Presenter : Yosi Margalit, IMPA – FIU Israel SEP 2011 Tbilisi, Georgia Crime detection methods in electronic financial transactions Ssolutions for Financial Intelligence Unit
Jun 20, 2015
Presenter :Yosi Margalit, IMPA – FIU IsraelSEP 2011 Tbilisi, Georgia
Crime detection methods in electronic financial
transactions Ssolutions for
Financial Intelligence Unit
Chain of AML and ATF Attack
Information Technology for FIU - Tbilisi Georgia
3
Computing Center Architecture
FIU Systems Architecture(IMPA Concept)
WINDOWS 2000
UNIX Oracle
Collectionnetwork
WINDOWS 2000
UNIX Oracle
Reserchnetwork
EGAP
Ministry of justicenetwork
File system
Internet
ReportingInstitute
workstations
workstations
workstations
5
Reporters
•Banks
•Trustees
•Insurers
•Stock Brokers
•Portfolio Managers
•Benevolent Funds
•Financial Services
•Post Bank
•Customs
Customers
•Police CID
•GSA
•Regukators
•FIU
Archive
Reserc
h &
An
aly
sis
Temp Files
Svivot (Link and Time Line Analysis)
MS Tools
Tables
Files
Media
Tables
Files
Media
Scanning Actimize (A.M.L)
Data
-En
try /
Dis
sem
inati
on
Oracle 9i Tools
Workflow
Authentication
Report Validation
Government
•Population Register
• Registries e.g., Companies, Vehicles, Real-Estate
Virtual Information Flow
6
• Provision of an Integrated Information Processing System which shall enable controlled flow of information and) processing of intelligence.
• Provision of an effective and secure CTRs and UARs ( ~ STR) collection system for all levels of Reporters.
• Provision of timely ITR / FTR input and insertion facility.• Monitoring reporting practices and support of regulators in
enforcement of compliance. • Strict enforcement of internal and external compartmentalized
Information Security policy based on the Need to Know.• Provision of secure channels for dissemination of Financial
Intelligence reports to designated Law Enforcement agencies in Israel.
• Secure access for collaboration with other FIUs FIU.Net and EGMONT VPN.
Objectives of the IMPA IT B&W Project
7
Objectives of the Project (continued 2)
• Provision of access and query tools to external information resources for enrichment of ITRs / STRs data.
• Provision of preliminary semi-automatic assessment and evaluation tools, to enable creation and assignment of research tasks.
• Provision of workflow and case management and research tools e.g., • Link Analysis and inferred networks graphical presentation
• Detection, Analysis and presentation of logical entities affiliated corporations / organizations and physical entities
• Activities analysis and Correlations tool Time line graphic presentation
• Case scoring and weighing analytical tool
• ML and TF “typology” and pattern recognition tool
8
Analysis, Evaluation and Research Toolbox
• Entity File (Physical and Virtual Entity)
• Automatic Enrichment functions
• Monitored Entities lists management • Sources and targets of FTRs
• Officers in incorporated entities
• Profiling and analysis of financial activities
• Computer based analysis workflow framework
• Contextual text analysis (Taxonomy) • Names analysis and retrieval tools
• Keywords Thesaurus and “Knowledge tree”
9
Collection of Reports (1)
• CTRs are submitted on optical or magnetic detachable media.
• SARs are to be submitted in print and voluntarily as MS WORD files on optical or magnetic detachable media.
• Null reports are required from all registered financial institutions.
FINTRAC VISIT TO IMPA JAN 200710
Collection of Reports (2)
• CTRs from Money Services Providers are filed in print and submitted by hand or Fax.
• Reports on magnetic or optical media are subject to malware examination, than subject to source authentication, compliance to file structures and data validity test. (e.g., in KYC info-file full compliance with obligatory content, ID # validity)
• Discrepancy reports are prepared automatically and are processed by the relevant Collection Officer.
