Alternative Social Media: What It Means for Threat Intelligence Gathering
Why the rise in alternative social media platforms with less moderation and greater anonymity calls for a more proactive approach to threat monitoring.
Early versions of social media platforms began emerging in the late 90s and early 2000s with the intended purpose of connecting users with others based on shared interests, affiliations, or geographic proximity. Over time, the purposes and uses of social media have evolved significantly, encompassing a wide range of activities, and today these platforms serve as multifaceted communication tools that facilitate various forms of interaction and engagement among users, businesses, organizations, and communities.
The Rise of Alternative Social Platforms Among Threat Actors
For many, social media has been a way to have an outlet to comfortably share their thoughts, in some cases, anonymously, and attempt to join in the conversation as maybe they wouldn’t have face-to-face. While more mainstream platforms like Facebook, X, and LinkedIn remain significant hubs for communication and networking, a growing number of smaller, alternative social media platforms have emerged over the last decade.
These platforms promote themselves as more niche communities with a promise of free speech. Although interactions experienced by many on these sites are friendly, less stringent content moderation policies make them attractive to threat actors looking to operate under the radar. Some platforms like Telegram and 4chan even provide end-to-end encryption and anonymity, making them ideal channels for planning and executing nefarious activities away from the scrutiny of law enforcement and platform moderators.
For corporate security teams and intelligence analysts, understanding the dynamics of this shift is crucial. To bolster security measures and safeguard organizational assets, alternative social media sites offer security teams a valuable source of information for a widened scope of threat intelligence gathering, protecting brand reputations, and proactive incident response.
Threat Intelligence Gathering
Alternative social sites often serve as an outlet for extremist ideologies, recruitment efforts, and coordination of criminal endeavors. Those who look to engage in this type of nefarious behavior have often been kicked off of mainstream social media sites and move to use these sites as a means to feel empowered and get a reaction or action from those who will listen. Anger and emotion create momentum, and as history has shown, this can result in targeted threats being acted out in the real world at political rallies, public events, business locations, or other places, all over the globe.
Proactively monitoring these platforms alongside other open sources can provide security teams a wider scope to monitor for emerging threats and identify potential risks to individuals, businesses, or other assets they protect.
Protecting Brand Integrity
Misinformation campaigns, coordinated smear tactics, and the proliferation of counterfeit products can wreak havoc on a company’s image, erode consumer trust, and result in tangible financial losses. We’ve seen a few headlines as recent as the last few years of companies being targeted with unfounded conspiracies related to human trafficking or vaccine tampering that have resulted in real-world impacts on businesses and people.
Whether it’s identifying fake accounts spreading false information or tracking down unauthorized sellers peddling counterfeit goods, security teams can detect and mitigate brand-related threats helping to safeguard a company’s brand integrity and maintain consumer confidence.
Coordinated Incident Response
Alternative social media platforms can serve as early warning systems, providing security teams with real-time insights into unfolding incidents or malicious activities — such as organized protests, targeted plans to disrupt business operations, or imminent threats to locations or people. In the weeks leading up to the capitol riots on January 6th, alternative social sites were the first sites where conversations coordinating the attacks began.
For the capitol riots and other incidents that have occurred, it’s been found that bad actors have openly shared detailed plans, coordinated logistics, and incited others to join the effort. Alternative social sites quickly become hotbeds for discussions and planning among various groups. With visibility to these platforms, security teams can facilitate rapid decision-making, and orchestrate effective response efforts to mitigate the impact of security incidents on the organization.
Partnering with Trusted Technology Providers
Now that we’ve discussed what to look for, how do you stay on top of it all? Our team recently sat down with the CEO of Pyrra, a threat intelligence company that scans unmoderated social media with artificial intelligence. He spoke about one of the big challenges he sees for security teams is keeping up with the speed at which information can be spread on alt-social sites.
The speed with which these challenges can become out of hand [is a concern]. All it takes is one user on one of these platforms — it may then migrate out to other platforms. All of a sudden, [security is] being asked about something, but you have to be on these sites proactively to see the early indicators and be aware of what the chatter is. – Dr. Welton Chang, CEO, Pyrra
Leveraging modern solutions, and collaborating with trusted partners like Ontic, security teams can monitor these data sources in a scalable way, mitigate security risks, and safeguard their organization’s assets and interests. Ontic’s Fringe Social Listening product provides teams with a tool to search and monitor over 25 alternative social media platforms with targeted keywords and queries to quickly identify critical signals and view actionable insights alongside other connected risk intelligence for more accurate situational awareness.