Humans are predictable, even criminals
People’s lives are built around patterns and routines. Their routines are structured. After a while, they even become predictable. A change in routine, an abnormality, emphasizes the pattern itself. When we add a non-routine activity to our lives -- our actions usually indicate it will occur. For example, before a vacation we make plans, buy a ticket or book a hotel. Before we move to a new house, we usually visit the location several times, make money transfers and sign a contract.
In their study from 2010, Albert-László Barabási and his team studied the mobility patterns of anonymous cell-phone users and concluded that despite the common perception that our actions are random and unpredictable, human mobility follows surprisingly regular patterns. Their research eventually concludes that people’s movement patterns are 93 percent predictable.
If this is true for average citizens, could it also be true for those involved in criminal or illegal activities? Could it be that even when they try to hide their actions and avoid being tracked, they still have routines, and they still leave traces indicating their intentions?
A 2013 research study regarding predictive crime theories mentions that criminals and victims follow common life patterns. Indeed, intelligence is very much based on the fact that human behavior is predictable. This allows investigators to make assumptions on the available data that they have and generate investigation leads.
There is a strong body of evidence to support the theory that some crime is predictable. Mainly because criminals tend to operate in their comfort zone. That is, they tend to commit the type of crimes that they have committed successfully in the past, generally close to the same time and location. As they move within those patterns, criminals have been shown to make "rational" decisions about whether to commit crimes, considering factors such as the area, the target’s suitability, and the risk of getting caught. Although this is not universally true, it occurs with sufficient frequency.
At the same time, abnormalities in the routine patterns of an individual can indicate potentially illegal behavior. For example, an individual begins receiving multiple mobile payment transfers, accumulating into large volumes, despite no new reported income source. Or an individual who used to be very active online suddenly deletes his social media profile or changes his web activity. Another example is of a group of people who seemingly have no connections to one another who buy flight tickets together.
However, these kinds of patterns and anomalies can only be recognized and analyzed fully when an investigator has a complete picture, made of different data sources. Any gaps or missing data can change the way the information is perceived and analyzed.
For that, data fusion and advanced analytics are needed to integrate data from different sources and extract analytical insights. These practices provide analysis of the suspect’s behavior, routines and patterns. Strategies such as pattern identification analyze and reveal the patterns of one or more suspects and enable investigators to make assumptions as to a target’s next move and what kind of actions law enforcement can expect from a specific kind of target. An anomaly detection analysis can discover irregularities in big data, eventually leading to an investigation of an activity that was previously unknown. A behavioral similarity analysis helps to discover additional criminals based on the similarities in their patterns. Analysis that shows discrepancies in event timestamp and entity location information gives a reliable analysis of the suspect’s activities and whereabouts and assists an analyst in identifying a pattern.
Applying pattern analysis to security investigations may forecast suspected criminal activities. Thus, enabling investigators to reach significant leads and conclusions.
For example, it enables an analyst to recognize places and times that have an increased risk of crime and to identify individuals at risk of becoming criminals. Such analysis also helps to create profiles that accurately match likely offenders with specific past crimes, identify groups or individuals who are likely to become victims of crime and more. It also enables an analyst to understand the behavior and intentions of a suspect or a group of suspects and help prevent illicit incidents.
Applying anomaly detection increases the chances of law enforcement agencies to discover activities that were otherwise unknown. Finding similarities can also reveal and predict new potential entities and suspects that were previously overlooked or unknown. This has an exponential impact on the possible number of illegal activities that may be prevented as a result.
The following drug trafficking use case illustrates how anomaly detection can help to detect and prevent crimes:
- Analyzing the pattern of known drug traffickers: In this case, data shows that known offenders tend to exhibit similar behaviors before they commit a crime. There is a high instance of suspects participating in a specific online forum and subsequently booking a flight to one of 3 foreign countries. Additional patterns identified include opening a bank account, having ties to known traffickers and purchasing a satellite phone. While these behaviors may be innocuous individually, together they indicate a high risk of illicit behavior.
- Identifying anomalies and indications of a future smuggling event: An analyst has set up knowledge rules to detect instances in which multiple suspicious criteria are met, indicating a potential event.
- Obtaining real-time alerts to accelerate and progress with investigation flow: The analyst receives an alert that there is an instance in which several of his criteria are met. An individual with known ties to drug traffickers has purchased a flight to a tagged country and been active in a suspicious online forum. The analyst opens an investigation.
- Finding members of a drug trafficking network and their modus operandi: The analyst can use all-source data to identify individuals with ties to the suspect, as well as additional recruiting forums and social media posts that bolster his investigation.
- Finding potential drug traffickers by analyzing the behavior of known suspects and automatically identifying similar persons: Each successful investigation provides more information that can be used to enrich the parameters that the analyst uses to identify the next suspect and prevent the next incident.
The understanding of how humans, and specifically criminals, have predictable patterns, combined with the right strategy, can elevate the work of security agencies to a new level.
Noam Zitzman is Intelligence methodology team leader at Cognyte