OSINT and Social Media Investigations: The Perfect Combination

A photo shared when out with friends can easily reach thousands—if not millions—of people online. With our world becoming increasingly interconnected, the content we publish gives a vivid portrayal of our lives. This has changed how society fundamentally functions—some might argue for the worse, but that would be a one-sided way of looking at it. But with the good, so comes the bad, and malicious actors can easily exploit for their material gain the things you put up.

We’ve put together this article to illustrate how OSINT and social media investigations come together. With complementary workflows, the two fields fit together perfectly to create a powerhouse of investigation processes. Here, we will look at what social media investigations are, why we need them, and the various criminal cases where they can prove to be of immense value.

Let’s take a look!

What are Social Media Investigations?

To start off, there is a technical term for this kind of work—social media intelligence (SOCMINT). This is a sub-discipline of open-source intelligence, and while the workflows are similar, SOCMINT deals specifically with social media platforms. At a basic level, it refers to looking up profiles, checking comments and connections, and generally channeling the open data of networking platforms into actionable intelligence. And apps and sites such as Facebook, Instagram, LinkedIn, and Twitter are only the tip of the iceberg, because the more connected we get, the more social media investigations become relevant.

SOCMINT is a specialized field but its reach is pretty wide. While everyone engages in some form of social media intelligence at one point, such as looking up a new acquaintance to see if you have any mutual friends, doing it professionally is a different story. Entities such as government agencies, law enforcement agencies (LEAs), and private intelligence companies all use social media investigations to monitor suspects and inform strategic decision-making.

The Opportunities SOCMINT Provides

Social media has penetrated every aspect of our lives—so much so that whole industries have moved onto the platforms. For artists, it became a way to showcase their art and the bread and butter of influencers. What started out for many as a reaction to FOMO (the fear of missing out) is now something they check first thing in the morning. With this kind of comfortable fit into everyone’s life, it’s no surprise that some of these people are, in fact, malicious actors.

This means that sometimes, criminal activity may be hiding in plain sight. Enter SOCMINT. Its main strength is the ability it gives investigators to keep their fingers on the pulse of the public. After all, a huge amount of valuable information can be gathered from standard pieces of open content. For example, a regular photo can sometimes easily compromise sensitive information. Leveraging this aspect of social media activity, SOCMINT analysts can uncover patterns and relationships, which in turn can be graphically represented to give a clearer picture of an ongoing investigation.

Social media investigations provide various opportunities for investigators because of the fast-flowing nature of the platforms. These include:

Crowdsourced information. Citizens can act as civilian journalists, ensuring a better flow of information, which can be crucial in emergency situations and times of public unrest.

Research and understanding. Through public sentiment analysis and engagement reports, market researchers can stay on top of rising trends, and intelligence agents can gauge which way public opinion is leaning on a given topic.

Situational awareness. Sometimes social channels can get a hold of a developing situation faster than traditional news sources. The employment of SOCMINT can therefore provide investigators with an almost immediate picture of a given event.

Insight into groups. The real-time nature of social media allows researchers to stay ahead of the curve through public sentiment monitoring, gaining a deep understanding of possible criminal intent.

Identification of criminal activities. SOCMINT processes can be harnessed to flag up all kinds of illicit activity, while cases can be effectively developed with cross-referencing and connection analysis.

The Vast Landscape of Social Media

While they may be the first thing people think of when they hear ‘social media’, it’s important to understand that major social networking sites such as Facebook and LinkedIn are just a fraction of the whole picture. SOCMINT is concerned with all platforms, and information can come from all kinds of sources such as media sharing sites (Instagram, Pinterest, YouTube), forums (Reddit), microblogging platforms (Twitter), social gaming platforms (Xbox Live), and even home-made blogs using platforms like WordPress.

Even the barest profile from these platforms can give investigators something to get their teeth into: static profile information such as a person’s job title or employment history, connections and friends, metadata from posts, or the device used to take a photo can potentially open the floodgates for investigative progress.