• Failure to submit reports regularly or frequent submission of erroneous or partial information is noted in a periodic “Non Compliance Report” which is processed by the relevant Collection
Officer in coordination with the Regulators.
FINTRAC VISIT TO IMPA JAN 200711
Computer supported Information Processing of SAR
• Collation of involved persons and legal entities with existing records in IMPA Database and Alert to “Hits”.
• Match tests of SAR entities with lists of “Watched Persons” (e.g., Police, GSA, FIU, DEA_USA) – Alert generation.
• Individual SAR content analysis by Actimize (Rule based Engine)
• Analysis by Actimize of new SAR in view of previous activities reported in SARs and/or CTRs linked via accounts and/or entities involved. – Alert Generation.
• Review of SARs which were assigned “Alert Notice” by a human analyst, evaluation and decision about further processing
• SARs which have not raised alerts are Kept in View or “closed” (“no case”) by Senior Analyst.
LINKS INFERENCE and
Graphical Presentation Engine
Contextor by Svivot Ltd.
Actimize
Rules based Reports analysis, scoring and Alert
System
FINTRAC VISIT TO IMPA JAN 200714
Intelligence Dissemination
• Intel Reports are initiated following:– Request for Information by Police / GSA / FIU– Internal Evaluation of accumulated Intelligence (Processed, collated,
analyzed information)
• Case Analyst prepares a preliminary case file analysis and evaluation / report for consideration by Director of Research and Evaluation .
• Criteria for initiation of Intelligence Report (IR)• IR Formation
Computer based Templates (IMPA report) tuned with GSA / CID requirements and IT systems
• IR Distribution Authorization Workflow• IRs assessment by GSA and Police CID
FINTRAC VISIT TO IMPA JAN 200715
Computing Platform Architecture
State of Israel
FINTRAC VISIT TO IMPA JAN 200716
Information Security
Access Control Identification and Authentication IMPA Personnel Reporters
Reporters’ Data Comm.: VPN Internet Compartmentalization “Hardening” of IT computing base Use of Digital Signature / Biometric ID Monitoring and Security related events Log
Analysis Users profiling and usage monitoring
State of Israel
FINTRAC VISIT TO IMPA JAN 200717
Where is IMPA IT heading?
• Submission of CTR \ UAR via VPN • Design and development of Scoring and weighing
Software “Engine” for screening of CTRs and UARs pre and post collation.
• Selection and integration of advanced text search and retrieval engine for multi lingual and cultural names checks.
• Integration of Statistical Inference and Pattern Recognition Engine (e.g. SPSS Clementine)
Data CollectionData-entry, verification,
filtering and storage
Data-entry, verification, validation, filtering and storage Of Financial Reports
and complimentary official and public information
: I.T. Potentials:Moderator: Joseph (Yosi) Margalit
Data Sources Overview • Financial Transactions Reports (FTR)• Currency Transactions Report (CTR)• Suspicious (Irregular) Activities Report
(SAR)• Enrichment resources and validation
from government’s databases• Requests for Information by Law
Enforcement Entities (RFIG)• Request for Information (RFI_FIU)• Public Databases• Internet information collection
Financial Transactions Reports (FTR)
• Delivery Methods Internet VPN On-Line Transmission of batch of files via Internet VPN (e-
Mail attachment) Direct secure Broadband (ADSL) Wide Area
Network (WAN) DVD / CD_ROM Records Files
• Identification and Authentication of Reports • International Electronic Financial
Transactions – Require copy of ORIGINAL SWIFT or Alternative
Records! • Internal FIU System Data-entry, verification
and data validation, • Filtering and storage Of FTR
– Formatting of records in Database– Detecting and handling of faulty reports and
Discrepancies
Suspicious (Irregular) Activities Report (SAR) part 1
• Formatting SAR – Need for strict uniform report structure in reporting
CAMLMAC guidelines– Main Reasons for reporting (structured menu based on
items in the AML Law) (2 to 3 selections)– Secondary classification of suspicion (groups of
statements pertaining to Main Reason selected. (5-10 for each main Reason)
– Standard format for Natural and legal persons involved with link to inland account information (if relevant) (Same as in STR)
– Standard format for each single transaction reported (Same as in STR)
– Standard format for “off shore” (foreign country) Account (as in STR)
Suspicious (Irregular) Activities Report (SAR) part 2
• The Narrative part– Free text in 3 designated parts:
• Expansion of reason for suspicion • Principal persons involved and their roles in
the reported case (Must be listed in the previous section of persons involved with all information required by AML law in “Know Your Customer” section)
• Chronological development of the case Free Text
Identification and Authenticationof Reporters and Reports
• False and misleading reports are UNWANTED!
