Identifying the funding sources, propaganda activities and persons of interest of a Jihadist group
Jaish e Muhammad (JeM) is a Jihadist group that has been active in Kashmir since its establishment in 2000. Despite having been officially banned in Pakistan since 2002, the group has close relations with the Taliban and Al Qaeda and continues to terrorize the region with the aim of separating Kashmir from India and merging it into Pakistan. To further its cause, JeM has carried out several attacks, primarily in Azad Jammu and Kashmir (AJK), an autonomous jurisdiction within Pakistan. One of the latest and most fatal attack took place in the early hours of Saturday 10 February 2018, at around 4:10 am IST – four heavily armed militants attacked a camp of 36 Brigade which housed army personnel and their families. The attackers were armed with AK-47 assault rifles and grenades. Upon entering the residential quarters, they opened fire, killing four soldiers and injuring at least nine others, including women and children.
Understanding the support system behind an organization of this nature is crucial to understanding the organization itself. Digital Clues was employed to carry out an in-depth analysis of three key areas: funding sources, propaganda activities and persons of interest (POI).
Despite having been banned in Pakistan, JeM continues to terrorize Kashmir.
An investigation into JeM was launched and the process of entity extraction using ProFound began. Very soon, an organization engaged in funding activities on behalf of JeM surfaced – a seemingly innocent trust fund called “Al Rahmat”, purportedly raising donations to help the poor. Of course, JeM is no charity, so when Digital Clues found clear evidence connecting the two organizations, a closer look at Al Rahmat was called for.
This secondary investigation began with basic search engine queries, using ProBot, which aimed to extract general information about Al Rahmat. Bank account details found in an advert calling for donations and a Facebook account associated with the organization were quickly uncovered. This was all useful information, but not yet the level of detail that investigators had hoped to find. Digging continued and analysts began profiling the Facebook account. A visual link analysis proved very useful when a new lead surfaced. JeM has been banned by the Pakistani government years earlier, yet this specific entity had several connections to Pakistani officials. Could this possibly indicate the backing of JeM by the Pakistani Government?
Pushing full speed ahead using ProBot and Profiler, the extraction of contacts and analysis of data surfaced additional information, including social accounts of Al Rahmat trustees and the man named at the head of funding activities and listed in relation to the bank account found in the original search engine query. Of particular interest was this man’s relationship with Masood Azhar – JeM’s leader.
Analysts continued their investigation, using the ProFound collection module (ProBot) to collect vast amounts of social chatter about Al Rahmat. Filtering the data by phone number, donors and calls for donations, additional JeM activists were uncovered – all potential new leads for future profiling.
The process of entity extraction using OpenMind began. Very soon, an organization engaged in funding activities on behalf of JeM surfaced.
Another area of interest investigated by Digital Clues was JeM’s propaganda activities. Source development and collection modules (ProBot) were used to collect information about the organization’s online presence and analyze the main channels used for its propaganda activities. The search turned up “Al-Qalam Online” as JeM’s main online propaganda channel. A follow-on investigation through Source Development surfaced several social media pages related to Al-Qalam, and additional data collected both validated beyond a doubt the connection between JeM and Masood Azhar, and uncovered more names, including one individual who was pinpointed as having a violent online presence.
After uncovering so many details and providing authorities with solid leads and strong evidence on entities, funds, propaganda, and a possible direct connection to the Pakistani Government that had banned JeM, Digital Clues analysts continue to follow the online presence of the people and organizations affiliated with JeM, in the hope of preventing the next attack.
Meet the Modules
Generates leads based on keywords, email addresses, phone numbers and other identifiers
Analyzes friends, content and additional layers of metadata, such as a Facebook users’ hometown, to create visualizations of connections between suspects.
Enables the various collection capabilities of the system to be deployed.
Enables insights to be derived regarding the data collected into the system.