Upload
eli0674
View
138
Download
1
Embed Size (px)
Citation preview
Open-source person / company data mining
Huge potential of Open Source Intelligence Company websites,
registers, personal websites, etc.
Public news articles, blogs, forums, etc.
Commercial news archives
Social Networks Email and Chat
Research is time-consuming
Hardly any (free) specialized tools for use by FIU analysts
Manual single entity research is time-consuming
Hardly any (freeware) specialized tools for use by FIU analysts
Need for Anonymization of search
Need to transform multiple structures of data elements to adapt to the internal FIU Data Structure.
Easy-to-use tool for open-source person / company data mining
Analyst may expose networks and suspicious activity of target entity
ARIS uses Natural Language Processing technologies
ARIS is developed in cooperation with Egmont Group FIUs
ARIS is freeware - provided for use by FIUs, Investigative Agencies and financial institutions by ICAR
Downloads documents on one or more targets (i.e., an individual or a company) from the public and deep internet,
Analyzes these documents using Natural Language Processing (NLP) techniques and allows the user to interactively inspect and filter the presented search results and extracted information.
The next figure illustrates a search performed by ARIS on a technical level,
I. The analyst enters the target’s known names into the ARIS workstation screen.
II. ARIS accesses commercial lists e.g., World-Check and “in-house” Government databases to enrich the target name(s) with aliases and other personal data.
III. ARIS uses multiple web search engines e.g., Google, Yahoo, and Bing and available commercial news archives as well as portals to relevant organizations like to find documents about the target(s).
(iv) downloads it (v) uses a NLP analyzer to extract
target persons, companies, locations, assets, and keywords.
(vi) Queries a mapping service like Google Maps or Bing Maps to map location names to geographical coordinates.
(vii) Presents the results in the ARIS User Interface.
Does the public domain give any evidence that the target is involved in
corruption, ML (or TF)?
Case Initiation
Investigation
& Asset Tracing
Seizure/
Freezing
Forfeiture/Confiscatio
n
Repatriation&
Monitoring
ARIS uses a taxonomy of500 “TEXTUAL red flags” with Thesaurus [synonyms and drill down terms]in several languages*: English, French, German; Russian
Spanish (under way)* Additional translations can be added
Person/company
Role Rank
AEY His company 1Evdin Ltd.
Middleman company registered in Cyprus
4
David M. Packouz
AEY’s vice president 5
Botach Tactical
Army suplier company owned by his uncle
8
Kosta Trebicka
Albanian businessman hired to package arms
8
Michael Diveroli
His father 10
Heinrich Thomet
Swiss arms dealer behind Edvin, Ltd.
12
Ylli Pinari Albanian director of arms export agency, suspected
14
Ralph Merril
Provided “financial and mngmt assistance”
17
Alexander Podrizki
AEY employee in Albania 19
Hy Shapiro
His lawyer 25
Fatmir Mediu
Albanian defense minister suspected of bribery
35
Levi Meier
Ex-general manager of AEY 40
Bar-Kochba Botach
His uncle 55
Petr Bernatik
Czech middleman accused of arms trafficking
~20
Hugh Griffiths
Organization researching illicit arms transfers
~40
Colonel Johnson
Confirms that ammunition was of bad quality
~50
published: Mon., Sep. 7 2009 @ 9:00AM The judicial curtain has closed on one of the most bizarre sagas in arms dealing. In
late August, Miami Beach's Efraim Diveroli pled guilty to one charge of conspiracy for breaking an embargo against Chinese arms; over 80 other federal charges were thrown out in the plea bargain. The 23-year-old gun-runner and president of Miami Beach arms firm AEY, Inc. faces up to five years in prison and a $250,000 fine.
In 2005, at age 19, Diveroli inherited AEY from his father. Its new teenaged president quickly turned the company, based out of a single office suite, into a major geopolitical player. In early 2007, it got a $300 million contract through the Pentagon to supply the Afghan government with ammo for tanks, bazookas, and other weapons. AEY plumbed Albania's decrepit arms stockpiles, which had been bequeathed to the country decades earlier by Chairman Mao (and had been marked for destruction by NATO).
The Pentagon has an embargo against Chinese-made arms; so AEY removed the ammo from canisters marked 'Made in China' and shipped the stuff anyway -- at an extreme mark-up price. But in March, 2008, an arms depot where repackaging was going on exploded with the force of a small nuke. A few weeks later, The New York Times exposed AEY's rip-off scheme and released a peculiar tape on which Diveroli alleged corruption in Albania "went up to the prime minister and his son."
Things only got stranger from there. The businessman who recorded the tape was found dead in Albania. Diveroli and three associates were indicted. One man, then-26-year-old David Packouz, had been a massage therapist while at the same time serving as AEY's vice-president. After his arrest, he went into the record business and cut an acid-rock album about peace and love. (Like Diveroli, he pled guilty on one count.)
