Open Source Intelligence: What Social Media Can Tell Us

14 February, 2020

Matt Burns

Open Source Intelligence: What Social Media Can Tell Us

Open source intelligence is a hugely valuable data source. And the information we freely give away on social media forms a key part of it.

From one profile, a person’s name, online pseudonym, geolocation and social network can be gathered in seconds. But for the most part, this stays as raw data.

Law abiding citizens nurture their profiles free from the gaze of the authorities. On the other hand, criminals do not.

Their social media is mined for potential clues which can connect them to crimes. And it’s an incredibly fruitful law enforcement technique.

What is open source intelligence?

Open source intelligence (OSINT) is data gathered from the open internet for intelligence purposes. The data is accessible by anyone.

Open source intelligence need-to-knows

  • Open source data accounts for a tiny proportion of the internet’s data

99% of the information held on the internet is on the Deep Web. Though some of the information held there can be considered open source, much of it can’t. For example, you can’t find information held on the Dark Web on search engines. This is a highly encrypted component of the Deep Web where key identifiers like the DNS and IP addresses are removed.

  • Law enforcement leverages OSINT to protect people from a variety of crimes

Open source intelligence often provides investigators of sexual exploitation, identity theft, drug crime, trafficking and more with important clues. Keywords and images that appear on the open internet can help law enforcement to apprehend suspects before their crimes escalate.

Why is social media such an important open source intelligence resource?

Billions of people have profiles on social networking sites. And a significant percentage of them upload content underpinned by rich data. For example, a single image posted to a social networking platform can include geolocation, metadata and camera serial numbers.

That’s not to say social media intelligence is comprehensive. After all, it only represents a minute portion of the data held on the internet.

However, social media intelligence is actionable and often progresses criminal cases towards positive conclusions. This is because, by connecting fragments of data, law enforcement can work out a suspect’s whereabouts and activities.

Aside from images, these data fragments can come from videos, location check-ins and tags from different social media platforms.

Example One: Social media open source intelligence

A simple example of open source intelligence gathering through social media is as follows.

Let’s say an investigator is doing some background research on a person of interest. They Google the person’s name to work out their digital footprint and potentially incriminating sources of evidence.

Their checklist of questions would include:

  1. Is the suspect active on Facebook?
  2. Is the suspect active on Twitter?
  3. Is the suspect active on Instagram?
  4. Does the suspect have a personal blog?
  5. On these platforms, does the suspect have their location settings turned on?

After answering these questions, the investigator would check if any of the intelligence correlated with the crime they’re investigating.

Example Two: Social media open source intelligence

A second, more detailed, example would be when an investigator is focusing on a particular piece of evidence. Let’s say in a child sexual exploitation case.

The investigator is trying to verify the whereabouts of the person of interest on the day the crime was committed.

The piece of evidence is an Instagram photo of the person of interest. In the background, there’s an apartment block and a petrol station.

The photo was taken on the day the crime occurred, but no geolocation data can be extracted from it. Further, the person in question has given no indication of their whereabouts on their other social media platforms.

The investigator must figure out if the person of interest was in the vicinity when the crime took place. So, by using Google Maps, they identify locations where petrol stations and apartment blocks are in close vicinity in the city.

They narrow down their search to the specific chain of petrol stations featured in the original image. This leaves them with three results.

Next, on Street View, the investigator tries to recapture the angle of the person of interest in the photo. However, on the first two sites, it’s impossible to capture both landmarks in the same frame.

But the third photo of the suspect corresponds with Street View. This proves that they were in the area on the day of the crime.

Can open source social media intelligence be leveraged on the Dark Web?

Yes, open source social media intelligence can be leveraged in Dark Web investigations. This is achieved by matching device properties and metadata found on the surface web with corresponding data on the Dark Web.

CameraForensics collects and indexes open source images to help law enforcement safeguard victims of child sexual exploitation. By providing powerful BigSearch functionality, inclusive and exclusive filtering and Exif parameters, we empower investigators to drill into data. This helps them to deanonymize perpetrators and keep citizens safer.

What is closed source intelligence?

