While much of the work done in social media is done in a public venue, it’s important to be aware that there is a DarkNet (or dark web) where people engage. It is likely not an opportunity for a brand or marketer, but with any profession, it’s important to be educated.
This interview with Social Links co-founder and CEO Andrey Kulikov digs more in depth on the topic of the DarkNet and what companies need to know.
What is the difference between information shared on social media, the DarkNet (or dark web) and “open sources”?
There is actually no difference in a broader sense. Any information available on the internet without special access rights is considered to be openly available data. The difference resides in the mechanisms applied for obtaining access to such information. Most openly available data does not require any special skills or rights to be accessed. As is the case of government registers. In order to obtain certain information about an account from social networks, it is sometimes necessary to simply know how to properly form a request to the source to get the desired information. When it comes to closed forums and DarkNet marketplaces, it is necessary to have accounts in these sources to gain access to relevant information in 99% of cases. It is also necessary to take into account the EULA (End-User_License_Agreement) for these sources. There is no EULA in case of the DarkNet, for obvious reasons. Social networks prohibit the automatic collection of data on their users for the most part, as does Facebook. But there may be different conditions on the use of information in case of open sources.
Should companies be monitoring all three areas for both opportunities and protection?
For certain. Social media is critical for monitoring brand protection and development. The DarkNet is a place where an attack on an enterprise can be planned or stolen corporate data leaks can be sold. In this case, it is extremely important to detect and respond to such an incident promptly. In most cases, social networks are the initial vector of attack on corporate infrastructures. Therefore, it is very important to monitor them and be able to investigate an incident that has already taken place, be it an attack on a brand or a regular cyber-attack. It is a matter of protection.
If we talk about the opportunities that OSINT provides to enterprises, then it is vital to remember that 90% of the information necessary for making a decision is available in the public domain and only 10% can be related to insights. It is extremely important to have both the people and the technology necessary to be able to extract and analyze information that companies and their employees post about themselves. Let me give you an example. In 1958, the Soviet magazine Ogonyok posted on its cover a photo depicting workers in white coats against the background of a poster with a diagram of the Urals power system. This seemingly harmless photo gave CIA analysts the ability to calculate the number of Soviet uranium enrichment plants and their capacities. After the collapse of the USSR, the data on these plants was declassified and it turned out that the margin of error in the analytical conclusions derived then was only 10%. Just one photo from a magazine uncovered the top-secret strategic data of a whole state with a margin of error of just 10%. What kind of photos does your company post? And what about your employees? What do they post? How can your competitors use that information?
If you had to give four tips to brands to ensure they’re doing this effectively, what would you tell them?
- Stop underestimating the importance of openly available data;
- Conduct a threat audit for vulnerabilities in open data sources and eliminate them;
- Start using open data when developing strategies;
- Think about creating your own OSINT unit.
Not every scenario of wrongdoing on the internet requires law enforcement, how can brands best prepare for negative social media situations?
The possibility of a negative scenario in the social media space is just as much of a risk for the company as any other. The main advice is to include such risks in the overall risk management process:
- 1. Identify these risks.
- 2. Assess their impact on the critical indicators of the company
- 3. Monitor.
- 4. Update.
What are the top themes companies should be aware of in each space right now?
First of all, you should pay attention to activity around your brand in social networks and the presence of corporate data leaks in the DarkNet. It is also important to check the social network accounts of employees for potential information leaks and conduct a background check when hiring. I would also like to point out the inclusion of open data in the company’s risk management processes.
What type of budget should SMBs and mid-sized companies set aside for monitoring? Do they need in-house support or a third-party company to help?
When it comes to where to allocate OSINT specialists, the security and risk department is the first place that comes to mind. But OSINT can solve a much broader range of tasks for marketing, strategy, sales, and others. It is very important to train each of these departments to work with information from open sources. There is no need to create a separate OSINT subdivision and buy expensive software at the start. You can outsource these services and introduce the position of an OSINT manager in your company who will coordinate the work of contractors for other departments.
How easy or difficult is it to remain anonymous on social media versus the DarkNet (or dark web)?
I would forget about the word “anonymity” in modern realities, especially when it comes to social media. Deanonymizing a user is a matter of the resources that you are willing to spend on the endeavor. It is no big deal in the case of social networks, as all you need to have is the necessary skills and a set of tools. The situation is much more complicated in case of the DarkNet, and it is extremely difficult to do the same using only open information sources. Basically, all you can do is hope that the users themselves have made some mistakes that you can latch onto. An exemplary case is that of the administrator of the Alphabet marketplace. However, such mistakes are not that uncommon.
Are there mainstream examples of companies coming out on top after effectively monitoring their brand via social?
All successful companies use open data for their own purposes. Since many of them are our clients, I cannot disclose any specific cases or names.
Is OSINT coding or another professional skill required to access information that is public? What about for the dark web?
Not really. Remember the case about the Soviet magazine. No special skills were required to access this information. But you need experience to understand that you have some really valuable information in front of you. Today, you just need to know how to use the internet at the level of an ordinary user to get access to open data. Identifying the necessary information is another matter, because there is a lot of it. On the other hand, if you are a professional in this field, then your competencies play in your favor. Therefore, at Social Links, we reduce the time needed for collecting information by 40%. And thanks to our algorithms, we show users the data that is most relevant for their tasks, thereby lowering the threshold for the level of skill needed in the subject area. Our goal is to make the use of open data as easy as using Google
We’ve read about companies, like Palantir in the U.S., who are able to access “secretive information.” Is this what Social Links does in the European market?
Yes. Social Links provides access to its algorithms and open data, and provides the ability to integrate them into the private data of the customer that we do not have access to in order to obtain the best possible results. The main difference between Social Links and Palantir is that SL is a private company, we provide an independent tool for a wide range of companies and government organizations, but we do not tell them how to work and what data they should use. There are no restrictions on data privacy in our case, because only our customers are the owners of this data and have access to it.
What should a company or business do if they suspect they are under cyberattack or social media cyberattack?
Security technology involves all kinds of firewalls and routers that provide network security. But these are projects that need to be implemented and companies may be too late to do so.
On the other hand, if there is no SOC department inside the company, then you can contact professional companies to start monitoring social media and the DarkNet for anomalous activities. Every company should have an action plan for such cases. If there is no plan, but there is suspicion that you are under attack, then you need to urgently contact professionals who will help investigate and contain the incident. You can also inform all your employees to reduce their activity in social media and never respond to messages from strangers or messages of suspicious content from people they know. That can mean that the latter were hacked, like it happened recently on Twitter. Elon Musk asked for 1K to be transferred to his wallet and promised to return 2K. And he got 118K in the first few hours. This is a serious blow to Elon Musk’s reputation. But such an event can be fatal for small companies.
The control and monitoring of corporate mail and incoming letters is a separate task to be implemented. Strictly prohibit your employees from making any logins from corporate mail, visiting any internet resources from corporate computers, etc. Divide the intranet into open and closed sectors. If an information war is underway, all means are good.