Open-source person / company data mining

Huge potential of Open Source Intelligence Company websites,

registers, personal websites, etc.

Public news articles, blogs, forums, etc.

Commercial news archives

Social Networks Email and Chat

Research is time-consuming

Hardly any (free) specialized tools for use by FIU analysts

Manual single entity research is time-consuming

Hardly any (freeware) specialized tools for use by FIU analysts

Need for Anonymization of search

Need to transform multiple structures of data elements to adapt to the internal FIU Data Structure.

Easy-to-use tool for open-source person / company data mining

Analyst may expose networks and suspicious activity of target entity

ARIS uses Natural Language Processing technologies

ARIS is developed in cooperation with Egmont Group FIUs

ARIS is freeware - provided for use by FIUs, Investigative Agencies and financial institutions by ICAR

Downloads documents on one or more targets (i.e., an individual or a company) from the public and deep internet,

Analyzes these documents using Natural Language Processing (NLP) techniques and allows the user to interactively inspect and filter the presented search results and extracted information.

The next figure illustrates a search performed by ARIS on a technical level,

I. The analyst enters the target’s known names into the ARIS workstation screen.

II. ARIS accesses commercial lists e.g., World-Check and “in-house” Government databases to enrich the target name(s) with aliases and other personal data.

III. ARIS uses multiple web search engines e.g., Google, Yahoo, and Bing and available commercial news archives as well as portals to relevant organizations like to find documents about the target(s).

(iv) downloads it (v) uses a NLP analyzer to extract

target persons, companies, locations, assets, and keywords.

(vi) Queries a mapping service like Google Maps or Bing Maps to map location names to geographical coordinates.

(vii) Presents the results in the ARIS User Interface.

Does the public domain give any evidence that the target is involved in

corruption, ML (or TF)?

Case Initiation

Investigation

& Asset Tracing

Seizure/

Freezing

Forfeiture/Confiscatio

n

Repatriation&

Monitoring

ARIS uses a taxonomy of500 “TEXTUAL red flags” with Thesaurus [synonyms and drill down terms]in several languages*: English, French, German; Russian

Spanish (under way)* Additional translations can be added

Person/company

Role Rank

AEY His company 1Evdin Ltd.

Middleman company registered in Cyprus

4

David M. Packouz

AEY’s vice president 5

Botach Tactical

Army suplier company owned by his uncle

8

Kosta Trebicka

Albanian businessman hired to package arms

8

Michael Diveroli

His father 10

Heinrich Thomet

Swiss arms dealer behind Edvin, Ltd.

12

Ylli Pinari Albanian director of arms export agency, suspected

14

Ralph Merril

Provided “financial and mngmt assistance”

17

Alexander Podrizki

AEY employee in Albania 19

Hy Shapiro

His lawyer 25

Fatmir Mediu

Albanian defense minister suspected of bribery

35

Levi Meier

Ex-general manager of AEY 40

Bar-Kochba Botach

His uncle 55

Petr Bernatik

Czech middleman accused of arms trafficking

~20

Hugh Griffiths

Organization researching illicit arms transfers

~40

Colonel Johnson

Confirms that ammunition was of bad quality

~50

published: Mon., Sep. 7 2009 @ 9:00AM The judicial curtain has closed on one of the most bizarre sagas in arms dealing. In

late August, Miami Beach's Efraim Diveroli pled guilty to one charge of conspiracy for breaking an embargo against Chinese arms; over 80 other federal charges were thrown out in the plea bargain. The 23-year-old gun-runner and president of Miami Beach arms firm AEY, Inc. faces up to five years in prison and a $250,000 fine.

In 2005, at age 19, Diveroli inherited AEY from his father. Its new teenaged president quickly turned the company, based out of a single office suite, into a major geopolitical player. In early 2007, it got a $300 million contract through the Pentagon to supply the Afghan government with ammo for tanks, bazookas, and other weapons. AEY plumbed Albania's decrepit arms stockpiles, which had been bequeathed to the country decades earlier by Chairman Mao (and had been marked for destruction by NATO).

The Pentagon has an embargo against Chinese-made arms; so AEY removed the ammo from canisters marked 'Made in China' and shipped the stuff anyway -- at an extreme mark-up price. But in March, 2008, an arms depot where repackaging was going on exploded with the force of a small nuke. A few weeks later, The New York Times exposed AEY's rip-off scheme and released a peculiar tape on which Diveroli alleged corruption in Albania "went up to the prime minister and his son."

Things only got stranger from there. The businessman who recorded the tape was found dead in Albania. Diveroli and three associates were indicted. One man, then-26-year-old David Packouz, had been a massage therapist while at the same time serving as AEY's vice-president. After his arrest, he went into the record business and cut an acid-rock album about peace and love. (Like Diveroli, he pled guilty on one count.)

