Register for our next deep dive! Who is Behind Portal Kombat? Exposing the Pravda Disinformation Machine with OSINT on Thursday, June 27, 2024, at 16:00 CET. Grab your spot now! close
03 Mar 2021

Introducing OCCRP Aleph Transforms in Maltego

Maltego Team

We are thrilled to release the OCCRP Aleph data integration in Maltego! The OCCRP Aleph data integration is a useful addition to the Transform Hub for journalists, trust & safety investigators, and analysts and researchers in various fields.

In this article, we will give you a brief introduction to OCCRP Aleph data and walk you through a basic demo of the Aleph Transforms in Maltego.

About OCCRP Aleph Data 🔗︎

Developed by the Organized Crime and Corruption Reporting Project (OCCRP), Aleph is the global open-source archive of public records, leaks, document dumps, and various datasets for research and investigative purposes. It includes terabytes of data that come from international journalistic investigations, such as company registries, sanction lists, court records, leaks, gazettes, procurement data, and other document dumps.

Aleph is not simply a search engine - it takes raw documents dumped and uploaded by users, parses them for structure, and turns the information into searchable entities that are interconnected based on data relationships.

Note that the data stored on Aleph comes from various sources and any findings based on data in Aleph must be independently verified. As stated by the OCCRP, Aleph is also not a valid standalone KYC solution for regulated industries. For more information, refer to their FAQs.

Who Can Use OCCRP Aleph Data in Maltego? 🔗︎

The OCCRP Aleph data is a powerful data enrichment resource for all types of Trust & Safety investigations—Fraud, Know-Your-Customer (KYC), anti-money laundering (AML), and corruption, to name just a few. It also includes high-impact data like the Panama Papers and Paradise Papers that are useful for regulators, journalists and law enforcement agencies alike.

With Aleph Transforms in Maltego, investigators and researchers are able to not only acquire access to countless records and registries and explore data connections visually, but also combine these with other person- and company-centric data integrations like Pipl, Orbis, OpenCorporates, WhoisXML, and more.

Accessing OCCRP Aleph Data Integration in Maltego 🔗︎

Maltego’s OCCRP Aleph data integration is a free Hub item for all community and commercial users to install and use without an API key. Note that the Maltego Aleph integration only includes data accessible via the OCCRP’s public Aleph API.

Simply head to the Transform Hub in your Maltego Desktop Client and click “Install” on the OCCRP Aleph Hub item to start using the Transforms.

The New Aleph Transforms in Maltego 🔗︎

Aleph is a tool for managing and analyzing unstructured data, and giving it structure in the form of a knowledge graph. The OCCRP created Aleph and has its own Aleph deployment, which is what the Maltego integration uses. There are also other Aleph instances hosted by other organizations, but these are not currently included in Maltego’s integration.

Maltego’s OCCRP Aleph data integration includes more than 80 Entities and over 400 Transforms which can be broken down into the following four types based on their functions:

There are many entry points investigators can start with when running Aleph Transforms—Phrase, Company, Person, Alias, Phone Number, Domain, to name a few.

Before we dive into the Transforms, we need to first understand how Aleph organizes its datasets.

How Aleph Structures Its Datasets and Entities 🔗︎

Within Aleph, there are many different datasets which are grouped into categories.

For instance, OCCRP Aleph includes the German “Handelsregister” and the “UK Companies House” datasets, both of which are in the “Company Registry” category. The “Tenders Electronic Daily (TED)” dataset, on the other hand, is in the “Procurement” category.

Within each dataset, there are numerous Entities which have connections to each other. In this context, an Entity can be a document, person, company, but it can also represent a kind of relationship, like a directorship or a membership (in Aleph, these are often called “Intervals”).

Aleph Transforms and data structure

While this concept is not very intuitive, it is important to understand: In Aleph, most relationships are modeled as Entities, therefore, our Maltego integration also models them as Maltego Entities.

For example, in a procurement dataset, you might have many Contract Entities connected to one or more Contract Award Entities (which are a kind of relationship between contracts and companies). Those Contract Award Entities may in turn have a connection to a Company Entity, indicating whom the contract was awarded to.

Using Aleph Transforms 🔗︎

As mentioned before, there are five different types of Transforms in the Aleph integration.

Type 1: Search for Entities throughout All Data 🔗︎

The Lookup (all datasets) [Aleph] Transform searches the OCCRP’s entire public Aleph database for the input, which can either be Phrase, Person, Company, Alias, Phone Number, Location, and other Entities. It returns different kinds of Aleph Entities—both information and relationship Entities—connected to the input.

Search for Entities throughout All Data

Type 2: Search for Entities in A Specific Dataset Category 🔗︎

As mentioned before, Aleph groups various datasets into different dataset categories such as company registries, procurement, leaks, sanctions lists, and more. The Lookup in specific datasets [Aleph] Transform Set includes 19 Transforms that allow investigators to query the corresponding 19 dataset categories.

Search for Entities in A Specific Dataset Category

Let’s look at an example.

Taking a Maltego Company Entity, we change the input value to “Mahan Air,” which is a privately owned Iranian airline company we are curious to learn more about.

We run the Lookup in Company registries [Aleph] Transform to search for data related to Mahan Air in this specific dataset category.

Lookup in Company registries

All data sets in company registry category

In the pop-up window, we can view all datasets included in the Aleph “Company Registry” category and select the ones we want to query. In our case, we will select all of them and then see what results are returned.

Transform result

The Transform returned two results: one Aleph Company Entity and one Aleph Page Entity. On top of each Entity, there is an overlay text that specifies the source dataset of the result.

For instance, the Aleph Company Entity is found in the “Istanbul Chamber of Commerce — Register of companies” dataset within the “Company Registry” category. On the other hand, the document returned is from the “Bahamas companies registry (2018)” dataset.

Note that pivoting further will only return data that can be found in the same Aleph dataset or data source.

Type 3: Get Properties of An Entity 🔗︎

Within the Get Properties [Aleph] Transform Set, there are multiple Transforms that fetch the corresponding properties stored in the Aleph Entities. As shown below, this property information can also be found in the Property View.

Get Properties of An Entity

For example, we run the to Address [Aleph] and to Jurisdiction [Aleph] Transforms on the Mahan Air Aleph Company Entity, which retrieve location information of the Entity and return it to the graph.

Transform result

Type 4: Get Relationship of An Entity 🔗︎

The to all relationships [Aleph] Transform is one of the most important features of the Maltego Aleph integration, along with the search dataset Transforms. Investigators can run this Transform on any set of Aleph Entities to discover how they are connected to other Entities, and whether they are applicable to one another.

As its name implies, this Transform fetches and returns all relationships for a given Aleph Entity. A “relationship” in this context means a reference to any other Entity—Both “relationship objects” like Directorship or Membership Entities, and regular data like Company, Person, Vehicle, and other Entities.

To demonstrate, we will run the to all relationships [Aleph] Transform on the Mahan Air Aleph Company Entity.

Get Relationship of An Entity

The Transform returned an Aleph Directorship Entity, which is a typical relationship Entity in Aleph’s datasets. We run the same Transform again on this Directorship Entity to acquire the Entities related to this relationship.

Transform result

The Transform returned one Aleph Person Entity that is tied to the Directorship relationship. We now know that this person is one of the directors of Mahan Air documented in Aleph.

Type 5: Get Entity Mentions from A Document and Vice-Versa 🔗︎

Aleph applies a natural language processing pipeline to documents it ingests and uses this to spot so called “named Entities,” which are snippets of text that look like the names of people, places, organizations and more. These are represented as Mention Entities in the integration. Given an Aleph document, you can use this Transform to pivot to the Mention Entities, and in turn find other documents sharing one or more such mentions.

Looking into Sanction Data in Aleph 🔗︎

In addition to company registry data, we can also look into Aleph’s sanction data related to Mahan Air. We will use the same Mahan Air Maltego Company Entity. Note that to lookup data in a new category, one must start with a new search.

We run the Lookup in Persons of Interests [Aleph] and Lookup in Sanctions Lists [Aleph] Transforms. The reason we query the “Persons of Interests” category is because some sanction list datasets are put into that category by Aleph.

Looking into Sanction Data in Aleph

The Transform returned a few other Mahan Air Aleph Company Entities found in the US OFAC Sanctions List dataset. We then run the to all relationships [Aleph] Transform, which returns a number of Airplane Entities, Representation Entities, Ownership Entities, and others.

Transform result

We run the to all relationship [Aleph] Transform again on the Ownership Entities to see what Mahan Air owns that is also sanctioned.

Transform result

Unsurprisingly, the Transform returns more Airplane Entities. What is interesting though is the two Aleph Company Entities that were also returned. Apparently, Mahan Air owns a company called “Shanghai Saint Logistics Limited.”

Start Exploring OCCRP Aleph Data in Maltego! 🔗︎

This small demonstration concludes the introduction to the Aleph Transforms in Maltego.

The vast amount of information stored in Aleph makes the data integration applicable in various use cases. Besides querying within the Aleph datasets, you can also pivot from any Aleph Entity using Transforms from other Maltego integrations, such as OpenCorporates, Pipl, WhoisXML, and more to enrich your investigations.

Use Case: Query Procurement Data in Aleph for Competitor and Supply Chain Research 🔗︎

Learn more about how to utilize Aleph Transforms in Maltego for real-life cases like:

We hope you enjoy exploring the Aleph data integration! Don’t forget to follow us on Twitter and LinkedIn and subscribe to our email newsletter to stay updated on new tutorials, use cases, and data integration releases!

Happy investigating!

By clicking on "Subscribe", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.