Palantir Government

Finding a Mole: Cyber Counter Intelligence

by Jason on July 27, 2009

This video demonstrates the Palantir platform’s cyber analysis capabilities, specifically investigating a notional case of an Embassy employee exfiltrating classified information to an outside organization. This investigation combines network traffic data, routing information, proximity card, or badge swipe events, social network data, and video surveillance to uncover the suspect employee through statistical, temporal, geospatial, and other visual analysis.

This dataset is part of the 2009 Visual Analytics Science and Technology competition, sponsored by the IEEE.


Introduction (1 min 42 sec)

This is an overview of the investigation. This investigation combines network traffic data, routing information, proximity card, or badge swipe events, social network data, and video surveillance to uncover the suspect employee through statistical, temporal, geospatial, and other visual analysis.

Badge and Network Traffic (3 min 53 sec)

Using proximity card logs, IP logs, and an employee ID list as datasources, we identify suspicious data transmissions and attribute them to a probable suspect.
Social Network and Geospatial Analysis (4 min 02 sec)

We have received intelligence predicting the possible structure of the social network the malicious insider embassy employee is using to communicate with the criminal organization and exfiltrate data. We then investigate ‘Flitter’ connections to determine the network the mole is using to leak sensitive data.
Surveillance Video Analysis and Conclusion (2 min 53 sec)

Lastly, we investigate 10 hours of surveillance video that is believed to have captured a meeting between persons associated with this case to find a suspicious meeting where individuals exchange briefcases.
Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Twitter
« Back to the Analysis Blog