By: Tom Ramage

In Praescient’s latest demo, we showcase IBM i2 Analyst’s Notebook (ANB) capabilities in network, temporal, and geospatial analysis in a real world Open Source Intelligence (OSINT) mission set. Watch the full video demo and read our workflow summary below!

Background

The Syrian Civil War has captured headlines for the past several years as Bashar al-Assad’s dictatorial regime and its allies battle against mainstream and hardline opposition forces to regain control over the country. Meanwhile, al-Qaeda has used the conflict in Syria to increase its influence, especially as the Assad regime’s strategy relies on radicalizing opposition fighters and civilians in order to portray the war as a fight against terrorism to the rest of the world. This conflict is particularly well suited to open source monitoring due to the amount of local sources continually publishing relevant information. In the following workflow, we’ll demonstrate how OSINT analysts can collect and analyze information about al-Qaeda in Syria in order to understand and predict Syrian conflict dynamics.

 Step 1: Open Source Intelligence Gathering

Before we conduct any analysis, we first collect useful information from publicly available sources (Figure 1). For this particular example, we created a vetted source list encompassing local and international media, social media accounts, proprietary information, and think tank reports. We constantly refine this list in order to ensure the accuracy, credibility, comprehensiveness, etc…, of the data we gather.  For more context around Praescient’s OSINT methodology, read about our partnership with Institute for the Study of War (ISW), a leading open source research institution and thought leader on the Syrian conflict.

Figure 1: Screenshot from Kuluna Shuruka’, also known as All4Syria, a well-known local Syrian news source.

Step 2: Visualizing Militant Group Networks

Next, we use ANB to create organizational charts from the open source data we’ve collected around the Syrian opposition (Figure 2). These charts contain prominent group members and rebel institutions in which the fighters participate. We’ve included two primary rebel institutions, joint military operations rooms and governance structures, where members from different groups cooperate in the pursuit of shared objectives.

Figure 2: ANB allows us to organize and visualize complex Syrian opposition networks

Step 3: Analyzing al Qaeda’s Network in Syria

Now that we’ve organized our data, ANB will help us pull out specific indicators of growing al-Qaeda influence. Militant networks in Syria are institution centric, which means we must analyze Syrian rebel interconnectedness through shared rebel institutions rather than simply looking for direct associations. We are looking specifically for members of the opposition who collaborate with al-Qaeda within these institutional structures. This type of collaboration is not necessarily a smoking gun due to the necessity of rebel cooperation in this conflict, but significant cooperation particularly in rebel governance structures does indicate a toleration of al Qaeda and its ideology to an extent that warrants further monitoring and investigation. We can use ANB network analysis capabilities to reveal indirect connections to al Qaeda through rebel institutions that may not have been obvious previously (Figure 3)

Figure 3: We can use ANB to map indirect connections to Jabhat al-Nusra through Islamic courts and military operations rooms.

Step 4: Utilize Timeline Analysis for Forecasting

To further investigate ties between groups, we use ANB timeline analysis capabilities to plot reported meetings between group leaders. Examining the amount of times certain leaders were reported to have met with Nusra leaders allows us to further enhance our understanding of the extent of al Qaeda’s network in Syria. Furthermore, can visualize an increase in meetings between leaders suspected of being linked to al Qaeda to forecast Nusra would make an announcement regarding either the commencement of a new offensive against the regime or a formal merger of forces under the influence of al Qaeda in late January or early February 2017.

Figure 4:A temporal analysis of publicly-reported meetings between Jabhat al-Nusra leadership and other Syrian opposition groups.

Step 5: Mapping al Qaeda’s Influence in Syria

Finally, we were able to visualize the extent of al Qaeda’s network by geospatially plotting group headquarters and rebel governance structures. This allowed us to illustrate the extent to which al Qaeda has already subverted the Syrian revolution and confirm that al Qaeda’s influence is centered in Idlib Province with tendrils into other rebel-held pockets in Western Syria.

Figure 5:ANB maps Jabhat al-Nusra’s centers of influence throughout Syria.

Findings

Using IBM’s i2 Analyst’s Notebook capabilities alongside our proven analysis tradecraft, we have demonstrated how OSINT analysts can analyze the extent of al Qaeda’s network and its allies in Syria. We have shown that al Qaeda has consolidated control over opposition-held Idlib province primarily by using rebel governance structures to extend its influence over other militant groups. This discovery suggests that the Assad regime’s strategy of displacing its opponents to areas controlled by al Qaeda is having the desired effect of discrediting the revolution. Our analysis also allows us to conclude the US is maintains influence with opposition groups, particularly those prevalent outside of Idlib province, and this has stemmed the further expansion of al Qaeda’s power in Syria.

Praescient was founded in 2011 by a team of analysts, entrepreneurs, and engineers committed to applying cutting-edge analytic technologies and methodologies to complex information challenges across the globe. Praescient specializes in technology assessment, advanced training, intelligence analysis, and investigative support to Law Enforcement, the Intelligence Community, the Department of Defense and the Legal and Commercial sectors.