Hunting for D.B. Cooper – A study in analytics.

The following article originally appeared at In Public Safety, and is a highly recommended read. It was written by Erik Kleinsmith at American Military University.
Crime Tech Weekly is posting the article in its entirety for our readers’ convenience…
By Erik Kleinsmith
Staff, Intelligence Studies, American Military University
On November 24, 1971, a man using the name Dan Cooper purchased a $35 one-way airline ticket from Portland, Oregon, to Seattle, Washington. Not long after takeoff, he hijacked Northwest Orient Flight 305 and demanded $200,000 in cash along with two parachutes, which he received upon landing in Seattle. He then ordered the plane to take off and fly to Mexico City; during that flight, he jumped from the aircraft into the Oregon wilderness, securing his place as the only unsolved case in FAA history.
db-cooper
In early 2011, following a host of other investigations — both private and government-led — Tom Colbert picked up the trail of the man now known as D.B. Cooper. As an investigative reporter and producer living in Southern California, Colbert was tipped off by a source in the illicit drug trade who had credible — albeit circumstantial — evidence that D.B. Cooper was alive and living in California. Over the next few years, Colbert invested incredible amounts of time and personal resources toward tackling a 45-year-old mystery that so many other investigators before him had failed to solve.

A New Approach to Finding D.B. Cooper

Colbert assembled a large group of leading private investigators, detectives, attorneys, profilers and other subject matter experts into a group he called the “Cold Case Team.” He also knew he needed the expertise of intelligence professionals to help him organize and analyze all the evidence related to this case. While intelligence analysts almost always focus on using their skills for predictive analysis predictive analysis (i.e., what’s going to happen), Colbert knew having people proficient in intelligence collection and analysis would provide unique insight into a case that was decades old.
In December 2011, Colbert elicited my help while I was involved in an Army intelligence training contract. We had been associates and friends for a few years and he knew about my involvement in the Able Danger program. As a student, practitioner, developer and instructor of intelligence methodology, I was interested in his investigation because it was another chance for me to adapt intelligence analytical methods to a cold (very cold) case. I immediately agreed to support his efforts; he sent me a copy of a dossier on the man he suspected was D.B. Cooper.
It contained photos, maps, interview summaries and many other pieces of evidence connecting this man to the D.B. Cooper incident. Much of the initial information was secondhand and circumstantial, so Colbert was using it to provide further investigative leads for the Cold Case Team members.
Here is where I make my quick disclaimer: Collecting information on U.S. persons for intelligence purposes is prohibited by several federal regulations with very few specific exceptions. Even though I would be supporting a private investigation, I was working as a defense contractor at the time and therefore felt it was important to follow the spirit of these restrictions by creating products based only upon what the Cold Case Team provided. Neither myself nor my colleague independently searched for or collected any additional information for any part of this investigation.
That being said, it was an exceptional opportunity to use analytical intelligence techniques to assist in this investigation.

Using Link Analysis Techniques in the Investigation

In his meetings with various law enforcement officials, Colbert had grown frustrated that no one was taking the time to look through the dossier and consider the evidence. I gave it to one of my senior instructors, David D’Alessio, and asked him to make a link chart of associations using one of the best link analysis software programs available to us. A link chart is a graphic representation of the people, events, and significant items of interest (such as a bank account or address) associated with a particular subject.  The key to these charts are the associations or “links” between each of the people, events and items in it.
 

20150817-daryn-visual-analysis-1
Link Analysis software helps investigators and analysts visualize non-obvious relationships between entities

 
Creating this chart was a painstaking process because D’Alessio had to go through each paragraph line by line, identify the relative linkages between entities and enter them into the software program. The initial link chart started with the main suspect and then drew graphic linkages to all his known associates their connections to third parties, and a host of other associations to events, locations, aliases and specific pieces of physical evidence. Working with D’Alessio and Colbert over several iterations of this chart, we ended up with a 3×2 foot poster that, to the untrained eye, looked a lot like charts shown in court or on television shows like Law and Order. There were hundreds of links to the main suspect, the many aliases he used over the years to include military records and associations that placed him in the vicinity of the Portland, Oregon area during the time of the hijacking.
The benefit of link analysis charts is that they do more than just show connections between entities. A link chart tells a comprehensive visual story and conveys a dynamic and detailed summary of information from the document supporting it. This technique proved immensely successful, as the visual representation helped capture attention and interest from outside parties.

