Entry Name: TUE-Elzen-GC

VAST Challenge 2014
Grand Challenge

 

Team Members:

 

Stef van den Elzen

Eindhoven University of Technology and SynerScope B.V.

s.j.v.d.elzen@tue.nl

PRIMARY

 

Paul van der Corput

Eindhoven University of Technology

p.n.a.v.d.corput@tue.nl

 

Martijn van Dortmont

Eindhoven University of Technology and SynerScope B.V.

m.a.m.m.v.dortmont@tue.nl

 

Roeland Scheepens

Eindhoven University of Technology

r.j.scheepens@tue.nl

 

Kasper Dinkla,

Eindhoven University of Technology

k.dinkla@tue.nl

Student Team: YES

 

Analytic Tools Used:

Custom text analysis tool developed by team members

Custom streaming control center tool developed by team members

Custom matrix visual analysis tool (credit matrix) developed by team members

SynerScope Marcato (http://www.synerscope.com)

 

Approximately how many hours were spent working on this submission in total?

240 hours

 

May we post your submission in the Visual Analytics Benchmark Repository after VAST Challenge 2014 is complete?

YES

 

Video: TUE-ELZEN-GC.wmv 

 

 

 

Questions

GC.1Summarize and describe the events of January, 2014 relating to the disappearance of the GAStech employees. Focus on the disappearance of the employees, and the events immediately before and afterward. The summary should include the following:

a.      Who:  Individuals and groups involved and their roles

b.      What:  A description of what happened over the time period

c.       Where:  Associate events with locations

d.      When:  Specific times of activities, particularly as it relates to planning and execution

e.       Why:  A description of the motives or motivations of the individuals or groups involved

f.        How:  What, if any, notable entities provided support for or facilitated the events that took place? These could be people, places, or things that helped those responsible for the disappearance in some way.

Do not reproduce the overview or MC1 materials concerning background knowledge, although you may reference this information if needed. Visualizations illustrating how you determined the summary points above are encouraged. Please limit your response to no more than five images and 500 words.

 

Groups and their motivations

There are two major (overlapping) groups in the Kronos incidents: GAStech and POK. GAStech extracts natural resources from Kronos to the detriment of the environment and inhabitants’ health, while POK is a resistance movement that wants to change this situation. Two GAStech sub-groups are of interest. The first group consists of security personnel who have ties to known POK members and Kronos civilians who have suffered from GAStech practices: Osvaldo, Bodrogi, Ferro, I. Vann, and Minke Mies. The second group consists of managers who are vital to GAStech operations: Sten Sanjorge, Vasco-pais, Barranco, Strum, Campo-corrente, Dedos, Bergen, and Ovan. Some of the managers have become rich in a recent IPO of GAStech and do not originate from Kronos, while the Kronos population have so far only suffered from GAStech operations. This is a motivation for POK to disrupt GAStech.

 

 

Events

January 20, 2014

Morning GAStech has an annual corporate meeting at its headquarters, which is interrupted due to a (suspected) bomb threat and subsequent evacuation. Soon after, the Abila police is called to GAStech for an unspecified emergency.

Afternoon GAStech-Tethys confirm they are missing a number of employees, while unofficial reports indicate a kidnapping.

Evening The police announces that there are about 14 GAStech individuals missing, there is no indication that the missing individuals have left the island.

January 21, 2014, Morning The number of missing people is decreased to 10 during a police conference, and CEO Sten Sanjorge is not among the missing. In addition, the POK claim responsibility and demand a $20 million ransom from the CEO.

January 23, 2014, Evening POK stages a rally at Abila Park, led by Silvia Marek. There is a heavy police presence but the rally progresses peacefully. Later in the evening a fire is reported at the Dancing Dolphin apartments to the northeast of Abila Park, which are home to two GAStech managers: Bergen, and Ovan.

The fire is hard to control by firemen and at the end of the evening part of the complex collapses after an explosion. Soon after the start of the fire a black van is sighted south of the Dancing Dolphin at Brew’ve Been Served. Quickly afterwards the van is chased by the police, due to reckless driving. The chase comes to an end at Gelato Galore in the center of Abila, where the van is cornered by police. A standoff ensues, where the front occupants (one man, one woman) reveal that they have hostages (reported to be two women) who appear to have been in the van for a longer period. Shots are fired by the hostage takers and a police officer is wounded. The hostage takers surrender after being surrounded by SWAT.

The POK rally distracted police from their usual duties, creating room for the drivers of the van (and likely instigators of the Dancing Dolphin fire) to fulfill (or derail) their mission.

GC.2Describe at a high level the most significant networks that exist, and how they have influenced each other to produce the current situation. Please limit your response to no more than three images and 100 words.

 

We have information about two GAStech networks: its organization into departments and the social contacts of its employees. The departments were known in advance, while social contacts have been inferred from matching credit card transactions, emails, and GPS positions (which includes shared living spaces of employees, see figure below). In addition there is the POK social network that extends into GAStech. These networks influence each other:

·         GAStech departments divide social contacts between employees, creating cliques within departments but fewer inter-department contacts.

·         GAStech departments and POK contacts created a pocket of POK affiliates in the GAStech security department.

 

 

GC.3Identify three of the most significant information gaps that remain at the end of the time period covered by the data. Describe why this missing information would be important to the investigation. Highlight in your visualizations where these knowledge gaps are present. Please limit your response to no more than three images and 250 words.

Dancing Dolphin fire and the black van incidents

The streaming data contains a significant gap in relevant messages between the start of the fire at the Dancing Dolphin and black van sightings. We expect these events to be related, e.g., the fire and explosion could have been instigated by the drivers of the van. However, we have limited and unreliable data to back this up.

 

 

POK network

Most of the POK ties with GAStech employees are inferred by matching surnames, which make them unreliable and incomplete. For example, Edvard Vann is probably not connected to POK even though his surname suggests otherwise. Access to birth records from the Kronos government would provide reliable family ties. Moreover, little is known about the internal POK organization and its reach, while a network could be derived from government records: law (fines, arrests, and permits), marriages, education (schools and classes), military service (units), and municipality registrations (home addresses).

 

 

Communication meta-data

Email subjects that originate from GAStech have been provided but offer only a glimpse of employees’ day-to-day communications. Access to Kronos-wide telephone meta-data would enable us to infer network activity of GAStech and POK. It should also provide a more accurate image of social contacts in comparison to the credit card and GPS data.

 

GC.4The police have sufficient manpower to investigate up to two different locations simultaneously. Provide your best recommendation to the police chief as to where the police should be deployed, and why.  Provide visualizations that help describe the importance of this action. Please limit your response to no more than two images and 100 words.

Based on the patterns in the GPS data from MC2 5 locations of interest have been identified besides the home of the suspected kidnappers. Four locations are most likely used to hold the abductees (A,B,C,D). Since the home and three of the locations (C,D,E) were on the most likely route of the black van that was carrying two of the abductors and two of the abductees when they were apprehended, we suspect the remaining abductees to be held at the remaining two locations (A,B). The coordinates of these locations are (36.0807, 24.8469) and (36.0695, 24.8415).