Skip to content

Social Media and Criminal Organizations

Today, we exist in the information technology renaissance. Desktop computers, as well as mobile devices, such as laptops, smart phones, and tablets that are connected wirelessly, have easy access to corporate networks and information in the cloud. All of this connectivity has made today’s business environment incredibly efficient. But the other, rather sharp, edge of this double-edged sword is the fact that nefarious groups and “lone wolf” individuals have the same access to this technology, which they can use to further their agenda. Consider the coordinatedattacks on the Intercontinental Hotel in Mumbai, India. This was the most sophisticated coordinated attack in India’s history and a detailed postmortem analysis showed that these individuals planned, drilled, and perpetrated these attacks in a measurable way, aided by cyber tools.

They used Google Earth to automate the process of target selection, and they were able to pull open-source diagrams of the Intercontinental Hotel to coordinate ingress and egress routes. They applied geospatial imaging concepts to plan the attack and escape, and theyused Skype for encrypted secure communications that provided a very low risk of being discovered.

Notably, all of the perpetrators were very young. As young people, they were comfortable with the technology, including geospatial imaging and encrypted communications, which had historically only been available to members of the military, law enforcement, and intelligence communities.

Another example of how criminals are using technology is the use of social media by theMexican cartels. For today’s cartel, cyberspace is the new battleground, and aFacebook page and IP address are the weapons of choice. These organized crime syndicates have been quick to embrace social media and blogs for intelligence gathering, thereby reducing a process that would have taken years to just days or weeks. Specifically, cartel members are using Facebook for target selection in human trafficking operations, scouring pages for readily available information to help them determine an individual’s value, visibility, and ultimately, vulnerability.

To understand how Facebook is used for target selection, we must first understand that Facebook is a large database of personal information that is posted for public view by the end user. It is also free and available to anyone with an e-mail address. In light of that, all a cartel member has to do to gain access to this extensive database is have an e-mail address and create a Facebook account.

The first step in identifying a target is surveillance. Typically, a victim will pique a cartel member’s interest because he or she is a high-net-worth individual or very visible in the community. Cartels know they can leverage that visibility to their advantage—be it financial or political gain.​

Normally without the use of social media, cartel members stumble across that information by keeping an eye on their surroundings and watching out for flashy individuals. Now, the process is greatly streamlined by having all that information readily available on Facebook. Cartels have been at the cutting edge of this trend. In fact, as early as 2008, Joel Barrios Dueñas noted that instead of waiting for the right person to walk by, the cartel member could sit back, relax, and look through their Facebook Rolodex for the right fit.   At that point, the cartel member has the ability to establish a pattern of life, find known associates and images that can help the cartel select and ultimately find the victim, noted Orlando Romero Harrington and Andres Enrique Escoto Castro, in separate pieces on this issue, also back in 2008.    Unfortunately, there are many cases that point to the drug cartels’ use of social media for target selection. The most recent and publicized case is the Zetas’ gruesome retaliation against two young men for denouncing their activities on their personal social media accounts, as noted by El Mundo in a 2011 article. 

Cartels are also using social media to instill fear in others and deter journalists and private citizens from publishing negative information about the violence they commit. They are using geo-location technology to find computers that have been used to post dialogue that negatively affects their drug trafficking organizations and illicit businesses. For example, there is the documented case of a Mexican blogger who threatened to expose members of a cartel. The cartel responded that 10 people would be killed for every person whose details were leaked. The blogger backed down and chose to sit on the information he claimed to hold. 

Cartels are also investing in IT training that would be used to silence Mexican bloggers, such as how to do IP trace routing. They are learning how to tag, track, locate and eliminate people that are blogging the cartel’s activities. 

The use of the cloud to perpetrate the Mumbai attacks and the drug cartels’ use of social networking, IP trace routing and geo-tagging to identify victims in the process of target selection are just two examples of force multipliers on the modern battle field. These methods of operation are being used to identify private individuals, corporations, and government entities in ways that are very difficult to defend against. Part of the problem is that it is very difficult for users to implement countermeasures for something that  they know little or nothing about, and it is unrealistic to expect people to stop using social media altogether.   

Out on the Web, there are a few considerations for both security professionals and social media users to keep in mind. Regardless of which application is being used, privacy statements should not provide a false sense of security. Anyone with a basic knowledge of Web exploitation techniques can extract information from social media profiles. Social media should not be used to post private information, least of all images and videos. Facebook users should be aware of how information that is captured automatically or voluntarily posted with regard to times and places can be misused. 

Many phone apps will embed a user’s geographic location, “geotag,” and broadcast where that person is at that exact moment. With a little research on the Web, however, individuals can find their specific model of phone and turn that feature off.  

In the social media world, individuals are encouraged to readily serve up personal data about where they are, who they are with, and when. But cartels members who use Facebook or similar social sites, for target selection can easily exploit this information to establish behavior patterns.  These recommendations are just the very basic elements of reducing online vulnerability.  The best advice for social media users is to get smart about the risks and to take measures to reduce their exposure.  


Brad Barker is the founder and president of The HALO Corporation, which is holding the HALO Counter-Terrorism Summit Oct. 29 – Nov. 2, 2012, in San Diego. ​