How Intelligence Analysis Aided in the Investigation

Besides taking text-based information and turning it into a graphic visualization for presentation purposes, a link chart also helped the investigation in other ways. First, Colbert and his team were able to see gaps in the information where investigators needed to dig deeper. He could also see which links were strong and which were weak or tenuous. The team could then plan their investigations more effectively by identifying which gaps needed to be filled and prioritize how to best use their limited resources.
This chart also had a psychological value to the Cold Case Team. In 2013, one of the team’s private investigators presented it directly to the suspect and asked him to come forward. The hope was that once the suspect knew there was a vast amount of information on the identity of D.B. Cooper (not to mention it featured his picture right at the center). Revealing this chart helped Colbert enter into negotiations with the suspect’s lawyer and he came very close to a deal that would potentially involve an admission. Unfortunately, Colbert and the Cold Case Team were turned down at the last minute due to what we believe was his fear of being connected to other illicit activities.

Why Law Enforcement Must Partner More Often with Intelligence Agencies

_KOK1002_RTCC+(3)Ultimately, this case demonstrates that intelligence analysis can play a crucial part in law enforcement investigations, both as a predictive asset as well as an investigative one. The D.B. Cooper investigation is decades old, but there are many other cases that are not. Other law enforcement agencies can use the techniques tested in this case to assist with other unsolved crimes, missing persons and patterns of criminal activity. It’s important for law enforcement authorities to remember that analysts in the intelligence field bring with them a toolkit that provides both unique and specialized analytical methods that can offer new perspectives. Bringing intelligence analysts into the fold of law enforcement can enhance a crime-solving team.
The federal government has awesome capabilities in intelligence collection and investigation but they are not alone. There is an equally awesome, yet untapped capability, in the commercial sector and among academia to support investigations like this and other more current cases. There are uncounted numbers of undergraduate and graduate students in criminal justice, data analysis and intelligence studies courses who would be eager to support a future case. In addition, there are also many retired law enforcement and intelligence professionals who would be eager to lend their experience and subject matter expertise to similar cases and problem sets, if only to satisfy the investigative bug still within them.
While the FBI officially closed its investigation in the D.B. Cooper case earlier this year, it has not been closed in the eyes of the Cold Case Team. This team continues to move forward with its own investigation, relying on intelligence analysis methods to support them and continue to evaluate every bit of evidence in new ways.
 

black version
Crime Tech Solutions provides affordable, high performance software for crime analysts and investigation units.

 
 

Wynyard Group's slow, painful death arrives. Now, what about the customers?

October 28, 2016 – Crime Tech Solutions, a fast-growing and vibrant investigation software company based in Austin, TX, today announced a migration path for software users affected by the recent failure of New Zealand based Wynyard Group. Wynyard had positioned itself as a ‘leader in crime fighting software’, but never did find traction in the markets they coveted.

wynyardfailPer Wynyard Group officials, the company has placed itself in voluntary administration as it battles crippling losses and missed revenue forecasts, leaving customers in the dark as to the future of their investment in the crime fighting technology.

For users of the Wynyard Group case management software, Crime Tech Solutions has introduced a comprehensive ‘path forward’ that includes, in some cases, a license-cost-free replacement of the Wynyard Group system with the popular and robust Case Closed™ investigative case management solution for law enforcement and commercial investigation agencies.

Case Closed Software was developed by investigation professionals and for investigation professionals, and is widely used by investigative agencies across North America.

ccscreenshot1

“The objective”, said Crime Tech Solutions’ CTO Keith Weigand, “is to provide Case Closed software licenses to interested customers in exchange for the monies they already pay in annual maintenance and support.”

Tyler Wood, Operations Manager at Crime Tech Solutions, added “In essence, it’s a way to put what we think is better case management software into customers’ hands without the need to pay for expensive new software licenses.” While Wood acknowledges that there are internal costs associated with converting to any new solution, he feels that the intuitive and flexible nature of Case Closed is designed to mitigate those costs as much as possible.

About Crime Tech Solutions

black version
Case Closed Software is developed and supported by fast-growing Crime Tech Solutions

 

Crime Tech Solutions  is a low price / high performance innovator in crime analytics and law enforcement crime-fighting software. The clear price/performance leader for crime fighting software, the company’s offerings include Case Closed™ investigative case management and major case management, GangBuster™ gang intelligence software, powerful Sentinel Visualizer link analysis software, evidence managementmobile applications for law enforcement, comprehensive crime analytics with mapping and predictive policing, and 28 CFR Part 23 compliant criminal intelligence database management systems.

