VSTI/SAS - Terrorism News Analysis

VAST 2011 Challenge
Mini-Challenge 3 - Investigation into Terrorist Activity

Authors and Affiliations:

Edward Swing, VSTI, a SAS Company: ed.swing@vsticorp.com [PRIMARY contact]

Kevin Boone, VSTI, a SAS Company

Tool(s):

For this challenge, we used a combination of several tools, centered around the Luminary System, a prototype system in development at VSTI that Luminary extracts semantic concepts and entities from information sources, performs semantic inference, and then pushes the results into a semantic wiki for users to browse and explore. We developed several enhancements to Luminary during this challenge.

Luminary uses modular plugins to incorporate multiple entity extractors, including Alchemy, Calais, Lingpipe, and OpenNLP. After entity extraction, Luminary passes the entities and entity types to a set of Entity Verifiers for verification and entity normalization. Next, Luminary performs Semantic Concept Extraction, attempting to identify particular concepts within each text document. Finally, the resulting entities, augmented articles, and semantic concepts are loaded into the semantic wiki.

Note: Lack of internal consistency within the data, such as missing locations and incomplete name replacements, hampered the semantic concept extraction process.

To focus the processing of articles, Luminary used SAS Content Categorization Server to identify the general topic of each news article. The extraction process focused on those topics (Crime, Social Issues) which had the highest probability to be a factor in terrorism. Others, such as TV schedules or sports scores, were ignored.

The Semantic MediaWiki software is a set of extensions available for MediaWiki (the software used in Wikipedia). They include visualization capabilities for social networks, timelines, maps, and graphs. The wiki generates visual displays at rendering time, and provides notifications and a collaborative environment suitable for analysis.

Video:

Video

ANSWERS:

MC3.1: Potential Threats: Identify any imminent terrorist threats in the Vastopolis metropolitan area. Provide detailed information on the threat or threats (e.g. who, what, where, when, and how) so that officials can conduct counterintelligence activities. Also, provide a list of the evidential documents supporting your answer.

We used Luminary to extract entities and concepts, and insert the information into the wiki. Pages were created for each entity and news article. Luminary also created referential pages, redirects for disambiguation, forms, categories and templates within the wiki. Unfortunately, event extraction was stymied due to inconsistencies in the data.

We enhanced Luminary to account for particular irregularities found within the dataset. Development time was approximately 120 hours, while the extraction and ingestion process took about 6 hours. Visual analysis of the articles using the semantic wiki took approximately 12 hours.

Figure 1: Wiki page for a news article, showing extracted entities and topic.

Figure 2: Wiki page for a politician, showing articles referencing her and complex social network.

Once Luminary ingested, enhanced, and uploaded the articles, searching and browsing the information was simple. Initial queries on simple terms, such as "terror", yielded lists of articles where the term appeared. As we discovered new articles and information, additional searches provided further evidence and potential leads.

Figure 3: Wiki listing of articles mentioning terrorism. Browsing this list allows simple exploration of information.

Another approach involved checking articles under certain topics. Under the Crime Law and Justice topic, several articles appeared to be significant to Vastpolis security. We found several leads and events that suggest threats to Vastopolis. We identified and then ignored threats that occurred outside of Vastopolis, or that involved white collar crime such as the money laundering circle involving Mayor Lark.

Figure 4: Wiki listing of articles in the Crime Law and Justice topic. This list is automatically generated from the semantic values within the wiki.

• On 1 April, farms near Vastopolis reported a number of animal deaths (02385). Later reports indicate that suspicious individuals were seen trespassing (03740). A spore-forming microbe was responsible (04085), but it was deemed safe for humans.
• On 10 April, computers were stolen from the Vastopolis University library (00926). The letter F was written on the computer room.
• On 19 April, some teens known as the F-Alliance were arrested after attempting to hack into Vastopolis banks (03630).
• On 25 April, the Secret Service warned of increasing cybersecurity threats, and urged the public to patch their computers (00783).
• On 26 April, 3 SAMs, 20 rifles, and ammunition were stolen from the Vastopolis Armed Forces compound (02287). These weapons were probably recovered on two separate instances (see below).
• Also on 26 April, a large amount of equipment was stolen from the molecular biology lab at VAST University (01785). The professor running the lab, Edward Patino, is an expert on bioterrorism. He has been harrassed by the Citizens for the Ethical Treatment of Lab Mice (03212).
• On 30 April, a shootout in Southville involved military-grade weapons (04293).
• On 1 May, DHS contacted VastPress about intercepted communications from the Network of Dread, who threatened attacks across the US (00383). VastPress reported that they and other cities had been receiving threatening emails from the Network of Dread (00129).
• On 2 May, the animal mascot for a visiting basketball team was stolen, and later found tied up near the capital (03375).
• On 3 May, the Brotherhood of Antarctica kidnapped and shaved the mayor's dog (01482).
• On 7 May an empty truck was searched for bombs, and then towed away by police. The truck had four black 50-gallon drums in the back (01594).
• On 9 May, the Citizens for the Ethical Treatment of Lab Mice sent strange, threatening emails to VastPress (00008).
• Also on 9 May, city officials reported strange threatening emails from the Anarchists for Freedom (00432).
• On 12 May, several men armed with machine guns robbed a bank, but were apprehended while escaping due to a traffic accident (01750).
• On 13 May, three members of the Paramurderers of Chaos were arrested (03435). The terrorists were found conducting some form of chemical or biological experiments in a basement. They may have been warned of the police raid, and destroyed most evidence.
• On 15 May, a suspect wearing the gang colors of the Paramurderers of Chaos was arrested near the loading docks of a food preparation plant (01878).
• Also on 15 May, arson started a 4-alarm fire at a Downtown warehouse. Empty gas cans were found nearby.
• On 16 May, schools were closed because of a bomb threat to the city's courthouse. Police searched the building, but found nothing (00274).
• Also on 16 May, police discovered a large number of weapons, including 3 SAMs, in the possession of Samuel Stansbury at a traffic stop on 16 May (02395). Stansbury is a member of the Network of Hate.
• On 17 May, an explosion occurred within a Smogtown chemical plant. Locals believe the explosion was terror-related, and they had observed unusual activity (02664).
• Also on 17 May, a truck collision took place on the 610 bridge over the Vast River. One 18-wheeler carried food products. The other 18-wheeler, carrying chemicals, caught fire and exploded (01030).
• On 20 May, TSA discovered a cache of military-grade rifles in the cargo hold of an international carrier at the Vastopolis airport (00499).

Figure 5: Wiki Page for Network of Hate, showing articles, timeline of activities and social network.

Summary of Terrorist Groups and Threats

• Anarchists for Freedom: Nuisance group? Threat level: low
• Brotherhood of Antarctica: Nuisance group? Possibly responsible for the mascot theft. Threat level: low
• Citizens for the Ethical Treatment of Lab Mice: Nuisance group? Threat level: low.
• F-Alliance: university hacker group, responsible for computer theft and hacking. Threat level: Medium
• Network of Dread: Overseas terror group, operatives attempting to create dirty-bomb within US. Threat level: Medium
• Network of Hate: Involved in theft of weapons from military base, weapons smuggling. Threat level: High
• Order of the Plague: No activity
• Paramurderers of Chaos: Involved in some type of chemical or biological activity, probably responsible for theft at Vast University. Possible food tainting, experimenting on livestock. Truck accident may also involve them. Threat level: High
• Viper Militia: Briefly mentioned, based in Arizona.
• unknown group, possibly one of above: Responsible for arson, possible bomb threats. Threat level: High