Liferaft Blog | Resources for Corporate Security

Social Media Threat Monitoring | Cyber Security Vigilant Everywhere.

Written by Liferaft | May 15, 2024

Social media monitoring has long remained in the purview of marketing departments. But that has started to change. 

Today, you’re just as likely to see Facebook or Twitter on a security analyst’s dashboard. With terabytes of content uploaded every minute, these platforms now represent a key source of threat intelligence.

And that has made social media threat monitoring an important tactic in everything from executive protection and workplace safety to event security and organized crime. 

But with so much content to shift through, where do you get started?

In this post, we’ll answer the question, “What is social media monitoring?” 

Then we’ll review common applications for security teams. And finally, we’ll explore which tools and sources teams should use to get a new program off the ground. Let’s dive in. 

What is Social Media Monitoring?

Simply put, social media monitoring is the practice of identifying what is being said online about a person, company, or location. 

As the name implies, this involves watching popular social networks. But the practice also includes keeping an eye on other types of pages like blogs, forums, and review sites. Advertisers adopted the tactic first. 

Marketers quickly saw the value in mining social data for customer insights. It has since become an indispensable tool everywhere from academia and newsrooms to Wall Street trading desks.

In recent years, security professionals have also started to appreciate the power of social media monitoring. 

Users publish a wealth of information on their favorite platforms. And this data can assist your team in many different ways:

Workplace Violence: Identify violent threats against your staff, customers, or executives. Or alternatively, respond quickly to incidents at a company worksite that have already occurred. 

Security Breaches: Spot accidental exposures of security measures, such as physical checkpoints, confidential facilities, or ID badge photos.

Data Leaks: Identify breaches of company information, such as intellectual property, customer records, or other confidential data.

Risk Analysis: Determine community sentiment around future projects. Or spot threat actors likely to disrupt operations. 

Crime Prevention: Identify unauthorized or fraudulent use of your company’s brand image. 

Operational Disruptions: Respond quickly to disruptions of routine operations, such a fire, riots, or flooding. 

 

The Top Data Sources for Threat Intelligence

Watching a wide variety of feeds represents a key component of any good social media threat monitoring program. 

You can glean intelligence from the biggest platforms like Facebook or Twitter. But as the number of sites grows, so does the number of places where a threat could emerge. 

If you don’t have eyes (or alerts) on a feed, you could overlook serious risks to your organization.

This is more important than ever in the world of threat or violence prevention. 

Increasingly, bad actors have migrated away from mainstream platforms. Instead, many have set up shop on a growing collection of “alt-tech” websites. 

That means security pros must wade into the more obscure, lesser-known social networks. 

Here’s a list of the most relevant sites for teams to watch today:

Traditional Social Networks

Traditional social networks allow people to connect with others that share like-minded interests or real-life connections. These services are primarily used for socializing with existing friends, clients, or colleagues.

Facebook ranks as the world’s largest social media platform. Yet despite its size, the site has limited value for security professionals. Strict privacy policies no longer allow broad social media threat monitoring of the network. And many bad actors have migrated to more obscure corners of the web.

LinkedIn is like Facebook for your career. The site serves as a meeting place for professionals to share, learn, and connect.

VK is a social networking service based in Russia. The site feels like a cross between Facebook, Foursquare, and Twitter. And with over 600 million active monthly users, it ranks as one of the most popular pages in most Eurasian countries.

Analysts often describe WeChat as China’s “super app.” The network provides users a variety of features, including gaming, media sharing, and text messaging.

Wired magazine described Minds.com as “the anti-Facebook.” The site has positioned itself as the leading alternative social network. And its laissez-faire approach to content moderation has attracted those barred from other platforms.

 

Blogging and Microblogging Sites

Blogging and microblogging sites allow people to share their ideas with the world. In addition to text, users often post links, audio, images, and video. For security teams, these sites can provide almost real-time, on-the-ground intelligence hours or days before stories hit mainstream news outlets. 

Twitter is the original ‘microblogging’ site. The platform allows users to publish short posts called tweets. And because most content is public, it represents an invaluable source of intelligence.

Mastodon is a Twitter-like social network where users can post short messages called “Toots.” But unlike other platforms, no one entity owns or controls published content. Instead, any user can create and control their own Mastodon server.

Gab is a Twitter-like social network most known for its lax moderation policies and dedication to free speech. For these reasons, the site has emerged as a refuge for those barred from more mainstream platforms.

Parler launched in 2018 as a microblogging service. Like Twitter, users can post messages, follow accounts, and share content. But unlike other social networks, Parler employs no fact-checkers. Moderators also permit all types of content unless a user promotes crimes, violence, or copyright violations.

Medium is an online publishing platform. It’s useful for identifying reputational risks as well as the ideological perspectives of potential threat actors.

Tumblr is part social network, part blogging platform, and part photo-sharing app. While once one of the most popular sites on the web, its user base has shrunk considerably in recent years. But with millions of active users, Tumblr still represents a valuable source of threat intelligence.


Discussion Forums

Forum-style sites serve as hubs for like-minded people to discuss common topics of interest. 

People often describe Reddit as “the front page of the internet.” And for good reason. A time-weighted voting system makes it the ultimate source of online trending content.

Developers created Raddle.me in response to perceived censorship by Reddit’s administrators. The site serves as a gathering place for anarchists, anti-fascists, and other activists.