Critical Capabilities for Case Management Software? Case Closed!

In a February 2014 report, Critical Capabilities for Case Management, Gartner Group® defined the following 11 critical capabilities for investigative case management solutions. Crime Tech Solutions applies all of these critical capabilities to the powerful CASE CLOSED™ SOFTWARE for deployment at government and commercial investigative groups. 

  1. ccscreenshot1Investigative case management solutions always require a broad range of data types, from highly structured data (such as an individual’s name, address or ID) to highly unstructured data (such as scanned images, blueprints, faxes, email communications, and audio or video files). CASE CLOSED supports this requirement with unique and patented functionality that allows investigators to interact with this content, using capabilities such as view or read, comment, highlight, update or change, and append.
  2. Supports a broad range of collaboration services to facilitate individual and group interactions among all (internal and external) case participants. Collaboration among people (and even potentially with third party software) is incorporated into CASE CLOSED so that all interactions are recorded as part of the audit trail of how a case is handled. CASE CLOSED’s built-in support for e-mail communications, messaging, and alerting further supports collaboration efforts – across the aisle or across departments.
  3. Interoperates well with other external content and process services. Successful investigations and prosecutions often depend on external content and process services from repositories and applications. The attraction of CASE CLOSED’s open, standard specifications is that enterprises will know that integration with content repositories, web portals, and external software will require less custom code or specialized adapters.  ccscreenshot2
  4. Provides vertical – and horizontal – specific data models, nomenclature, hierarchies and case life cycle management. Crime Tech Solutions has substantial experience in specific domains such as financial crimes and law enforcement investigations. We have transferred the lessons learned from consistent use cases and data definitions directly into CASE CLOSED. Because investigative case management solutions are difficult to design and architect, such out-of-the-box configuration patterns tend to accelerate the implementation time.
  5. Provides application adapters to industry and domain-specific environments. Crime Tech Solutions constantly endeavors to integrate with our customers’ critical systems of record. Crime Tech Solutions is well-acquainted with the specialized applications and data sources that dominate certain industries and domains, and thus CASE CLOSED offers accelerated integration with core systems of record.
  6. Provides comprehensive, highly configurable, role-based user experiences. Designed by former law enforcement officials, CASE CLOSED offers role-based user interfaces that tend to focus and simplify case handling – a critical step toward productivity gains. Crime Tech Solutions idealizes the interface between case workers, the content in cases and the managers who make decisions based on the work in progress.
  7. Provides business-role-friendly dashboards, metrics and reporting. Investigative groups want flexible and powerful case management solutions that allow them to manage and modify their own solutions, and to get meaningful information from them. As a result, CASE CLOSED provides access to case execution history, as well as appropriate dashboards, models, visualizations, reports and other tools to monitor, analyze and report on case handling.casestatistics
  8. Supports a broad range of case orchestration, from highly structured to highly unstructured flows. CASE CLOSED provides case orchestration for a spectrum of applications, ranging from very structured (predictable sequences of activities, usually represented in a flow model) to very unstructured (where progression is not easily predictable, and ad hoc activities may be invoked during the execution of the case). CASE CLOSED is also designed to easily adapt to the investigation group’s evolving business processes.
  9. Has been proven in deployments with 100,000 cases or more annually which is especially important for areas such as claims management and fraud investigations. While some investigative case management deployments do not require the volume capabilities of 100,000 cases or more, others do. Crime Tech Solutions’ software has been designed – and has been deployed – with very large scale case handling as a critical capability.
  10. Provides intelligent and versatile on-ramps and off-ramps for incorporating content (such as document capture, mobile phone cameras, fax servers and e-forms). It doesn’t matter how the information exists, whether on paper, in a digital document, as an image, in an email, in a voice mail or on the internet: CASE CLOSED is designed to allow capture and control with as much upfront intelligence as possible. Coupled with the ability to deliver various inbound content objects to a case folder is the ability for CASE CLOSED to generate outbound content (such as e-Brief), and the ability to export case data.
  11. Leverages models for easy adaptability of the solution. CASE CLOSED leverages appropriate data models to enable business and technical roles to easily adjust their solutions as needed. This includes easy adaptation of the design as well as easy adaptation of executable behavior. Importantly, CASE CLOSED provides the ability for dynamic and ad hoc adjustments to in-flight work. This means that the execution path of in-flight cases can be immediately adjusted in an unanticipated (ad hoc) way.

