By Cynthia Hetherington, Hetherington Group

29 Apr 2011Investigative Insights

Cynthia Hetherington has more than 15 years of experience in research, investigations and corporate intelligence. She is a consultant for Thomson Reuters and the founder of Hetherington Group, a consulting, publishing and training firm focusing on intelligence, security and investigations.  Visit Cynthia on Twitter.
_________________________

Foraging through Facebook

According to Experian’s Hitwise, Facebook has unseated Google.com as #1 Web site visited on the Internet.  And as the market share leader of social networks, searching Facebook for leads is now mandatory for all investigators.

With its captivating ability to allow a user to upload photos and videos, express thoughts and opinions, reference other Web sites, and keep in touch with friends, both old and new, Facebook has kept itself at the top of the game. It also doesn’t hurt that Facebook’s layout and design are user-friendly, simple, and easy on the eyes. This allows Facebook to draw attention from Web dwellers of all ages, booting its numbers high above the other social networks.

This is where the Facebook addiction—or “Facecrack,” as we like to call it—phenomenon begins. When becoming a user for the first time, you create an account, offering up information such as books you’re interested in, movies you prefer, whether you are married, single, in a relationship, or in a relationship and “it’s complicated.” Next, you’re adding in your high school, college, perhaps company name, adding years of graduation where appropriate.

Next thing you know Facebook has aggregated all the other graduates from your high school and offered them up as people you should “friend” (which is now a verb, along with unfriending, in Webster’s Dictionary).  Given the natural curiosity of most folks, they start to friend these individuals, if only to see how they’ve aged, and this is where the little addiction gets severe. First you’re checking out how much they have aged, then you find yourself looking through all their photos, checking to see if they had kids, if they’re married, and trying to learn where they work and what they do with their lives.  Like an old high school reunion, everyone is excited the first few days and the fervor of friending, chatting, swapping apps, and playing voyeur into other peoples profiles is high.  Next you are updating everyone on what you’re doing every day, whether it’s baking cookies, being bored at work, looking forward to the weekend, etc. This first week is often a blur, and when it’s over, you stop and think, “What happened?” and you have two choices at this point. You either fall victim to the Facecrack, into the Zynga world of managing a pretend farm or Mafia—committing you as a Facecrack addict with no hope in site—or you pause and realize this is something you’ll probably pop in and out of on a daily basis, but certainly slow down in using, deciding it’s not important to tell a group of “friends,” who you haven’t seen or heard from in over 20 years, that you just clipped your toenails.

Investigating Techniques

The chief component of the Facecrack addict, and even the common Facebook user, is that they never consider what they are writing on their walls and in their profiles to be an open source.  When a participant updates their profile, most only anticipate a specific entity reading that information. They may not be aware that complete strangers, bosses, competitors, ex-lovers, and potential future suitors might be peeking in on their updates. Few ever wonder if any or consider, “What if my mother or boss could read this?” That is the investigative key! They are not asking those questions. They are blindly updating their pages and informing the world of their activity, their family updates, their photos, etc., and it is up to the investigator to look and see if they can uncover any information from these profiles.  Is it taking advantage of them?  Not really.  No one forced the user to open an account and broadcast their lives. Also, when the accounts are set up, they have the option to completely lock unknown parties out. Facebook is very clear on their privacy set ups.

When setting up your Facebook account, you are given the option to set passwords and permit only certain fellow users, friends, and networks to view your profile.  Originally, the default was to permit “friends and networks” to see your profile. When networks were originally set up, you would add regionally-specific networks (i.e. “Northern New Jersey” or “San Francisco Bay”) to identify what area of the country you were most interested in and most likely from.  If I were investigating you, I would make sure I was in the same regional network as you.  Then, because of the “friends and networks” default, I could (in most cases) view your entire profile, including photos and wall posts. Apparently, this was not a great secret because the nice folks at Facebook caught on and quickly stopped allowing the regional network selection, eliminating this way of viewing someone’s profile without actually friending them.

Another method, which may be more of a tactic when used wisely, can return some rich gains and, by all means, has worked for me more times than not. However, when it does not work it can either leave you hanging or cause backlash that could compromise your entire case.  This tactic? Requesting your target as a Facebook friend. This direct route is dangerous, so consider this section like a minefield and treat it with the same respect you would if you had to tread across said minefield wearing a blindfold.  In other words, here is the disclaimer: Do not try this if you are unsure of the outcome!

Using an account created specifically for Facebook investigations, a profile that is not exactly as forthcoming as a personal account and where the security preferences are well-managed, you can tiptoe around Facebook for your target. When entering a target’s profile, the first things to look into are the photos. This little feature, which is almost always set to public, is a huge resource on its own. Surveillance investigators can’t help but love getting people’s photos from Facebook. Second, do they have any fan pages listed?  Are they a fan of In and Out Burger and Arbor Day Fund?  Final thing to check is their list of friends. If the list is available (again, accounts are normally defaulted to show friends), then the entire list can be scanned and you can look for other associates you might be trying to develop or family members based on same last name.  After examining the list of friends for any known associates and/or matching family names to garner leads, you can see how many friends this target has.  Using the following statistics that Facebook provides (ibid), we see most persons have 130 friends.

• Average user has 130 friends on the site
• Average user sends 8 friend requests per month
• Average user spends more than 55 minutes per day on Facebook
• Average user clicks the “Like” button on 9 pieces of content each month
• Average user writes 25 comments on Facebook content each month
• Average user becomes a fan of 4 Pages each month
• Average user is invited to 3 events per month
• Average user is a member of 13 groups

If a target has more than 130 friends, or anything above 100 friends, they are probably not to discerning about whom they are friending, and anything above 200 friends may suggest that the user really isn’t paying attention to the quality of friend they are letting in at all. Whatever the reason, these numbers can be used as a cue. If their friend numbers are lower, you may want to send friend requests to the friends on your target’s list. If you are able to garber about 10 of your target’s friends, you can then attempt to directly friend your target. The target user will see the invite, see that they have 10 friends in common with you, and (since it’s man’s nature to not be confrontational) invite you in. If our target has hundreds of friends, don’t bother with the extra friending.  The user is not really checking who they are letting in, so go right for it.

On the other hand, if the target has less than 100 friends and has ignored your friend requests, another measure is necessary.  From the investigation you already have started, try to find the hobbies and interests of your target and try to pre-empt and predict what fan pages they might join.  You might have discerned their fan pages right away when you saw their initial profile, so use this if possible. Join their Fan Pages.  You cannot view their profile directly this way, but it will give you credibility when you try to friend them later. What you are doing is morphing our profile to match the targets’ profile so that we become more appealing, someone they’d want to connect to.

What if your target has very minimal information, a handful of friends, and seems intimidating to even approach?  Then don’t bother.  They are probably not using Facebook as much as you would like and aren’t worth the effort to try and read their postings.  If you do attempt to friend a target with little activity, they might catch on that you are not a real friend, but more of an investigative one, and this may compromise your investigation altogether.

The integrity of your investigation is, of course, always the most important. Facebook is not the be all and end all of investigations, but it can prove to be a viable resource if your target is an avid user.  If so, proceed with caution and you may extract some of your best investigative leads to date.