Welcome to this episode of our podcast. I'm Matthea, an experienced open source intelligence analyst, and I'm excited to be your host today. As the winner of the Operation Safe Escape CTF by Trace Labs, I have a deep understanding of open source intelligence and have worked on numerous projects in this field. I specialize in the collection, analysis, and dissemination of intelligence from publicly available sources.
In this episode, we'll be exploring the fascinating world of Facebook open source intelligence, which is a crucial aspect of open source intelligence and provides valuable insights for various investigative purposes. From social engineering to threat intelligence and beyond, Facebook open source intelligence can reveal a wealth of information that can help you make more informed decisions.
So, sit back and join me as we delve deeper into the world of Facebook open source intelligence and discover the powerful techniques and tools that can help you uncover valuable information on this platform. Investigation on Facebook, Facebook open source intelligence, is a mini podcast that provides an in-depth explanation of how the world of Facebook investigations works.
In today's digital age, social media platforms like Facebook have become a virtual treasure trove of information that can be used to conduct investigations. However, navigating the vast amount of data available on Facebook can be challenging, and that's where Facebook open source intelligence comes in. The podcast delves into various techniques and tools that investigators can use to gather information from Facebook.
From analyzing public posts, comments, and likes to examining Facebook profiles and groups, the podcast provides a comprehensive overview of how investigators can utilize Facebook to gather valuable information. Facebook is a free social network that allows users to connect and interact with each other, sharing content on the internet. It was launched in 2004 by its founder, Mark Zuckerberg.
By mid-2007, Facebook had versions in Spanish, French, and German, having been translated by volunteer users and expanded in different countries. With a meteoric rise, by 2012 Facebook had reached 1 billion users around the world. Facebook is free for users and generates revenue from advertising, including sponsored banners and groups.
It can be used by both private users, who use it to stay in touch with their friends, post texts, photos, videos, etc., as well as by businesses, brands, or celebrities, who enhance their advertising communication through this social network. Users can register via email and create profiles containing photos, lists of personal interests, and public and private information.
Facebook also allows for the exchange of private and public messages between its users, making it a two-way communication platform. By far the most popular social network, Facebook has approximately 3 billion active profiles every month, and according to some estimates in 2021, 50% of the internet-connected population would have a Facebook profile.
Social Media Intelligence, also known as social intelligence or social media monitoring, refers to the process of collecting, analyzing, and leveraging data from social media platforms to gain insights into people's opinions, behaviors, and trends. It involves using specialized tools and techniques to monitor social media conversations, track social media metrics, and analyze social media data to identify patterns and extract useful information.
Businesses, organizations, and individuals use social media intelligence to gain a deeper understanding of their audience, competitors, and industry trends. For example, a company might use social media intelligence to monitor mentions of their brand on social media, track sentiment towards their products or services, and identify potential issues or opportunities.
They can also use social media intelligence to monitor their competitors, track industry trends, and identify potential gaps in the market. Social media intelligence can help businesses and organizations with various purposes, including reputation management, competitive analysis, customer service, and marketing campaigns.
For example, a company might use social media intelligence to monitor customer feedback, address customer complaints or issues, and identify areas where they can improve their products or services. They can also use social media intelligence to inform their marketing campaigns, such as by identifying popular hashtags, trending topics, or influencers in their industry.
The method of verifying if an email is linked to a Facebook account, although commonly used by many open source intelligence analysts, may be illegal depending on the country of origin. There is a simple method to check if an email is associated with a Facebook account through the password reset form. However, it's important to be cautious not to complete the password reset process, as it could alert the target and is definitely illegal.
To use this method, open a browser where you are not logged into Facebook. Go to the password recovery form available at the following link, facebook.com slash login slash identify. Enter the target email address. If the email is not associated with a Facebook account, you will receive an alert. If it is associated, you will be redirected to the next form. At this point, simply close the page.
Note that in the past, there were methods to link an email address to a specific Facebook profile ID, but currently, these methods do not work anymore. Creating a fake profile on Facebook requires a balance between maintaining your privacy and avoiding triggering red flags that can get your account suspended or even banned. Here are some things to avoid and some things to do to create an effective fake profile. Things to avoid Don't use a VPN or TOR.
