Online public-facing content is growing exponentially. And, while most of this data is benign, some online hubs contain critical information for the safety and security of individuals and organizations. In order to develop an effective intelligence strategy, analysts and security teams must be pulling information from this vast quantity of data. The question is, which social media networks should you be monitoring? For organizations to protect themselves against internal and external threats, speed-to-information is key. The most effective security strategies involve gathering, filtering, and analyzing data faster.
Open source intelligence (OSINT) refers to information discovery via public data sources for a specific purpose. Security professionals use OSINT to help protect assets, prevent loss, expose fraud, detect data breaches and criminal activity, and ensure the safety of their team and customers.
So, where should you look for open source intelligence? With so many networks to cover, data aggregation platforms like Echosec have become essential tools for data discovery and threat intelligence. Basically any place where people go to connect and communicate is a place for potentially malignant behaviour. In this post, we’re outlining the networks that should definitely be on your data sources checklist, and why.
Micro-Blogging, Photo, and Video-Sharing Networks
Most networking platforms are simple to use and accessible to anyone with an email address. They are rich data sources for OSINT discovery, utilized by artists, businesses, content creators, and people just wanting to connect and socialize.
Twitter - Everyone’s heard of Twitter. Here, users post short, candid, real-time information (tweets). Twitter is an important network to watch for breaking news and when monitoring current events. Read: 5 Industries That Are Using Twitter Monitoring Tools to Get Ahead.
VK - Vkontakte is a social network you may not have heard of, but it’s the 9th most visited website in the world. VK has minimal search restrictions and is one of the most popular social networks in Russia, working very much in the way Facebook does. VK has many valuable data returns for threat detection and security. Read: What is VK and Why Should You Care?
Tumblr - Tumblr is where social media and blogging overlap and its public-by-default feature makes it a rich data source to explore.
OK.RU - Originally designed to help current and former classmates stay in touch, OK.ru has profiles, chats, discussion boards and other public forums where people can communicate.
What about Instagram and Facebook? In 2016, Facebook tightened their security settings and no longer allows broad monitoring of their networks. That means data aggregation platforms can no longer access posts from these providers; however, some platforms (Echosec included) return Instagram and Facebook posts that are cross-published via Twitter. That said, although public Instagram and Facebook data provides immense value for marketing purposes, they are less desirable from a security perspective as most threats are more difficult to detect and tend to be hidden on the more obscure and less regulated platforms.
Photo and Video-Sharing Networks
Sourcing photo and video content can help security professionals gain situational awareness through the eyes of users on the ground during events, at certain locations, or during disasters.
Flickr - Flickr is a photo sharing platform that encourages connection. Flickr has geo-tagging and commenting features that provide great location-based data. Read: What is Flickr and Why Should You Care?
Vimeo - Artists and creators share, comment, and engage with others by following or viewing videos in curated channels within the Vimeo platform.
YouTube - The most popular video sharing network, YouTube allows users to upload, view, follow, and comment. There is a very diverse range of content and YouTube provides a deep source of data.
Snapchat - A mobile messaging app, Snapchat allows users to share pictures and videos (including live videos) that disappear after a short period of time. Snapmaps are a valuable resource for discovering breaking events all over the world.
Message Boards and Online Discussion Forums
Message boards and online discussion forums are used by people wanting to connect, learn or discuss topics. Within these platforms, there is ample opportunity for destructive behaviour and criminal collaboration, planning, and strategizing. Security and safety teams have been able to predict events or activities before they occur by monitoring online discussions.
Reddit - An extremely popular social news, content, and discussion website, Reddit allows users to be pseudonymous and divide into specific subreddits. Read: What is Reddit and Why Should You Care?
Raddle.me - Made by users who revolted from Reddit over bans on certain subreddits, Raddle functions very much the same way, but with less restrictions. Read: What is Raddle.me and Why Should Retailers Care?
4chan - Simple, candid, and anonymous, 4chan is sometimes called the “underbelly of the internet." This provider allows users to post comments and share images. Not only is the 4chan platform completely incognito, but the threads expire after a short period of time making it an essential network to continually monitor for threats.
Discord - Originally designed as a way for the gaming community to connect, Discord has versatile chat, video, and voice capabilities where users can create “servers” or channels to discuss a wide variety of topics. What is Discord and Why Should You Care?
Telegram - Fast, secure and cloud-based, Telegram is a popular WhatsApp alternative. Users can exchange end-to-end encrypted messages between one another, in groups of up to 200, 000 people, and in channels with unlimited members. What is Telegram and Why Should You Care?
Social Journalism and News Aggregation Platforms
When developing an effective and well-rounded security protocol, it’s important to keep tabs on what’s happening in the world. Aggregating news sources can help you gain perspective when predicting and analyzing behaviour as well as getting alerts and gathering information on specific locations, current events, trends, and communities
Medium - An online publishing platform for amateur and professional writers. Users share blogs, articles, and stories. Medium encourages long-form, authentic content.
News - “News” is an aggregated news platform that Echosec created to provide comprehensive coverage of web data sets across multiple content domains. Aggregating posts from over 75 millions websites, blogs, forums, news articles, radio stations and historical data.
Other Areas of Interest
Pinterest - A visual search engine with high user engagement, used to curate “boards” for inspiration or education. Pinterest can be used to gauge brand sentiment and trends.
Wikipedia - A free online encyclopedia where anyone can contribute or view content. Users can collaborate to create and find regulated articles.
Dark Web - While not specifically an app or software platform, the dark web is a massive source of information for threat intelligence. Learn more about dark web discovery for threat intelligence here.
Where you look for information depends on what you want to find. Performing a basic surface web search through a platform like Google will return a relatively broad list of hits. There is an enormous amount of publicly available data out there. In order for any of it to be useful for threat intelligence, it must be aggregated and filtered quickly and directly from the sources themselves.
Discover how Echosec can find, filter, and deliver open source intelligence for you and your team.