This website uses cookies

To provide the highest level of service we use cookies on this site.
Your continued use of the site means that you agree to their use in accordance with our terms and conditions.

Insights

SOCMINT – or rather OSINT of social media

TOMASZ TURBA

October 15, 2022

SOCMINT is the process of gathering and analyzing the information collected from various social networks, channels and communication groups in order to track down an object, gather as much partial data as possible, and potentially to understand its operation. All this in order to analyze the collected information and to achieve that goal by making the right decisions using the largest possible number of collected and validated data.


This is how we could close the definition by the open-source intelligence (OSINT) branch. Moreover, SOCMINT is also used as a marketing and social analysis tool – to understand the impact of the so-called influencers on the environment of a given portal or the entire society of followers. Thanks to the analysis of the behavior of observers, companies, influencers or social media portals themselves, they are able to influence the emotions, sentiment of the user and predict their behavior. Such analysis prioritizes the right decision in regards to the content that is going to be “served” to the user. What they read, like, watch, what they spend the most time on, what they click on, what they close. In other words – the mechanisms of machine learning and big data analysis mean that the user almost always receives what is of interest in the form of content and in terms of the selection of advertisements. For example, a person who is interested in animals will be bombarded with profiles and posts related to the tag #animals #cat, etc., and content completely different – e.g. politics, will be served to a limited extent.


The principle of operating and collecting data in SOCMINT is the same as in the case of OSINT – data is collected in an active way (interaction with the object) or passive (no interaction) from public and private accounts registered on social media. The collected data includes: news, posts, signatures, photos, videos, contact and address details, tags, a watchlist, a list of followers, but also… reactions, comments and audience reach (number of further shares).


We must pay attention to the important issue which is the randomness of social profiles. Each person wants to share their content and interact with the mechanisms of a given portal in a different way. For example, Ms Kate will not want to share anything publicly, but only to a group of her trusted and known 100 friends, while Ms Yvonne will gladly share her profile publicly, making a virtual acquaintance with 20,000 people with whom she does not know 98% of them. In the case of Ms Yvonne – the identification and analysis of data is a bit easier because collecting comes down to the classic definition of an open-source intelligence. Data leakage is not a case here, as it is shared by the owner themself, who agrees to use the social networking site for their own ego, or maybe for profit.



DANGERS OF SOCIAL NETWORKS



However, what all social networking sites have in common is their open access to communication between users. The likelihood of an information leakage has increased significantly, making social networks the new point of interaction for fraudsters to execute attacks. The most common ones include social engineering, phishing, direct phishing, but also infection, as shown in Fig. 1. You can learn about all these methods and how to defend yourself during the training “How not to get exposed to cyber criminals”.



Fig. 1. An example of phishing on LinkedIn portals combined with an infection attack after entering a malicious link, source.


SOCMINT analytics on social media plays an important role in providing data to algorithms that are used to make important decisions about people’s lives, including decisions such as availability for loan, work or rent. Information about some users is publicly available through posted photos and videos. Thus law enforcement can as well obtain this information if allowed, which is the essence of the concept of open-source intelligence. For example, a single image posted on a social network may contain geolocation metadata, camera serial numbers, the time the photo was taken and even the location of the sun at that moment.



CLASSIFICATION OF SOCIAL PORTALS



The extensive world of OSINT / SOCMINT tools is evidenced by the fact that special portals are often created with ready tabs for tools supporting a given category of analysis. For example, one of them is start.me which specializes in photo analysis collection (author: I. Bederov). What is worth paying attention to, is that such collections are classified by the search and analysis category, and not by a given social media portal, but this is not a rule.


