340 likes | 583 Views
Sentry Brief . March 6, 2012. UNCLASSIFIED //FOR OFFICIAL USE ONLY. Meeting Objective. Provide understanding of the Sentry system and its wider application in Counter Threat Financing Intelligence. Sentry Timeline. Staff Assistance V isit January 2010
E N D
Sentry Brief March 6, 2012 UNCLASSIFIED//FOR OFFICIAL USE ONLY
Meeting Objective • Provide understanding of the Sentry system and its wider application in Counter Threat Financing Intelligence
Sentry Timeline • Staff Assistance Visit January 2010 • Requirements Development November 2010 • System Design January 2011 • Deployment of Prototype June 2011
Requirements • A system located on-site for local ingest, processing, and querying • Automate parsing, cleansing, and standardization of ingested data • Automate OCR of machine generated documents • Automate OCR of handwritten Pashto and Dari documents • Translation and transliteration of Dari and Pashto documents. • Store parsed and standardized data in a relational database • Mask all US persons information • Federated data sharing architecture • Row and entity level database security • Query and visualize data in a variety of formats (nodal, temporal, etc.)
Sentry Support • Identification & integration of COTS products • Research and development of new capabilities
Industry Partners • OCR of Handwritten Dari and Pashto • Transliteration of Dari and Pashto • Foreign Language Translation Language Now • Data Standardization, Integration, and Workflow • Query, Data Visualization, and Analysis
Image Processing • Majority of the financial transactions are recorded on paper • Seized information must be returned within 72 hours • More than 75,000 images of documents seized • Developed software to automatically identify image type and group images so high-value information can be processed first
Translation of Machine Dari/Pashto Language Now
Content Examiner • Portable data profiling and analysis engine designed to automate data ingestion • Codify the analytic processes used to generate domain knowledge enabling automatic determination of field content, value, and standardization requirements. • Incorporate data definitions and processing rules for industry standard information
Content Examiner • Today’s Extract, Transform, and Load (ETL) tools are inadequate • Individuals with domain knowledge must still describe data • Configuration files need to be developed for every format • Changes in file and field formats cause significant problems • Metadata is often lost • Resource intensive (man hours) • We should be buying capabilities not hours
Working With Data • Big Data Analytics • Very large data sets • More of a technical issue – focus is on speed and system performance • Data structure is lost • Significant engineering support
Working With Data • Complex Data Analytics • Large data sets • Still works in traditional RDBMS applications • More of an data analysis issue • Significant analytic support
Complex Data Analytics • Resources Needed • Data analysts/architects – thorough review of data to determine information of value, processing requirements, relationships between elements • Developers – codify analytic processes developed, process automation • Standard IT support (Sys/Network/Database Administrators)
Data Analyst Traits • Data Analysts • One part analyst • One part geek
Complex Data Sentry is providing complex data support to the ATFC and its operational partners • Hawala Data • Unknown formats, issues, and relationships Sender Receiver Amount 27250 H 1020 EHSON IDRIS B.2 1 -27522 B.2 1 IDRIS EHSON H 1020 “JORA BEK is associated with over $1.3 billion in Shaheen Exchange transactions” Actually involved in $694,073,982 Shaheen Exchange transactions
Complex Data • Codes must be identified and resolved Effective Effective Code To Date Office Code From Date Moscow 501 A - - Dubai 502 B - - Almata 503 C - 20051121 Sherberghan 503 D 20060617 - Urumqi-China 507 G - - Dushanbe 508 H - - Receiver Amount Sender 27250 H 1020 EHSON IDRIS B.2 1 27250 sent from Dubai, UAE to Dushanbe, Tajikistan
Complex Data • Using Coded Information Receiver Shaheen Office Code Ahmad Wali S/O Sultan Ali 13699354831 G (Urumqi-China) 86-1 +10 digits = Chinese Mobile Code • Identifying Currency Receiver Amount Sender 27250 H 1020 EHSON IDRIS B.2 1 Receiver Sender Amount 198910 JORA BEK TRANSER FROM HSBC TO JORA BEK AC.730000 AED 3.67 United Arab Emirates Dinar (AED) = $1 USD
