Social Network Analysis in Lawful Intelligence

Digital globe with a network of photos of people linked by data flows overlaid.

While lawful interception is often thought to have begun with wiretapping, pen registers actually predate that practice and telephones themselves, having been developed during the telegraph age. The critical difference is that while wiretaps eavesdrop on call content, pen registers capture control pane data that roughly corresponds to today’s call data records (CDRs). However today, encryption obscures most communications content, so lawful intelligence needs to use resources more akin to pen registers than wiretaps once again. Specifically, communications’ metadata and location intelligence have become primary to lawful intelligence as a whole.

A critical challenge with metadata and location data is leveraging the right solutions to transform them into usable intelligence. Technologies such as the SS8 lawful intelligence platform establish context, patterns, and relationships that help law enforcement agencies (LEAs) meet that goal. These tools enable investigators to not only overcome the limitations of encrypted communications content but provide potentially far more comprehensive, actionable intelligence as well.

SS8’s innovative approaches include the ability to mathematically analyze communications between targets and map the relationships among them. In a criminal or other adversary group, this approach can reveal the roles of individuals and the hierarchy of power among them, helping understand how the group operates and even positing an organizational chart. This approach is broadly known as “social network analysis” and includes data from mobile networks, OTT apps, emails, and many other forms of communication.

Social Network Analysis (SNA) with Intellego XT

Intellego XT, SS8’s LEA monitoring and data fusion platform, includes an SNA module that readily illuminates relationships between subjects of interest that would otherwise remain hidden. Data analytics algorithmically identify the existence and structure of an illicit organization and its leadership, for example, which Intellego displays to investigators using intuitive, interactive visualizations. Communication events are plotted among “nodes,” which can be individuals as well as entities such as email addresses or websites.

Automated processes streamline interpretation and modeling, giving operators efficient tools to cut through the clutter of intercepted communications and reveal new understandings of criminal relationships. A series of dashboard templates deliver easily digestible, visual presentations of SNA data to quickly identify relationships among lawful interception targets. Such analysis can help investigators learn who communicates with whom, how often, and which party initiates the communication.

The hierarchical template focuses on mapping seniority and power within a group to determine who its leaders are, which can help guide an investigation by revealing its ultimate target as well as the succession of individuals who might replace that target following a conviction. The circular template reveals sub-organizations or specialized functions within a set of targets based on patterns of nodes that mostly communicate among themselves. The symmetric template places the nodes with the most connections at the center of the visualization and those with the fewest out on the periphery, intuitively showing the targets that are most central to disseminating information throughout the organization.

As an alternative to automated layouts, operators can drag and drop intercepted data into a customized template to pursue open-ended inquiry and investigation. They can apply filters to focus on a subset of the data as well as drill down into specific communication events or series of events. Visualizations are also deeply integrated with the Intellego reconstruction module, which lets investigators recreate node interactions such as an individual’s internet sessions for a simulated, over-the-shoulder view of their online activity.

Algorithms, Insights, and SNA Metrics

The value of SNA techniques is the ability to gauge how important each node is to the organization as a whole. However, because that importance can be measured in different ways depending on the goals of an investigation, SS8 employs multiple metrics to represent various dimensions of a target’s significance. Taken together, these metrics help investigators gauge the value of targeting and monitoring an individual node.

The betweenness metric quantifies how often a specific node lies on the shortest communication path between others, which may correspond to the degree to which an individual acts as a conduit of information through the network. Regardless of their seniority, individuals with high betweenness scores are likely to represent concentrations of organizational information, making them prime targets for monitoring.

The closeness metric measures how many connections, and by how many degrees of separation, an individual has within a network using k-nearest neighbor algorithms. People with high closeness scores are likely to be key operational leaders. As such, they tend to be critical to the regular function of the organization and may represent a vulnerability that LEAs can exploit to disrupt adversary activity. These metrics also use Eigenvector values to give high scores to nodes that have strong connections to other nodes with high scores, further revealing decision makers through their connections to other highly placed individuals in the network.

Conclusion

Particularly in the context of organized crime, SNA techniques provide holistic insight into networks of people, their relationships, and their interactions. This capability is critical to developing lawful intelligence about groups in addition to individuals, and it better adapts investigative techniques to focus on metadata and location rather than message contents. By revealing how target organizations function, Intellego SNA capabilities give LEAs powerful insights that help them investigate and ultimately disrupt criminal groups.

About Syed Hussain

Syed Hussain Blog Headshot - SS8 NetworksSyed Hussain has spent more than 20 years working in the telecommunication and cyber security industry in Engineering and Product Management leadership roles. He brings significant technical expertise to his role as VP of Product Management for SS8’s Lawful Intelligence products, covering Service Providers and Law Enforcement market domains. He has led architecture and design of 4G and 5G Lawful Interception solutions in Cloud and non-cloud environments. Syed represents SS8 in both ETSI and 3GPP standards bodies and at technology summits and holds a BS in Computer Science and Engineering. You can learn more about Syed on his LinkedIn profile here.

 

About Franklin Recio

Franklin Recio has been with SS8 since its foundation. He has been involved in multiple roles including project management, services, sales, and product development. Currently, he’s in charge of Global Field Services implementation and the Acceler8 Alliances program to expand the relationships with other members of the ecosystem. Franklin has an engineering bachelor’s degree in Electronic Communications and a master’s degree in Upper Management and International Development. Currently, he’s pursuing a Ph.D. in Strategic Analysis and Sustainable Development at the Anahuac-Mayab University in Mexico. Learn more about Franklin on his LinkedIn profile here.

About SS8 Networks

As a leader in Lawful and Location Intelligence, SS8 helps make societies safer. Our commitment is to extract, analyze, and visualize the critical intelligence that gives law enforcement, intelligence agencies, and emergency services the real-time insights that help save lives. Our high performance, flexible, and future-proof solutions also enable mobile network operators to achieve regulatory compliance with minimum disruption, time, and cost. SS8 is trusted by the largest government agencies, communications providers, and systems integrators globally.

Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.

LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.

Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.

To learn more, contact us at info@ss8.com.

Tweet Us @SS8       Follow Us LinkedIn

SS8 Newsletter

LATEST WEBINAR

THE DATA SILO DILEMMA FOR LAW ENFORCEMENT

How to Ingest, Filter and Query 5G Volumes

Webinar Presented by Kevin McTiernan

CLICK HERE to watch!