• All Reporters must be registered by their legal Regulators, prior to access to CAMLMAC reporting facilities.
• Each Reporter must nominate one or several AML Compliance Officers (AMLCO), a Natural Persons who are authorized to sign and deliver SAR / STR
• Each AMLCO is issued a “smart card” and a PKI token (in Israel the Fingerprint replaces PIN) with which all reports are signed and encrypted (RSA method), before submission to CAMLMAC
Enrichment and Validation from
official databases
• Persons validation and enrichment– Population Registers Queries (Locals and
foreign residents)
• ID number match name reported?• Immediate family circle• Legal Entities Registers (e.g., companies,
societies)
25Information Technology for FIU -
Tbilisi Georgia
Prioritizing CTR ’s and other reported indicators of suspicion
in
Suspicious Transactions Report STR
andLarge Value Transactions Reports
LVTPresented by
Yehuda Shaffer AdvocateHead of IMPA
In this presentation:
• Terms • Overview of IMPA’s sources of
information• IMPA’s Challenges and Goals of Research
and Analysis• Types of Analysis and its flow• The Basis for prioritizing and evaluation• Structural Requirements• IMPA’s Rules for alerts and prioritization• Overview of Software Packages for
analysis, prioritization and evaluation support
IMPA - Israel Money Laundering and Terror Financing Prohibition Authority
Established 2002Established 2002
450,000450,000 CTRs, 5,500 STRs per yearCTRs, 5,500 STRs per year
Staff of 25, 5M$ IT BudgetStaff of 25, 5M$ IT Budget
200200 reports disseminated per yearreports disseminated per year
2020 AML CFT indictments per yearAML CFT indictments per year
IMPAIMPA
TERMS
• SAR = Irregular Activities Reports• LVT (CTR) Large Volume, Cash and other
above threshold transactions reported by FI s
• "Logical Entity” = a group of entities (physical, incorporated or non registered group of entities) collated by analyst or associated by inference from shared attributes e.g., flow of financial activities, or address, phone, account, business, recurrent sequence of events on a time line
IMPA ’s Access to further information
• Official Central and Regional Government Resources e.g.,Population Register (Incl.
