For journalists and other investigators concerned with complex real-world topics like corruption, fraud or financial crime, data discovery remains a difficult and often tedious task. This is especially the case in investigations that require digging into companies, organizations, individuals and how they are connected across legal structures, documents, contracts and more.
The Aleph Project by OCCRP 🔗︎
The Aleph project by OCCRP is a great resource for gathering, cleaning and structuring this type of information, while Maltego excels at visualizing and analyzing the links contained within the resulting data. In this post, we want to share a webinar that was recently presented by Andrew Fordred from Intelligence I1 that showcases Maltego’s new data integration with Aleph and provide some additional information on the integration.
Accessing OCCRP Aleph Data Integration in Maltego 🔗︎
Maltego’s OCCRP Aleph data integration is a free Hub item for all community and commercial users to install and use without an API key. Note that the Maltego Aleph integration only includes data accessible via the OCCRP’s public Aleph API.
Simply head to the Transform Hub in your Maltego Desktop Client and click “Install” on the OCCRP Aleph Hub item to start using the Transforms.
Watch The Webinar Now: 🔗︎
Update March 04, 2021: Please note that the OCCRP Aleph data integration in Maltego has been updated in March, 2021. While the functionality and capability of the Hub item remains the same, some Transforms shown in this video might not be found in the current version.
To learn more about Aleph Transforms in Maltego, please read our blog article here.
How Investigators Can Leverage Aleph and Maltego for Digging into Companies, Persons, and Other Information 🔗︎
As shown in the webinar, Aleph contains a vast collection of different types of data sets, including company registries, sanction lists, contracts, procurement databases, news, land registries, leaks, and many more. Most of this data is well-structured in a knowledge graph according to the followthemoney schema (for a detailed explanation of this, check out this article by the OCCRP).
This structure means that, rather than just treating all of this data as searchable documents, the Entities and relationships within the data can also be explored in very intuitive way within Maltego.
To give a few examples of what can be done with Aleph in Maltego: 🔗︎
- Given a company, you can pivot into the directors or shareholders of the company using data from company registries.
- From those directors, you can find into other companies they may have a role in.
- You can search procurement databases for contracts that mention a particular company, as well as explore the buyers, contract awards, suppliers and even monetary value linked to the contract.
- Person names can be looked up in sanction lists and other person-of-interest databases in order to cross-reference and flag individuals in an investigation.
- E-Mail dumps often contain well-structured sender and recipient information, allowing you to use Maltego to visualize the underlying communication structure and spot central figures.
These examples are just the tip of the iceberg, in total there are over 400 Transforms querying hundreds of data sources included in this data integration. Andrew Fordred’s webinar provides tangible examples of some of these queries. We have also previously showcased an integration investigation that makes use of this data to map suppliers of personal protective equipment (PPE) in the COVID-19 pandemic.
About Aleph 🔗︎
Aleph is an open-source tool built for investigative journalists and reporters. Anyone can run their own instance of Aleph, but the OCCRP also operates a public instance that is populated with data from hundreds of highly relevant underlying sources, often used within the OCCRP’s own stories and the instance used by the Maltego data integration. The data contained in OCCRP’s Aleph instance can also be useful for a variety of other investigative work. However, users should be aware that Aleph is not a valid KYC or due-diligence solution all on its own and should therefore not be used as such.
About Andrew Fordred 🔗︎
Andrew Fordred, a Namibian, previously served as an intelligence officer for the Crime Intelligence Service assigned to the Organised Crime Intelligence Unit of the South African Police. After leaving the police service, he held a number of corporate positions in capacities such as Risk Management, and later, forensic investigations. In 2007, he started his own business providing forensic investigations, intelligence, risk management consultancy, court testimony and litigation support. He completed a forensic investigation degree focusing on forensic intelligence with a qualitative case study of the illegal narcotics trade and syndicates. Currently, he is providing due diligence, cyber intelligence and investigations, cyber security and privacy, and training services to clients with emphasis on open source intelligence, social engineering and the dark web. In addition, he has been a public speaker at events such as the Journey of the Hacker Windhoek Namibia, OSMOSIS 2018 Las Vegas USA and Cyber Threats against Children UNICEF. Reach out to him on Twitter or LinkedIn.