Here's a slice of @opensanctions.bsky.social + @openownership.bsky.social data, merged using entity resolution from Senzing. I got to wondering about the temporal graph (transactions) in AML, which "overlays" atop the structural graph of UBO ... and recalled my ORSA training ... - ThreadSky

pacoid.bsky.social • 9 days ago

Here's a slice of @opensanctions.bsky.social + @openownership.bsky.social data, merged using entity resolution from Senzing.

I got to wondering about the temporal graph (transactions) in AML, which "overlays" atop the structural graph of UBO ... and recalled my ORSA training ...

Comments

pacoid.bsky.social•9 days ago

Meanwhile, here's a view of the money transfers in the "Azerbaijani Laundromat" case, from OCCRP data -- which is a temporal graph of the transactions.

pacoid.bsky.social•5 days ago

improved flow analysis (fixed a bug!) so the inter-arrival models are more accurate, and the general ledger has been corrected

plus tool-tips on hover for the generated HTML
https://github.com/DerwenAI/kleptosyn/blob/main/occrp.ipynb

pacoid.bsky.social•4 days ago

From this, we can show three features developed using graph analytics -- "balance", "node degree", "node out degree" -- which can be used to train a classifier model for the roles of shell companies, to asset behaviors in potential fraud.

For example, this uses _random forest_ from scikit-learn.

pacoid.bsky.social•6 days ago

Overall, here's a better chart showing which shell companies were used to move money out of the country.

For example, "BAKTELEKOM MMC" transferred out 10^9 (hundreds of millions)

pacoid.bsky.social•6 days ago

Updated notebook on GitHub:
https://github.com/DerwenAI/kleptosyn/blob/main/occrp.ipynb

pacoid.bsky.social•6 days ago

Adding a sense of "general ledger" analysis to examine the money transfer inflows and outflows for each shell company, and also considering the flows within paths, cycles, and the topology of connected -- in other words, is a company where deposits are sourced or drained?

pacoid.bsky.social•6 days ago

Results from the distribution of node degree, distribution of cycle length, and triadic census lead to some insights into the fraud tradecraft, given the "balance" and "debit" amounts above ...

pacoid.bsky.social•6 days ago

Funds appear to have sourced mostly into "BAKTELEKOM MMC", then drained mostly out of "LCM", "HILUX", "POLUX", and "METASTAR"

pacoid.bsky.social•6 days ago

Nodes in the periphery split evenly between negative balance (lesser points for sourcing funds) and zero balance (part of cycles to shuffle funds), while none of these end with a positive balance.

pacoid.bsky.social•6 days ago

The non-periphery nodes which aren't the four with highest centrality have high volume -- in other words, these were the main intermediary points through which funds were shuffled to obscure the eventual "drains" ...

pacoid.bsky.social•9 days ago

Recommended:
"From Raw Data to Resolved Identities: Transforming Your Data for Senzing Entity Resolution"
by @cjlovesdata1.bsky.social
https://www.linkedin.com/posts/dr-clair-sullivan_nbsanity-jupyter-notebook-viewer-activity-7295905567796076544-MQoY

Analysis of this OCCRP dataset, showing how to create a Senzing mapping for running entity resolution.

pacoid.bsky.social•9 days ago

Note how use of a centrality algorithm spotlights the predominance of four shell companies involved the case: Polux Management LP, Metastar Invest LLP, Hilux Services LP, and LCM Alliance LLP

pacoid.bsky.social•9 days ago

take-aways:

* this is a relatively sparse graph with diameter = 4
* 423 nodes out of the 437 total are in the periphery

questions:

* does the flow hierarchy shows that few edges participate in cycles?
* does the many `021U` triads indicate "burst in beneficiaries" AML tradecraft pattern?

pacoid.bsky.social•9 days ago

To reproduce this, see:
https://github.com/DerwenAI/kleptosyn

For the OCCPR data analysis, see the `occrp.ipynb` notebook

pacoid.bsky.social•9 days ago

This struck me afterwards -- there are 4 shell companies named in the OCCRP analysis: LCM, Hilux, Polux, MetaStar. NetworkX shows 423 nodes out of a 437 total are peripheral. Then what kind of patterns occur involving these intermediate 10 shell companies? Let's identify them first:

pacoid.bsky.social•9 days ago

Also from NetworkX: Globecon and Riverlane are the "center" of the graph.

Then see "DANSKE BANK A/S EESTI FILIAAL" in this list. Ostensibly the leak came from a Danske Bank branch in Estonia, is it the same?
https://thebanks.eu/banks/13002

tparish.bsky.social•9 days ago

Any chance you might blog about this?

pacoid.bsky.social•9 days ago

Thanks, yes, this is a tutorial in development. We'll see how it unfolds :)

tparish.bsky.social•9 days ago

Great thanks. I would like to dig in and understand better. No rush.

Comments

Posting Rules

Reply