visitors and alien residents) Legal Entities RegistersVehicles RegistrationTelecom Directories Judicial Processes Records
(e.g., Courts Process and General Prosecution, criminal records, civil cases)
• Business Intelligence Resources
• Electronic (Internet) Mass Media
• Law Enforcement Agencies e.g., (Police, Customs, Inland Security)
• FIU ‘s
Insurance companies and agents
Banks
IMPA
Currencyservice
providers
Stock brokersProvident funds
ISA Foreign FIU’s
Police
Other Gov. and Private databases
Customs
Portfolio managers
Tax
IMPA’s INFORMATION SOURCES
How is the additional information used in the
Analytical process
• Entities identification and Validation of Reports
• Enrichment of reported data• Detection of suspicious
discrepancies in “entity profiles” • Linkage detection and Analysis
The Challenges
• Huge amount of information that the technologies will need to handle
• Dealing with the rapidly arriving and changing information
• Limited number of Human Analysts
The Goals
Develop real-time streaming algorithms to:
• Track information • Detect patterns and relationships even
among persons who try to hide their identities
• Perform preliminary evaluation of information
• Prioritize reported or detected “Cases” • Enrich and allocate High Priority Cases to
Human Evaluators
Types of analysis undertaken
• data mining (Enrichment) • Operational / tactical (Case
Management• Statistical (Trends, deviations) • Strategic (Sector \ Modus Operandi)
The basis for evaluating and prioritizing
Large Volume Transactions Reports
• Most reported LVT activities are legitimate business and personal financial activities
• Most LVT’s which form part of Money Laundering or Terror Funding acts have recognizable patterns
• Most persons involved in ML / TF are linked directly of indirectly and have some detectable characteristics
The basis and approach to Evaluation of Reported or Identified ( IAR (SAR \
IAR) • Most reported IAR activities contain
insufficient details to serve as grounds for criminal suspicion
• Enrichment from other available resources may support need for further investigation
• Collation of an IAR with information in the national LVT and IAR database may support need for further investigation
I.T. based solutions
and human involvement
“Technology enables us to analyze a lot of information quickly and get access quickly, but the human element is important here.” USA Homeland Security Secretary Michael Chertoff
IAR (SAR) Structural Requirements
• The report must be structured in a standard manner to enable machine dependent filtering and evaluation.
Audit and Validation of Reports
• Each Report must be audited on delivery to FIU,
• ID Data must be validated by use of methods and against government information resources
• Erroneous or incomplete reports must be returned for removal of discrepancies by the reporter’s Compliance Officer.
Stages of Analysis
when to start, continue or stop • Preliminary filtering of individual
(SAR) – Basic rules for “go ahead”, Keep In
View (KIV) or file unprocessed– Filtering structured parts and of “free
text” sections initial automatic assessment of individual report
– Collation of reported elements with FlU's database and assessment of accumulated information
Basic rules for “go ahead”, Keep In View (KIV) or report \ record
unprocessed• תרגום יוסי 2005 יולי 24טבלה ACTIMIZE דורי
2005 יולי 24 .doc
Recent Rules to Detect and Alert FINCEN guideline for small FI
• Use of accounts directly for, or on behalf of named non regulated banks e.g., VEF Banka and Commercial Bank of Syria, including its subsidiary, Syrian Lebanese Commercial Bank;
• Correspondent accounts transactions in order to prohibit indirect use by non regulated named banks.
• Provision of financial services to senior regime elements engaged in illicit activities in named countries (e.g., Belarusian)
• Correspondent Accounts of Unregulated Foreign Shell Banks
• Private Banking Accounts of "senior foreign political figure” (Review public information, including information available in Internet databases, to determine whether any "private banking" account holders are "senior foreign political figures."
Red flags of possible money laundering or terrorist financing
FINCEN guideline for small FI
• IARs and CTRs that lack business sense or apparent investment strategy,
• A reported transactions are inconsistent with the stated business or strategy of account holders or actors in it.
• The information provided by the customer that identifies a legitimate source for funds is false, misleading, or substantially incorrect or incomplete
Red flags ii
of possible money laundering or terrorist financing• The Account Holder (or a person publicly
associated with the Account) has a questionable background or is the subject of reports indicating possible criminal, civil, or regulatory violations
• The reported activities of a person exhibit a lack of concern regarding risks, commissions, or other transaction costs.
• A person is reported to attempt to or make frequent or large deposits of currency, insists on dealing only in cash, or asks for exemptions from the firm's policies relating to the deposit of cash
Analytical software packages
• Types of “EXPERT Analytical SYSTEMS” – Rules’ Based software engines ACTIMIZE – Query Tool (SQL search by Boolean formulae
e.g., Oracle Discoverer)– Compound Statistical Analysis Tools (e.g.,
SPSS Clementine, SAS Anti-Money Laundering – risk-based monitoring and alert system )
– Artificial Intelligence programs (e.g., Prologue based)
LexisNexis® anti-money laundering
I.T. based investigations tools• “One-stop solution” for anti-money laundering investigations and due diligence.
