Social Media Investigation Primer May 26, 2015 prepared for PICA
Who Uses Social Media?
94% of 18 to 34-year-olds 88% of 30 to 49-year-olds 79% of 56 to 64-year-olds 50% of 65+ Source: The Pew Internet and American Life Project
2
Top 15 most popular social networking sites (May 2015) 1. Facebook 2. Twitter 3. LinkedIn 4. Pinterest 5. Google+ 6. Tumblr 7. Instagram 8. VK 9. Flickr 10. Vine 11. Meetup 12. Tagged 13. Ask.fm 14. MeetMe 15. ClassMates Top 15 Most Popular Social Networking Sites, eBizMBA, http://www.ebizmba.com/articles/ social-networking-websites 3
“Social media is a dominant form of communication today, you can certainly learn a lot about a person by viewing their public, online personas” - Rosemary Haefner, VP HR at CareerBuilder 4
Definitions Social Media - websites and applications used for social networking [LinkedIn, Facebook, Twitter] Surface Web (Open Web) – portion of the World Wide Web that is indexable by conventional search engines [Google, Bing] Deep Web – is World Wide Web content that is not part of the Surface Web, which is indexed by standard search engines [Public Records, Professional Licenses] Archived Web - Portions of the World Wide Web that have been preserved in an archive for future researchers, historians, and the public [Archive.org, Cached Google Search] 5
What content is captured via Social Media / Open Web? Photographs: including geo tags, date-time, and device used.
Relationship Maps: via Friends, Followers and Photographs. Posts, Tweets, Comments: with associated text, photographs, video, geo tags.
Videos: including geo tags, date-time, and device used. Geographic Location: at specific times and days. Documents: Web pages, PDF’s, Microsoft Word, Excel, PowerPoint. 6
What Makes Social Media Investigation Difficult?
Unstructured
Changing
Fragmented Tools
Unique Skills
Art vs. Science
7
8
Tips
eInvestigation Process Flow 1. Information Aggregators • TLO • Accurint • Clear
4. Deep Web • BRB Publication • P2P
2. Commercial Search • Email • User Name • “FN LN” • “FN LN” Location
5. Archive Web • Archive.org • Cached Links • Topsy
3. Social Media • Big 5 • Ethnic • Age • Regional • Dating
6. Report • Text • Screen Shots • Electronic
9
Discovering User IDs 1. A user ID is the cyber equivalent of “social security number” 2. Most users standardize on one or two online names. 3. How do you locate a user ID?
Email Parsing
[email protected] [email protected]
Search: HRTBRK1970
Social Media Profile ID Parsing
@LOVDOC23 FaceBook.com/lovdoc.23
Search: LOVDOC23
Google Image Search Related Individuals
Profile Picture Reveals Accounts with User ID’s Viewing the Friends and Followers of Related Individuals Leads You to Subject’s User ID 10
You Need to Log-in to Completely Investigate Social Media But can a user see that I have viewed them?
No
No
No
No
Yes
No
Sites Always Know You’ve Looked – Assumes No Friend Requests or Follows
11
Facebook Relationship Page https://www.facebook.com/andrea.patla?and=chris.gormley.10 8
12
Facebook Permanent ID Number 1. In address bar of your browser while on subject’s profile page 2. Replace “www” with the word “graph” 3. Get subject’s FaceBook ID Number. 4. Subject’s ID Number does not change no matter what name changes are made to profile page. 5. If vanity name or username changes, you can still find them… 6. …Paste FaceBook ID # into the address bar of your browser as indicated here: https://www.facebook.com/155226803 A user can only change their Vanity Name / Username only once during lifetime of profile as per FaceBook rules. 13
Historic Tweets - Free Twitter Limits Tweets Visible for a User…..How Find “Old” Tweets 1
2
3
4
14
Google Image Search
15
16
Use Cases
Case 1 – Uncover Fraudulent Claims SITUATION: SMI helped investigate a man receiving workers’ compensation who claimed to have a severely injured back that kept him from working. Employer received a tip from subject’s co-worker that he was still physically active. TASK: SMI Tasked with looking for social media postings that would indicate claimant continues to lead an active lifestyle unhampered by alleged back injury. OUTCOME: Located subject’s Google+, confirmed by his college & year of graduation, then went through his "circles" and found his best friend. Located best friend’s Facebook account, through this Facebook we found subject’s mom. Finally found subject through mother’s Facebook account. Discovered a post shortly after filing for disability about how he recently learned to snowboard along with an incriminating photo with geo tag.
Case 2 - Investigate Your Own Client SITUATION: Personal Injury (plaintiff) attorney had a client with scaring and disfigurement as the result of a surgery. The client was embarrassed and humiliated as a result of the botched surgery. TASK: Prior to filing a scaring and disfigurement claim the attorney wanted to run a social media and web check on his client. SMI conducted a Deep Report search on the subject. Our analysts discovered a number of recent unflattering photos of client – she was into pole dancing fitness. She had posted a number of pictures of herself publically. OUTCOME: Attorney was able to advise client to mark any public social media profiles private prior to filing the suit. He believed that a jury would have an unfavorable impression of client based on nature of claim.
Case 3: Employment background check Situation
• Screening for executive role • Disclose conflict of interest • Executive indicated no conflicts SMI Results
• SMI found OSINT evidence of ownership in competitive entity • Not found in traditional background check 19
Case 4: Jury Selection Customer
AmLaw Top 20 Law Firm Challenge
Select jurors with most favorable view of their case with 3 days notice Result
SMI found and screened 89 jurors’ social media profiles in one weekend revealing biases 20
Case 5: Periodic Monitoring for Litigation Customer Private Investigator / Law Firm Challenge Ensure opposing party does not alter social media content Result SMI archived social media profiles and monitored changes each week reporting spoliation 21
Who is SMI? Experience: Founded 2011
Customers: Over 400 Orgs Headquarters: Pittsburgh, PA Investigation, Monitoring and Analysis of Social Media and OSINT.
Focus: Social Media & OSINT Offer: Blend of Tech & Human
Thank You! Mike Bosick
Enterprise Sales Director, SMI
[email protected] 720-961-5008 www.smiaware.com
23