After his own indictment, Diveroli essentially changed the name of AEY to Ammoworks and continued selling massive quantities of heavy caliber ammo in Miami Beach. Ammoworks even bragged about supplying the government. Many months after he was arrested and banned from defense work, the U.S. government paid Diveroli $10 million on two contracts.
Now Diveroli can look forward to prison time, his freshly obtained millions
notwithstanding.
Efraim Diveroli Guilty Efraim Diveroli Guilty Plea: End of an Arms Plea: End of an Arms EraEra
Key decisions \ Actions by the Analyst
Identifying the targets
Filtering and focusing
Smart use of technology
NLP to recognize Named Entities but refrains from (exclusive) use of “NLP Relations”
Ad-hoc searches for simplicity and up to date of data
FIU.NET IN A NUTSHELL FIU.NET is a decentralized network that connects FIUs in
Europe e.g., Holland, Russia. And creates uniformity in the fight against ML/TF in the EU
There is no central FIUU.NET database in one specific Member State.
When sending the information from one FIU to another, the exchanged data is safely stored on the FIU.NET databases at the premises of the FIUs involved in the exchange. only the FIU “owning” the information that is in charge of its own information.
FIU.NET is designed using input of FIU analysts and combines state of the art technology to make the work of the FIU.NET user as simple as possible.
When European FIU analysts are confronted with links of money launderers or terrorism financers to neighboring countries or other Member States they will request enrichment of information and share data with the counterpart FIU in a secure, speedy, and simple way.
FIU.NET automatically standardizes EU financial reporting data, which makes it possible to compare data, statistics, etc.
As Europe and America raise their Homeland Security efforts to face new forms of terrorism, government agencies are flooded with more information than they can manually analyze.
Among all the different sources agencies access today, text documents (SARs intelligence reports, e-mails, seized data, field operation data, news feed, etc.) remain the most strategic source but are the hardest ones to deal with.
The TEMIS multilingual Text Analytics solution is a tremendous ally for governments for powering state-critical applications such as Financial Fraud Detection, Law Enforcement, Case Resolution, National Security, Military Intelligence, as well as Risk Prevention.
TEMIS solutions automate strategic information analysis and intelligence discovery by "connecting the dots”.
Successful Deployments◦ Europol◦ French Ministry of Defense ◦ French Ministry of Finance◦ SGDN French Intelligence Agencies
ARIS accesses the internet without any additional protection infrastructure in several ways: ◦ (a) query PEP databases, if available,
(b) search in public and commercial web-engines,
(c) download documents from the internet, (d) access a possibly remote NLP analysis
service, ande) Query geographical mapping services
(Google, Bing). (f) Some of the services ARIS accesses
require subscription and therefore the service provider can potentially identify search queries with the agency.
All these actions do leave (the usual) traces.
The Natural Language Processing component in the current version of ARIS may use the external Reuters service OpenCalais for some of its work. Any document downloaded by ARIS from the internet may get sent to this service and can potentially be associated with the agency. The communication between OpenCalais and ARIS is secure (SSH REST calls). http://www.opencalais.com
Access to commercial databases (like Dow Jones Factiva™) cannot be anonymized. These data providers can determine and potentially analyze the queries made by the agency.
Google Maps and Bing Maps are queried for the locations that are found in search profiles and can associate them with the agency’s Google/Bing account.
Third parties should not be able to trace back to the agency or observe the nature of the queries that ARIS performs against the various web search engines (Google, Yahoo, Bing) and data providers (Dow Jones Factiva™, World-Check™, Dow Jones Watchlist™).
It is highly recommended that agency specialists evaluate the relevant aspects of the agency’s IT security as part of the deployment process and
Apply the recommendations and best practices that the Egmont Group of FIUs has developed under the Footprint Project.
How to breaks down the information barriers without breaking (national) data protection rules and regulations?
How can FIU.NET help detect hidden proceeds in the Member States without violating the privacy of innocent civilians? This is realized through the Ma3tch feature.
I. Ma3tch is sophisticated technology that allows connected FIUs to match their data with other FIUs in an anonymous way.
II. Ma3tch filters and converts FIU data into uniform data without sensitive personal data.
III. But the anonymize filters can also be used for conducting joint analyses. An example is the automated matching of subjects across the different databases to detect relations and similarities. Only in case of a positive hit, FIU.NET will display the information to the FIUs involved. In practice this means that FIUs are able to compare their subjects without revealing the names and thus, without breaching privacy.
IV. With Ma3tch in place, FIUs can detect subjects of their interest in other countries even though they were not aware that the subject was trying to hide his proceeds in other countries.
V. EU FIUs can operate as one, with FIU.NET as a virtual entity to detect hidden disclosures. Hence, as the criminals and terrorists move through our open borders, the EU FIUs still can detect their financial activities.