The Current Climate of Social Media

To say that social media is popular would be the understatement of the century. A recent report by the cloud service Domo has revealed that every minute, Facebook users share 1.7M pieces of content, Twitter users send 347.2k tweets, and Instagram users post 66k photos. With such huge amounts of data being generated every day, conducting investigations can be like looking for a needle in a giant haystack. And the increase in users is only one side of the coin—the other is the proportionate rise in crime taking place through these platforms.

A Growing Number of Users

In the last 12 months alone, 137M new accounts have been opened on social media platforms, and as of January 2023, the worldwide user base had reached a staggering 4.76 billion people, with users spending an average of 2.5 hours per day on these sites. According to Statista, Facebook has the most users, which number 2.958B, followed by YouTube (2.514B), WhatsApp (2B), and Instagram (2B). Mind-boggling numbers, which testify to the colossal growth of the phenomenon.

Unfortunately, as the user base continues to grow, so does the number of bad actors. With illicit activity on social media platforms rising, the scale and variety of crimes migrating to the online realm are becoming ever more apparent.

However, with cases of harmful content being diligently monitored by social media companies, appropriate countermeasures are already being taken. By Q2 of 2022, Facebook had removed almost 18 million policy-violating pieces of content from its platform, including material related to bullying, harassment, and fraud—the number of circulating scams has gone through the roof.

In fact, the ballooning amount of scams has reached the point where it’s now become a mundane occurrence. In a survey conducted by Lookout, users reported seeing scams at least once a week on social media, with the rate of instances varying from platform to platform—Facebook was found to be in the lead at 62% and LinkedIn ranking last at 31%.

Increase of Social Media Crime

The surge in social media users has provided cybercriminals with new opportunities for expanding their activities. In 2022, Meta, the parent company of Facebook, identified over 400 malicious iOS and Android apps targeting mobile users to steal their Facebook login details. Many of these were photo editing apps, with some being utility oriented, claiming to offer hidden features that the main platforms do not provide.

Instagram is now getting popular as a middle market for the illegal drug trade, with many buyers and sellers finding it easier to connect and do business through the widely-used platform. According to an article by ABC News, one seller claimed that their daily sales tripled after moving online.

Meanwhile, FTC has reported that US consumers lost $8.8B to scams in 2022. This represents a massive growth of 30% when compared to 2021’s $5.8B loss. While phishing and ransomware attacks still top the charts, romance scams are proving to be a prevalent problem as well—costing Americans a total of $1.3B in 2022. Sweetheart scammers use the ploy of starting a fake "relationship" with their targets and requesting money for plane tickets or urgent health issues.

Global cybercrime is predicted to cost users a total of $8 trillion in 2023, and the role of social media in that number is significant. Online fraud has grown rapidly since COVID, driven by mass migration to remote work, and cybercriminals targeting employees to get their hands on sensitive corporate data.

Echoing the specter of the dot-com bubble at the turn of the century, the rise of crypto millionaires has resulted in an increase in investment scams. Fraudsters are preying on user hopes of making life-changing amounts of money with a well-timed investment. However, time and again, these ‘opportunities’ are showing themselves to be nothing more than pipe dreams, with over $2.5B in reported losses.

Challenges of SOCMINT

While social media intelligence can be extremely useful, it does come with its own challenges. The amount of data that investigators have to sift through can easily cause sampling errors, which happens when the selected information does not reflect the whole picture. Additionally, many users are finding it uncomfortable to share their information with the platforms following a series of data breaches.

Data Overload

Social media is like a river, and the never-ending stream of content can naturally become overwhelming for investigators. It is very easy to get the wrong picture of an investigation due to the high amount of potential leads and noise, which can result in poor decision-making. Specialized OSINT software allows investigators to cut through the noise and focus on the most relevant information.

User Identification

It seems reasonable to imagine that everyone would just create a single account per platform, and that would account for their whole social media presence. Sadly, the reality is more complicated than that. Fake profiles and bots are multiplying by the day, making it increasingly difficult for investigators to verify which accounts belong to real people and which don’t.

