OSINT: Where were you when the Facebookalypse struck?

By Eoghan Sweeney, June 12, 2019

The journalists and academics attending the three-day workshop were pleased. Among the tools and techniques we’d gone through were third-party services designed to facilitate collection of information from Facebook. Nothing that wasn’t publicly available, mind you — these came into being largely to provide the useful search functions Facebook lacked.

The dominant sentiment among the attendees was that learning about these would help them look into disinformation networks, and perhaps also hold public figures to account for their utterances on social media. The tools and techniques had been in common use for a couple of years; just days after being introduced to them for the first time, and reacting with considerable enthusiasm, this group had front-row seats to witness their demise.

The morning after the workshop ended, I was on my way to the airport when I noticed a Twitter direct message. It was a member of a previous workshop, who was concerned that a couple of the tried-and-tested techniques for Facebook weren’t working.

I spent much of the next 30-odd hours in transit, occasionally getting brief spells online to watch as consternation mounted in the OSINT community.

• OSINT, if you are not already aware, stands for Open Source Intelligence; there are some disagreements as to what it encompasses but, in essence, it is the gathering of information that is publicly available — thus, “open” — generally as part of an investigation of some type.

The snippets of information I was grabbing between check-in counters, security screenings and boarding gates suggested a problem spread across multiple services. What brought it into stark life was an ominous message appearing on one of the most popular OSINT-related websites:

I created OSINT Essentials largely as a repository of links to support training workshops I hold. The links, and brief explanations, are also available for anyone who wants to dip a toe in online investigation but doesn’t have the time, or confidence, to learn to code, or the resources to access pricey out-of-the-box solutions.

IntelTechniques, the brainchild of investigator Michael Bazzell, was among the most popular of these. Bazzell runs a business providing both online and in-person training, but provided a comprehensive set of free tools that could be used by pretty much anyone.

Those tools are, for now, unavailable to the public. Bazzell expanded on what happened, and where things could possibly go from here, in a podcast episode that’s well worth a listen.

It was soon clear, however, that IntelTechniques was not alone. One of the best-known figures in the OSINT community was also noticing something was amiss:

Inti De Ceukelaire, the creator of Stalkscan, which allowed you to rummage through a Facebook user’s likes, tags and other information, also announced that his site had stopped working.

It became clear that Facebook had made changes that amounted to the end of its Graph Search function in any recognisable form. Curiously, however, Facebook had given little indication that such a move was in the pipeline. As of the time of writing, the company’s online Newsroom had published no comment.

The loss of the ability to perform any kind of a worthwhile targeted search on Facebook is, of course, a mixed blessing. In one way, it’s easy to see this as a good thing. De Ceukelaire, to be fair, had always presented Stalkscan — which could only find information to which the account holder had not restricted access — as a project designed to draw attention to how easy it was to dig up all kinds of information on Facebook users, and embarrass the company into addressing this. In his reaction to the latest development, he was consistent:

Others, however, pointed out that the changes were a huge blow to legitimate investigative efforts. The founder of Bellingcat was — understandably, given the independent investigative group’s endeavours — concerned:

Higgins’ colleague Nick Waters, described it as “a huge blow to civil society,” while the BBC’s point person on digital investigations left no doubt as to what he felt was at stake:

These are legitimate and important points. My own introduction to using Facebook as an investigative environment came as part of a small team at a fledgling journalistic outfit called Storyful — which has since gone on to bigger things. Many of our formative experiences took place during what came to be known as the “Arab Spring”. In Syria, in particular, it became clear early on that conditions made it practically impossible for traditional media to report. On the opposition side, this vacuum was quickly filled by Local Coordinating Committees, which moved the majority of their information and eyewitness reports through Facebook pages. Regardless of your opinions, the LCCs were obviously an interested party, and the information thus had to be extremely carefully scrutinised.

This, naturally, couldn’t be done if you didn’t have that information in the first place, and then as much in the way of corroborating or contradictory but related information as you could dig out. Those operating the LCCs’ Facebook accounts, and others reporting from the ground, were generally not SEO experts or hotshot online marketers. Winkling out the details generally fell to journalists and others making targeted — and often creative — searches. It’s no exaggeration to say that huge amounts of information on Syria and other trouble spots worldwide would never have come to light if the ability to search Facebook were drastically curtailed — as it now will be.

Tom Trewinnard of Meedan has written a thoughtful post on the ethical dimension of Graph Search existing in the first place. It concludes with the observation that:

Facebook just made our lives a bit harder, but they also made it a little bit harder for fascists, authoritarian regimes, organized criminals, <insert undesirable group here>, to surveil and target vulnerable citizens.

I agree that this is a good thing, but would add that Facebook has also made it a lot easier for such groups to operate in the dark. The lack of search functionality will make life far more difficult for those who were tracking them, and Facebook has been far from convincing in its efforts to police all kinds of unpleasant content and behaviour.

Furthermore, it has to be observed that while Facebook is intent on putting the kibosh on random members of the public digging up information on its members, that does not amount to making such information “private”. Personal information is the currency Facebook spends, the air it breathes. It’s available — for a price. And if you’re confident and comfortable that having been purchased, it will always be used ethically and fairly… well then I have a bridge to sell you.

I don’t want to conclude on a note of doom and pessimism. Investigators and journalists are used to facing setbacks — finding solutions comes with the territory. OSINT Essentials is, at its heart, a toolbox. I always tell trainees knowledge, creativity and determination will take them farther than any automated solution. Bazzell, of IntelTechniques (notice it isn’t called “IntelTools”), put it simply, having published much of his expertise in the form of a book (remember them?):

“If you have the book, you have all the techniques. You have the manual techniques, you have the methodology. That beats out tools any day[… ] If you are doing online investigations and you are relying on a tool, that’s a bad sign
[… ] The ways we use our minds to find all this information will always defeat some simple online tool.”

Your brain will always be the best tool you’ve got.Use it.

• The author can be contacted by email at eoghan@osintessentials.com, by Twitter direct message (open) at @OSINTessentials, or via the contact form on the OSINT Essentials website.