Facebook may flag accounts with hidden IP addresses and request additional verification such as a phone number and a selfie with identification documents. Don't use an email address associated with hackers or privacy advocates like ProtonMail. Instead, use a data-eating email service like Gmail, as they are less likely to be blocked by Facebook. Don't use hacking operating systems like Kali Linux. They are easily detected by Facebook's security measures.
Keep in mind that these are not foolproof measures, and some accounts may still be flagged. However, from personal experience and research, these are the main security measures to consider when creating a fake profile. Things to do Get a new SIM card for each account. This way, if Facebook requests a phone number, you can use a disposable number to avoid exposing your real identity. Use a virgin mobile phone.
An old phone with a fresh ROM can help you avoid triggering Facebook's security measures. Use a profile picture that doesn't have copyright restrictions. Avoid using any personal identifiable information. It's important to note that creating fake accounts is against Facebook's policies and may be considered illegal in some countries. Keep these guidelines in mind and use caution when creating a fake profile on Facebook.
Not everyone knows this, but Facebook assigns a unique identification code to each of its users and to every page or group created on the platform. This code acts as a sort of license plate to identify individuals and pages accurately, and it's commonly referred to as the Facebook ID. This ID is a unique and immutable code assigned at the creation of the profile, which never changes over time.
The Facebook ID is particularly useful for open source intelligence purposes as it allows us to track a profile over time. If a user changes their name or username on Facebook, it may be challenging to track them, but by knowing their user ID, we can still find their profile even after those changes. There are multiple online tools available that allow obtaining a user's ID from their profile link, but an open source intelligence analyst should also know how to search for it manually.
Method 1. Page Source By opening the page source, right-click, View Page Source on Chrome, one can search for the following fields, depending on the Facebook user type. Users, search for the User ID field. The numerical code that follows is the Facebook ID of our target. Pages, search for the Paged field. The numerical code that follows is the Facebook ID of our target. Groups, search for the Grouped field. The numerical code that follows is the Facebook ID of our target.
It's worth noting that Facebook is continually evolving, so these methods may not be valid from one day to the next. Method 2. Search In this case, the method is even easier. Click on the magnifying glass available on the profile, group, or page at the top right, and search for the letter A or any other word. The Facebook ID will be available in the URL. To obtain a profile from the ID, simply insert the ID after https://facebook.com slash ID, where ID is replaced with the actual ID.
In future lessons, we will see that many search methods use the ID, so it's worth keeping it in mind. The Facebook page transparency section was introduced on April 6, 2018, with the aim of making pages on the social network more trustworthy. Facebook stated that they intended to provide greater information about who publishes ads, sponsored content, and about the pages themselves, in order to protect users.
This was a clear attempt to address the fallout from the 2016 US presidential election scandal, during which Facebook was accused of influencing American voters with pro-Trump propaganda. So what is the purpose of all of this? Ultimately, Facebook's goal is to limit the use of fake accounts, particularly those managing pages with a large following, which could potentially influence a significant number of people.
The page transparency section contains information about the page itself, but also about its managers and the advertising campaigns they have running at the time. The main pieces of information include the date of creation, the country of residence of the managers, the number of people managing the page, and any changes to the name or the merging of two pages.
Additionally, as of the aforementioned date, sponsored ads with political themes will be clearly labeled in the top left corner with the words, political ad. These are clearly valuable pieces of information for open-source intelligence purposes, particularly in identifying disinformation groups and compromised pages. Facebook has integrated a powerful internal search engine with numerous filters, making it the easiest option to search for content within the platform.
The filters are extensive, so experimenting with them is the key to getting your first results. It's worth noting that Facebook automatically transcribes everything visible in a photo or said in a video, so be prepared to use its OCR functionality to search for things like license plates or spoken phrases in a video. The results can sometimes be surprising. To execute a search, test the various filters as adding or removing filters can often yield additional results.
Recursive searches may involve analyzing profiles without any visible information on the timeline, but content posted in groups, pages, and public profiles remains visible. To conduct a search, use the following URL and replace the ID with the target ID, facebook.com slash profile slash ID slash search slash question mark Q equal sign string and replace the search string with the string to search.
For instance, if the birthday date is not public, searching for the word, happy birthday, can display the congratulatory posts made and received, providing an idea of the subject's birthday date. Another useful search term can be the username or name of the subject to display the posts in which they were tagged. However, don't stop there. Continue with very common search terms and the names of potential friends slash family of the subject.
