In our previous white paper on open-source intelligence, we introduced the term OSINT and talked about how important and powerful it is for your investigations.
To mention it again: many estimates show that 90 percent of useful information collected by intelligence services comes from public sources, so-called OSINT sources.
Social media intelligence (SOCMINT) is a powerful subcategory of OSINT.
SOCMINT refers to information that comes exclusively from social media platforms. Resources available on social media sites can be either public (e.g. public posts on Facebook, LinkedIn, or Twitter tweets) or private (e.g., private messages on Facebook or posts shared with friends). As private information is not accessible without permission, it is not our focus for today.
In this white paper, we introduce you to the term SOCMINT and show you some basic ways of collecting information from well-known platforms. You will get an overview of global and local social media platforms that are of interest to your social media investigations. We will finish the white paper with a discussion if the proposed ways are efficient and feasible, and will show what we do to eliminate some of the disadvantages.
The goal of this white paper is not to show you all possibilities, but to give you a more generic overview.
There are decisive advantages of SOCMINT compared to other OSINT strategies:
It can be argued that information on social media is even closer to the action.
You should remember the downing of MH17 in 2014. Bellingcat published an article with a detailed MH17 analysis. The authors used a lot of Twitter tweets and linked images to reconstruct what might have happened.
Regardless of whether you are investigating insurance fraud or conducting other analyses: Keep an eye on social media.
They often give a broader view of what is happening as shown in our article on Covid-19 in Yemen. Good friends of ours, use SOCMINT to enhance their cyber threat intelligence capabilities.
The information available on social media sites can be divided into two groups:
However, before we start with some examples, it is important to understand the different types of social media platforms.
There are hundreds of social media platforms, and new ones are launched every week. Many Internet users refer to any social media platform as a social networking site.
Although this is not wrong, we should distinguish between the two terms. The social media platform is the main category and can be grouped into the following subcategories:
The services mentioned enjoy varying degrees of popularity. Russian and Asian people use other social media platforms than Americans or Europeans.
One of the first news about Kim Jong Un’s Dead was spread through Weibo on April 24th, 2020. Only after that did the news spread like wildfire on Twitter.
For this article, we will limit our examples to Facebook and Twitter. However, we will also mention other national social media sites that are popular within their societies.
Facebook is the most popular social networking site with the largest active user base on Earth. According to Statista, Facebook has currently more than 2.5 billion active users worldwide. You will have a lot of material for your social media investigations.
Until 2019, Facebook offered an advanced semantic search engine to locate anything within its database by using natural English language phrases and keywords. It was an amazing search technology.
On June 6th, 2019, Facebook removed its Graph Search options, resulting in frustration for the OSINT community using it to search for specific information among the huge amount of public data available on Facebook.
Nevertheless, Facebook did not remove this functionality entirely from its system. Indeed, it makes it hidden as the user can still manually build Graph queries to search within the Facebook repository. This requires JSON and Base64 encoding and manipulating Facebook search URL to work as expected. For everyone interested in it, we can recommend the great graph article posted on Osintcurio.us.
After removing Graph Search functionality, Facebook has improved its keyword search. We at Traversals strongly advise you to begin using it for your basic social media investigations.
In many instances, it returns accurate results and you can refine returned search results using different filters, as shown in the following figure.
Twitter has a simple search functionality located on the upper side of the screen. You can use it to run some basic searches against the Twitter database.
As shown in our article on data leakage detection, Google Dorks can help you to refine your search. A similar strategy can be applied to Twitter by using its search operators. These allow you to run deep-dive searches and to get closer to the needle in the haystack.
The best place to begin your Twitter search is to go to the Twitter Advanced Search which allows you to tailor search results to specific date ranges, people, and more.
In the following, we will explain the operators with some practical examples.
Keep in mind that single search operators can be incorporated with other criteria to create more advanced search queries and to find related tweets more precisely.
Here you can see a shortlist of examples focusing on Covid19:
Please note that you can combine more than one Twitter search operator to conduct a more precise search. For example, type “COVID19” from:WHO -Filter:replies lang:en to get only the tweets containing the exact phrase OSINT from the user World Health Organization (WHO) that are not replies to other users and in the English language only.
There are hundreds of active social media sites in the world today. Many of them are popular in their societies and target non-English users. The following drawing shows more social media sites that must also be considered when conducting social media investigations.
There are other country-specific social media services which are not listed:
You got a fast overview of basic social media investigations. As you could see, it is extremely important to define a context using additional filters and operators. In practical use, this results in several difficulties that are often not mentioned when dealing with SOCMINT:
Do you feel confident now and do you think that this is efficient?
We presented a shortlist of social media platforms for your investigations. You have to ask yourself whether you have enough knowledge and personnel to run SOCMINT investigations and to follow the best practices.
At Traversals, we constantly try to give you more capabilities. Our Federated Search provides one powerful interface to the above-mentioned services. It is not necessary to call the services separately which would be very inefficient, as explained in our blog post and includes machine translation for both keywords and results. In our Data Fusion Platform, we spent a lot of effort on automating most of the procedures to increase efficiency.
It can be said that our SaaS-based Data Fusion Platform is self-learning in order to provide analysts with the best possible support. After doing some assisted searches against various social media platforms, you can automate the collection process to always get the latest information.
Copyright © 2021, Traversals Analytics and Intelligence GmbH. All Rights Reserved.