If you were to guess what the world’s most popular social media platforms are, a few big names probably come to mind: Facebook, Instagram, Twitter. However, there are plenty of other heavily active social media sites around the world that many of us have never heard about.
Social media users publicly post a wide variety of content through social networks, making these platforms a valuable data source for quick access to threat intelligence and situational awareness around the world. In this context, Facebook and Instagram’s popularity probably seem like the most valuable sources of threat intelligence for public safety officials and security teams.
In reality, Facebook and Instagram are inaccessible sources of public data—and much of the online data related to security incidents or exposed by threat actors is more readily available on less well-known networks. For these reasons, data discovery tools, such as Echosec, do not use data from Facebook or Instagram directly.
This article explores why Echosec doesn’t gather data from Facebook or Instagram, and why other providers are as, if not more, useful.
Why doesn’t Echosec use Facebook or Instagram?
In March 2018, news broke that the political consulting firm, Cambridge Analytica, had collected and used Facebook user data to inform political campaigns. This data was exploited without user consent, violating user data rights and privacy.
Long before the scandal, both Facebook and Instagram had begun tightening their security settings to disallow broad monitoring. That means data aggregation platforms, including Echosec, have not had terms-compliant access to these data providers since 2016. Compliance and ethics are at the forefront of Echosec Systems’ mission and product design—the platform only collects public data in compliance with each data provider’s acceptable use policies, as well as acceptable use policies to comply with regulations such as the GDPR.
If an Echosec user has access to Twitter as a data provider, Facebook and Instagram content is aggregated only if the content was publicly cross-posted to Twitter.
Why are Facebook and Instagram less important than other providers for finding threat intelligence?
Facebook and Instagram, being two of the most actively used social media platforms, contain large amounts of data that provides immense value for marketing purposes. This is probably why Cambridge Analytica centred on Facebook to provide data for informing political marketing campaigns.
However, as far as social media threat intelligence goes, Facebook and Instagram are not particularly useful data providers: information that indicates physical security concerns or digital threats tend to be hidden on the more obscure and less-regulated social media platforms.
Here are some examples of these more obscure providers, and their value to social media threat intelligence:
4chan is a forum or imageboard site where users can post images and text anonymously. It’s most popularly used in the United States and has 22 million active users worldwide. 4chan threads expire after a short time period. This feature, combined with the site’s anonymity, means that open expression is prevalent—and this includes threatening and offensive content that could be useful for detecting actionable intelligence for public safety officials.
Reddit is an online forum and news aggregator with almost 300 million active monthly users worldwide. Users have personal, pseudonymous accounts, unlike 4chan. Content is “upvoted” and sorted by popularity. Reddit’s sub-communities, or subreddits, cover almost any topic imaginable, making it a valuable data source.
Raddle is another online forum where users can share text, images, and links. Raddle is unique in its stance towards anonymity: users can share content without tracking, ads, user-profiling, or collection/sharing of data or IP addresses. Raddle is also known for containing chatter related to physical threats, such as their infamous shoplifting forums. Raddle has about 600,000 active monthly users around the world, and is popular in the US, UK, and Canada.
Discord is a voice over IP and messaging program with an interface that looks like a Facebook and Slack hybrid. The platform has been associated with cyber bullying, organizing alt right rallies, adult content, and illegal activity such as narcotics use (e.g. drug cocktail how-to’s), making it extremely useful as threat intelligence source. Discord has over 40 million active monthly users and is popular in the United States.
Telegram is a secure cloud-based messaging service similar to Whatsapp. The application is known for its security, cloud storage, bots, multi-platform support, and channel functionalities. 15 billion messages are exchanged via Telegram daily. While most of this content is innocuous, Telegram is also used to discuss or conduct illegal activities around the world, such as drug trafficking and phishing.
VK, also known as Vkontakte, is a Russian-based social network much like Facebook. Almost 100 million active monthly users use VK to connect with others, share files, music, photos, and videos. Even though VK is a Russian-based site, it has active users around the world, and is one of the world’s most visited sites. Echosec users might be surprised at how often VK content shows up in North American location-based searches. The site’s large user base, combined with the variety of content available, makes it a valuable data source for information security teams.
Social media data is useful for detecting a number of threats:
- Physical security risks and targeted attacks
- Illegal activities, such as narcotics use and sales
- Data breaches
- DDoS attacks
There are a number of social platforms used around the world that offer public safety officials quick access to active online threat discovery. Facebook and Instagram are not accessible to data companies seeking social media threat intelligence, due to data privacy laws. However, these social media giants aren’t actually necessary data sources for finding actionable intelligence—threats tend to be more prevalent on lesser-known networks.
To keep up with threat intelligence across providers around the world, public safety officials and security teams must have access to tools that provide early alerting. Machine learning and geofencing technology allows security teams to access social media threat intelligence across 17 different data providers (excluding Facebook and Instagram!) via Echosec.