By creating a dictionary search script and performing this type of search, even an empty timeline will become automatically filled with content to view. String searches can also be created using tools. Following the changes in the graph, Facebook has profoundly changed its search URLs. More information will be given later, but for now, it suffices to know that the search strings are composed of JSON encoded in base 64.
However, a sawdust tool called sosearch is available at the following link, sosearch.info. It enables creating these search strings in a semi-automated way. In this case, it is also necessary to know the target's ID beforehand to build advanced searches. The main advantages of using external search engines, such as Google, are that logging in or having an account to search for posts and profiles is not necessary, and it allows for creating advanced dorks.
My advice is to use more than one search engine and not to focus only on Google. Depending on what we're interested in, we can assemble different dorks, such as site, Facebook.com, username or keyword. This type of dork will not only return the profile of the user of interest but also any comments on public posts that we wouldn't have seen otherwise in the target's timeline. The privacy settings of some profiles do not allow complete indexing of all content on search engines.
Over time, numerous open-source intelligence analysts have created their own Facebook search engines, most of which are based on Google, so we can define them as Google Custom Engine. Social-searcher.com slash Facebook-search is a search engine based on Google and specialized for Facebook. It should be treated similarly to the dorks we've seen previously, although in some cases, the results may be different. To use it, simply enter the phrase or dork of interest.
https colon slash slash cse dot google dot com slash cse question mark cx equal sign 013991603413798772546 colon jyvyp2ppxma is a search engine specific to videos and photos hosted on Facebook. Again, it is based on Facebook, and entering the search term of interest is all that's required to get the videos that use that term.
Facebook Matrix is a collection of studies and research based on the new Facebook interface, which will allow us to obtain additional directories not known to the general public, as well as creating our own search JSON manually. I won't dwell on it, to learn more, open the link and study to acquire additional search capabilities. It is definitely a must-have for Facebook. The link is available here, plessus.net slash Facebook Matrix.
The easiest way to download photos and videos from Facebook without using external tools is to use the portal for old cell phones and slow connections. To do this, simply replace www in our URL with mbasic. For example, to view the Facebook homepage, go to the link mbasic.facebook.com. In this particular service, Facebook does not have any control over downloads. Simply right click on the photo slash video of interest and press the save video slash photo button.
To automatically save an entire album or multiple photos slash videos, we will use the program JDownloader. Once you have downloaded the program from the official website, be careful where you download it from, as malware has been found in this program in several cases. Start JDownloader, select the settings option from the menu in the upper left corner, and associate a Facebook account with the program.
To do this, select the account management icon from the left sidebar and click the add button. Then choose Facebook.com from the drop-down menu, choose a host in the center of the window that opens, enter your Facebook account username and password in the appropriate text fields, and click the save button to complete the operation. Now leave JDownloader open, so it can capture the Facebook albums you want to download to your PC, and start your browser.
Then go to the Facebook page that contains the album you want to download offline, click on the browser's address bar and copy the address you find inside, by right clicking on it and selecting the copy option from the menu that opens. Within a few seconds, a notification from JDownloader should appear in the upper right corner to let you know that the Facebook link has been captured.
Repeat the process for all the albums you want to download, go to the capture links tab of JDownloader, and click the play button in the upper left corner to start downloading all the images. Note, if JDownloader sometimes fails to download Facebook albums and you get the outdated plugin error, it means that Facebook has changed the system it uses to manage photos, so you need to wait for a program update to solve the problem.
Usually, the update arrives within a few hours, JDownloader has a very active community behind it, and installs automatically. To manually check for program updates, click the globe icon with red and blue arrows in the upper right corner.
In some circumstances, it may also be helpful to disable your Facebook account in JDownloader after capturing the links, simply click on the Facebook icon in the lower left corner and uncheck the Facebook.com option, or restore the account association in the settings menu, account management, by removing it and adding it again. In 2021, the personal data of 533 million Facebook users leaked online and made available for download.
In addition to email addresses, phone numbers associated with compromised accounts were also released, including full names and geographic locations. Although a few years old as they were previously available for purchase on a Telegram bot last January, this data, according to a Facebook spokesperson, had been deleted due to a security vulnerability resolved in 2019. Such data, useful for open source intelligence purposes, can be found on numerous underground forums.
