Investigating Terrorist Attacks Using CDR Data: A Case Study

  • Fatih Ozgul
  • Ahmet Celik
  • Claus Atzenbeck
  • Nadir Gergin
Part of the Lecture Notes in Social Networks book series (LNSN)


Call Detail Records (CDR) are commonly used by police and intelligence services all over the world. In many countries, GSM operators are obligated to keep CDR data for all of their subscribers. For prosecutors, courts, and judges investigating criminal cases it is beneficial to use CDR data. This case study shows how mining CDR data helped in the investigation of a terrorist attack that happened in Istanbul, Turkey. A truck was put on fire by a terrorist organization to protest against the conditions of a terrorist leader in prison. Arsonists were identified and arrested after the interrogation of suspects. The judge asked GSM operators to provide the suspects’ CDR data for verifying their testimonies. Five different attributes retrieved from the CDR were merged. Date, time, and location of suspects were compared with the log of signals received by base stations. In order to find out whether subjects are acquainted with each other, their phone calls on the day of the attack were matched using GSM line numbers. Furthermore, suspects’ cell phone handsets were matched using International Mobile Equipment Identity (IMEI) numbers in order to find out whether same handsets or SIM cards have been used in the past. Friendship, spatiotemporal, GSM line number, and IMEI number analysis using CDR data revealed that some testimonies were wrong and thus helped in identifying the suspects who carried out the attack.


Mobile Phone Crime Scene Threatening Activity Bank Robbery Privacy Preserve Data Mining 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Chen, H., Schroeder, J., et al.: COPLINK connect: Information and knowledge management for law Enforcement. Decis. Support Syst. 34, 271–285 (2002)Google Scholar
  2. 2.
    CNET NEWS, Feb.11, 2010: Declan McCullagh: Feds Push for Tracking Cell Phones. Accessed 27 Oct 2010
  3. 3.
    Coffman, T., Greenblatt, S., Marcus, S.: Graph-based Technologies for Intelligence Analysis. Commun. ACM 47(3), 45–47 (2004)Google Scholar
  4. 4.
    Coffman, T.R., Marcus, S.E.: Pattern Classification in Social Network Analysis: A case study. In: Proceedings of IEEE Aerospace Conference, IEEE. 6–13 Mar 2004Google Scholar
  5. 5.
    Dasgupta, K., Singh, R. Viswanathan, B., Chakraborty, D., Mukherjea, S., Nanavati, A.A., Joshi, A.: Social Ties and Their Relevance to Churn in Mobile Telecom Networks. In: Proceedings of EDBT ’08, pp. 668–677, ACM, New York, 25–30 Mar 2008Google Scholar
  6. 6.
    Diffie, W., Landau, S.: Communications Surveillance: Privacy and Security Risk. Commun. ACM 52(11), 42–47 (2009)Google Scholar
  7. 7.
    Dallas/Fort Worth Local News From CBS 11 & TXA 21 “Police Arrest 7 Scarecrow Bandit Suspects”. Accessed 27 October 2010
  8. 8.
    Greenblatt, S., Coffman, T., Marcus, S.: Emerging Information Technologies and Enabling Policies for Counter Terrorism. In: Behavioral Network Analysis for Terrorist Detection, Wiley-IEEE Press, Hoboken (2005)Google Scholar
  9. 9.
    Han, J., Kamber, M.: Data mining: concepts and techniques. Morgan Kaufmann, California (2006)Google Scholar
  10. 10.
    Hung, C.-C., Peng, W.-C., Huang, J.-L.: Exploring Regression for Mining User Moving Patterns in a Mobile Computing System. In: Proceedings of the 1st International Conference on High Performance Computing and Communications, pp. 878–887. Sept 2005Google Scholar
  11. 11.
    Kaza, S., et al.: Predicting Criminal Relationships Using Multivariate Survival Analysis. In: Proceedings of the 8th Annual International Conference on Digital Government Research: bridging Disciplines & Domains, pp. 290–291. Digital Government Society of North America, Philadelphia, Pennsylvania, USA (2007)Google Scholar
  12. 12.
    MacArthur, A.P.: The NSA phone call database: The problematic acquisition and mining of call records in the United States, Canada, the United Kingdom, and Australia. Duke J. Comput. Int. Law 17, 441 (2007)Google Scholar
  13. 13.
    Marcus, S., Coffman, T.: Terrorist Modus Operandi Discovery System 1.0: Functionality, Examples, and Value. 21st Century Technologies, Austin, TX, USA (2002)Google Scholar
  14. 14.
    Marcus, S.E., Moy, M., Coffman, T.: Social Network Analysis. In: Cook, D.J., Holder, L.B. (eds.) Mining Graph Data. Wiley, Hoboken, New Jersey, USA (2007)Google Scholar
  15. 15.
    Moy, M.: Using TMODS to Run Best Friends Group Detection Algorithm. In: Proceeding of 21st Century Technologies, Austin, TX, USA (2005)Google Scholar
  16. 16.
    Nanavati, A.A., Gurumurthy, S., Das, G., Charraborty, D., Dasgupta, K., Mukherjea, S., Joshi, A.: On the Structural Properties of Massive Telecom Call Graphs: Findings and Implications. In: Proceedings of CIKM ’06, Arlington,Victoria, US, pp. 435–444. ACM, Nov 5–11 2006Google Scholar
  17. 17.
    Teng, W.C., Chou M.C.: Mining Communities of Acquainted Mobile Users on Call Detail Records. In: Proceedings of SAC ’07, Seoul, Korea, ACM, New York, 11–15 Mar 2007Google Scholar
  18. 18.
    Wu, B., Ye, Q., Yang, S., Wang, B.: Group CRM: A New Telecom CRM Framework from Social Network Perspective. In: Proceedings of CNIKM ’09, pp. 3–10. ACM, 6 Nov 2009Google Scholar
  19. 19.
    Weiss, S.M., Indurkhya, N.: Predictive data mining: a practical guide. Morgan Kaufmann, California (1998)Google Scholar
  20. 20.
    Xu, J., Chen, H.C.: Fighting Organised Crimes: Using Shortest-path Algorithms to Identify Associations in Criminal Networks. Decis. Support Syst. 38(3), 473–487 (2003)Google Scholar
  21. 21.
    Xu, J., Chen, H.C.: CrimeNet Explorer: A Framework for Criminal Network Knowledge Discovery. ACM Transactions on Information Systems 23(2), 201–226 (2005)Google Scholar
  22. 22.
    Zaman, Turkish Daily Newspaper (news in Turkish about terrorist attack in Istanbul, TR). Accessed 7 May 2009

Copyright information

© Springer-Verlag/Wien 2011

Authors and Affiliations

  • Fatih Ozgul
    • 1
  • Ahmet Celik
    • 2
  • Claus Atzenbeck
    • 3
  • Nadir Gergin
    • 4
  1. 1.Faculty of Computing, Engineering and TechnologyUniversity of SunderlandSunderlandUK
  2. 2.Diyarbakir A. Gaffar Okkan Vocational SchoolTurkish National PoliceDiyarbakirTurkey
  3. 3.Institute of Information SystemsHof UniversityHofGermany
  4. 4.Diyarbakir Police DepartmentTurkish National PoliceDiyarbakirTurkey

Personalised recommendations