HomePageCaseManagement.png
According to Gartner, investigative cases are the most complex in terms of process (workflow) and content (data). These cases are data-heavy. Often, data is captured as part of the case and relationships between data elements emerge over time. Patterns in the data are discovered, evaluated and acted on. Sequencing of actions on the case is very ad hoc, and event/milestone-driven.
Figure 1 shows examples of case-based processes that fall under each of these four use-case categories, and shows the structured vs. unstructured nature of the processes and data associated with each.
Figure 1. Case-Based Processes
quadrant
Source: Gartner (February 2014)
CASE CLOSED SOFTWARE from Crime Tech Solutions is designed specifically for the Investigative (data-heavy) market and resides in the upper right quadrant of diagram.
About the Author
Tyler Wood is Operations Director of Austin, TX based Crime Tech Solutions (www.crimetechsolutions.com). The company develops and deploys low price / high performance software for law enforcement including Case Closed investigative case management software, sophisticated Sentinel Visualizer link analysis and data visualization software, and CrimeMap Pro advanced crime analytics. The company also develops the popular GangBuster gang database, and IntelNexus criminal intelligence software for 28 CFR Part 23 compliance.

What's with all the "Creepy Clowns"?

It had to be in the weeks running up to Halloween, of course.
killerclownsUnless you’ve been hiding under a big red nose and novelty wig, you probably know that there has been a rash of ‘creepy clown’ sightings in communities across the country. These creepy clowns – and the related threats they seem to pose – seem to range from crazy hoaxes to credible events. So what in the name of big, floppy shoes is going on here?
Some arrests have been made. Schools have sent out warning letters. Social media is crawling with creepy, homemade clown videos. And the subject even came up at the White House media briefing this week.
We need an explanation for why, all of a sudden, there are creepy clowns running around our neighborhoods and – in some cases – our wild imaginations.
CNN posted six possibilities in an attempt to answer that very question. It’s a very good article and accompanying video. The possibilities, according to the folks they’ve interviewed range from folklore to viral marketing, and more. Of interest is the viewpoint of Benjamin Radford, author of the book “Bad Clowns“.
As the Los Angeles Times points out in an article HERE, the stupidity began in South Carolina with upsetting accounts of clowns attempting to lure children into the woods. (Those accounts seem to have proven false, by the way.) That said, the craze has expanded and, according to the same LA Times article, clown sightings were reported in Modesto, CA prompting police to issue a notice to residents that read: “If you see anything or anyone suspicious, including individuals dressed as clowns, to avoid contact and report the circumstances to us immediately.”

icp
Insane Clown Posse

Even the Insane Clown Posse has weighed in on the subject. The Detroit-based hip-hop duo suggests the phenomenon is “basically nothing more than mass hysteria and moral panic.”
“Believe it or not, the same thing happened in 1981, too. Long before social media, Stephen King wrote (the horror classic) ‘It’ and Insane Clown Posse were in GRADE SCHOOL at the time! So there ARE no ‘killer clowns’ — it’s just jackasses being jackasses. Everyone relax!”, they posted.
In an article posted at Michigan Live HERE, it is pointed out that Loren Coleman, a cryptozoologist who studies the folklore behind mythical beasts such as Bigfoot and the Loch Ness Monster, came up with something called “The Phantom Clown Theory,” which attributes the proliferation of clown sightings to mass hysteria.
After some thorough research, it seems that the prevailing thought is that there are no credible threats from Creepy Clowns. Fuelling the hysteria, of course, are utterly false reports that continue to make the rounds in social media. Snopes, the myth debunking (or confirming) website talks about a report that creepy clowns are responsible for two dozen murders in Canada. Spoiler alert: It’s not true.
killerclowns2Perhaps the biggest concern is that these creepy clowns take it too far, a la the snowball effect. We should be concerned that someone could be legitimately hurt as the trend grows. It’s even more possible that someone will take one of these creepy clowns as a legitimate threat and take matters into their own hands. We hope neither of those things happen, but we’d sure love to see a lot less of this clowning around.
About the Author
Tyler Wood is Operations Director of Austin, TX based Crime Tech Solutions (www.crimetechsolutions.com). The company develops and deploys low price / high performance software for law enforcement including Case Closed investigative case management software, sophisticated Sentinel Visualizer link analysis and data visualization software, and CrimeMap Pro advanced crime analytics. The company also develops the popular GangBuster gang database, and IntelNexus criminal intelligence software for 28 CFR Part 23 compliance.