Using Web Intelligence tools to probe the vast reaches of the Open and Dark Web in order to identify and mitigate risk is becoming a key part of any organization’s security toolkit.
Web Intelligence helps organizations monitor for risks targeting the organization as a whole or aimed directly at high-ranking executives and discover if sensitive data or intellectual property is being sold or traded.
The problem is never that there isn’t enough data – the problem is sorting through the data to extract the relevant information.
However, security practitioners using Web Intelligence tools need to make sure that they don’t cross the line into activities that may violate legal or ethical guidelines. Here are some of the do’s and don’ts when it comes to using Web Intelligence.
The basic rule to follow is that the focus must be limited to publicly available information – commonly defined as information that is intended for public consumption.
In today’s world of oversharing, it’s not always easy to define the intent of someone who is posting information. However, some general rules apply:
- You can’t hack into someone else’s account.
- You can’t pretend to be someone else and hide behind a fake identity to engage a subject in conversation or lure them into information sharing.
- You can’t access data that is password protected or that requires any other type of private credential or login.
- There is a gray area when it to comes to using data scraping tools on high-volume, data-rich sites like Facebook, LinkedIn and Twitter. Anyone can search on Facebook, but Meta’s terms and conditions specifically forbid the use of automated data crawling and scraping tools. However, in 2019, LinkedIn sued a third-party research company to prevent the company from scraping data from the site. LinkedIn lost the case, but the legal fallout is unclear. So, it might be best when using scraping tools on social media platforms to run it by the company attorney.
- Another key factor to consider is that you should remain undetected by the subject under investigation. Once the subject realizes that an investigation is underway, they might take steps to hide their tracks even more, or they could retaliate and launch an attack. So, using VPNs or other methods of remaining undetected is important.
- You also need to be cognizant of whether the investigation might lead to criminal charges against the subject being investigated, an insider who might be intentionally leaking information, for example. Security teams need to make doubly sure that their data collection methods comply with all legal parameters. And they need to be able to document their methods, as well as provide a chain of evidence to show that the data gathered was properly protected.
- One of the benefits of using Web Intelligence is the ability to create “teaching moments” that help employees become savvier about what they post online. For example, employees organize an in-office birthday celebration for the CEO and post pictures of the event. This could give attackers a piece of information that could be used to crack the CEO’s passwords. Or an employee might post a selfie that inadvertently exposes their corporate key card dangling around their neck on a lanyard. You need to tread carefully when approaching the employee to make sure they don’t feel their privacy has been invaded.
Get access to our “OSINT Best Practices: Legal & Ethical Considerations” report.
What’s fair game?
The good news is that the list of legal and ethical Web Intelligence sources is quite lengthy. The problem is never that there isn’t enough data – the problem is sorting through the data to extract the relevant information.
Data sources can include content that is hidden behind a paywall, photos, and geospatial information. Publicly available information can include social networks, dating apps, public records, Deep and Dark Web forums, blogs, presentations, messaging apps, etc.
It’s also important to keep in mind that data derived from findings provide only one piece of the security puzzle and should be added to a larger pool of investigative data.
Consolidating Intelligence is Key
Media Sonar integrates the top Web Intelligence tools and data sources into a seamless, single platform that helps security teams automate and accelerate web investigations.
Your team will no longer be required to spend hours going in and out of multiple, incompatible tools and manually compiling results.