Telegram has emerged as a popular instant messaging app. Additionally, users can post in group chats called “channels.” Most of the content discussed is benign. But criminals have exploited Telegram’s privacy features to conduct illegal activities.

Imageboards

Imageboards, also known as chan sites, are anonymous online forums. Posts are typically based around images, alongside text and discussion. While these communities have developed a bad reputation, most content discussed is benign. But loose moderation policies mean these sites can serve as hubs for problematic activities. 

2channel (also known as 2ch, Channel 2, 2ch.net, or 5channel) represents Japan’s most popular online community, with millions of visitors each day. 4chan is a popular English language imageboard. Topics discussed range from anime and junk food to memes and sports. 8kun is a darknet imageboard dedicated to extreme free speech. The site serves as a hub for several fringe communities. And analysts have connected members to numerous mass shootings.

Photo and Video Sharing

These social networks allow users to create and share multi-media content with the world.

Like Facebook, Instagram forbids wide-scale data aggregation. Moderators have also forced many bad actors to more obscure platforms. That makes Instagram a less useful site to monitor for security purposes. TikTok is a social network for creating and discovering short videos. This site has an especially large following among teens. And with over 600 million active users, it ranks as one of the largest social platforms worldwide.

Discord is like Slack for gamers. Though recently, management has started marketing the site to a wider audience.
Snapchat allows users to share content, which then disappears after a short period of time. The site serves as a valuable resource for uncovering breaking news all over the world. Analysts also use it for collecting on-the-ground intelligence from recent events.

YouTube is technically the world’s second largest search engine. And each minute, users upload 500 hours of video to the site. That sheer volume makes it an enormously valuable source of threat intelligence. Rumble is a Canada-based video-sharing platform. Launched in 2013, the site originally focused on viral videos from other parts of the web. Recently, it has also served as a hub for conservative-leaning content creators.
BitChute has carved out a niche by accommodating far-right and conspiracy content. Many of the site’s best-known personalities include creators barred from other platforms.

France-based Dailymotion ranks as the world’s second-largest video sharing platform. Launched in 2020, Odysee bills itself as a YouTube alternative. The site fosters an “amateur” creator community, which stands in sharp contrast to the celebrities that dominate other platforms. And administrators also take a more hands-off approach to content moderation.

Twitch is a live video streaming service catering primarily to the gaming community. Pinterest describes itself as a “visual discovery engine.” Users can search for specific topics or scroll through an endless feed of visual content.

 

 

Paste Sites

Paste sites allow users to publish plain text files. Popular among programmers, they serve as a useful tool for sharing code. But bad actors also exploit these services to dox victims, leak data, and advertise illegal services.

Pastebin is the largest paste site on the web. Moderators enforce strict rules as to what can and cannot be published. DeepPaste is a popular dark web paste site. Users often advertise illegal goods and services. Hackers also exploit this service to publish data obtained from breaches.  

 

To be clear, this doesn’t represent an exhaustive list.  At LifeRaft, we track hundreds of sites. And some of the most valuable nuggets of intelligence emerge from obscure, lesser-known platforms.

More importantly, teams need to stay up to date with the changing social media landscape. 

New sites pop up all the time. Bad actors migrate to platforms with more privacy features and less moderation. If your team fails to spot these changes, it could mean overlooking a serious threat.

 

Free Social Media Monitoring Tools

Building a complete social media monitoring program is a big job. But you don’t need to tackle everything all at once. 

Instead, study the security requirements of your organization. Then start watching a handful of relevant channels. And over time, you can expand your coverage. 

For this, you can start using any one of several free social media monitoring tools. These services make it easier to track online chatter compared to trolling through sites manually. 

Let’s review a few of the most popular ones:

  • Google Alerts allows you to track when people publish content based on specific keywords. Users can also set up automated email alerts. Useful for monitoring mentions of your company, physical assets, or high-ranking employees. 

  • TweetDeck allows you to create a customized Twitter interface. Designed for marketers, the service makes it easy to manage several accounts. But analysts can also use Tweetdeck to watch trending content and investigate threats. 

  • Boardreader crawls through message boards and website comment sections. That’s important because Google searches rarely pick up this type of content. Teams can use this tool for spotting mentions of your company’s name, brand, and executives.

  • Hootsuite allows you to set up queries of social media content based on selected keywords. Platforms supported include Twitter, Instagram, LinkedIn, Facebook, blogs, and forums. 

  • Social Mention uncovers user-generated content around the web. Useful for spotting mentions of your company and products.  

  • Track is a Twitter feature that allows you to follow specific keywords. If someone mentions a highlighted term on the platform, Twitter will send you an automated alert. 

Free social media threat monitoring tools provide a great place to get started. But they do have some drawbacks. 

For starters, companies developed these services with marketers in mind. Not security teams. So the analytics provided often have little use for those in the operations center.

Furthermore, free social media threat monitoring tools focus on the biggest platforms. But valuable intelligence often comes from more obscure networks. And a failure to watch these corners of the net can leave your organization vulnerable. 

For those reasons, it’s not uncommon for teams to adopt more robust, paid services over time. 

 

The Bottom Line on Social Media Threat Monitoring

Social media monitoring is no longer just a tool for the marketing department. Today, the tactic should also be employed in the security operations center. 

From theft prevention and workplace violence to protecting executives, watching social media allows teams to spot threats and respond faster during emergencies.

And that can go a long way towards keeping your staff, customers, and property safe.