What is meant by the notions of OSINT and OPSEC?
The rapid development of social media platforms in tandem with the desire of organisations and individuals to communicate openly in the digital sphere of cognitive and social interaction has created a starting point for the emergence of open source research methods. OSINT, or open source intelligence, is one of the major current trends in the fields of military, security, policy-making, and trade research to increase knowledge and awareness through the utilisation of search engines, social media, and media content services. Since the breakthrough investigations conducted by the open-source research team Bellingcat, open source investigation methods have dramatically increased their value to enhance the validity of information or to support various forms of decision-making.
However, as a result of the mentality of openness, transparency, and communicative peer-to-peer interaction in the cyber domain, the risks and vulnerabilities against individuals and organisations have increased to an even level with the benefits and possibilities. Internet in its low-regulated form is a suitable sphere for hostile actors seeking either pure self-interest or benefit for higher level operators such as state-actors, extremist organisations, or criminal networks. Therefore, due to the newly-developed threat factors, the importance of operational security, OPSEC, is highly valued.
In the field of OSINT, the aforementioned risk factors stemming from the structural weaknesses of the cyber domain are especially high as the nature of intelligence work is mainly covert action to gather awareness or knowledge with the cost of the opposite target. The information leading to the exposure of the researcher or intelligence operator might constitute only from singular words, clicks, settings, hardware and software feature, or physical-domain mistake (leaving password visible in a public place, for instance). Hence, the measures to cover and secure information and data gathering are essential for the security of the organisation and individual conducting open-source research and social media harvesting.
Twitter and Tweetdeck
In regard of social media, Twitter has solidified its status as a leading microblog domain where people share their ideas, thoughts, knowledge, and skills by either retwteeting or liking the content provided by the users of the service. Hence, it would be hard to argue against the fact that Twitter constitutes a notable part of the field of SOCMINT, or social media intelligence, that goes under the definition of open source research.
While there are many tools available to gather and analyse information either directly through Twitter or by utilising Twitter API third-party solutions, Tweetdeck has solidified its status as the leading multi-feed domain for Twitter microblog platform. Created by Twitter developers, Tweetdeck allows users to create and manipulate a number of custom-tailored feeds for the need of individual or organisational user. These aforementioned feeds can include Messages, primary home feed, customised searches, and even scripts.
Therefore, unsurprisingly, the Tweetdeck has found its basis among the community of OSINT-researches. Due to the aforementioned benefits and features, OSINT-analysts and investigators can create complex feeds to maximise their work-efficiency as well as having the possibility to target their field of research by limiting the feeds with so called search operators.
Secondly, Twitter has solidified its status as the domain of experts and professionals sharing their thoughts, analyses, intellectual work, and collected data. There, it is possible to effectively come across with pre-analysed data, information, and knowledge without the need to “reinvent the wheel” or to adjust analytical foundations.
The problem in question
In terms of the connection between OPSEC and Tweetdeck, the following questions are raised:
Secure monitoring. How to ensure the continuity of the research work by staying under the level of observation without providing hints, clues, and leaks for the target-of-interest?
Access to information. How to access all the possible information available in Twitter without revealing sensitive information about the operator?
Accessibility. How to create a solution that reduces the workload without compromising from security?
Legality. How can the monitoring solutions meet the requirements of legal framework without reducing the efficiency of the research?
To simplify the problem, the core of the aforementioned issues is the question of how to maximise the benefits of the analytic work through individual account and without having a secondary pseudonym account. While in general secondary accounts are used in the research work to conceal both the identity and traces of work, there are certain disadvantages of this practise.
First, pseudonym accounts increase the workload in terms of research and analysis due to the increased need for hardware, sharing, and changing between the account A to Account B. Second, pseudonym accounts rarely get access to Private accounts due to the fear of trolling or troubled behaviour. Lastly, in terms of law enforcement and defence, conducting observation behind a pseudonym may be regarded as covert action and hence obstructing the ways of effective concealment.
Applying OPSEC to Tweetdeck
To begin with secure monitoring, there are certain loops that may compromise the operational security of the OSINT operator in terms of lists and follow-ups. Lists are an integrated Twitter-feature that allow users to create comprehensive entities of interesting users. While these lists can be either Private or Public, they are still shown in the Twitter profile’s sub-section of lists.
There problem of this is that it provides information about your account already in terms of activity and, in worst cases, the type of activity. Secondly, adding a person to list gives a notification for the person of interest about the action of being added on a list. Hence, even if you would be using a list in Tweetdeck to focus on the field of interest, the Twitter-platform reveals the existence of the table.
The second problem concerns the actual following of the target-of-interest. By pressing the Follow-button, the user not only notifies the target-of-interest of being monitored, but it also will be impossible to conceal the Following-list without creating a private account. Private accounts are limited in terms of retweet and visibility of the posts hence making it impossible to expand influence or to gain any significant public attention for the personal intellectual work. Hence, the only solution for this would be a pseudonym account to allow the continuity of the research.
Instead, the solution to increase OPSEC is to utilise Tweetdeck search-operators. Operators are parts of computer language, scripts, that control the outcome of the feed. There are a number of quality tutorials available by Twitter and third-party providers to increase skills and knowledge in terms of search operators. At the present, the following premade simple script allows Tweetdeck-users to monitor users without the possibility of being notified.
Tweetdeck -> Search -> (from:@andreasturunen OR from:@fronesisanalytica) include:nativeretweets
This will provide the Twitter-posts of the author of this text and the publishing platform including their retweets. The feed will provide constants updates from aforementioned users and, most beneficially, under the level of observation. The script is hardly countable as covert action and it provides access to private Twitter-users when necessary by simply adding more from:@user in row. What is notable is that the script allows the follow-up of the targeted accounts without pressing the follow-button or adding on any lists.
Easy fix with a plethora of opportunities
The provided introduction guide to more operationally secure Twitter-analytics allows individual users to maximise their research efficiency by eliminating the need for pseudonym accounts. In addition to aforementioned tweaks, Tweetdeck provides an extensive catalogue of features to upgrade the normal-level social media analytical work towards more advanced visual way of data, information, and knowledge processing. As processed information counts towards physical and intellectual value, the ways to secure the collection of these valuable attributes are distinguished in organisations, companies, and public agencies.