly at a planned public event sometime in the future in the Vastopolis area, where the location of the event, and the route of people traffic is already known, like a parade or a car race (mentioned in a tweet on 5/20).

Illegal Entry

2335 – 3/31/2011 – U.S Immigration officer held in passport ring.

Who did the immigration officer process? Who got the fake passports? This may lead to terrorists who entered the country illegally. There are some tweets that talk about getting passports for immigrant drivers repeated around 5/8 to 5/16. Some investigation of the users is useful although this seems like a minor issue.

Security Test

1243 – 5/14/2011 – Suspicious turkey at airport.

This was likely a test to beat the security system, trying to see if he could get through the system. The turkey was stuffed with some electric device.

Prediction: Airport security should be beefed up. The same article says that there is vulnerability in the system with respect to such items passing checked baggage.

Food Supply Attack and Poisonings.

2385 – 4/1/2011 – Mass animal deaths

2664 – 5/17/2011 – Explosions at Smogtown chemical plant.

1030 – 5/17/2011 – Truck collision

1038 – 5/19/2011 – Fish deaths

Possible attack on the food supply, biological or chemical or both. The first article mentions that there will be immediate effects on the market as the food supply is lower, and prices for consumers will rise. This is followed by the sickness at the river area, pointing to the fact that the river is contaminated in some way, probably the same things that is killing the fish is causing people to get sick.

Prediction: Similar occurences in nearby areas and/or increase/continuation of such events.

Money and Materials Acquisition

926 – 4/10/2011 – Library computer theft

2243 – 4/13/2011 – Conspiracy

1785 – 4/26/2011 – University equipment stolen

2664 – 5/17/2011 – Explosions at Smogtown chemical plant.

1750 – 5/12/2011 – Major robbery attempt fails

This is the set of possible equipment a group may have at their disposal. Both separately and together this represents a potential threat if in the hands of people who know how to use such resources.

Long Term Threats

Conspiracy to Commit a Chemical or Biological Attack

2335 – 3/31/2011 – U.S Immigration officer held in passport ring.

926 – 4/10/2011 – Library computer theft

2243 – 4/13/2011 – Conspiracy

1785 – 4/26/2011 – University equipment stolen

2287 – 4/26/2011 – Military Weapons stolen, 20 rifles, AA missiles

2664 – 5/17/2011 – Explosions at Smogtown chemical plant.

These events can provide an organized group with access to the country, computing hardware, untraceable funds, molecular biology hardware for manufacture, weapons and explosives for implementation, and chemical materials to be used in the manufacturing process.

Prediction: A second poisoning of the river, or release into the air at some time in the future with far more drastic consequences than the previous poisonings.

Process Overview:

We used the following iterative process:

1. Search for interesting keywords like “stolen”, “gun”, “missile”, “weapon”, “death”, “threat”, etc.

2. Extract entities. Plot the entities and their relationships. Plot the interesting events and the titles of the events to obtain spatial and time-line views.

3. Analyze the results and update the keywords and entities to modify the views to examine sub-events. For example, we examined all truck accidents, all fish deaths, animal deaths, equipment stolen separately. Clusters in space-time indicated events.

Figure 1: A view of “interesting events” and their locations plotted using ArcGIS. The different colors represent different two-week intervals: 3-March, 4-4.15-April 1-15, etc. Obtaining a view where both spatial and temporal correlations and distances can be easily seen provided us with an improved comprehension of the set of events.

Figure 2: Timeline of events from news articles and microblogs. Black line and grey bars show the number of flu and diarrhea, vomiting and stomachache cases, respectively.

$Description: C:\aadata\Projects\VACCINE\vast2011\Presentation1x.png$