Social Media Monitoring

A recent video purportedly made by supporters of the Islamic State made threats against Facebook CEO Mark Zuckerberg and Twitter CEO Jack Dorsey for fighting terrorism on their Internet platforms. The video claimed that the group has hacked more than 10,000 Facebook accounts, more than 150 Facebook groups, and more than 5,000 Twitter profiles. In response to the terrorist attack in San Bernardino County, CA, the FBI and Apple are trading legal barbs over the unlocking of the iPhone of the shooter.

What do these high-profile, highly public instances portend for security professionals? International terrorism, executive protection, personally identifiable information, social media investigations, and privacy are colliding, with far-flung implications for the future of each.

The authors and speakers represented in this month’s Spotlight offer views into how they envision the past, present, and future of security’s use and monitoring of social media.

» View Past Security Spotlight Topics​

In response to the Brussels terror attacks, these Security Spotlight resources are free to all security professionals

ASIS website account (free) required

New Guidance Needed
Article from Security Management, October 2015

Communication in Crisis
Article from Security Management, September 2015

New Research on Assessing Threatening Communications by Criminals
Education session from ASIS 2014

Implications for the Enterprise
Selection from Cybervetting: Internet Searches for Vetting, Investigations, and Open-Source Intelligence, Second Edition

Related resources from the ASIS Store

Analyzing Jihadist Social Media
CSO Roundtable Webinar, February 2016

Adding Internet Intelligence Gathering Security Services (Information Technology Security Council Series)
Education session from ASIS 2014

Social Media Monitoring for Corporate Security Professionals
Education session from ASIS 2014

Finding Sources
Selection from Cybervetting: Internet Searches for Vetting, Investigations, and Open-Source Intelligence, Second Edition

Gathering Information from Social Media
ASIS IRC Reference Guide

Related Events

Social monitoring sessions to take place at the 26th New York City Security Conference & Expo, April ​27-28, in New York:

  • Social Media Monitoring Tools​
  • Open Source Intel: Security, Privacy, and Hidden Information

New Guidance Needed
Security Management, October 2015
Author: Mark Tarallo, Senior Editor

The National Institute of Justice (NIJ) tasked the RAND Corporation with determining priority IT needs for law enforcement agencies. Among the findings was the imperative that more research, development, testing, and evaluation aimed at improved use of social media was needed. These findings and others were confirmed by similar studies conducted by the ASIS International Crisis Management and Business Continuity Council and the Report of the Law Enforcement Futuring Workshop. The following conclusions were gleaned from the reports:

  • Social media could be used to better communicate with the public, such as broadcasting alerts during an incident.
  • Social media is an excellent way to solicit tips and intelligence from the community.
  • New tools are needed to help law enforcement deal with social media hacking, privacy, and concerns about the trustworthiness of collected data.

The overarching conclusions of the reports is that more policies, guidelines and training is needed to ensure that law enforcement efforts involving social media are effective and recognized as reliable by the public.

Communication in Crisis
Security Management, September 2015
Authors: James LeFlar, CPP, Consultant, Zantech IT Services
Lilly Chapa, Associate Editor

Social media has changed not only how people engage with one another but also how businesses connect with clients, customers, and personnel. As a result, many security professionals around the world are using some aspect of social media for emergency notifications, according to a study from the ASIS International Crisis Management and Business Continuity Council. This concept is confirmed by FEMA, which is leveraging social media during disasters. While additional training may be needed to ensure that these communications are used effectively, companies should consider six steps when using social media in a disaster. Among the points embedded in these steps are the following:

  • Include advances in technology, such as Twitter, in emergency communication procedures and processes.
  • Focus on creating one unified message with other businesses and agencies affected by the same emergency.
  • Create then promote one emergency social media platform so employees know where to turn in a crisis. Respond to their queries promptly to void rumors.

New Research on Assessing Threatening Communications by Criminals
Seminar Session 3107, September 2014
Speakers: Sharon Smith, Ph.D., Threat Triage
Michael Young, Ph.D., Consultant

Based on research begun while Dr. Smith was with the FBI, the speakers relay findings that show how often people who make threats actually take action based on that threat. They define “action” using 227 variables, including the threatener’s attempts to commit stalking, harm himself or herself, or harm others or property. The goal of the research was three-fold:

  • To assess whether threateners will commit targeted violence,
  • To prioritize the level of urgency of the threat to manage limited resources, and
  • To protect employees, clients, and their families at business locations.

Study results showed that harmful actions were taken 27 percent of the time. However, the research also discovered that law enforcement intervention had disrupted the proposed action in 12.5 percent of the cases. The speakers concluded that without intervention, the percent of actions would have been much higher.

Cybervetting: Internet Searches for Vetting, Investigations, and Open-Source Intelligence, Second Edition.
CRC Press, 2014.
Author: Edward Appel
Chapter 5, Implications for the Enterprise (pdf)

Laws are still in flux on the due diligence required of an employer for Internet postings by employees using their employer’s IT systems. As a result, many employers include Internet searches in their pre-hiring background investigations. A nationwide survey found that 43 percent of employers who vetted applicants online did not hire an applicant based on the inappropriate information they found.