After his own indictment, Diveroli essentially changed the name of AEY to Ammoworks and continued selling massive quantities of heavy caliber ammo in Miami Beach. Ammoworks even bragged about supplying the government. Many months after he was arrested and banned from defense work, the U.S. government paid Diveroli $10 million on two contracts.

Now Diveroli can look forward to prison time, his freshly obtained millions

notwithstanding.

Efraim Diveroli Guilty Efraim Diveroli Guilty Plea: End of an Arms Plea: End of an Arms EraEra

Key decisions \ Actions by the Analyst

Identifying the targets

Filtering and focusing

Smart use of technology

NLP to recognize Named Entities but refrains from (exclusive) use of “NLP Relations”

Ad-hoc searches for simplicity and up to date of data

FIU.NET IN A NUTSHELL FIU.NET is a decentralized network that connects FIUs in

Europe e.g., Holland, Russia. And creates uniformity in the fight against ML/TF in the EU

There is no central FIUU.NET database in one specific Member State.

When sending the information from one FIU to another, the exchanged data is safely stored on the FIU.NET databases at the premises of the FIUs involved in the exchange. only the FIU “owning” the information that is in charge of its own information.

FIU.NET is designed using input of FIU analysts and combines state of the art technology to make the work of the FIU.NET user as simple as possible.

When European FIU analysts are confronted with links of money launderers or terrorism financers to neighboring countries or other Member States they will request enrichment of information and share data with the counterpart FIU in a secure, speedy, and simple way.

FIU.NET automatically standardizes EU financial reporting data, which makes it possible to compare data, statistics, etc.

As Europe and America raise their Homeland Security efforts to face new forms of terrorism, government agencies are flooded with more information than they can manually analyze.

Among all the different sources agencies access today, text documents (SARs intelligence reports, e-mails, seized data, field operation data, news feed, etc.) remain the most strategic source but are the hardest ones to deal with.

The TEMIS multilingual Text Analytics solution is a tremendous ally for governments for powering state-critical applications such as Financial Fraud Detection, Law Enforcement, Case Resolution, National Security, Military Intelligence, as well as Risk Prevention.

TEMIS solutions automate strategic information analysis and intelligence discovery by "connecting the dots”.  

Successful Deployments◦ Europol◦ French Ministry of Defense ◦ French Ministry of Finance◦ SGDN French Intelligence Agencies

ARIS accesses the internet without any additional protection infrastructure in several ways: ◦ (a) query PEP databases, if available,

(b) search in public and commercial web-engines,

(c) download documents from the internet, (d) access a possibly remote NLP analysis

service, ande) Query geographical mapping services

(Google, Bing). (f) Some of the services ARIS accesses

require subscription and therefore the service provider can potentially identify search queries with the agency.

All these actions do leave (the usual) traces.

The Natural Language Processing component in the current version of ARIS may use the external Reuters service OpenCalais for some of its work. Any document downloaded by ARIS from the internet may get sent to this service and can potentially be associated with the agency. The communication between OpenCalais and ARIS is secure (SSH REST calls). http://www.opencalais.com

Access to commercial databases (like Dow Jones Factiva™) cannot be anonymized. These data providers can determine and potentially analyze the queries made by the agency.

Google Maps and Bing Maps are queried for the locations that are found in search profiles and can associate them with the agency’s Google/Bing account.

Third parties should not be able to trace back to the agency or observe the nature of the queries that ARIS performs against the various web search engines (Google, Yahoo, Bing) and data providers (Dow Jones Factiva™, World-Check™, Dow Jones Watchlist™).

It is highly recommended that agency specialists evaluate the relevant aspects of the agency’s IT security as part of the deployment process and

Apply the recommendations and best practices that the Egmont Group of FIUs has developed under the Footprint Project.

How to breaks down the information barriers without breaking (national) data protection rules and regulations?

How can FIU.NET help detect hidden proceeds in the Member States without violating the privacy of innocent civilians? This is realized through the Ma3tch feature.

I. Ma3tch is sophisticated technology that allows connected FIUs to match their data with other FIUs in an anonymous way.

II. Ma3tch filters and converts FIU data into uniform data without sensitive personal data.

III. But the anonymize filters can also be used for conducting joint analyses. An example is the automated matching of subjects across the different databases to detect relations and similarities. Only in case of a positive hit, FIU.NET will display the information to the FIUs involved. In practice this means that FIUs are able to compare their subjects without revealing the names and thus, without breaching privacy.

IV. With Ma3tch in place, FIUs can detect subjects of their interest in other countries even though they were not aware that the subject was trying to hide his proceeds in other countries.

V. EU FIUs can operate as one, with FIU.NET as a virtual entity to detect hidden disclosures. Hence, as the criminals and terrorists move through our open borders, the EU FIUs still can detect their financial activities.