• Timesaving features:• SmartLinx™ uncovers and verifies connections
among 1.6 billion public records documents and delivers the results to you in single comprehensive report.
• LexisNexis® Sounds Like Search seeks out phonetic matches and nicknames and ranks results based on how closely they match your search.
• No mandatory search fields means you have the flexibility to start your search right away with whatever you have – a name, address, etc. – and be confident you are following every avenue.
I.T. based investigations
tools
ANTI-MONEY LUNDERING examples
I.T. based investigations tools ANTI-MONEY LAUNDERING examples
• Industry-proven scenario libraries that provide comprehensive coverage of indicative money laundering behaviors
• High Risk Geographies and Entities: Monitor activity involving high risk entities or geographies, including OFAC and SDN lists.
• Hidden Relationships: Reveal previously unknown relationships that could be indicative of efforts to launder funds.
• Anomalies in Behavior: Address sudden significant changes in transaction activity of an account.
• Money Laundering Behaviors: attempts to structure, patterns of activity in similar accounts, etc.
• Institutional Behaviors: Identify money laundering activity specific to institutional clients and accounts.
SYFACT® Investigator flexible, web-based case management
• Automated SAR FilingFiling Suspicious Activity Reports is a highly detail oriented and time sensitive function of any case management solution. SYFACT®Investigator streamlines this critical component by allowing investigators to generate the Suspicious Activity Reports (SAR) form directly from the application, saving time and ensuring a higher level of accuracy of the completed form.
• Data SegmentationSYFACT®Investigator is a unified case management solution, sharing one centralized database that allows data segmentation and separate workflows for each of the various functional areas who would be using it. The level of data sharing is configurable from revealing all case details, only the very basics, or perhaps nothing. Data segments can be based on organizational responsibility, geographical region, or functional business area.
• Information SharingInformation sharing capabilities within SYFACT®Investigator allow investigative units to segregate data and share information in a controlled environment. The collaboration model can be configured based on the organizational roles and regulatory requirements. It can also be used to support additional requirements such as regional oversight providing a broader view of all investigations.
• Flexible ReportingWith the integration of a flexible reporting engine, the reporting capabilities are almost unlimited. Reports can be launched from anywhere in SYFACT®Investigator including pre-defined reports. Customers can change these reports, or simply define additional lists, metrics and forms. SYFACT®Investigator also has semantic layers for popular third-party business reporting tools to generate flexible operational and strategic management reports and statistics.
• Graphical AnalysisSYFACT®Investigator generates interactive graphical networks of a case and presents a visualization of relations between persons, companies, bank accounts, addresses, and other objects. These relations between suspects can be researched up to '99 levels' deep without manually creating or drawing these often complex networks.
• Powerful workflow control Workflow features support the approval, sign-off, and review processes of every case. Each transition from one workflow state can be made available only to specific users, roles, or user groups based on the investigation type.Graphical workflow features combine process control with authorization rights in which multi-level approval cycles can be configured.
• Definition of the steps to be completed, and tasks to be executed, before an investigation can progress to the next phase.
• Searchable AttachmentsAny file or digital document, can be attached to a case. Includes digitized checks, digital photos, email messages, surveillance films, Word and Excel documents, scanned correspondence, etc. In addition, both attachments and most text contained within those attachments are fully searchable. Versatile search features also allow users to refine their searches by selecting additional criteria from application specific drop down menus, "wild card" or "sound like" queries.
• Case Assignments Investigations can be assigned to staff and management depending on criteria e.g., experience level, workload, type of case, or other criteria. A dashboard is provided to monitor critical elements such as case aging, due dates, and time management.
• Case Linking Internal matching engine SYFACT®Investigator helps investigators decide whether a person, company, bank account, address, or other entity already exists in your database linking cases automatically. The matching engines use powerful and configurable algorithms that eliminate redundancies that can disrupt or delay investigations.
