ArchiveDisruptive TechnologyOODA Original

Social Media Platforms Remain a Force Multiplier for Information-Based Threats

A recent report published by The Washington Post revealed how China is aggressively using advanced software to surveil popular social media sites such as Twitter and Facebook, among others, in order to monitor the activities of and collect information against Western government officials and journalists.  In support of its investigation, The Post reviewed approximately 300 Chinese government-related documents (dating back to 2020) and found the acquisition of surveillance software designed to mine social media sites.

According to The Post, the ultimate objective of this collection was to build a database that tracked journalists and academics of interest to the Chinese government. Additionally, The Post identified a project that analyzed communication with Western nations on sensitive democracy-leaning topics such as Hong Kong and Taiwan. Per the report, a cyber center in Xinjiang allegedly tracked Uyghur content overseas.

The monitoring of social media sites is nothing new, as the content published on these platforms is consistently tracked and monitored by all types of organizations (such as law enforcement and intelligence organizations). In fact, “social media intelligence” as a discipline has emerged because of the booming popularity of these outlets.  Mining these platforms is not solely the purview of intelligence and security services. Marketing professionals often use social media data to track trends and opportunities and find potential new customers for their products and services. While some may contend that there is a difference between social media monitoring and social media intelligence, it is primarily cosmetic The difference between the two lies in the intent of the actor, not necessarily the process by which information is collected. Indeed, when it comes to diligent all-source analytic research, reviewing social media profiles and activity is part of any open-source intelligence collection process.


Become A Member

OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.

You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.

Because content drives social media postings, it is not surprising that these platforms figure prominently in larger information campaigns. The 2016 and 2020 U.S. presidential elections clearly demonstrated how social media could be used to support independent and concurrent information-enabled efforts to influence, sow discord, spread propaganda, and disseminate disinformation. But mining the information that people willingly share with the global community raises concerns.  Posted content is not necessarily as innocuous as it may first appear. Such information is continually harvested by actors of all categories for a variety of purposes that can range from legitimate job recruitment to intelligence collection that supports other intelligence functions.

Notably, in 2019, a computer security company detected alleged Iranian intelligence assets targeting LinkedIn users with malware. The company determined that these agents attempted to gain footholds into victim accounts and use them as launching pads into other potential accounts of interest. China has also been identified as exploiting the same professional social media platform, mining potential targets based on their profiles and job affiliations to recruit them (under the auspices of academic exchanges or other professional opportunities).

Even criminals understand the potential information windfalls provided by scraping social media accounts.  In 2021, according to the BBC, a hacker monikered “Tom Liner” compiled a database of 700 million LinkedIn users, which at the time he was selling for US $5,000. Such a sum constitutes a modest figure for a treasure trove of already collected and aggregated data, ready to be operationalized.

As social media platforms continue to gain in popularity, they are increasingly becoming an integral part of people’s social infrastructures, a development aided by smartphone technology. As of 2021, approximately 4.48 billion people 13+ years old, or 56.8 percent of this global population demographic, used some form of social media. Of these, 99 percent accessed websites or apps via a mobile device. Of note, is the increased reliance on these platforms to get information. According to the Pew Research Center, as of 2021, nearly half of U.S. adults received their news from social media platforms. Given these developments, there is little doubt that many governments are actively exploiting these global free resources or are seeking to do so. The proliferation of social media channels only opens new avenues for infiltration and exploitation.

Social media’s prominence in society could also have far more consequential ramifications and perhaps be integrated into situations of kinetic conflict. A recent article in The Wall Street Journal raised the hypothetical situation of social media altering a war, providing an example of a NATO-led exercise in which a red team targeted 150 soldiers using open-source channels and social media platforms to learn the names, phone numbers, emails, and identities of the soldiers.

By exploiting the soldiers’ presence on social media, the red team mapped their connections to other soldiers and successfully identified the locations of several battalions, and even tracked troop movements. While this exercise was limited in scope, it is easy to see the military applicability of the exploitation of these channels.  Building these types of “relationships” can occur long before a conflict has even been initiated and can be operationalized when needed. These activities can also be kept under the radar.

While many government and military organizations likely have social media policies in place, and some may even ban their use, the fact remains that these resources continue to be pivotal reservoirs of information. Just because an individual does not have social media accounts doesn’t mean that information can’t be harvested from friends and family members who do not have the same restrictions. As seen in the NATO example, adversaries often exploit the inherent trust of social media platform networks to infiltrate them (how many new friend requests are accepted because a user sees that the contact is part of his/her friend’s networks, therefore believing the individual to be credible?).

Once this important foothold is gained, the infiltrators can monitor and collect information about people in those networks. While platforms like Facebook and Twitter have been successful in identifying and taking down fake accounts made by bots (Facebook took down 1.3 billion accounts in three quarters of 2021), the task seems Sisyphean at best. Like the little Dutch boy, trying to clamp down on fake accounts is akin to trying to plug holes in a crumbling dam. Adding insult to injury, fake accounts created manually as opposed to by aforementioned bots are more difficult to detect and circumvent automated solutions and policies that allow “parody” accounts.

There is no indication that things are going to get better, a warning that the horse may have been let out of the barn far too soon for any feasible solution to be adequately implemented. Certainly, social media platforms enjoy tremendous political power,  in the United States where they continually get called upon to testify before Congress but have yet to suffer repercussions or consequences for some of their more questionable practices. The threat of more regulation looms but these efforts seem to consistently stall. Politicians may seem perturbed at times, but it is an anger that seemingly passes very quickly. Soon thereafter, social media’s self-policing appeases policymakers just enough until the next hearing.

While the platforms bob and weave, avoiding any big political punches, they continue to promote and expand their brands without any meaningful changes to the way they do business. Their business model is dependent on keeping the social graph, network effect-based content flowing, encouraging platform users to share as much information as possible (to the benefit of anyone who wants to exploit it).  No one knows this better than nation-states, who have a stake in maintaining the social media status quo, at least until they figure out how to further weaponize a borderless platform with a global reach. When that happens, misinformation and polarizing social issues will be the least of our worries.

Emilio Iasiello

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.