New 'Beagle' tool will sniff out email fraud
Beagle is an open-source software tool that developers say will help with analytics and email investigations
This article is taken from the Jan. 2019 issue of eTechBeat, published by the Justice Technology Information Center, a component of the National Law Enforcement and Corrections Technology Center System, a program of the National Institute of Justice, (800) 248-2742.
By Becky Lewis
Law enforcement investigators who are organizing their calendars for 2019 might want to make a note for sometime this summer to look for information on Beagle.
It’s not a trip to the animal shelter or pet store; it’s information on the beta release of Beagle, an open-source software tool that developers say will help with analytics and email investigations.
Developed as part of a doctoral dissertation for Jay Koven, an engineering graduate student at the New York University Tandon School of Engineering, Beagle is a “visual analytics tool that dramatically speeds up forensic email investigations and highlights critical links within email data” that can be used to “trace the trail of email scammers,” according to a November 2018 press release from the university.
Koven and others on the development team collaborated with Agari, a data security company, which provided access to tens of thousands of emails for research, to obtain a dataset of 3 million emails to use during development. The result is a user-friendly interface that helps investigators and others quickly search huge numbers of emails and find commonalities, including keywords and patterns in content, and also less commonly used factors such as sent time and the physical locations of email recipients.
The team is working with several law enforcement agencies to further refine the tool, with a goal of releasing it for more widespread law enforcement beta testing this summer. Koven’s goal is to continue to distribute the tool free after the beta test completes; agencies may need to incur some relatively low costs for training focusing on how to get the emails into the system.
“There’s been very little work done in the area of forensics for large document datasets, especially for emails,” Koven says. “Many of the available tools aren’t up to the task, and the ones that might be are prohibitively expensive.”
Two of the major differences between Beagle and other tools are searches that include all results, rather than screening for what the tools deem the most relevant, and the ability to search huge datasets rapidly. When Koven started laying plans for the research, another student who had interned at Agari helped open the way to accessing tens of thousands of emails, and even the research team was surprised at Beagle’s ability to handle that amount of data.
“My original thoughts when starting the research were to create a tool that could help mainly with corporate and financial crimes, but it’s proving useful for cybercrime in general,” Koven says. “It would be exciting to say you could use it for murder cases, but generally those aren’t cases where you have to look at large datasets. It’s most helpful with cases where there are a lot of emails and you have to separate the noise from what is useful.”
A request from law enforcement agencies that were having difficulty dealing with cases that involved large amounts of email led Koven to take the project on for his dissertation. One of his advisers (Nasir Memon) works with multiple agencies in New York City, and he found they wanted a way to deal with large email datasets. Then came the connection with Agari, and as word spread that the project was underway, other agencies offered additional datasets.
Feedback about ease of use from those “alpha” agencies has been positive, Koven says: “It’s basically gives them a few minutes of instruction and off they go. The whole idea was to make it user-friendly, because it’s not set up for technical users, it’s set up for investigators.”
In addition to the positive feedback from law enforcement partners, Koven reports that Beagle helped Agari find ways to improve its client services as well. He says that when the team looked at the Agari dataset, they found evidence of scams previously unknown to them.
“We thought scams would fall into three or four different categories, and it was at least eight, maybe more. In addition to the common ones involving romance or kidnapping a relative, we found scams involving purchase of medical equipment that was never delivered, and one where criminals were intercepting payments between escort services and clients,” he says. “So in addition to helping the research and helping Agari, we were able to pass some of our findings on and help law enforcement as well.”
For more information, click here.