As you might guess, closed source intelligence is the opposite of open source. It refers to data sources with restricted access that can’t be retrieved by the public. For example, LEA recording systems or confidentially shared material between partners.

What does SOCMINT stand for?

SOCMINT stands for Social Media Intelligence. This is the act of monitoring, analysing and exploiting data available through social media networks. SOCMINT tools and solutions are specifically designed to perform this type of analytics on these platforms.

What are the main benefits of SOCMINT?

The use of social media for criminal investigations and gathering intelligence can have huge advantages. The main benefits of SOCMINT to LEAs and investigators include:

  1. Relevant data: Social media has both historical and recent data which is consistently up to date.

  2. Real-time intelligence: Online social networks (OSNs) provide real-time updates and information which can be valuable for ongoing events.

  3. Initiates intelligence lifecycles: Information learned on social media can be a springboard for other forms of information gathering or analysis.

  4. Open source: Agencies can access intelligence more easily. It also facilitates partners to collaborate through the same sources of information.

  5. Large databases: Agencies can access and collect more data. With more to analyse, it’s easier to identify trends and patterns. This helps the analysis of individual groups and enables the monitoring and predicting an offender’s modus operandi.

  6. Low-cost: Compared to other forms of intelligence gathering, such as HUMINT, SOCMINT is relatively cost-efficient and also low risk.

Although there is a wealth of positives when it comes to SOCMINT, there are some key considerations to keep in mind in order to make the most of this intelligence:

  • Reliability: Publicly created data isn’t necessarily accurate.

  • Privacy: Although open source, agencies need to be mindful when using SOCMINT of an individual’s rights or an OSNs privacy regulations.

  • Validity: When being processed, SOCMINT needs to be validated using tools that meet evidence standards. OSNs can often alter or remove image metadata and affect image quality, so not all assets acquired through social media can provide value.

  • Processing: Data gathered from social media needs to be processed into actionable intelligence before it can be used in an investigation. For example, an image from social media, once validated, can then be processed using the CameraForensics platform to gain Exif data and more.

What is the best way to gather SOCMINT?

SOCMINT technically falls under open-source intelligence, but some profiles on OSNs are private and others have certain viewing restrictions. This introduces elements of closed source intelligence techniques.

For public forums, it is easier for law enforcement, investigators and private agencies to gather information as long as they adhere to the network’s privacy policies, GDPR and Regulation of Investigatory Powers Act (RIPA). In the case of private pages or accounts, authorities may have to acquire a legal warrant or order to access this data.

Here are some examples of SOCMINT methods authorities could use:

  1. Manual search: Authorities or investigators can navigate through OSNs or a search engine manually to discover threat intelligence. This would often involve having a specific target or strategy in place.

  2. Search and collection tools: There are various online tools and platforms that can help authorities search and gather data on OSNs. Many are focused on specific types of data and some may provide additional insights. Paliscope, for example, help investigators search, collect, organise and sort through large amounts of data.

  3. Analysing tools: There is also the metadata of OSN content to consider. Tools, such as the CameraForensics platform, can analyse Exif metadata behind digital images found on social media. This provides additional data about an image, such as the time and location it was taken.

Ultimately, while there is the option of navigating through OSNs manually to discover threat intelligence, there are many online services which can help authorities search and gather data on OSNs in a more efficient manner.

RELATED: What AI means for open source intelligence operations

How is the field of SOCMINT likely to develop for CSE?

There are increasing amounts of CSE material being circulated through OSNs. This could be due to criminal groups sharing images, or even well-meaning individuals sharing explicit imagery either in shock or to ‘raise awareness’.

The increase of social media activity brings with it a rise in criminal activity online. But it can also be exploited for good by authorities. The more data they have available to them, the better equipped they are to perform investigations. In tandem, the development of the right tools to aid this kind of investigating is essential.

Agencies, such as NCMEC are already making progress. They use information found online to identify potential locations of this activity and pass it on to the authorities. We are also continually developing and collaborating with our partners to develop our platform of tools to keep up with the evolution of online crime.

YOU MAY ALSO LIKE: Big data and the prevention of child sexual exploitation

Please get in touch to see how the CameraForensics platform can help you

Subscribe to the Newsletter