In January 2021, fringe social networks were making headlines. The United States Capitol had just been breached, then-President Donald Trump had been banned from Facebook and Twitter, and people were migrating en masse to alternative platforms—some of which were growing in the order of 2.5 million users weekly.
This surge might seem like old news. But effective enterprise security teams know that monitoring fringe social media is not only an ongoing effort but one that is now essential to protect their organizations from harm.
Fringe social networks—which include social networks like MeWe and Parler, as well as message boards, chan sites, and deep web forums—are marked by permissive content policies unlike those on mainstream social media. While fringe social media content is often harmless, it can also enable extreme, harmful, and illegal activities.
What do fringe social media threats look like for enterprise security, and how can security teams stay ahead of them?
1. Violent Planning and Leakage
We now know that the Capitol Hill insurrection was planned openly on alt-tech prior to January 6, 2021. This kind of open planning is not a one-off event: more recently, a Texan man pleaded guilty to a bomb plot targeting Amazon data centers after posting about it on the far-right social media site My Militia.
We also know that, thanks to research from The Violence Project, social media is involved in almost one of four mass shooting events. This often manifests in expressions of harmful intent known by threat assessment researchers as “leakage.”
Enterprises may be targeted in these planning discussions if they have any reason to contradict extremist worldviews. For example, according to CSIS, a majority of right-wing terrorist attacks between 2015-2020 were racially motivated, targeting individuals of specific ethnic backgrounds. Enterprises possessing minority leadership or a progressive social justice stance may become targets—and the past has shown that these discussions can escalate into real-world violence.
2. Misinformation and Disinformation
Misinformation (misleading content spread without ill intent) and disinformation (content intentionally created to spread falsehoods is typically associated with undermining nation-states. But disinformation also targets the private sector.
This could manifest as a news article targeting a company’s reputation, deepfakes portraying an executive, or brand impersonation to scam customers and employees. Enterprise-targeted disinformation is often used to extort data or money, undermine a company’s or industry’s reputation, manipulate the market, or damage brands whose politics conflict with the adversary.
This type of content often originates on fringe social networks where lax content moderation allows the untethered spread of fake news and accounts. While disinformation can reach a larger audience on mainstream platforms, fringe social media sites are valuable for early detection and mitigation.
3. Data Leaks
Cybersecurity professionals rely on threat intelligence feeds for early breach detection. These feeds alert security teams to red flags like unusual network traffic or data disclosure on dark web forums and paste sites. But threat actors also use fringe social media to disclose private data—like Nintendo’s gigaleak, which was first exposed on 4chan.
Data disclosure, hacking discussions, and hacking solicitation are also rampant on unindexed networks like Telegram and deep web forums. These networks are more accessible and have wider audiences than dark web leak sites.
4. Fraud and Theft
This accessibility means that other enterprise security threats have migrated from the dark web to fringe social networks. These sources are useful for anti-fraud and loss-prevention teams who need to identify targeted risks to their organizations and respond before it’s too late.
They’re also useful for understanding more general tactics as threat actors use anonymized platforms to discuss, for example, the latest POS skimming hardware, shoplifting strategy, or financial fraud tactic. This information can help security teams address gaps in their physical and digital security systems to prevent fraud and theft attempts.
Addressing Fringe Social Media Threats
Addressing fringe social media threats can be challenging for security teams, who are already coping with data overload and shifting security priorities after COVID-19. Fringe social platforms aren’t always standard threat intelligence sources for physical and digital security teams. And those who do understand fringe social media threats may still struggle to integrate content into their security software for a number of reasons:
- Content on some of these sites, like 4chan, is ephemeral. Relevant data may already be gone by the time an analyst searches for it.
- Many fringe social platforms require account creation to join groups and view public content. Creating dummy accounts may be prohibited by certain organizations to avoid further security compromise.
- Searching within fringe sites is clunky and unlikely to return relevant data fast enough.
- Because of these factors, manually searching fringe sources for relevant data isn’t viable. Security functions rely on commercial web monitoring solutions to give analysts fast, searchable access to fringe content. However, many commercial solutions lack these data sources or provide limited coverage if they do.
- Alternative networks emerge quickly. Fringe social media threats can occur on sites that security analysts haven’t even heard of. Security teams may struggle to find solution providers that continuously grow their niche data offering and provide users with up-to-date guidance on these sources.
Without easy access to fringe social data, companies could overlook risk indicators that become legitimate threats. Depending on the threat, this could cause physical harm to customers, personnel, and property, or cost millions in data leak remediation. A delayed or misinformed response to physical and online crises can also have lasting impacts on a company’s reputation.
Enterprise security teams can prevent or mitigate damage by investing in threat intelligence software with fringe social media data coverage. Echosec Systems fills this gap by providing an intuitive Platform and API that helps security professionals find company mentions and social media threats across a range of alternative sources.
Fringe social media platforms seem to rise and fall on an almost daily basis. But for security teams, one thing is consistent: these platforms have a growing potential to compromise physical and digital assets. By prioritizing easy access to a range of these sources, your team can stay better equipped to find and respond proactively to fringe social media threats like data breaches and targeted violence.
Is your security operation missing out on key information?