Today we are going to look at how we can build a network from a single starting entity and use that network to identify the actors in the network that are the most connected. For this example, we use our tool SocialNet, and the link analysis platform Maltego.
We start off with a single confirmed Jihadi media source and branch off to identify other key players in this media network. A lot of times, people will struggle to find connections between people and their associates, but social media has given us the holy grail of network and lifestyle analysis. In about 10 mouse clicks, we can identify 4000 actors in this Jihadi network.
This amount of leads can throw any investigator off, but thanks to Maltego, we can prioritize that information. Using some of the different ways to view data and its layout, we can get to a graph that looks something like this:
As you can tell from the graph, there are highly connected entities, which are represented by the larger darker dots. These are the ones we want to focus on first, and with SocialNet we can collect all the OSINT on those entities. From the 4000 entities, we have about 20 prioritized leads in this network. Something else we may want to look at are the isolated entities. Those individual dots between the clusters of dots could provide leads into the networks they are connected to.
The idea behind this is that we are given a starting point and can identify highly connected leads. This follows the principle of “If you are a bad guy, your friends are probably bad guys too.” Even though this is a real-world principle, it carries over into the cyberworld as well. This is just one of the tips in finding leads from minimal starting information.
