SOCMINT: social media as an Open-Source Intelligence

Introduction

In 1992, global internet traffic accounted for 100 GB per day (Cisco 2017), and in 2015, that number hit 15 billion GB per day. As the digitization of society and industry generate unfathomable amounts of data, pressures abound to use these data for better security. Intelligence collection is one of the oldest and important measures that have been taken up by the states to keep a tab on the enemy as well to secure oneself in the battlefield.  The states with strong intelligence have an upper hand whether it is during the time of peace or war. Throughout the early phase of Cold War period KGF of Soviet Union was one of the most feared Intelligence Agency.

States generally have their own intelligence agencies, which work together as part of an intelligence community (IC) to gather, analyse, and distribute information from both within the state and from outside it, also referred as foreign intelligence. The intelligence gathered usually contains information about threats to the nation, its people or property. As a result of recent advancements, threats presented by both state and non-state actors as well as cyber intelligence, counterterrorism, counterproliferation, and counterintelligence have also grown to be serious issues. Over the time with advancement in technology the sources for collection of information have likewise multiplied. While earlier Human (HUMINT) were trained and appointment by the States for the work, now with the advancement in the Science and Technology, Signals Intelligence (SIGINT, Imagery/Geospatial Intelligence (IMINT/GEOINT), Measurement and Signature Intelligence (MASINT), Open-Source Intelligence (OSINT) have as well come to be primary sources. The paper particularly focuses on OSINT with special emphasis on social media (SOCMINT), since it has blurred the line between Public and Private.

Open-Source Intelligence (OSINT)

Open-Source Intelligence (OSINT) refers to a broad array of information and sources that are generally available, including information obtained from the media (newspapers, radio, television, etc.), professional and academic records (papers, conferences, professional associations, etc.), and public data (government reports, demographics, hearings, speeches, etc.).Any information available in the open domain is the part of OSINT. It provides Strategic and cultural insight; it provides operationally helpful insight about infrastructure and current conditions and provides tactical vital commercial geospatial information that is not available from natural capability. All of this information can be collected from various sources like the media or any online available research that is accessible for mere education purpose. Media or news outlet works in war zone extensively and in live location warranting continues flow of information.

During Mumbai terror attacks of 26/11 the terrorist group could get access the information about location of the personnel surrounding the area through live media coverage of the event. While other form information collection may not provide immediate information, OSINT can act as an immediate source of information collection. The information collected often consumes a lot of time for its processing and cutting it down to that of relevance can take time if one is using platforms such as World Wide Web. While Intelligence work in secrecy and keeps the source hidden, it is only OSINT which is open to eyes of Public Scrutiny and hence one can find loopholes in it. Also, the information available is uninterrupted and is updated quite frequently that necessitates one to keep constant eyes on the new progress. Hence, there is a continuous cycle of collection, processing, analysis and feedback. Using the right OSINT tool by an organization can improve cyber security by helping to discover information about individual company, employees, IT assets and other confidential or sensitive data that could be exploited by an attacker. Discovering that information first and then hiding or removing it could reduce everything from phishing to denial-of-service attacks.

Social Media as OSINT/ SOCMINT  

Social Media is a networking tool with a cross continental reach. It ranges from blogging, vlogging, instant messages, information and image sharing as part of its services. Recent time, social media sites like Facebook and YouTube have gained the highest number of users globally. The main feature of the platform is its user friendly interference and accessibility to all; it makes it difficult to regulate the information that goes around on the networking sites. The information available on the sites can easily provide one with pattern of behaviour of the user, attitudes of employees, and can even be used to identify a company’s IT infrastructure; in turn, this identification may later be used to identify potential system vulnerabilities. The Algorithm of the platforms is set in a way that the task of what interests the user can be easily identified. It can help the agencies to gauge the temper of the online community and it can be focused on people in certain location.   Facebook has been used to try to hire hit men, groom the targets of paedophiles, violate restraining orders, and steal identities and fatally cyber bully victims.

Terror groups have used space for ideology propagation and recruitments. ISKP has been reported to have an IT cell running from Kabul and other parts of Afghanistan. Social media is a convergence between the physical space and digital space. Every experience which is personalised can be digitalised and brought into public sphere to create a community of liked minded people. These experiences can stem major grievances and its mobilisation in an unfenced territory like social media should be a major concern for National and International security. Jake Dorsey, twitter’s Chief Executive did admit to platforms role in Capitol Hill Riot of 2021 post US Presidential election. There were tweets and re-tweets about election being swirled and there was a call for a march to the Capitol Hill. Though later the Trump was barred from Twitter and Facebook but the damage done was irreversible.

Sir David Omand, Jamie Bartlett & Carl Miller in their article “Introduction to SOCNIT” listed use of social media to strengthen security[1]:

1.      Crowd-sourced information: Easy information flow between citizens and law enforcement agency. During the time of emergency on ground information is easy to grasp as even on ground public can post updates (citizen journalism)

2.      Research and understanding: Large amount of data makes study of behaviour and phenomena like radicalisation.

3.      Near real-time situational awareness: Social media traffic analysis could allow for a more rapid identification of emerging events than traditional reporting mechanisms. The Capitol Hill riot could have been avoided if social media was given importance.