An analysis of computer/Internet use by current employees can also access their awareness of computer system security, online safety, and potentially threatening habits, such as using risky websites or exchanging provocative content. Questions arise, however:

  • What kind of monitoring is appropriate and cost effective?
  • What will be done with employees or other authorized users who violate the employer’s Internet use policy?
  • What should an employer do with information demonstrating the culpability of an authorized user?

The author suggests points that should be included in a social contract between employers and workers using online resources at work.

Analyzing Jihadist Social Media
Recorded CSO Roundtable Webinar, February 8, 2016
Speaker: Kayla Branson, North Africa Intelligence Analyst, Risk Advisory Group

Drawing on a range of resources for intelligence on how extremist groups use social media, the speaker shares insights on ways to assess their threats, intentions, and collaborations. She asserts that the Islamic State is not a pioneer in the use of social media, although the tone of the messages have changed. In 2000, messages from Al-Qaeda originated from the top down—a handful of operatives set the values of the group and controlled the messages. Today, rogue followers can post messages on local media and reach a vast audience, making it difficult to know who is speaking for and representing the group. She uses the experiences in Egypt and Libya to illustrate how Jihadists have changed their social media tactics to incite unrest. IS, in particular, has used a two-prong approach:

  • Publicize their attacks against strategic targets to show their capabilities.
  • Post videos showing their presumed philanthropic work in communities where they have seized control.

The speaker concludes by presenting an outlook for foreign businesses in North Africa.

Adding Internet Intelligence Gathering Security Services
(Information Technology Security Council Series)
Seminar Session 2304, September 2014
Speakers: David Morgan, Vice President, The Cyan Group, LLC
Don Aviv, PCI, CPP, PSP, Chief Operating Officer, Interfor, Inc.

The speakers discuss ways to pull information from open sources on the Internet that can be used for investigations, physical security, and executive protection. Their premise is that information—plus analysis—provides actionable intelligence. They discuss the architecture of what most people know as the Internet, a collection of smaller networks connected via telecommunication lines. They also delve into two other vast aspects of the Internet:

  • The Deep Web, Internet sites not identified by robotic crawlers such as Bing, Google, and Yahoo, which have legitimate purposes and can be publically accessible.
  • The Dark Web, a group of servers in the deep recesses of the Internet that includes a marketplace for stolen credit card numbers and stolen passwords, for example.

Because of wealth of the personally identifiable information at these hidden locations, they are also sources for threat intelligence. The speakers walk through several examples of sites that provide useful information through posting, pictures, and videos. They also advocate educating employees on the risks of engaging in social media and give examples of how sites gather personal information. “We can be ethical and moral in how we get intelligence,” said one speaker, “but I can guarantee the adversary is not.”

Social Media Monitoring for Corporate Security Professionals
Seminar Session 2310, September 2014
Speakers: Phil Harris, CEO and Founder, Geofeedia
Richard Woods, Senior Project Manager, Microsoft Intelligence Operations
Filippo Marino, Director of Intelligence & Executive Protection, Global Safety & Security, McDonald's Corporation

This session focuses on how to acquire actionable information from social media in a timely manner so security or law enforcement can intervene. The very nature of social media, the speakers contend, provides rich data because people use it to share both positive and negative posts and videos in real time. Because smart phones have geo-location markers embedded in them, others can not only tell who is sending the messages but also where they are. While marketers have used this data for years, security vendors and professionals are now recognizing the value of these location-specific monitoring tools for gathering a vast amount of information missed by traditional media sources. This real-time information can be invaluable for executive protection, intelligence, and investigations. The speakers also discuss the following cautions:

  • How can this information be leveraged, who will collect it, and where will it be stored?
  • What elements of the information really matter to security and the C-suite?
  • Who will take the time to truly understand new technologies and their limitations?

Cybervetting: Internet Searches for Vetting, Investigations, and Open-Source Intelligence, Second Edition.
CRC Press, 2014.
Author: Edward Appel
Chapter 17: Finding Sources (pdf)

The author presents an array of online open sources for information useful to investigators. He includes websites that offer access to government records as well as other public information compiled by agencies, nonprofits, news organizations, and commercial enterprises. While many sites are free, some require a registration, a subscription, or a fee. He cautions against assuming that any record is factual or that if one is not found in an online database it does not exist. He defines Web 2.0, which “allow users to interact and collaborate with each other in a social media dialogue as creators of user-generated content in a virtual community.” Examples include hosted services, web applications, social networking sites, video-sharing sites, wikis, blogs, mashups, and folksonomies, which enable investigators to track subjects in new ways. He includes these observations:

  • Researchers suggest that the more social network sites are used, the more difficult it will be to remain anonymous.
  • The proportion of online users who are likely to act out with unflattering posts is nearly 100 percent of those who would act out in the physical world.
  • Many website owners hide their contact information through anonymization services provided by website hosts.

Gathering Information from Social Media
ASIS IRC Reference Guide

This comprehensive review of Webinars, Annual Seminar sessions, books, and Security Management articles are available on this topic through the ASIS O. P. Norton Information Resources Center. Security professionals will find a wealth of information in these resources to guide and refresh their knowledge of how to add social media to their security arsenal. The authors and speakers also provide insights on how to prepare policies on acceptable ways for employees to use the company’s IT resources.