Until recently, an Onion website was available to retrieve data based on a Facebook ID. Currently, the most convenient method. Facebook Ads Library is a completely free tool that, in a nutshell, allows you to collect data from all paid ads published on met own social media platforms, Facebook, Instagram, and Oculus. Choose the country and category of the ad. The first thing we need to do is go to the Facebook Ads Library page, choose the country and category of the ad we want to search for.
Choose the keyword. Then, we need to filter by keyword what we want to be shown, in this case, we will filter by the keyword, chocolate cake. As you can see, several results have been filtered, and once you click on search, the actually active ads will begin to appear. Examine the results. Once the search has been filtered, the results with all active ads will be displayed. In this case, we have two options, either to see the ads from a specific company or page or to see all available ads.
In this case, you can choose according to your needs. We will see two cases so that you understand the functioning perfectly. Case A. If we choose to study a specific company or page, after searching for the keyword, the most relevant pages will be displayed for that word or for the advertisers. We just have to click on the page we want to study and see its information. Please note that sometimes not all advertisers are shown due to national restrictions.
If we want all advertisers to be shown, we have to choose in the first filter, all countries. Case B. If we do not want to directly see the advertisers, the best option is to examine each of the available ads and see all the information that interests us. If we want to study the advertiser of a specific ad, we just have to click on the name of the page and all the information will be displayed.
Additionally, we can directly see information about the ads, such as the text, the image used, the start date of the campaign, and whether it is active or inactive. If we click on See details, more information will be subdivided. Facebook has recently introduced a banner that shows us if other ads from different users are using the same template, text and image. Personally, I have often used the ads library to identify malicious advertising campaigns distributed by bots or compromised accounts.
Live section. Facebook Live allows you to stream events, shows, and gatherings on Facebook. Viewers can view the broadcast via mobile, computer, or smart TV. Reactions, shares, comments, and other interactive features allow interaction with the audience. Content creators often receive donations through Lives, and it is possible to track them only by watching the Live or the recording if available.
Donation data is therefore not public, but by watching the Live, it is possible to understand the user who donated and the amount donated. Facebook Marketplace. After an initial launch attempt from 2007 to 2014, Facebook Marketplace was reintroduced definitively in 2017. Since then, Zuckerberg's giant has begun to invest in what we could define as the social version of Subito, positioning it prominently in both the desktop and mobile versions of the site.
It is a virtual square where sellers and potential buyers can meet directly and simply, exchanging information, negotiating, and finally, completing the purchase sale autonomously. Investigating the items for sale on Marketplace can be a winning choice in many cases. However, there is no official method to know the items for sale of a specific user. If you do not know in advance what they are selling, of course, in that case, just search for the item.
However, a little-known pearl allows us to identify all the items for sale of a particular person, through the manipulation of the URL. Facebook.com slash Marketplace slash question mark seller underscore profile equal sign ID where ID should be replaced with user ID. If you want to export all the comments of a post so that you can save them offline and potentially analyze them with software like Excel, the easiest method is to use specialized websites like exportcomments.com.
Simply input the link to the post and save all the comments. However, please note that some features may require payment. Moving on to Facebook Dating. It is a dating app developed by Facebook and available in most parts of the world.
It is a great resource for open source intelligence purposes because by signing up, we can meet people interested in specific topics and easily trace their original Facebook profile since we are provided with additional information such as mutual friends and other data. I often use Facebook Dating to investigate romance scams, which are quite popular on this social network. So, how does Facebook Dating work?
First of all, it is a completely free service, unlike other dating apps. However, it is only accessible through the Facebook mobile app. With the app, you can set filters such as location, maximum distance from your point of interest, gender, and other useful minor filters, such as whether the person smokes, has children, and so on. Additionally, you can select a Facebook event or group and see all the people participating who meet your selected criteria, which is a very useful feature.
Furthermore, on Dating, you can link an Instagram profile. If your target has a private Instagram profile but it is connected to Dating, you can view all their photos through the Dating app. Thank you for tuning in to this episode of our podcast. I hope you found our discussion on Facebook Open Source Intelligence insightful and informative. Remember, Open Source Intelligence is a powerful tool that can provide valuable insights and intelligence from publicly available sources.
If you have any questions or comments, please don't hesitate to reach out to me. And, if you enjoyed this podcast, be sure to subscribe and stay tuned for more episodes on Open Source Intelligence and related topics. Thanks again for listening, and I look forward to bringing you more exciting content in the future.