The information you make public is the key to your private data. This is true now more than ever, for two reasons.
First, South Africa’s intelligence community outsources the analysis of social media platforms to the private security sector. The social media posts that people choose to make public, can be used by intelligence services to accurately assess the sentiments, thoughts, movements and plans of people, groups, or institutions. Such analysis, called data mining, produces SOCMINT – social media intelligence.
Data mining of social media accounts is not the only service outsourced to the private sector; publicly available information on the net is also analysed to produce open source intelligence, or OSINT. The US’s Central Intelligence Agency identifies newspapers, magazines, journals, photos, and geospatial information (e.g. Google Maps) as sources of OSINT. Websites, blogs, threads, podcasts and YouTube videos are all OSINT sources. Software makes it possible to extract data pertinent to surveillance targets from vast amounts of public information on the net, and then creates and accurate picture of their activities and associations.
The software available to South African intelligence agencies can also search the so-called Dark Web and Deep Web. Here, search engines like Google and Bing are useless. In the Deep Web, you do internet banking, pay for your dating site subscription, and send webmail. It also includes intranets – networks internal to organisations usually only accessible to employees with passwords. The Dark Web is only accessible with special software. Criminals use it to do nasty things like trading drugs and guns.
The second reason for concern is that police minister Fikile Mbalula is calling for increased use of the “digital space” to fight crime. Business Day recently reported seeing a directive that Mbalula sent to the new acting head of crime intelligence, Major-General King Ngcobo, in which he states that crime intelligence was to enhance its data mining of all citizens and residents in SA.
According to Business Day, Mbalula’s directive stated: “Intelligence information is not to be used for political reasons, blackmail or other nefarious witch-hunting against any other citizen or political party.” Reassuring words, but South Africa’s state intelligence agencies, including police crime intelligence, have a questionable track record when it comes to citizen surveillance, and oversight of their interception activities has been lacking.
Last month, sources told the Mail & Guardian that a covert unit within the State Security Agency was monitoring the communications of President Jacob Zuma’s opponents, including Deputy President Cyril Ramaphosa. (The SSA has denied the allegations.) Law enforcement and intelligence agencies have been shown to intercept phone calls of journalists and private citizens.
They’ve also been found to obtain cellphone call records in less-than-kosher ways, and police crime intelligence has has been dogged by reports of corruption, mismanagement and illegal surveillance.
Although the tech may be new, the techniques are not. Overt intelligence (today includes SOCMINT and OSINT) has always been the biggest component of espionage. Spying’s not that glamorous – James Bond stealing away from the cocktail party and swiping a microchip from the mansion’s safe is but a fraction of the mission. This is because most of the information that intelligence agencies want, is already out there. A former counter-intelligence operative for the apartheid government’s South African Defence Force explains: “Eighty percent of intelligence is overt, and 20% is covert. It’s bloody boring.”
The 80% is needed because, says the former operative, “The easiest way to get something (confidential), is to get someone to give it to you willingly.” If you can learn enough about someone from information that is publicly available online, you could convince them to hand over private information, or trick them into giving you access. In the old days, that would be Bond finding out all he could about the millionaire whose party he crashed. Today, it’s knowing someone well enough to send him or her a phishing email for which they’ll take the bait. Activists, journalists, trade unions and politicians rely on social media to share information and organise campaigns, but these groups are prime targets for state surveillance. 2
Let’s take a real-life example to show how easily social media can be used to monitor someone: I accessed www.facebook.com/live, a map showing where people are live streaming video via Facebook. You can click on a blue pin to watch a video.
The map showed X’s approximate location, but the right software can pinpoint the latitude and longitude. If X is streaming from home, you can use Google Maps’ street view, or Google Earth’s satellite view, to get a better look. If, for argument’s sake, intelligence services wanted to bug the house, they would know where to go, and whether there was a high fence or burglar bars. If X posted on Facebook that they were off to a protest, that would be a good time to bug the place. One can also explore X’s social network by seeing who liked and commented on the video post.