Advanced IT solution for Mining Open Sources
for eenrichment of FIU
Databank
Presenter: Yosi Margalit, IMPA – FIU IsraelSEP 2011 Tbilisi, Georgia
The Topics
• Internet Mining Tools and technologies • Mapping of Data Mines: e.g., Social Networks
(LinkedIn, Facebook), Electronic Media, search “In depths of the hidden Internet”
• ARIS – Assets Recovery Project Basel Governance
• Multiple search Engines • Statistical tools – Transactions Pattern
recognition (Use of conventional Statistical software)
• Text Mining • Trans-cultural names detection and processing
software• Entity Extraction and “Free Text” processing
53Information Technology for FIU -
Tbilisi Georgia
Internet Mining Tools and technologies
54Information Technology for FIU -
Tbilisi Georgia
Mapping of the Internet Data resources
• Mines of links in Social Networks (LinkedIn, Facebook), • Electronic Media, • Search “In depths of the hidden Internet”
ARIS – Assets Recovery Project Basel Governance
ARIS is a tool that searches the internet and downloads documents on one or more targets (i.e., an individual or a company) fromThe public and deep internet, Analyzes these documents using Natural Language Processing (NLP) techniques Allows the user to interactively inspect the search
results and extracted information.The above figure illustrates a search performed by
ARIS on a technical level, as required for thesubsequent discussions of technical requirements
and security considerations.
56Information Technology for FIU -
Tbilisi Georgia
Multiple search Engines
What "Win Web Crawler“ will query all popular search engines, Receives from a user an expression (name of person, place, term or expression
e.g., “ALTALENA+ “Exodos” Extracts all matching URLs from search results, remove duplicate URLs, Visits those websites and extract data from there.
“Email Spider” - finds email addresses that are targeted by utilizing the Google and Yahoo search engines. Finds thousands of email addresses an hour, harvests "Starting Pages" from Google and Yahoo to find highly targeted email addresses!
Fastoise.com - Multiple Instant Search Engine. You can search directly on YAHOO!, YouTube, Bing, Twitter at the same time!
•
57Information Technology for FIU -
Tbilisi Georgia
58
"Spiders" take a Web page's content and create key search words that enable online users to find pages they're looking for.
Information Technology for FIU - Tbilisi Georgia
Benefits of conventional Statistical software
Transactions Pattern recognition
SAS Anti-Money Laundering - facilitates the critical task of suspicious activity monitoring using a risk-based approach. Applies advanced analytics and scenarios against an
institution's transactional data to identify suspicious behavior.
Once identified, the investigative function provides a seamless workflow that increases effectiveness and efficiency.
Predictive analytics solutions from SPSS Inc. (Used by FIU Poland)
– Build profiles of past account activity – Create peer groups of similar accounts – Identify when activities do not fall within the normal range for such profiles or peer
groups – Limit “false positives” by using risk-based weighting techniques – Pinpoint suspicious activity and take prompt and appropriate action
59Information Technology for FIU -
Tbilisi Georgia
Text Mining Challenges
Information overflow
Deep web
Unstructured data
Social network analysis
Multiple identities
Security
60Information Technology for FIU -
Tbilisi Georgia
Information Overflow
Number of Sites
Time2010200820062004200090th
Sites updated
periodically
RSS, News/port
al
Real time updates - WEB 3.0
61Information Technology for FIU -
Tbilisi Georgia
Designed for humans, not machines
Unable to understand context
Unable to differ between entities
Unable to understand connections
Blocks of texts
Unstructured Data
62Information Technology for FIU -
Tbilisi Georgia
Multiple Identities
No single “passport” or ID
Different screen names
Different identifiers
Variations on same identifier
Avatars*
Critical to Every Investigation
63Information Technology for FIU -
Tbilisi Georgia
Deep Web
Rich Internet application: Pages returned in response to a query or submission of a form. Difficult to navigate without domain knowledge.
