Law enforcement leverages real-time web intelligence during underground train gridlock

bluedownloadThe police’s real-time command and control (C2) center’s intelligence team uses OpenMIND™ to generate an open source web intelligence (WEBINT)-based situational awareness picture, and identify threats and emergencies through constant automated monitoring and analysis of publicly shared information on the web concerning residents’ safety and security.

Through such monitoring, OpenMIND benchmarks the city’s typical behavior of shared information (down to the minute level), enabling the identification of abnormalities and events (e.g., a spike in posts concerning a downtown car accident) and delivery of post-detection alerts. Ad-hoc alerts can also be triggered by indicative terminology (e.g., car crash, shots fired, etc.). Following an alert, the intelligence team uses OpenMIND to quickly identify the alert’s point of origin, summarize the event’s characteristics and report actionable insights (e.g., images; locations, suspect details; eye-witness contact info) directly to first responders arriving at the scene.


The Event

Enriching intelligence on one of the group’s suspected leaders

During evening rush hour, a malfunction in one of the city’s underground train engines leads to a fire that causes massive train gridlock throughout the city, stranding thousands of subway passengers underground and leading to huge traffic jams as passengers exit the city. Trains are forced to emergency-stop, leading to dozens of minor injuries, bone fractures, panic attacks and respiratory issues among passengers, who include pregnant women and several elderly individuals.


View of real-time micro blog postings about the event and locations of micro bloggers

As public transportation authority control room operators identify and report the incident to the police, stranded passengers and those waiting at affected train stations use their smart phones to report the event on social networks and microblogs.

OpenMIND identifies the use of indicative terms (e.g., train crash, stuck, smoke in train, etc.) publicly shared across multiple web sites and social network accounts, as well as the abnormal spike in the volume of such content, which simultaneously raises an alert to the operator and emergency responders (via their mobile devices).

OpenMIND aggregates and transforms the incoming torrent of posts into a unified, WEBINT- based situational awareness picture, giving operators an at-a-glance understanding of the situation, and highlighting the most relevant insights. These insights are forwarded to the police C2 center, where they are leveraged to augment the emergency response plan.

Investigators analyzed the suspect’s activity in social networks in order to reveal his inner circle, key influencers and other group members. A social network connections map was generated by fusing publicly shared data from the suspect’s varied social networking accounts with that from his known associates’ accounts. OpenMIND visualized the relationships between accounts, clustered them by attribute (e.g., location, employment, education, etc.) and employed analytics to highlight indicative accounts.

OpenMIND’s social network analytics analyzed commonalities between contacts and their online activities (e.g., shared topics and “likes”). This highlighted four social profiles— previously unknown to investigators— now thought to be associated with the extremist group due to extensive inner-group connectivity and shared interests in extremist web pages and social networking accounts. Investigators flagged these accounts for ongoing monitoring and investigation.


OpenMIND’s intuitive user interface, analysis workflow design concept and advanced interoperable widgets expedited the investigation process.


Investigators generated valuable insights by visualizing unstructured and structured connections, and applying vast sets of filters and layouts to the social network map.

Learn how OpenMIND leverages the deep web

Inquiry Form >>