Yesterday I posted to the IACA list a link to Kurrently, a real-time search engine for Facebook and Twitter, and I was really surprised at the number of people who emailed me off-list saying that they’d been looking for something like this for a long time.
This makes me realize that it’s time we listed some resources on search for law enforcement types, and specifically, some tips and tricks and resources for cops and analysts looking to search social media sites.
This is by no means an exhaustive list – in fact we’re barely scratching the surface.
Hacking The Google
First of all, the best guy in the world for a lot of this stuff is a hacker named Johnny Long, who runs Hackers for Charity.
In 2005 Long made a presentation at Black Hat in which he spelled out much of the absolutely fundamental things that anyone needs to know about searching with Google in a smart way.
If you’re not familiar with his work, you are not as good as you could be. So go download his 2005 Black Hat Presentation, Google Hacking for Penetration Testers – Using Google as a Security Testing Tool.
Right there on page five is his Advanced Operators at a Glance chart which will save your bacon and send bad guys running into the prison gates. Just understanding the difference between site, inurl, filetype, intext and numrange will make you 70% more effective and 30% more attractive to the opposite sex.
Add to this special search character operators (like | and * ) and you’re a Google Fu Master.
Now that you realize how good that is, go ahead and buy Johnny’s book of the same title.
By the way, with the launch of The Google+ Project, a new social media site that (in the words of xkcd) is Not Facebook but is Like Facebook, we can expect to see some powerful search tools from Google to find out what people are saying, where they’re saying it and beaucoup metadata about how they’re saying it. Stay tuned for that.
The Selby-Olson Principle states that, if your fugitive or suspect is under age 30 and has an IQ of higher than 95, chances are that in the next 24 hours he’s going to tell you on Facebook where he is.
The basic Facebook search bar is deceptively simple-looking, because in fact it is a powerful tool for law enforcement. Without any special access or tools you can search, free, all conversations on Facebook – even those among people with whom you are not friends.
This requires some screen-shots.
Let’s say that you’re looking for people talking about a bar called Fat Daddy’s. I don’t know why I picked on that, but I did. Go to Facebook.com and log in.
You’ll see the Search box at the top of the screen, just to the right of the Facebook logo. Type in Fat Daddy’s. As you type, a bunch of stuff may pre-populate. Ignore it. At the bottom of any pre-populated lists, you will see the words, “See More Results For Fat Daddy’s…”. Click on that.
On the page that results, there are lots of search results for Fat Daddy’s, but we’re more interested in the links to the left of the main content. Second from the bottom, we see “Posts By Everyone”. Click on that.
The resultant page is a real time list of conversations including the search term. Note that because you’ve used no operators or special characters your search will include (at this point, using this example) posts with the word, “Fat”, and the word “Daddy’s” and the phrase “Fat Daddy’s”.
It will also show you things like “fat daddys” and other near-soundex type results. Adding double quotes around the phrase will limit to just the phrase; suddenly, if you were, say, looking for a guy named Louie who frequents the Fat Daddy’s in Fort Worth, you might see him discussing his impending visit tonight – regardless of whether you are friends with Louie.
Too much hassle? Go to openstatussearch.com and type your string into their search box. They search public timeline posts without the need to log into Facebook. It may not be as fruitful, but if it’s a hit, it’s a good, easy hit.
Similarly, Twitter’s search capabilities are fairly robust as well, but similarly non-intuitive. To find whether someone is on Twitter, head to the Twitter Who To Follow page (this works if you’re logged out. If you’re logged in, look for “Who To Follow”). Now type in a name. Say, “Nick Selby”
Now if you wanted to find out what I said about, say, “ShotSpotter” or “co-dependent” or “car talk”, you could get results:
There are a few things worth noting. First, the same operators and search syntax apply from Google to Twitter to in fact most good search engines; Boolean syntax is pretty universal, so if, instead of going to the advanced Twitter Search you had gone to the regular search box and typed
"ShotSpotter" OR "co-dependent" OR "car talk" from:nselby
you would have had the same results.
Second, note some of the options you have in the advanced search box:
Of course we see from, or to, or referencing (which are all interesting) and places (which offers some insight into the geo-locational capabilities of the platform, also very interesting). But note too and note well the capabilities of “Positive Attitude”, “Negative attitude” and “Asking a question”. These are of particular interest if only because they hint towards an ability to, at some point in the future, search around intent.
I’m also interested in the ability to search based on language of the Tweet.
Social Media Search Engines
As I mentioned, Kurrently offers the ability to search both Facebook and Twitter in real time,and I mentioned it yesterday because it was new. However do not forsake Who’s Talkin, which I highly recommend because it searches 60 social media gateways. Yes, 60. It also offers an easy-to-use API, making it possible to include results of the search right in your intelligence console (if you’ve got one).
Sixty? Are there even 60? Why, yes – have a look at the list of selections available to search with the excellent tool socialmention:
ask, backtype, bbc, bebo, bing, bleeper, blinkx, blip, blogcatalog, blogdigger, bloggy, bloglines, blogmarks, blogpulse, boardreader, boardtracker, break, clipmarks, clipta, cocomment, dailymotion, delicious, deviantart, digg, diigo, facebook, faves, flickr, fotki, friendfeed, friendster, google, blog, google, buzz, google, news, google, video, highfive, identica, iterend, jumptags, kvitre, lareta, linkedin, metacafe, msn, social, msn, video, mybloglog, myspace, myspace, blog, myspace, photo, myspace, video, netvibes, newsvine, ning, omgili, panoramio, photobucket, picasaweb, pixsy, plurk, prweb, reddit, samepoint, slideshare, smugmug, spnbabble, stumbleupon, techmeme, tweetphoto, twine, twitarmy, twitpic, twitter, twitxr, webshots, wikio, wordpress, yahoo, yahoo, news, youare, youtube, zooomr
That’s 91, in case you’re counting.
If you’re investigating or looking into hacker groups which are leaking police or government documents and want to monitor pastebin.com, a new service called PasteLert allows you to set up Google-type alerts so that when your search string appears on a pastebin, you get an email.
Drop us a line and let us know if this was helpful, if you have more to offer, or anything else.