Annex 9: BULK DATA CASE STUDIES (7.27 above)
Case Study 1
1.
Since HMRC started using interception to support investigations into MTIC fraud, the
level of attempted fraud has reduced substantially from an estimated high of £5 billion
in 2005/2006 to an estimated current figure of £750 million.
2.
In the late 2000s, bulk data enabled GCHQ to trigger a manhunt for a known terrorist
linked to previous attacks on UK citizens. At a time when other intelligence sources
had gone cold, GCHQ was able to pick up the trail by identifying patterns of activity
online believed to be unique to the suspect. Follow-up searches of bulk data provided
further leads for the investigation. This work in turn highlighted links to extremists in
the UK. Through a series of arrests, the network was successfully disrupted before
any attack could place.
Case study 2
3.
In 2010 GCHQ analysts identified an airline worker in the UK with links to al-Qaida.
Working with the police, agencies investigated the man, who it transpired had offered
to use his access to the airport to launch a terrorist attack from the UK, and pieced
together the evidence needed to successfully convict him. This individual had taken
great care to ensure that his extremist views and plans were totally concealed in his
offline behaviour, meaning that this investigation and conviction would have been
highly unlikely without access to bulk data.
Case study 3
4.
Sometimes, because of the international nature of al-Qaida inspired terrorism, bulk
data is the first and last line of defence. In 2010, an intelligence operation identified a
plot which came right from the top of al-Qaida: to send out waves of operatives to
Europe to act as sleeper cells and prepare waves of attacks. The intelligence specified
unique and distinctive communications methods that would be used by these
operatives. GCHQ, in partnership with many other countries, was able to identify
operatives by querying bulk data collection for these distinctive patterns. This
international effort led, over a period of months, to the arrest of operatives in several
European countries at various stages of attack preparation – including one group
literally en route to conducting a murderous attack.
Case study 4
5.
In April 2011, GCHQ intelligence uncovered a network of extremists in the UK who had
travelled to Pakistan for extremist training. Whilst the targets were abroad, GCHQ
analysis revealed that the group had made contact with al-Qaida. When the group
returned to the UK, intelligence suggested that they aspired to conduct an attack,
possibly using Improvised Explosive Devices (IEDs). In April 2012, the group was
arrested and later charged (in April 2013) under Terrorism Act 2006 s5, for which they
received sentences ranging from 5-16 years in prison.
337