Social media is increasingly useful to law enforcement investigations. But it, along with other OSINT sources, comes with inherent risks to access.
Despite the dangers, the web is playing an increasingly important role in conducting thorough and efficient law enforcement investigations, and nowhere is that more true than on social media.
Social media has become one of the most robust sources of information for law enforcement investigators to quickly gain insight on persons of interest and their affiliates. Reports estimate that the total number of social media users is over 4 billion — that’s equal to more than half the global population.
Social media profiles and activity can reveal a pattern of life that often provides a rich context of behaviors and contacts. It can reveal phone numbers, hangout locations, habits and possessions (e.g., cars, phones or clothes). With geolocation, it can even help you identify a subject’s location at a specific time.
But searching social media to support law enforcement investigations carries an elevated risk — on top of the standard risks of accessing the web for OSINT collection and other research.
The “standard” risk of using the web is cyber risk. Anyone clicking a link or navigating to a site could encounter malware that downloads to their device and potentially spreads in their network.
This is why browser isolation is important — particularly in investigations that will likely encounter bad actors or risky content, as in law enforcement investigations — to keep absolute separation between the browsing environment and the device.
Isolated, cloud-based browsers mean web code (and the threats that lie within it) execute in the cloud and not the local device, while the user interacts with a benign video display that looks and behaves just like the normal browsing experience.
But there’s another risk particular to investigators: tipping off investigative targets simply because of how (most) browsers work.
Learn more about the risks to law enforcement investigations and how to counteract them in our white paper >
Traditional browsers like Chrome, Firefox or Safari track users during — and even between — browsing sessions and obtain an array of information about their device, browsing activity and more.
Tracking exists to tailor browsing experiences based on your location, device settings, browsing history, browsing behavior and details of the browser itself. These details are not just collected by the browser, they’re conveyed to the websites you visit; specifically, they include:
And this is where it becomes a problem for investigators.
Separately, these components may be insignificant, but all together they can help websites — and their webmasters — track and identify who you are, who you’re working for and why you’re snooping around.
Your “digital fingerprint” is highly unique. If it sticks out like a sore thumb on the site you’re investigating, the webmaster may perform counter-intelligence, feed you disinformation or retaliate. They could also use it to uncover your true identity and come after you or your organization.
If your investigative target knows who you are, best case scenario: that investigation is compromised. Worst case scenario: it could get personal.
So your standard web browser is built to track you (note: this is still happening even if you’re in private browsing mode). But social media takes tracking to a whole new level. Here’s an example:
Facebook receives “off-Facebook” activity; even while you’re not on Facebook, it can collect information about apps you’re using and sites you’re visiting. That means it’s possible for Facebook to see you have an interest in aviation, you read Denver news, you’ve shopped at Galls.com (a law enforcement supplier), that you have an AT&T FirstNet account, you’re interested in firearms, real estate investing and have been looking at events in the Washington D.C. area.
Take a break and disconnect your off-Facebook activity now >
So even if your profile doesn’t say you work for law enforcement, the details provided to Facebook could make it easy to guess that you do. This can be a problem when it comes to the friend recommendation feature.
When a social media platform suggests a new friend, they look at your location, your mutual friends and searches you've completed. But if you're using your own profile while performing your investigation, the platform may suggest friends based on the person you’ve searched.
And if it’s happening to you, you can bet it's happening to your subject — they see you pop up as a friend recommendation.
You may also be appearing as a friend recommendation to confidential sources, putting them in jeopardy.
Who you are offline is very similar to who you are online — and criminals know this. If the details of your digital fingerprint, including social media activity, point to law enforcement, your investigation could be compromised and you could potentially be at personal risk.
Law enforcement professionals and organizations have valuable data the bad guys can use or sell; as such, they often become targets of cyberattacks.
Also, if you're conducting an investigation, your intelligence and evidence could be the target of attacks or leaks, compromising your case.
Because social media is, well, social, it’s easy to get caught up in the idea of creating false personas (i.e., creating a fake name, fake email address, etc.) in order to search the platform and interact with subjects relevant to your investigation.
That isn’t a best practice, and platforms are cracking down to eliminate such accounts. Instead, there are many tools provided by the social media sites or third-parties in line with platforms’ policies. Explore these options thoroughly before you take any risks that would run you afoul of platform terms and conditions, policies within your organization or the law.
Other OSINT sources — on the surface and dark web — aside from social media also play an important role in law enforcement investigations.
To protect the integrity of your investigation, ensure your personal safety and that of your agency, you need to control the details conveyed about you to websites you research.
This may start with location spoofing. If you think this is as simple as using a VPN, think again.
With a VPN, it’s important to remember:
Other purpose-built solutions offer networks of internet egress nodes across the U.S. and around the globe that can give investigators the desired in-region access without appearing to originate from a VPN-associated IP address.
But it takes more than an internet egress location to thoroughly cloak your identity. In fact, if other details of your “location narrative” don’t match with where you appear to be accessing from, it may raise a red flag to your investigative subject.
To complete the narrative, you need to match numerous other details to your assumed identity. Consider the following:
If you’re running multiple digital fingerprints for researching different sites, you’ll need to ensure your browsing sessions are isolated from one another.
Using an isolated, cloud-based browser can give you a fresh browsing experience in every session, eliminating persistent tracking mechanisms that follow you as you search — even after you close and relaunch the browser. Some such browsers will also allow you to run multiple isolated browsing sessions at the same time, so that you can conduct multiple investigations but not cross-contaminate.
Each time you launch a remote, isolated browser, you start with a clean slate. This means the search terms used, websites visited, browsing patterns, time of use, shopping preferences, etc. won’t contaminate the digital fingerprint you assume to research a particular site or case.
Law enforcement investigators leveraging web research are at a heightened risk because of who they are and who they’re going after. Knowing those risks and how to counteract them is of the utmost importance to ensure a successful investigation and protect those conducting it.
To learn more about how Silo for Research helps law enforcement manage attribution and isolate browsing for investigative research, download our white paper or visit our experience center to explore the solution.