Looking at the person commenting last, let’s say Y, it’s possible to gather data that would typically interest intelligence services. Photos reveal political affiliations, and gatherings attended, including with whom, and when – down to the minute.
And then there’s Facebook Check-ins. This feature allows Y to provide their GPS co-ordinates when they post. Click on the location on the map, and you can see where they were, what they were doing, and the discussions of potential “dissidents”.
Before social media, an agent would have to physically go undercover to gather this type of information. He or she would have to find out enough about a target group before introducing him/herself to the group in a credible guise. Once accepted, an agent could persuade a group member to reveal secrets.
This is known as social engineering – manipulating another person to reveal information. Nowadays, much of it happens on the net. Using the information gathered from, let’s say, John’s Facebook profile, it is possible to impersonate one of his Facebook friends, Sally. Once you have created a fake profile for Sally, you can send John a message saying Sally’s starting a new Facebook account because she’s tired of all her old friends. But John’s special, so she still wants contact. John accepts the fake Sally’s request, because he’s had a crush on her since high school, which is evident from his public posts.
Next, she strikes up a conversation with him, and eventually asks him for his email address so that she can send him that document he’s been looking for. Then, fake Sally, with her fake email account, sends John a phishing email – the kind your bank is always warning you not to open. That’s because it may have an attachment that, once opened, triggers the installation of a virus on your computer that will send your personal data to the people who sent you that email. This is known as spyware. Multiple sources have reported that South Africa’s intelligence agencies use a particularly powerful form of spyware, only sold to governments, namely FinFisher. A phishing email would be just the thing to get FinFisher onto your computer. X and Y are random examples illustrating how easily data can be gathered – if you know whom and what you are looking for. But, knowing whom to target is not that simple. How can you tell if X and Y are big fish or small fry? Manually sifting through petabytes of data on the net with a normal search engine can take weeks.
No problem. Introducing Silobreaker – a search engine on steroids. It’s typically the type of social media monitoring tech offered to state intelligence agencies via South Africa’s private security sector. This year’s licence costs around R500,000. Unlike FinFisher, which can only be sold to governments, anyone can purchase Silobreaker.
Here’s what it does, roughly speaking.
Unlike the Facebook example above, Silobreaker can scan millions of sources, including Facebook, Twitter, Google Buzz, Google Blogs, news articles, press releases, research reports, and any documents or content uploaded on a site. It can pick up and translate 13 languages.
Here’s an oversimplified example: Let’s say a government is monitoring an activist group. They’re not sure which role players are key and should be monitored more closely (for example by intercepting their phone calls or installing spyware on their computers). Silobreaker collects and organises the information about the group. It can generate a list newspaper articles about the activists within a certain period, list companies and people associated with them, and produce graphics showing how these are connected to each other. You can click on person or group thus identified to find more information about them – their Twitter feeds, who they associate with, etc. Thus, key players emerge from masses of data.
And, Silobreaker is now venturing into the realm of covert intelligence. In late September, it teamed up with Flashpoint, a company that collects data from the Deep and Dark Web, where you can find anything from human organs to private passwords.
Whether or not Mbalula follows through on his promises, OSINT and SOCMINT are here to stay. And, says the former apartheid counter-intelligence operative, as laws regulating traditional surveillance methods (like intercepting phone calls) become more restrictive, there will be an increased reliance on persuading people to willingly surrender information. With social media becoming crucial to everyday life and work, there is little the public can do to protect themselves.
When asked how Minister Mbalula would ensure that data mining was not utilised for nefarious purposes, Police Ministry Spokesperson Vuyo Mhaga was clear in his response: “The minister has always stressed that the crime intelligence unit must never be used for illegal purposes or political purposes. The minister wants a crime intelligence unit that is efficient and effective to fight crime and keep our people and their property safe.”