A remarkable 1/3 of US users reportedly have fake accounts on social media, and there is no single reason behind their creation. Whether motivated by a desire to share their thoughts without being judged or to spy on others, these phony profiles pose a significant challenge to analysts when trying to verify whether an account is legitimate. And this fact is compounded by the issue of bots. While the exact number of these nuisances is unknown, it is estimated that 22-65M exist on Twitter.

A Declining Trust in the Platforms

There has been a declining trust in social media companies, with many users hesitant to share personal information online or inclined to censor themselves. The reasons behind this mistrust come down to a couple of things.

In a recent survey by the Washington Post, 74% of respondents deemed the data collection for targeted ads conducted by tech giants as intrusive and unjustified. After the Cambridge Analytica scandal, which involved the company selling the information of 87M users, 72% of the participants have very little or no trust in Facebook, whereas Google's distrust level is at 47%.

Data breaches are another important grievance. With billions of users’ information being compromised, Facebook is leading in this category as well, resulting in many users being more careful about the type of content they publicly share on their profiles.

Applications of SOCMINT

Social media intelligence can be a deceptively far-reaching discipline. The impact it can have on investigations is immensely valuable, and not only restricted to combating online fraud. Cases from human trafficking to terrorism all benefit from the use of SOCMINT. Let’s take a look at a few cases where social media investigations can be a game-changer.

Brand Security

In today’s world, companies require a social media presence. In many cases, these platforms are their primary way of communicating with their customers. However, when cybercriminals hack and exploit a company’s influence to promote a scam—as happened in 2020 through Twitter—SOCMINT becomes a crucial tool to investigate, identify, and locate the culprits.

When Twitter introduced its premium blue checkmark subscription, brand impersonators could just pay a flat rate of $8 per month to have their fraudulent accounts verified. While the scheme was discontinued shortly afterward with stricter identity verification criteria, the damage it caused for many companies was in the billions. For instance, the pharmaceutical company Eli Lilly saw its stock value drop by 4.37% following a controversial tweet by a blue check-marked account impersonating the company.

Organized Crime

Social media investigations can enable agents to get a picture of the size of criminal enterprises and create a map showcasing members and relationships. This can be massively beneficial because it allows investigators to gather potentially incriminating evidence.

In 2014, the Italian police used social media intelligence to monitor the posts of suspected mafia members, following a 2-year long investigation they managed to arrest 95 people connected to the Palermo branch of the organization, essentially taking down two crime families.

Terrorism

While terror attacks are offline criminal acts, in recent years, terrorists have also shown themselves to be quite adept at weaponizing social media. However, intelligence agents can use the same platforms to monitor and potentially intercept acts of terror in real time.

The European Union (EU) has funded a research project geared towards using SOCMINT to combat online terrorism. Employing machine learning, the initiative is aimed at upholding citizen privacy while acting as an effective counter-terrorism tool.

Extremism

Monitoring content from extremist groups can enable investigators to stay ahead of the game when making decisions. Social media intelligence becomes an invaluable asset when dealing with this type of activity, as the metadata and other information that can be gathered from posts can aid in building cases and keeping tabs on individual actors.

Social media platforms such as Facebook and Twitter appear to be the preferred method by which many extremist groups attract new members and communicate. With these platforms playing an increasing role in radicalization, many organizations are keeping an active presence online.

Propaganda

Investigators can look into propaganda posts to identify ties with known threat actors and organizations. This enables agencies to monitor the propagandists and take measures to deal with the offending accounts.

Media manipulation is a growing industry. Researchers have found that some countries are spending $60M on companies that disseminate bots to create false impressions of political messaging.

Hate Speech Detection

Rumors and hate can spread like wildfire on social media. Through SOCMINT, investigators can deduce the sources and take action against growing unrest.

With India’s communal violence and riots between religious groups rising by 28% between 2014 and 2017, social media is being used to spread hate speech against minorities at an unprecedented rate. In one case, WhatsApp was used to convey rumors that led to the murder of one Muslim.

Fraud Prevention

With fraud more prevalent than ever, investigators are making use of networking platforms to quickly identify and track people who pose threats. Geolocation data and facial recognition solutions are especially instrumental in combating cybercrime on social media platforms.