4.      Insight into groups:  Groups which are already under the radar of the agencies, their online presence can be surveyed.

5.      Identification of criminal intent or criminal elements in the course of an enquiry both for the prevention and prosecution of crime 

Social media and Geospatial Intelligence

Location or place-based information usually referred to as Geospatial is also necessary part of intelligence collection. While there is certainly an interaction between physical and digital world, the physical dimension of this intersection is the field of geospatial intelligence. This includes the perception, cognition, computation, control, reaction, and understanding of physical features and geographically referenced activities.  Global Position System is used on daily basis by commoners to drive from one location to another. While availing this simple convenient service a people trade a large amount of their data unknowingly. It can include their daily routes or frequently visited location. Similar Geographic Information system (GIS) stores a large amount of data which can be later utilised and analysed with the help of several software. If, for example, a rare plant is observed in three different places, GIS analysis might show that the plants are all on north-facing slopes that are above an elevation of 1,000 feet and that get more than ten inches of rain per year. GIS maps can then display all locations in the area that have similar conditions, so researchers know where to look for more of the rare plant[2]. Even while planning drone attacks or terrorist outlets satellite image systems are used to find exact location. While using simple payment platforms they ask for out location. Social media also can provide geospatial intelligence.

Independent research was conducted by Fahim Sufi and Musleh Alsulami (Novel Method of Generating Geospatial Intelligence from Social Media Posts of Political Leaders. Information 2022), in which for 25 months 271,885 Twitter handles of the political leaders were, used for subsequent analysis with sentiment detection, NER (Name Entity Recognition) and geospatial intelligence algorithms. At the end of the research more than 95,000 unique locations were extracted from these tweets using NER, and corresponding sentiment analysis was superimposed on geographic maps (both ESRI ArcGIS Maps and Microsoft Bing Maps). This process created hundreds of maps with thousands of locations demonstrating positive, negative, or neutral views of leaders on a particular area [3]. This methodology was also used to identify hotspots by generating heat maps.

If SOCMINT is used in combination with other sources of Intelligence, then data management can become easy and precise. Several pre-emptive measures can be taken to stop any big catastrophic event which may affect the social fabric and security of the State. Nowadays, social networking websites (Twitter, YouTube, Tumblr etc.) are some of the largest repositories of user generated content (contextual data) on web. Therefore, Text Classification KNN, Naive Bayes, SVM, Rule Based Classifier, Decision Tree, Clustering (Blog Spider), Exploratory Data Analysis (EDA) and Keyword Based Flagging (KBF) are the most commonly used techniques to identify hate promoting content on Internet [4].

 Major challenges of SOCMINT

World is still exploring the effects of social media on the overall security paradigm. It is just recently that governments all around the globe have accepted the mistake of ignoring its effect on the community over the course of time. The posts or the content of the social media, can go viral fast which makes it is really difficult to contain it. The fast spread of misinformation or incitement messages can disrupt the peace of the area. One individual or group can operate through multiple accounts; even if one account is barred there is a very good possibility that the group may have another backup account with good number of followers. Also, the accounts can be fake and can have multiple people administrating it. 

Influx of content it is tough to regulate all the content being uploaded and circulated. The data is huge and is in multiple languages, which makes it time consuming, and the damage may have been done by the time social media data is arranged in meaningful order out. Also, the freedom of expression can be easily misused using social media accounts. It is difficult to draw line between content which just expresses disagreement or discontent, and which is circulated with intention to radicalise the consumer of the content. High connectivity: the cross-border connectivity and fake accounts hide are the methods used by many terrorist outlets to recruit people in their organisation. One cannot easily rule out accounts with the same intent, and the snow blowing which follows it. 

Conclusion

Social media alone may look like a galaxy of information where it is easier to get lost in the continuous supply of misinformation or to identify what is really and what is fiction but it is nonetheless, an important communication and connectivity platform. Social Media alone may appear time consuming and chaotic but over the time new research has found methods to join it with other forms of intelligence collection techniques or taking up digital strategies to make use of information that may help in identification of the problem and pre-emptive action against any activities that can be a major threat to national or international security. One cannot ignore the fact that the platform is in constant up gradation, and its surveillance is a direct challenge to democratic principles like right to privacy and freedom of expression. The future debates will certainly continue to remain on the dual nature of platforms like twitter, YouTube or Facebook where they can give rise to revolutionary movements and at the same time anti societal elements. This dual nature itself is enough to bring this one major pillar of Media into the realm of intelligence collection. The domestic movements and agendas can be easily internationalised and with non-state actors. The Intelligence Community itself has to come out of the black box of state and act at a global level while dealing with Social Media intelligence as special its use by Non state entities.

 

References

[1]       Omand, Bartlett, and Miller, “Introducing Social Media Intelligence (SOCMINT).”

[2] Dold and Groopman, “The Future of Geospatial Intelligence.”

[3] Sufi and Alsulami, “A Novel Method of Generating Geospatial Intelligence from Social Media Posts of Political Leaders.”

[4] Agarwal, Sureka, and Goyal, “Open Source Social Media Analytics for Intelligence and Security Informatics Applications.”