In Part 1 I discussed how Facebook's vast mountain of data could be analyzed to provide the CIA and other law enforcement/intelligence agencies with accurate, real-time data on trends regarding potential threats and populations of interest.
To expand on this possibility, recent "hacktivism" events like those associated with the Lulzsec, Anonymous, and AntiSec movements (largely responsible for a collaborative DDoS attack on the CIA's homepage and other websites) represent another demographic that could be analyzed en masse for identification of future cyberspace threats.
NOTE: The information in this post should not be viewed as biased in favor of any involved parties.
However, as with any information and insight, the following post may be useful to all involved parties including:
...and so many more
Without a doubt, utilizing predictive analytics software like that provided by In-Q-Tel funded Recorded Future would be considerably useful in monitoring trends specific to hacktivist groups and the "Anonymous" collective.
As mentioned in Part 1, identifying and categorizing Facebook users by their political and religious beliefs is not particularity difficult considering that such information is often explicitly provided via Facebook's "religious views" and "political views" information boxes.
Alternatively, identifying users associated with and sympathetic to hacktivist movements and various internet subcultures requires more complicated identification and categorization methods with respect to Facebook data.
First, it is crucial to recognize that individuals within these various demographics widely embrace the idea of anonymity on the internet.
Additionally, key members and even non-participant sympathizers may be well versed in the use of proxies and other technologies that make user identification difficult. While these realities are fraught with various difficulties for intelligence and law enforcement agencies, they do not suggest that group analysis via predictive analytics is impossible.
Without a doubt, Facebook data could be considerably useful in analyzing collective trends related to hacker groups and the internet collective known as "Anonymous."
However, identification and categorization methods would largely depend on a more complex analysis of profile content and user behavior than analysis specific to political or religious beliefs.
Such an analysis would include:
1) "Likes" specifically related to hacking, hacktivism, and various internet subcultures.
To give you a sense of the numbers, a Facebook search for related terms like "lulz" or even "Anonymous" will bring up relevant Facebook pages:
"Anonymous" (listed a public figure) has 131,875 page "likes" while other pages exist that are not relevant.
Additionally, other pages register as "hits" but may be unique and interconnected to other relevant issues (i.e. "Anonymous" group with the WikiLeaks logo and 2,763 page "likes")
2) Posted links on one's wall, friend's walls, and "Like" pages.
Such links would of course be specific to news articles, message boards, imageboards, imageboard archives, pictures, webcomics, internet "memes," and countless other web content specific to hacking and relevant internet subcultures.
3) Text analysis of user posts in reference to all things included in #2 in addition to identification of relevant web lingo, phrases, and "meme" references.
4) Identification and analysis of fake, pseudonym, duplicate, alias, and "troll" profiles.
While such an analysis would be considerably useful, 1-4 each present inherent challenges.
For 1-3, there could be relative uncertainty in identifying which users are most relevant to possible cyber threats.
Without a doubt, much of what is contained in 1-3 is exhibited in the general population, as many users post links, use phrases, and display content that would register them as a possible "hit."
A database of said users would essentially be a vast collection of simple observers, active participants, inactive participants, sympathizers, non-sympathizers, and even individuals of non-interest that are simply exposed to and affected by what is largely the current state of Internet culture.
Despite the diverse and vast nature of such a database, predictive analytics specific to all that is contained in 1-3 could nonetheless yield significant insight into the evolution of Internet culture and may even identify emerging cyber threats.
Most important, however, would be #4.
Fake, anonymous, pseudonym, alias, and "troll" profiles present a unique challenge in terms of analysis and identification of possible cyber threats.
First, it is not out of the question for a Facebook account of this nature to be used by multiple people. This of course would require IP address analysis and other identification methods.
Additionally, while fake profiles are sometimes blatantly obvious, a "troll" profile does not necessarily have to be a fake or anonymous profile. Many individuals engage in "trolling," "flaming," and other forms of online behavior using their legal name and true identity.
Elias Aboujaoude, a doctor at Stanford University’s school of medicine, has elaborated on this trend. Aboujaoude argues that online behavior creates "e-personalities" that can change an individual's real-life personality.
Visit Dr. Aboujaoude's website for more information
Aboujaoude states: "Our e-personalities are an uninhibited version of who we are, a collection of personality traits that make us more child-like, impulsive, darker and narcissistic..."
Aboujaoude continues, arguing that "We are anonymous, so it’s so easy to think that what we say has no consequences."
For purposes of predictive analytics, it would be crucial to utilize Facebook's database of "report abuse" notifications and data specific to the monitoring of abusive behavior on Facebook.
Additionally, user data specific to instances where Facebook has taken proactive action by shutting down and removing pages with a high level of abusive behavior would be useful.
Aside from Facebook specific issues, it would also be interesting to consider how Recorded Future and predictive analytic software can be used to go "directly to the source" and analyze imageboards, forums, message boards, and other websites specific to hacking activities and the "Anonymous" collective.
However, when considering the technical nature of imageboards alone (which would be the most useful for law enforcement/intelligence agencies) you begin to deal with massive amounts of data and content that may be irrelevant, questionable, vauge, memetically repetitive, and in some cases illegal.
Such a task would be a true test for Recorded Future's temporal analytics engine.
In essence, the task would be like searching for needles in a haystack and then somehow compiling, organizing, and correlating the needles to find relevant information and "predict the curve." However, this haystack isn't your typical haystack. The haystack continually expands and changes by the second with hay being constantly moved, removed, and altered along with the needles in it.
Mind you, that is probably a very poor metaphor and an understatement when considering the notorious but scarcely discussed Dark Internet
They call the Internet "cyberspace" for a reason.
Trying to put a metaphor behind the dynamics of it all might be best described by someone well versed in the Big Bang Theory or the Nebulae Hypotheses.
In sum, such an analysis is too much to consider for this post alone but is indisputably worthy of consideration for the CIA and internet security companies like HBGary who have suffered cyber attacks by Lulzsec, InfoSec, and "Anonymous."
Furthermore, if arrests are issued for participants in online attacks then non-hackers sympathetic to and active hackers operating within hacker cells and the "Anonymous" collective may adapt their strategies with respect to these possibilities.
So that's that.
As promised in Part 1, Part 2 will discuss how Facebook can go "toe-to-toe" with LinkedIn along with additional analysis on Facebook's more imminent competitor Google with the launch of their Google Plus (Google +) social network gadget.