Between 2017 and 2021, scams circulating on social media saw an 18-fold increase. With fraudulent ploys becoming ever more sophisticated, consumer losses reached an average of $770M in 2021. It is becoming increasingly important to show a healthy dose of skepticism when dealing with people online, especially when it comes to financial matters.

Money Laundering

SOCMINT can be instrumental in fighting financial crime. In many cases, communication happens through social media, as that is usually the platform threat actors commonly employ helpers. This in turn allows investigators to join the dots and identify groups engaged in money laundering.

With deceptive and sometimes not-so-deceptive ads, criminals recruit ordinary people to act as “money mules” for them. Transferring money into people’s bank accounts, only for them to transfer it to other accounts, acts as a layer of security against investigators. In the UK, 17k cases were identified that used these tactics, with 42% being between the ages of 21-30 in 2020.

Human Trafficking

With 83% of human trafficking incidents occurring through online solicitation in 2020, investigators can use SOCMINT to pick up on the signals and build cases against organizations engaging in these activities.

With the majority of victims being forced into sexual labor, human trafficking is still an ongoing problem. In many cases, the affected are minors who are tricked through various means.

Arms Trafficking

While arms trafficking is a crime people don’t associate with social media, like many other criminal activities it is moving to these popular platforms as well. Intelligence services can infiltrate private groups to fight these operations. The connectivity of the platforms enables agents to identify, track and intercept illicit trade.

When Venezuela banned the sale of small firearms between private individuals in 2012, the arms market moved to social media sites. In the span of a year, over 23k rounds of ammunition in varying calibers were sold through Facebook communities.

Due Diligence and Background Checks

Investigators can use SOCMINT to identify potential risks by conducting extensive background checks. The online connections of individuals have become instrumental in these operations, as even the subtlest affiliation with extremist groups, scammers, or other unethical activity can be identified.

With 71% of US decision-makers claiming that checking the social media profiles of candidates is effective in applicant screening, it is easy to see the effect our online presence can have on our lives.

Cryptocurrency/NFT Analysis

The cryptocurrency and NFT explosion during the pandemic caused an even bigger surge in criminal activity. With baseless and fraudulent claims of making investors rich, the losses started running into the millions. SOCMINT can be highly valuable in investigating many of these cases, as such scams tend to live and die on social media.

Cases of celebrity impersonation and phishing are widespread in the cryptocurrency and NFT sphere. Pump-and-dump schemes, which involve building excitement for users to buy into a project and then quickly selling everything at a massive profit, are also one of the tactics employed by crypto fraudsters.

Cyberbullying

With 59% of teenagers have experienced social media bullying compared to 33% of adults, the psychological effects can be devastating. Anxiety, depression, and suicidal thoughts are among the effects experienced by those who are victims of cyberbullying. The psychological toll it takes is significant, and at the same time, a staggering 87% of teenagers have witnessed cyberbullying. Social media intelligence techniques can be used to flag up and counteract such activities.

Social Media Investigations with SL Professional

Doing SOCMINT work manually can very easily become unmanageable. However, SL Professional provides a range of automated features that allow investigators to greatly accelerate the process, freeing up time and headspace for making the all-important decisions that can progress a case. In just a few clicks, all kinds of information become readily available, such as email addresses, phone numbers, social media handles, aliases, and more.

For example, let’s say that we are trying to identify Person A, and all we have is an email address. With SL Professional, we can run a search to find any social media profiles attached to that address. From there, we can branch out into other accounts that use the same name or are connected through other means and can start to form a picture of the subject’s online presence.

From just a few pieces of information, SL Professional allows us to create a complex web of relationships. In the above example, our input data was a single email address. This led directly to a LinkedIn profile, which in turn gave us a variety of other social media accounts, along with Person A’s location and friend list. From this point, it is a simple task to look into our subject’s connections and uncover a wealth of further information.

And that’s the end of our introduction to social media investigations. We hope you got a close look at how connected the field is with OSINT and how much they can enrich your investigations.