Unlinked content: Pages not linked to other pages, preventing regular Web crawling programs from accessing the content
Private web: Sites requiring registration and login (password-protected resources)
Non-HTML / text content: Textual content encoded in multimedia (image or video) files or specific file formats not handled by a regular search engine
When we say Deep Web – we mean:
64Information Technology for FIU -
Tbilisi Georgia
Trans-cultural names detection and processing software
Identity UnificationName: Mood David
E-mail: [email protected]
Location: NJ USA
DOB: Jan 1973
Nickname: Moonlight78
E-mail: [email protected] Page: www.picassa.com/bm
Name: Mood David
E-mail: [email protected]
Page: www.picassa.com/bm
Internal Entity ID: 789676
Name: Moon David
E-mail: [email protected]
E-,ail2:[email protected]
Email3:[email protected]
Location: NJ USA
DOB: Jan 1973
Home Page: www.picassa.com/bm
Internal Databases
David Moon
66Information Technology for FIU -
Tbilisi Georgia
Entity Identity Analysis
Map multiple identities to one entity
Automatic recognition of an entity in different sites, spelling, language
View multiple identities in social network analysis, visualize links maps, etc.
Information organized into dynamic drill-down pages to view aggregated activity, statistical overviews, friends, sites, and conversations
Automatically search an entity in social networks and retrieve profile information and identifiers
Unified Identity Database
67Information Technology for FIU -
Tbilisi Georgia
Utilize social networks to expose connections and new leads
Gain insight into fields of interests
Aggregated social connections
Separated social circles
Social Network Analysis Convert the Power of Social Media into Actionable
Intelligence
68Information Technology for FIU -
Tbilisi Georgia
“Free Text” processing
Stemming
Translation
Search for name “independent of their name
spelling“
Translated search
Link related news across languages
Multi-Language Support
70Information Technology for FIU -
Tbilisi Georgia
Automatic alerts of predefined, suspicious behavior
Entity recognized in a new web site, group of
entities start to talk frequently with each
other
Found specific search term or Boolean
phrase
A bank account was entered
Specific field have changed – i.e.,: last login in a
FACEBOOK account.
Authorization system and full audit trail 71Information Technology for FIU -
Tbilisi Georgia
Putting it All Together
011-789456 022-123456
@
[email protected]@yahoo.com
@
om
Forum
72Information Technology for FIU -
Tbilisi Georgia
Dynamic Investigation Pages
73Information Technology for FIU -
Tbilisi Georgia
Enhanced workflow
Retrospective search of entire index
Concurrently handle hundreds of investigations
Create and share entities with other
investigators
Convert alerts into editable bulletins
Export data easily
Ensure optimal system performance
Security
Requirements Information
Management
75Information Technology for FIU -
Tbilisi Georgia
Open Sources data mining Security
• Requires– Appearing as any other
automated crawler (“bot”)
– No specific page visits– Simulation of human
behavior
Investigation Anonymity Malware Protection
Requires Decoupling of IT and
WEBINT systems Analysis performed on a
safe network
77Information Technology for FIU -
Tbilisi Georgia
Summary
Deep web harvesting, entering queries, user names, simulating human behavior.
Deep Web
Structuring data during the harvesting process and afterwards.
Structured Data
Visualization capabilities, scoring mechanisms, and text analytics filtering the “junk” from the relevant.
Information Overflow
Challenges Solution
78Information Technology for FIU -
Tbilisi Georgia
Summary
Recommendation systems, social circles, Aggregated social connections, etc.
Social Analysis
Unified Identity database with automatic and semi automatic unification
Multiple Identities
Anonymization, simulating human / bot behavior, Decupling of networksSecurity
Challenges Solution
79Information Technology for FIU -
Tbilisi Georgia
QUESTIONS?
80Information Technology for FIU -
Tbilisi Georgia
Yosi Margalit, Senior Strategic and IT Consultant Israeli Money Laundering and Terror Financing Prohibition Authority, [FIU ISRAEL ]
[email protected]; [email protected] Mobile: +972528804368
81Information Technology for FIU -
Tbilisi Georgia