1. Future Concepts in
Intelligence:
Multi-Discipline Intelligence
Production Teams
Bruce Goldfeder, CSSLP
September 26, 2012
http://www.data-tactics.com
Data Tactics Corporation Proprietary Material
2. Paradigm Shift in the Intel Ecosystem
• Data Deluge
– Sensors and Sensor Data are increasing at exponential rates
– Move beyond traditional sources of data
– “The storm of data is 1500% heavier than it was just five years ago while
our ability to process, exploit and disseminate has increased about 30%”
Gen Robert Kehler, USSTRATCOM, 2011
Data Tactics Corporation Proprietary Material
3. Big Data Opportunities
Bruce Weed, IBM Corporation
Data Tactics Corporation Proprietary Material
4. Big data—a growing torrent
• $600 to buy a disk drive that can store all of the world’s music
• 5 billion mobile phones in use in 2010
• 30 billion pieces of content shared on Facebook every month
• 40% projected growth in global data generated per year vs. 5% growth in global IT spending
• 235 terabytes data collected by the US Library of Congress by April 2011
• 15 out of 17 sectors in the United States have more data stored per company than the US
Library of Congress
McKinsey, Big Data Report, 2011
Data Tactics Corporation Proprietary Material
5. Work Smartly with Data
“There’s a method to solving data problems that avoids the big, heavyweight
solution, and instead, concentrates building something quickly and
iterating. Smart data scientists don’t just solve big, hard problems; they
also have an instinct for making big problems small.
We call this Data Jujitsu: the art of using multiple data elements in clever
ways to solve iterative problems that, when combined, solve a data
problem that might otherwise be intractable.”
DJ Patil, Data Jujitsu: The Art of Turning Data into Product, 2012
Data Tactics Corporation Proprietary Material
8. Integrated Data Team
• Intelligence teams tackling the hard problems
– Senior members
– Mixture of IT, Software, Statistics, and Intelligence
SMEs
– Serve as the Vanguard for creating new
• Processes
• Actionable Data Products
• IT Tools
• Visualizations
Data Tactics Corporation Proprietary Material
9. Left and Right Brain
• Disciplined methods of traditional data mining
accelerated with iterative and rapid “what ifs”
• Requirement for unreasonable input – challenge
existing truths to find new patterns
• Intimate knowledge of the mission problems that
analytics or predictive analysis are addressing
• Ability to communicate findings using the
customers language
• Original visualizations required to convey abstract
and complicated results
Data Tactics Corporation Proprietary Material
11. DARPA Example
• Integrated Team Supporting Theater Commander
– Retired Special Operator
– Social Scientist
– Quantitative Mathematicians
– Software Developer
– Data Scientist
– IT, Database, and UI personnel
Data Tactics Corporation Proprietary Material
12. Threat Finance Analytics
Who Is Interested?
State Sponsorship Drug Economy • CJ-2/CJIOC-A
– Direction from BG Fogarty to support ATFC
Foreign Aid Corruption and Shafafiyat (Jan 2011)
• Afghan Threat Finance Cell
– DEA-led fusion center, Treasury and DoD
are deputy leads
– Active feedback loop with DEA Office of
Financial Operations
• CJIATF-SHAFAFIYAT (BG McMaster)
• NSA FTM Analysts
Threat Finance
State of the Art
• Highly manual analysis
• No single agency has full picture
• Technologies are limited
Violence Capital Flight
Automated tools for rapid analysis
with massive multi-int data
2/12/2013 12
Data Tactics Corporation Proprietary Material
13. ATFC Data
80,000+ spreadsheets
Millions of records with variable structure
Conduit Description Accts Interval Records Refine Stage
Two stages of data
Shaheen Exchange (aka
Physical storefronts of the ~1.2 million cleaning complete; third
Central Accounts)
exchange. Branches in and out of 95 2001-2010 stage necessary
ShaheenExchage Daily Afghanistan. First stage of data clean in
~1.8 million
Balances progress
Hawala Accounts (aka Dubai-based hawala accounts, Two stages of data
390 1998-2010 434, 401
“B” Computer) centrally maintained. cleaning complete
Shaheen Exchange is a Western Two stages of data
Western Union UNK 2001-2010 106, 176
Union sub-agent. cleaning complete
T accounts are debits, loans and
Initial specs and setup –
“T” Accounts payables to the Shaheen Exchange 555 2000-2010 ~421,575
highpriority
in Dubai
L accounts are bank accounts
Initial specs and setup –
“L” Accounts associated with the Sherkhan group 86 2000-2010 ~337,260
highpriority
of companies
Records and stores transactions of
AFRAT international exchange branch UNK 2004-2010 Unknown Not started
locations
2/12/2013 13
Data Tactics Corporation Proprietary Material
14. Accomplishments
• Toolset for faster DEA Shaheen Exchange data analysis
• Geolocated 9 additional branches in AfPak region that DEA did
not know existed; and 45 overall worldwide
• DEA work results from using our data
– Identified transactions with several banks in violation of OFAC
sanction designation
– Known cash courier Mr. X (name classified) under
investigation as a result
2/12/2013 14
Data Tactics Corporation Proprietary Material
15. Accomplishments (cont.)
• Fast query of stacked large data sets with a Data Resolution
user-friendly search and visualization tool • Cleaned 14,538
spreadsheets
Country: 947 -> 490 – 20% of the data
Technique Rows Modified Western Union: Original – Sheets prioritized
Neighbor 55K – 52% number of unique entries in by user interest
the “country” field was 4.5
Ngram 10K – 9%
times the actual number of – Orders of
Metaphone 97K – 92% countries in the world! magnitude faster
processing for
threat finance
analysis
• Resolved ~88k
• Tools immediately put to use by DEA/ATFC in entities
support of active and historical criminal – 12% improvement
cases
• Saved one 24/7 man-year of work that Provingcapabilities to
would have been spent simply scanning partners in theater and in
records CONUS has enabled trust
and data acquisition
2/12/2013 15
Data Tactics Corporation Proprietary Material
Hinweis der Redaktion
The Kabul Bank /Shaheen Exchange information that DARPA assisted in compiling is being used in support of active and historic criminal cases to: - Identify the persons, means, extent and nature of the over 900 Million USD theft of Kabul Bank funds during 2004-2010. - Identify terrorism linked persons and entities that conducted financial transactions through Kabul Bank/Shaheen Exchange. - Identify the informal money transfer systems that financially support transnational criminal organizations and the crimes they commit.- Identify illegal money service businesses located within the United States and seek the prosecution of the persons operating them.- Identify the financial transactions and persons who conducted them linked to criminal activity for OFAC sanction designation.- And other terrorism and criminal activity, i.e. bribery, official corruption,
The Kabul Bank /Shaheen Exchange information that DARPA assisted in compiling is being used in support of active and historic criminal cases to: - Identify the persons, means, extent and nature of the over 900 Million USD theft of Kabul Bank funds during 2004-2010. - Identify terrorism linked persons and entities that conducted financial transactions through Kabul Bank/Shaheen Exchange. - Identify the informal money transfer systems that financially support transnational criminal organizations and the crimes they commit.- Identify illegal money service businesses located within the United States and seek the prosecution of the persons operating them.- Identify the financial transactions and persons who conducted them linked to criminal activity for OFAC sanction designation.- And other terrorism and criminal activity, i.e. bribery, official corruption,