Below we present the division of social networks according to the main functions:


  • social networking – allows you to interact with other people in the private and business (brands) area in order to share content. This group includes Facebook and LinkedIn;
  • sharing photos – the main rule is sharing photos between users. This group includes Instagram and Flickr;
  • video sharing – the main rule is to share videos of any length. The main portal is YouTube, but Facebook and Twitter also offer this service today;
  • video-reels sharing – it is also sharing video materials, but usually in the form of shorter materials, called “Reels”. The undisputed king in terms of popularity is the Chinese TikTok;
  • microblogs and news telegrams – posting short information or linking directly to another source. Due to the speed of communication, Twitter is the most common example;
  • Internet forums – one of the oldest types of social-media, but still popular. Reddit and 4chan are most common; 
  • gaming and streaming platforms – portals supporting gamers, enabling them to play live and stream to the community;
  • pins – a place where we can collect various data collections, for example in the form of inspiring photos in one category, such as “kitchen furniture”. The representative is the Pinterest portal;
  • finance support  – taking into account the fact that currently the number of views and interactions with the material is not sufficient for reasonable financing, portals have been created to support and promote people who will be the called “patrons” of the content creator. An example is Patronite, or paid blogging – Medium;
  • matrimonial purposes – most often referred to as “dating sites”. The most popular social messenger today is Tinder.

  • As we can see, the list is only a narrow example of the most popular portals, but it is worth knowing that there are many, many more. However, the fact that a given portal is popular makes it easier for analysts to access and create tools. Many processes can be automated to obtain a ready set of data for development. An example of a large OSINT fusion that supports the analysis of social networking sites is Maltego tool available in the Community version for free after registration, shown in Fig. 2.



    Fig. 2. Screenshot of captured data in Maltego tool.


    HOW TO CHECK YOUR SAFETY?


    First of all, each of us should answer the question of where is their privacy limit. What they want to share, what is the reason for this need and what is the danger. A different answer will be obtained from a private person who wants to have contact with family and friends through such a portal, and a different one from a person who gains material benefits from the development of their social network.


    Nevertheless, each of these people can independently verify what they share outside the group of trusted people on the given portal. For this purpose, it is only required to save the URL address to the profile, log out of the portal and try to enter it without logging in. If someone does not want to log out, they can open a Private Mode in the browser (keyboard shortcut CTRL + SHIFT + P in Mozilla Firefox or CTRL + SHIFT + N in Google Chrome). For people who value their privacy, the view of their profile on Facebook should be similar to Figure 3.


    Fig. 3. Public profile displayed without logging into Facebook.


    What if we notice that we share too much? For example, Facebook has a tool that limits the visibility of previous posts. The Privacy Center is available at this address after logging in. Another important method of protection is active prevention in the form of self-monitoring. How to learn it?


    Other Insights

    Helping secure DOMPurify

    MICHAŁ BENTKOWSKI

    December 21, 2020

    Within last year I shared a a few writeups of my bypasses of HTML sanitizers, including: > Write-up of DOMPurify 2.0.0 bypass using mutation XSS > Mutation XSS via namespace confusion – DOMPurify < 2.0.17 bypass While breaking sanitizers is fun and I thoroughly enjoy doing it, I reached a point where I began to think whether I can contribute even more and propose a fix that will kill an entire class of bypasses.

    Pyscript - or rather Python in your browser + what can be done with it

    Michał Bentkowski

    September 10, 2022

    A few days ago, the Anaconda project announced the PyScript framework, which allows Python code to be executed directly in the browser. Additionally, it also covers its integration with HTML and JS code. An execution of the Python code in the browser is not new; the pyodide project has allowed this for a long time...

    Art of bug bounty a way from JS file analysis to XSS

    jAKUB żOCZEK

    July 1, 2020

    Summary: During my research on other bug bounty program I've found Cross-Site Scripting vulnerability in cmp3p.js file, which allows attacker to execute arbitrary javascript code in context of domain that include mentioned script. Below you can find the way of finding bug bounty vulnerabilities from the beginning to the ...

    Any questions?

    Happy to get a call or email
    and help!

    Terms and conditions
    © 2023 Securitum. All rights reserved.