Behind the

Identifying the funding sources, propaganda activities and persons of interest of a Jihadist group

Jaish e Muhammad (JeM) is a Jihadist group that has been active in Kashmir since its establishment in 2000. Despite having been officially banned in Pakistan since 2002, the group has close relations with the Taliban and Al Qaeda and continues to terrorize the region with the aim of separating Kashmir from India and merging it into Pakistan. To further its cause, JeM has carried out several attacks, primarily in Azad Jammu and Kashmir (AJK), an autonomous jurisdiction within Pakistan. One of the latest and most fatal attack took place in the early hours of Saturday 10 February 2018, at around 4:10 am IST – four heavily armed militants attacked a camp of 36 Brigade which housed army personnel and their families. The attackers were armed with AK-47 assault rifles and grenades. Upon entering the residential quarters, they opened fire, killing four soldiers and injuring at least nine others, including women and children.

Understanding the support system behind an organization of this nature is crucial to understanding the organization itself. Digital Clues’ solution was used to carry out an in-depth analysis of three key areas: funding sources, propaganda activities and persons of interest (POI).

Despite having been banned in Pakistan, JeM continues to terrorize Kashmir.

An investigation into JeM was launched and the process of entity extraction using ProFoundTM began. Very soon, an organization engaged in funding activities on behalf of JeM surfaced – a seemingly innocent trust fund called “Al Rahmat”, purportedly raising donations to help the poor. Of course, JeM is no charity, so when a clear link connecting the two organizations was established, a closer look at Al Rahmat was called for.

This secondary investigation began with basic search engine queries, using ProBotTM, which aimed to extract general information about Al Rahmat. Bank account details found in an advert calling for donations and a Facebook account associated with the organization were quickly uncovered. This was all useful information, but not yet the level of detail that investigators had hoped to find. Digging continued and analysts began profiling the Facebook account. A visual link analysis proved very useful when a new lead surfaced. JeM has been banned by the Pakistani government years earlier, yet this specific entity had several connections to Pakistani officials.

Pushing full speed ahead using ProBotTM and ProFilerTM, the extraction of contacts and analysis of data surfaced additional information, including social accounts of Al Rahmat trustees and the man named at the head of funding activities and listed in relation to the bank account found in the original search engine query. Of particular interest was this man’s relationship with JeM’s leader.


Analysts continued their investigation, using the ProFoundTM collection module (ProBotTM) to collect vast amounts of social chatter about Al Rahmat. Filtering the data by phone number, donors and calls for donations, additional JeM activists were uncovered – all potential new leads for future profiling.

The process of entity extraction using ProFoundTM began. Very soon, an organization engaged in funding activities on behalf of JeM surfaced.

Another area of interest investigated by Digital Clues was JeM’s propaganda activities. Source development and collection modules (ProBotTM) were used to collect information about the organization’s online presence and analyze the main channels used for its propaganda activities. The search turned up “Al-Qalam Online” as JeM’s main online propaganda channel. A follow-on investigation through Source Development surfaced several social media pages related to Al-Qalam, and additional data collected both validated beyond a doubt the connection between JeM and its leaders, and uncovered more names, including one individual who was pinpointed as having a violent online presence.


Meet the Modules

Source Development

Generates leads based on keywords, email addresses, phone numbers and other identifiers

Visual Link Analysis

Analyzes friends, content and additional layers of metadata, such as a Facebook users’ hometown, to create visualizations of connections between suspects.

Collection module

Enables the various collection capabilities of the system to be deployed.

Analysis module

Enables insights to be derived regarding the data collected into the system.