Social Media, DarkNet, and Open Sources Exploration: An Interview with Social Links Co-Founder and CEO, Andrey Kulikov
Social Links co-founder and CEO Andrey Kulikov, courtesy of Social Links
While much of the work done on social media is done in a public place, it is important to know that there is a DarkNet (or dark web) that people engage in. It's probably not an opportunity for a brand or marketer, but it is important to be educated in any profession.
This interview with Andrey Kulikov, co-founder and CEO of Social Links, takes a deeper look at DarkNet and what companies need to know.
Photo by Caspar Camille Rubin on Unsplash
What is the difference between information shared on social media, DarkNet (or the dark web), and "open source"?
There is actually no difference in a broad sense. All information available on the Internet without special access rights is considered open data. The difference lies in the mechanisms used to gain access to such information. Most open data do not require special skills or rights to access them. As with government registers. In order to obtain certain information about a social network account, it is sometimes necessary to simply know how to properly make a request to the source to get the information you want. When it comes to closed forums and DarkNet marketplaces, 99% of the time it is necessary to have accounts in these sources to get access to relevant information. The EULA (End-User_License_Agreement) must also be taken into account for these sources. For obvious reasons there is no EULA for the DarkNet. Social networks largely prohibit the automatic collection of data about their users, as does Facebook. With open source, however, there may be different conditions for the use of information.
Should companies monitor all three areas for opportunities and protection?
Most certainly. Social media is crucial for monitoring brand protection and brand development. The DarkNet is a place where an attack on a company can be planned or stolen company data leaks can be sold. In this case, it is extremely important to immediately recognize such an incident and react to it. In most cases, social networks are the first vector of attack on corporate infrastructures. It is therefore very important to monitor them and to be able to investigate an incident that has already occurred, be it a brand attack or a regular cyber attack. It is a matter of protection.
When we talk about the opportunities that OSINT offers for companies, it is important to remember that 90% of the information required for a decision is publicly available and only 10% can be related to knowledge. It is extremely important to have both the people and the technology needed to extract and analyze information that companies and their people publish about themselves. Let me give you an example. In 1958, the Soviet magazine Ogonyok published on its cover a photo of workers in white coats against the background of a poster with a map of the Urals. This seemingly harmless photo gave CIA analysts the ability to calculate the number of Soviet uranium enrichment plants and their capacities. After the collapse of the USSR, the data on these facilities was released and it turned out that the error rate in the analytical conclusions derived at that time was only 10%. Only one photo from a magazine revealed the top secret strategic data of an entire state with an error rate of only 10%. What type of photos does your company publish? And what about your employees? What are you posting? How can your competitors use this information?
If you had to give brands four tips to make sure they do it effectively, what would you tell them?
- Stop underestimating the importance of open data.
- Conduct and remediate vulnerabilities in vulnerabilities in open data sources.
- Use open data when developing strategies.
- Remember to create your own OSINT unit.
Not every scenario of misconduct on the Internet requires law enforcement. How can brands best prepare for negative social media situations?
The possibility of a negative scenario in the social media area is just as much a risk for the company as for everyone else. The main advice is to include such risks in the overall risk management process:
- 1. Identify these risks.
- 2. Assess their impact on the company's critical indicators
- 3. Monitor.
- 4. Refresh.
What are the top issues that companies should be aware of in every area right now?
First of all, you should consider the activities related to your brand in social networks and the presence of corporate data leaks in DarkNet. It is also important to check employees' accounts on social networks for potential information leaks and to do a background check when hiring. I would also like to point out the inclusion of open data in the company's risk management processes.
What kind of budget should SMEs and medium-sized companies provide for monitoring? Do you need internal support or a third party to help?
When it comes to assigning OSINT specialists, the security and risk department is the first place you think of. However, OSINT can solve a much wider range of tasks for marketing, strategy, sales and others. It is very important to train each of these departments to work with information from open sources. It is not necessary to create a separate OSINT subdivision and to buy expensive software at the beginning. You can outsource these services and introduce the position of an OSINT manager in your company who coordinates the work of the contractors for other departments.
How easy or difficult is it to stay anonymous on social media compared to DarkNet (or the dark web)?
I would forget the word "anonymity" in modern realities, especially when it comes to social media. The deanonymization of a user depends on the resources that you are ready for the company. With social networks, this is not a big deal as you only need the skills and set of tools. In the case of DarkNet, the situation is much more complicated and it is extremely difficult to do the same only with open sources of information. Basically, you can only hope that the users themselves made some mistakes that they can get involved with. An example is that of the administrator of the Alphabet Marketplace. However, such mistakes are not uncommon.
Are there mainstream examples of companies having the edge after effectively monitoring their brand through social networks?
All successful companies use open data for their own purposes. Since many of them are our customers, I cannot disclose specific cases or names.
Is OSINT coding or other expertise required to access public information? What about the dark net?
Not really. Remember the case about the Soviet magazine. No special skills were required to access this information. However, you need experience to understand that you have some really valuable information in front of you. Nowadays, all you have to do is know how to use the Internet at the normal user level to gain access to open data. Identifying the information required is a different matter as there is plenty of it. However, if you are a professional in this area, your skills will play in your favor. That's why we reduce the time it takes to collect information by 40% for social links. And thanks to our algorithms, we show users the data that is most relevant to their tasks, lowering the threshold for the skill level required in the field. Our goal is to make using open data as easy as using Google
We have read about companies like Palantir in the US that have access to "secret information". Is that what social links do in the European market?
Yes. Social Links provides access to its algorithms and open data and offers the possibility to integrate them into the customer's private data, to which we do not have access in order to achieve the best possible results. The main difference between social links and Palantir is that SL is a private company. We provide an independent tool for a wide range of companies and government organizations, but we don't tell them how to work and what data to use. In our case, there are no data protection restrictions, since only our customers own this data and have access to it.
What should a company or company do if they suspect they are exposed to cyber or social media cyberattacks?
Security technology includes all types of firewalls and routers that offer network security. However, these are projects that need to be implemented and companies may be too late for them.
If there is no SOC department in the company, you can contact professional companies to monitor social media and DarkNet for abnormal activity. Every company should have an action plan for such cases. If there is no plan, but you are suspected of being attacked, there is an urgent need to contact professionals to help investigate and contain the incident. You can also inform all of your employees to reduce their social media activity and never respond to messages from strangers or suspicious content from people they know. This can mean that the latter have been hacked, as happened recently on Twitter. Elon Musk asked for the transfer of 1K to his wallet and promised to return 2K. And he got 118,000 in the first few hours. This is a heavy blow to Elon Musk's reputation. However, such an event can be fatal for small businesses.
The control and monitoring of company mail and incoming letters is a separate task that has to be implemented. Strictly prohibit your employees from logging in via company mail, visiting Internet resources from company computers, etc. Split the intranet into open and closed sectors. If there is an information war going on, all means are good.