OSint for the Masses: Going Beyond Social Monitoring

When Andrew Torba founded Gab, he claimed his ambitions were grander than just creating an alternative social network. He wanted to create a parallel economy and creating a parallel internet seemed like a good place to start. He is not alone. Alternative online communities have been popping up regularly across the web.

These pockets of cyber-secessionism are growing in both number and membership. Gab claims nearly 4,000,000 unique monthly visitors across its web properties. This number seems to grow considerably any time more mainstream platforms having the audacity to actually enforce their terms of service.  This dynamic is contributing to the fragmentation of the internet I’ve examined elsewhere. It is also making it more difficult to monitor the web in general and social networks in particular. This is a problem for brand managers, disinformation researchers and security professionals.

Admittedly, these alt-sites represent a vanishingly small community in the larger scheme of things.  Even when Gab’s spiritual sibling sites like Natural News, CloutHub, Brighteon are added to the mix, the user community is tiny, but it doesn’t take a lot of people to stir up trouble.  These networks are where grudges are nurtured, conspiracy theories are hatched, and plans are formed. Too often, these spill over into the mainstream networks and then the real world. This not only impacts politics. It impacts business.

Social listening services, such as Brandwatch, Meltwater, NUVI, and Synthesio are beginning to reach into these alternative social networks, but they have to pick their battles.  They are focused on consumer analytics. Many of these pocket communities are too small and identity focused to warrant monitoring for traditional brand management purposes.  While social listening services are indispensable for managing product and reputation, they are woefully inadequate for deconstructing the online zeitgeist.

The challenge extends beyond the proliferation of alternative social networks. Social listening services are generally confined to the clear web, content and services that are publicly available to anyone with a browser. This is not even the tip of the internet iceberg. It might qualify as a penguin sitting on the tip of the iceberg…a very small penguin. The clear web represents about 4% of the internet as a whole. That means that the so-called Deep Web and Dark Web is roughly 500 times as large. Unfortunately, this is where the action is and it takes extra effort to explore and monitor.

Traditionally, monitoring the deeper and darker realms of the web is the province of security professionals. These folks rely on OSint, Open-Source Intelligence, to conduct reconnaissance and scanning prior to a vulnerability assessment or penetration test. The tools and techniques for these exercises require a rarified skillset generally unavailable outside of the IT department. This is starting to change.

Platforms like Echosec, Recorded Future  and Skopenow are providing search and analytics tools that provide access and insight across the breadth and depth of the internet. They are still a bit expensive, but these platforms could not only make life easier for your security team they might enable them to expand their mandate. The efficiencies granted by integrated platforms over a hodgepodge of opensource tools can increase capacity without increasing headcount.

While vulnerability assessment and penetration testing would remain the primary remit of the security and investigation team, they could also support brand management, crisis response and disinformation defense as well.  Non-technical users, such as business analysts, could conduct investigations with minimal support from specialists. Ideally, non-profit groups such as Bellingcat could have access to these tools to enable investigations that might otherwise be out of reach.

The bottom line is that the Internet is getting increasingly fragmented and balkanized. Disinformation and illicit activities tend to formulate and mature in the deeper, darker layers of the web. Both organizations and individuals need to broaden their view of the online world. Casually monitoring the clear web, even with social listening services, is no longer sufficient to thrive in this  increasingly toxic environment. Look under the surface to see what is really happening. Prepare for and prevent social engineering attacks, disinformation campaigns and data breaches before they break the surface and spill over into the real world.
Source: Gartner Hybrid Cloud