Running Circles On Social Media - Intelligent OSINT

so um basically just introduce the title so I don't have to do that um a little bit about me um yeah I'm a I feel like every other presenter sort of from a company uh I've just finished my computer security degree so yeah right yeah student that it's fun um so in my spare time I reverse engineer malware and firmware and software but I thought I'd do something a little bit exotic for a conference I thought I'd do something a little bit different I don't normally do I've also done some things with bug bounties basically I just like complex problems um unless it's math and then I'm absolutely not there no way um so I

feel like a lot of people think open source intelligence isn't cool a lot of people just see it as something that a nation state does or something that people just do to analyze data that's public and fair enough that is it but you can get some really interesting analysis from public data and actually some really interesting ideas and results from it so I think it's really good to sort of just look into it a little bit more um just quickly um who would do open source intelligence well nation states obviously Financial firms obviously they want to look at current affairs and what people believe in and what they're doing also protest and journalists on the other side also want

to make sure that they evade government OS tools and also want to make sure that their sources are safe from being tracked in somewhat and also businesses that care about the inside of threat basically so could be anyone um so when I looked at open source intelligence so a lot of people looked at user generated content and semantic analysis that was really interesting but one of the major things for me was looking at connections because basically no one really looks into it and also I mean people lie on the internet um every you know it's all about fake news and things like that and so I thought it'd be better to look at something that was more solid about

interactions and what people actually do and also social media nowadays are becoming more and more um unhappy about Mass data surveillance and I know there's ethical questions there but um you know technically I'm just looking at the technical subject but um yeah social media is becoming less and less happy about how much data people are taking from their services so my aim was to make a tool basically or or research more about how we could gather information in some manner without an API key because Recon NG already gathers information so I don't need to do that I want to do it without being authenticated whatsoever um and just grab it from via an internet connection

um I wanted to visualize networks to understand social networks better because you can get so much information by understanding a graph basically um and also I use nothing crazy I just use Python bash and JavaScript to basically have a look and see what's going on um for now I've just focused on Twitter and Instagram because they're the easiest Facebook's a little bit closed off so it's a little bit harder um privacy diff so I did a little bit more research um so with Twitter um they have a mobile EMP point and a desktop endpoint and they actually differ on how much information they give to you so in this I know it looks a little bit weird and

I've sensed it quite a lot um but basically that is um me showing a request of me clicking on followers on the m. twitter.com domain and essentially it's giving you information using their API without you having an API key or an authentication whatsoever you're just using your IP so it's interesting um the headers that are sent that are used for authentication aren't really that hard to replicate and I've sort of highlighted them there I mean that isn't really useful to you but there you go um and essentially um every request where you ask for followers you'll get 20 followers that's how much you get from the request um and you get a limit within the API this is the same if you

register an application 15 requests in 15 minutes so that's every minute essentially um and I just calculated that you could get 10.5 million follower entries without any registration obviously with without the API key you could do this with one IP you could do it with multiple IPS and that would be really interesting um but that was something that I looked at and saw that on a desktop if you try and look at what the person's followers is essentially it just says you need to sign up so it's interesting to see the difference because if you do a little bit of more reconnaissance and understanding what sort of uh platform they're on or different versions of social media they

can actually output information that is is sort of weak to their privacy design and so what I did with social media is I searched for interactions like retweets likes reblogs whatever it is um and I I got that because a lot of that is mostly public and it's able to grab it as well as user generated content but I was looking at connections and so um you know I was looking at that sort of interaction what I did is I went from if someone interacted with a Target that I was looking at and then I went into their profile and then recursively looked at interactions in other people's profiles essentially and I used a certain threshold um to find What I Call

Connection Loops which is essentially from a Target trying to see the connections go all the way round to the original Target so that's that's what it did now on Instagram that's a map of 10,000 connections and one of the targets is right in the middle now the nodes sort of make it a little bit hard to see um but essentially it's quite a weird looking graph if I remove the nodes and add what I done to basically show people being connected so the red lines are essentially um going back to other people more than three connections where they connect to each other um and although that doesn't say they're friends or anything it means that

they're associated in some way and there's a lot of different applications that you can see and also it's interesting to see that some of these actually go right back to the middle from The Edge so we see at the bottom left there's quite a lot at the bottom of that Network although there's only 10,000 connections but at the top right there's virtually nothing going on there so it's quite interesting to have have a look at that and sort of analyze that in some manner um if you zoom in I know it's relatively weird to see um I've not exactly done a great job to to provide but essentially if you zoom in you can see smaller circles within others and I

did a little bit of research outside of information security where essentially someone said that humans can only maintain around 150 human relationships and um you know not close friends you know you probably have like three friends or one friend or something like that but actually being able to maintain a relationship or work in relationships around 150 so what I was thinking was interesting is are you able to actually um derive these sort of connections from people or or relationships from social media um from interactions without being authenticated and are we able to predict future connections towards people by their actual uh interactions and who they who they like um so what I found also I did a little bit of uh recent

analysis where um I took a account that was abusing the # Manchester attack and essentially looked at what these people would doing and the network that would done in social media so um I wanted to see that well eventually I found out that circles can eventually or connection Loops can eventually identify active users and what I found is I researched the Pito principle which shows the vital fuse so the 20% do the most work where they sort of are very active and bring in information and there's 80% that just listen or just look at it or retweet it or whatever and it was quite I I saw that from the actual connections that I got and I also

saw that as little as three connections so you know someone interacts with someone else someone interacts with someone else um that you get such a view as anti-islam or something that is quite extremist in nowadays content um and what I find also is that you can also look at information flow how actually people when they have an interaction how they can actually receive the information so a retweet and then a like or something like that you can understand how they actually got to that original information um and also sometimes social media is a network of silos so there's the fil um the theory of a filter bubble where people just look at things that they want to see essentially and um that

that came across as quite obvious as well through what I saw on my research as well and what I did is I cwed every day so I I got uh I put it all into a database essentially and I crawled and then left it so if I kept doing that every day you could actually compare the results as well and look at the differences and see what sort of different ways people flowed information um so who cares about that well I've talked about a few things about the applications and what I'm doing there but there's a few things that I also want to point out that could be interesting we can use multiple networks so what I've crawled to map a private

account's contacts so this is on Instagram only so someone can set a account as private but you can also if they interact with someone who's got a public profile and you can map that public person's profile then essentially you can have a look at trying to identify them as a person what they like from other people's public profiles and what their interactions are uh we can understand information flow better I've talked about that I've censored some of these because uh some of these are public and some of them aren't um but essentially um likes on Twitter U they've implemented that now on Twitter so how that information gets received to someone um Twitter has an algorithm

which essentially shows you at certain points I want to know essentially from the research I do how often that is uh retrieve removed users contacts which is essentially the same except from you've got um you know other people's networks and essentially you're associated with you get removed you look at that Network that's still there um fake news malware spam Intel understanding the victims and what they're doing there and finally um I talked about intelligent open source intelligence which isn't the best title um but basically I'm saying here foundation for user generated content semantic analysis that's an awful sentence um but basically what I'm saying is concentrating on uh once you've got a connection Loop or uh a

circle as I say um concentrating on the people that are in there so if we look at a picture there on I sort the way back is it so these are in red these are part of the connection Loop um concentrating and looking at their user generated content instead of blindly just looking at uh everyone's content which could be you know not very good or they're lying of some sort so um thanks for listening to me talk very fast I apologize uh I 15 minutes didn't seem a lot uh if you've got any questions that's fine all good uh if you haven't I'll just walk off the stage and we'll we'll end it here