Title: Getting Leads: GEO Mining

Release Date: 2017-04-24

Document Date: 2004-08-17

Description: Description of an approach to sifting through large amounts of phone call metadata to find leads for new surveillance target called "GEO Mining." The author gives an example of searching for heroin-production labs in Afghanistan using GEO Mining, by filtering all phone calls in Afghanistan down to calls made near known heroin-processing labs. In this case, "The top 20 handsets were then tasked for collection, and at least one has produced reportable intelligence."

Document: DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL

(U//FOUO) Getting Leads: GEO Mining
FROM: SIGINT Communications
Unknown
Run Date: 08/17/2004

(S//SI) What is "GEO Mining"? - It's a new approach to finding important leads ("needles") in
large "haystacks" of phone call-related metadata. Its goal is to give SIGINT analysts useful tools
to help them get new and profitable lead information on their targets. The way it works is this:
first, analysts establish a profile to narrow down the type of call events that are of interest. For
example, they may be interested in calls that were made in a certain region at a particular time.
Next, GEO Mining's algorithm mathematically enhances the profile and sifts through NSA's
databases to isolate those call events that appear most promising as target leads. These leads
are then passed to the analysts for follow-up investigation.
(TS//SI) As part of GEO Mining's development, several tests have been conducted. In one case,
the objective was to find new heroin-processing labs in Afghanistan and the associated PCS
(Personal Communications Service) handsets. Since there are about 97,000 locatable call events
in Afghanistan on any given day, GEO Mining's task was to winnow this down to a manageable
number of leads. With the help of the South West Asia Narcotics (SWAN) team (S2F11), a
profile was created to include only the calls that were made near 27 known heroin-processing
labs in the country. When run against the available metadata, the program produced a list of the
handsets that were used in the targeted area. The top 20 handsets were then tasked for
collection, and at least one has produced reportable intelligence. In addition, a map of potential
new drug labs was sent to the National Geospatial-Intelligence Agency (NGA), which confirmed
that the suspected sites were indeed labs.
(U/FOUO) Geo Mining aims to create a suite of tools to routinely give SIGINT developers and
analysts lead information of this kind. The cross-organizational team consists of members from
SID/Cryptanalysis and Exploitation Services (CES - S31), the NSA/Research Associate
Directorate (RAD), the GEO Cell (S2L), and the Cryptologic Mathematician Program (S3T2).
(U//FOUO) Are you interested in joining the GEO Mining team? If so, contact the team leader,
Paul Brown (
@nsa) for further information.

"(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet
without the consent of S0121 (DL sid_comms)."

DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL
DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh