About this investigation 🔗︎
As a result of the global ongoing COVID-19 crisis, institutions and organizations around the world are dealing with shortages of crucial equipment like respirators, surgical masks and other personal protective equipment (PPE). In this article, we’ll walk through an investigation we conducted to find and map a network of suppliers of such PPE across Europe and other geographies, using a prototype integration of the OCCRP’s Aleph data platform. Using Aleph, we are able to access a vast cache of structured public procurement data. We leverage this data to create a supplier network of PPE to various public and private institutions.
We would prefer to make the data publicly available, however we’ve seen increased reports of PPE hoarding and hawking and want to avoid playing into the hands of bad actors. Please also reach out if you have additional suggestions for either useful data to analyze in this context, or for other approaches in supporting organizations using the data shown here. The Transforms are in prototype stage and therefore not yet public, however we are happy to work with interested parties to leverage this data for other useful insights.
Introduction to OCCRP Aleph 🔗︎
We at Maltego spend a lot of time thinking about how to provide analysts and investigators with more power through making diverse datasets more easily accessible. Sources like company registries and open government data are a very powerful, but largely untapped, pool of valuable information that may provide insight into corporate structures, finances, global trade, influence networks and geopolitical issues. Such data is often unstructured and difficult to analyze in bulk, and in the context of Maltego it would certainly take a substantial amount of work to build Transforms for every source a global investigator may be interested in exploring.
Thankfully, we can get some help from our friends at the Organized Crime and Corruption Reporting Project (OCCRP) who have been collecting, structuring and building a massive database of such data for years; Aleph. Aleph includes data from company registries, news archives, leaks, gazettes, procurement, court archives and many other types of data sources. At the time of writing, there are a total of 282 datasets in the OCCRP’s public Aleph instance. Using Aleph’s underlying “followthemoney” data model, we were able to construct a large set of Transforms for querying and pivoting through this data. There are two main modes of interaction with Aleph from Maltego: Querying the database for Entities and pivoting through the relationships and properties of resulting Aleph Entities.
Accessing OCCRP Aleph Data Integration in Maltego 🔗︎
Maltego’s OCCRP Aleph data integration is a free Hub item for all community and commercial users to install and use without an API key. Note that the Maltego Aleph integration only includes data accessible via the OCCRP’s public Aleph API.
Simply head to the Transform Hub in your Maltego Desktop Client and click “Install” on the OCCRP Aleph Hub item to start using the Transforms.
Update March 04, 2021: Please note that the OCCRP Aleph data integration in Maltego has been updated in March, 2021. While the functionality and capability of the Hub item remains the same, some Transforms shown in this article might not be found in the current version. To learn more about the new Aleph Transforms in Maltego, please read our blog article here.
Update March 04, 2021: Please note that the OCCRP Aleph data integration in Maltego has been updated in March, 2021. While the functionality and capability of the Hub item remains the same, some Transforms shown in this article might not be found in the current version.
To learn more about the new Aleph Transforms in Maltego, please read our blog article here.
Investigating PPE supplier networks 🔗︎
Let’s start off by thinking about what we’d like to find out. The shortage of PPE represents a problem to many institutions and organizations: Their known suppliers are not able to meet their needs, so short of manufacturing their own, they need to find additional sources of PPE. Of course, many suppliers are already oversubscribed, however chances are that the market is not 100% efficient and some companies may still have the capability to supply them or increase their production accordingly.
Given the data we have available, the first source that comes to mind are company registries. It would be nice to search the company registries for healthcare equipment and PPE companies directly, however, on closer inspection this turns out impractical as company descriptions are often too vaguely worded and not always searchable in Aleph to begin with. However, there’s a more practical category of data sources available in Aleph that can help us out - public procurement data. This includes data about where many public institutions buy …well, basically anything from security services, furniture, food, computers, office supplies, and in many cases: PPE.
So, let’s focus on procurement data. We’ll start off with a few search terms that interest us, like “PPE”, “N95”, “face masks”, “surgical masks” etc. We represent these as Phrase Entities in Maltego and run a “Lookup in Procurement” Transform.
We get quite a few hits clustered around “PPE”, “personal protective equipment” and “respirators” in particular, including some collection nodes with quite a few results.
After removing the Phrase Entities to let the individual search results aggregate into Collections Nodes, we see that there are in fact over 1000 Contract Entities on the graph. These are particularly interesting, since we’d like to find out who issued these contracts, and which suppliers they were ultimately awarded to.
After pulling in the Issuers of the Contracts, the following structure emerges:
There are a few major institutions for which multiple Contracts are available, and a long tail of less crowded results.
Next, we are interested in getting Contract Awards via the “Lots Awarded” Transform. Note that this does not directly result in the suppliers, yet, it pulls in Entities holding the metadata about a particular contract award e.g. the amount and currency of the contract, the reason for the award, as well as the role of the supplier. Much of this metadata is useful when analyzing whether a given supplier is a potentially useful lead to pursue.
Our resulting graph looks like this:
As you can see, a single contract may have multiple awards, as different suppliers are providing different parts of the initial tender. Finally, let’s select the Contract Awards…
… and pull in the suppliers:
We finally end up with the graph below. The graph includes close to 5000 Entities in total, with slightly over 1000 Legal Entity / Company Entities that were awarded a contract. A solid start for a lead list.
The large, dark blue nodes highlight the largest, or most “central”, suppliers, as we’ve sized the nodes by the number of incoming links. Another pattern you can spot is a small green node surrounded by many red nodes, and finally blue nodes - these are examples of large contracts that have many awards to different suppliers. Chains of nodes that are mostly “linear” are usually smaller contracts by, and awarded to, companies that only occur once or twice in the dataset. Similarly, small star-shaped patterns are either small groups of contracts awarded to the same supplier or issued by the same Entity. Below is a detailed hierarchical view of a single subgraph of issuer, contract, awards and suppliers:
The 20 most “active” suppliers make up for 312 Contract Awards (1838 total) of 153 Contracts (1120 total) by 98 Contract Authorities (747 total) (names redacted to protect suppliers, see below):
Our final graph includes potential suppliers from at least 31 countries, primarily within Europe. The UK, Poland, Ireland, Slovenia and Sweden are the most represented. Below is a list of the top 20 most-represented countries, ordered by the number of potential suppliers found there.
It’s important to keep in mind that not all of the companies we identified are likely to be viable suppliers of PPE. Here are a few factors that have influenced our analysis:
- The initial search results will have contained some false positives - not every contract exactly matched what we were looking for!
- The data we base our analysis on is a selected range of public procurement datasets up to 2018. That means that it is by no means complete, and not in all cases up to date (some companies may no longer exist, and institutions may have changed their suppliers). If more procurement data becomes available within Aleph, we may update this analysis.
- Just because a contract includes PPE, and a supplier among those awarded the contract, we don’t know for sure that this supplier really makes PPE. Their role in the contract may have been for a different product or service.
- Finally, due to the structure of Aleph’s data, there may also be some duplicates in the result set e.g. the same company, but with a slightly different name or address.
Nevertheless, within minutes this analysis yielded a significantly long list of leads that may otherwise have taken hours or days to assemble. It even includes a street address and phone number for many of the listed suppliers.
An important task that remains is to go through the list in depth to verify the viability of each potential supplier. We’re making materials from this investigation available on request, in hope that people will find the information useful and/or contribute additional information.
Please also note that the Aleph Transforms are currently still in early prototyping stage and therefore are not yet available for public use. We will make an announcement when the Transforms are ready for release. Stay tuned by following us on Twitter and LinkedIn and subscribing to our email newsletter!