Complex Data • Identifying Account Numbers 2007-05-15~10000~Q.M.NADER/H.QALANDAR_SHAH~H.AB.SALAM_A/C_1006201001362_KB6~AB~KB1.21 68 Regional and Local Branches Herat Regional Branch Telephone 079-1601006 Pol e Khomri Regional Branch Telephone 079-1601014 Hairatan Regional Branch Telephone 079-1601015 2008-05-05~10000~IQBAL_KHYBAR_CO_LTD_1014201006556~MOHAMMAD_TAWAB_PASSPORT_#_070774~KB14~B.2 2008-11-23~500000~KABUL_EXCHANGE_PULEKHOMRI~KABUL_BANK_POLEKHOMRI~KB14~AY.27 2007-06-30~36000~MOHD_RAHIM_DAHI_S/O_ASTANA_GULL_1015201001900_HAIRATAN~MOHAMMAD_AMIN~KB15~G.7
Complex Data • Working With Passport Numbers 2006-10-30~30000~MOHAMMAD_ASIF~HAJI_GHULAM_SAKHI_S/O_KHAN_MOHAMMAD__PASS_NO:_TR043036~KBB~Z.11 Issuing Country - Turkey 2006-04-15~60000~GHALEB_S/O_ABDUL_WAHID~TAYIER_JIANG_Passport_No/_G-10666746~G~B.2 Issuing Country - China 2009-01-22~11988~MOHAMMAD_LAL_# OR083712~MUJTABA_S/O_ABDUL_ZAHIR_#_OR552298~KB14~AA.4 Issuing Country - Afghanistan 2006-06-09~54500~HAJI_SALAMT~MUHAMMAD_RAMZAN_KE468693~Y~AM.60 Issuing Country - Pakistan
Complex Data • Matching names transliterated by non-native English speakers requires phonetic fuzzy matching algorithms Ismail Ismaeel Ismael Ismahil Ismaiel اسماعیل
Strategic View • Decade of transactions provided ATFC an unprecedented view of hawala activity
Strategic View • Asking the right questions 2.4 billion US dollars were moved during these three spikes in activity
Tactical View SherkhanFarnood ($1,500,000) FaridahFarnood ($943,036) Farnood’s Wife Sequential Transactions August 20, 2007 Azdarak Capital Account Founder and largest Shareholder of Kabul Bank Dr Ahmad Jawid $173,096 Abdul Rab $119,425 Qushqar $118,582 Mohd Tahir $450,724 Kefayat LTD $11,802 Jamal Khail $154,269 Jora Bek $96,448 MohdEhsan Rafat $71,093 Abdul Fahim $106,780 Shokrullah $59,010 Rabiullah Kakar $47,489 Named Shareholder $592,910
Structuring Payoffs • The Named Shareholder paid off 4 loans from Kabul Bank totaling $16,003,868 on January 22, 2009 218 Named Shareholder 01/22/09 $2,895,210 01/22/09 $5,902,761 01/22/09 $7,182,690 01/22/09 $23,207 230 Villa C-87 Shareholder 60 Villa D-35 Shareholder 74 Shareholder Loan 169 Shareholder Loan
Structuring Payoffs 230 Villa C-87 Shareholder $5,902,761
Structuring Payoffs • Second level • $17,845,266 was paid into Shareholder’s account on Jan 22, 2009 378 Abdullah Jan Rahmat 383 MohdRafiq Fazeludin 360 Meraj Qudratullah 384 Khwaja Mohd Osman 144 Abdul Rahim 290 SayedMaroof 102 Abdul Latif 339 Abdul Basir $1,701,889 $2,237,837 $2,055,157 $2,231,219 $2,349,373 $1,566,657 $3,512,806 $2,190,328 218 Shareholder $5,902,761 $2,895,210 $23,207 $7,182,690 230 Villa C-87 Shareholder 169 Shareholder (KB) 74 Shareholder Loan 60 Villa D-35 Shareholder
Structuring Payoffs • Fake loans were created to pay off the Named Shareholder’s loans • Fake loans were created to pay off other fake loans • Everything starts with Kabul Bank (3) 3 3 3 3 3 3 220 103 195 28 3 301 24 267 49 3 3 387 3 3 3 371 385 3 102 144 339 383 290 360 384 378 218 Kabul Bank Security Guards 74 60 230 169
Unique Data Signatures • Low frequency, high dollar transactions • Near-zero, net effect transactions
Developing New Targets SherkhanFarnood ($1,500,000) FaridahFarnood ($943,036) Sequential Transactions August 20, 2007 Azdarak Capital Account Dr Ahmad Jawid $173,096 Abdul Rab $119,425 Qushqar $118,582 Mohd Tahir $450,724 Kefayat LTD $11,802 Jamal Khail $154,269 Jora Bek $96,448 MohdEhsan Rafat $71,093 Abdul Fahim $106,780 Shokrullah $59,010 Rabiullah Kakar $47,489 Named Shareholder $592,910
Developing New Targets • JoraBek is the largest individual money mover in the data set First Noted: January 3, 2001 Last Noted: July 30, 2010 Number of transactions: 6,664 Total amount: $694,073,982 Fax: 7-3772214421 (Kazakhstan) Mobile: 7-3779010096 (Kazakhstan) H/L: 971-42666450 (Dubai) Fax: 971-42620285 (Dubai) Mobile: 971-504574410 (Dubai) Mobile: 971-504545867 (Dubai) Mobile: 998-711864138 (Uzbekistan)
Links to Other Data • Rustam Exchange is the last contact of JoraBek Acct. Amount Date Sender Receiver • Rustam Exchange is the subject of a number of SAR’s for the suspicious transfer of 42 million dollars to 4 companies in China
Wider Application • Data discovery, profiling, and transformation continue to be a key component of developing sound technology platforms capable of rapidly addressing strategic, operational, and tactical requirements. • Discovery only from the ATFC Hawala data • ITFC • Harmony • NMEC • Other financial data?