Tracking terrorists with advanced analytics

By SAS

Emmanuel Jacque, Principal Consultant, Fraud & Security Intelligence, EMEA & AP at SAS sets out the power of data analytics.

U.S. Army Spc. Brandon Garcia, from Delta Company, 1st Battalion, 249th Infantry Regiment (Light), Guam Army National Guard, launches a simulated attack against Djiboutian army soldiers during Operation Able Dart 08-01 on Forward Operating Location Ali Sabieh, Djibouti, March 4, 2008. The Soldiers are teaching counterterrorism tactics to Djiboutian army soldiers during the 10-week Combined Joint Task Force – Horn of Africa mission. (U.S. Air Force photo by Tech. Sgt. Jeremy T. Lock) (Released)

Terrorists communicate in startlingly sophisticated ways, using modern technology to remain undetected except by the best security agencies and police forces.


They have a crucial advantage: the enormity of the internet. There is so much traffic online, that it’s difficult for security agencies to scour through that level of data.


But law enforcement now has a secret weapon – semantic analysis. Data analytics software can sift through vast amounts of online content, picking out the messages that prove most dangerous. “This is all about text analytics being applied after running analytics processes on specific meta-data, to be able to extract the meaning from the text,” explains Emmanuel Jacque, Principal Consultant of Fraud & Security Intelligence for EMEA & AP at global business analytics provider SAS.


Emmanuel, who was previously working in military intelligence, shared with GovInsider how security agencies are using various sophisticated analytics techniques in the ever-evolving hunt for terrorists.

Finding people of interest


There are three steps for security agencies to identify radicalised individuals, says Emmanuel. Firstly, agencies could track them down when there are changes in their habits, or “behavioural breakouts”.


This means that when it comes to messages of propaganda or posts on social media, there may be times when persons of interest “publish more, publish less, or publish differently”, Emmanuel says. In this instance, it is a matter of analysing technical data, such as the geolocations of these messages.


Analysis of behavioural breakouts will help “isolate parts of the population” and reveal persons of interest to agencies. But there may not be any clear indication that they are indeed dangerous, Emmanuel notes.


The second step, then, is where semantics analysis help agencies to sift through data from this person to see if there are any topics of interest.


Machine learning can be applied in semantics analysis – particularly in countering cyber attacks. “Today, I don’t know the language spoken by hackers, but I can learn it,” Emmanuel says. “Little by little, the machine will ‘understand’ the language and will be able to categorise all the publications into specific folders, so it’s much easier to analyse after.”


“Little by little, the machine will ‘understand’ the language."

Agencies can also use machine learning to identify abnormal situations – for example, when there is an increase in social media activity and publications in a country over a certain amount of time. “This can be because something like protests happen,” Emmanuel explains.


The final step is to uncover the network of groups and other influential individuals they may be working with – in other words, a “network of interest”. This is known as link analysis, which will give agencies crucial insights into how and where these dangerous networks operate.


To create a clearer picture, the algorithms will also analyse other data, such as phone and license plate numbers, places of residence, and the countries these individuals travel to, according to Emmanuel.

From insights to action


Eventually, agencies will be able to pinpoint specific parts of the network that they can target to disrupt the entire thing, Emmanuel says. They will also be able to determine how much of a risk each individual represents. “Either they are exposed to a risk, so we can help them, or they represent a risk, and we have to arrest them,” he explains.


These three steps work best if agencies already have the right data on hand, but unfortunately, this isn’t always the case. Crucially, SAS’ Intelligence Framework platform allows agencies to carry out these three steps in the order that they want. This freedom is “essential”, so that agencies can start analysing depending on the data they already have, Emmanuel points out.


This flexibility is part of the reason why the procurement agency of the French Ministry of Defence selected the solution to support an operational research program to develop semantic analysis on Arab dialects, which doesn’t yet exist today.


Learn more about the steps needed for proactive detection to counter terrorism here, and in this complimentary webinar.


Emmanuel Jacque supports SAS’ opportunities in the government sector, more specifically for Border, Customs, Intelligence and Defence. Emmanuel has been partnering with SAS for over a year through his company OAK Branch, helping to develop solutions for the public sector. He is a former military officer and spent 28 years working for several intelligence agencies. Emmanuel has developed a solution that enabled early detection of radicalised individuals using the SAS platform. This was recognised with an award from the Head of the Police Department and Mayor of Paris.


Image by The U.S. Army – CC BY 2.0