Investigators comb social nets to look for bombing clues
Online forums, Twitter and Facebook could hold info about Boston Marathon bombers
With federal and state investigators searching for clues about the person or organization behind the Boston Marathon bombing, social networks could hold a treasure trove of information.
"I would imagine that the authorities are casting a wide net and will have certainly taken note of anyone celebrating what happened in Boston whether it's on Twitter or an online forum," said Dan Olds, an analyst with The Gabriel Consulting Group. "If they haven't already, I think social networks will become part of the default investigative method."
On Monday, two bombs went off at the finish line of the world-famous Boston Marathon as onlookers cheered and runners crossed the finish line. So far three people, including an eight-year-old boy, have been killed and more than 170 have been injured. As of Tuesday afternoon, doctors at various hospitals reported that 17 people remain in critical condition.
The FBI has taken over the investigation into the bombing, working with the Boston Police Department, the ATF and the DEA. They have asked people who were at the race to send them photos and video that could help in the investigation.
Both terrorism and digital forensic specialists say investigators certainly are searching social networks as they try to piece together what happened leading up to the explosions.
"There already have been people monitoring the typical online forums - like Jihadi forums or other extremist forums and old-school message boards," said Mila Johns, a special projects researcher with the National Consortium for the Study of Terrorism and Response to Terrorism. "They've been looking for claims of responsibility or claims of solidarity. People tell us all kinds of things."
However, she also noted that criminals aren't always masterminds.
People planning a coordinated event might think that no one is paying attention to what they say or do online. They also might think that there's too much information -- the digital equivalent of white noise -- online for investigators to catch. Social media users, for example, were expressing their sympathy and support for the city and the victims of the bombing with FaceBook pages and in Tweeter commentss
That assumption, though, might be a big mistake, said Keith Jones, an independent computer forensics examiner.
"I would look at social media if I was investigating this," said Jones. "The very, very first thing I would do is do some searches. You'll get a lot of white noise because you'll have CNN and all that crap in the way, but if you keep looking, you could find online discussions about planning the attack. I don't know what the searches would give me, but that's why you look. You might find a forum where someone didn't set the security permissions correctly and it's not as private as they thought it was."
He also noted that it would be foolish to plan a terrorist attack or celebrate one online without using code words, encryption or anonymizer tools. But investigators, luckily, find a lot of foolish and sloppy criminals.
"I've done international IP theft cases and I've seen people write, 'I will take this part from my job and send it to China,' " said Jones. "I think people get the false feeling that everything is private even in an email forum or a social network. I think if I can't say this loudly in a room of lawyers, I shouldn't write it. Not everyone thinks that way."
He also said he would try to cull through direct message, or DM, exchanges on Twitter. People tend to think they're more private, not realizing that Twitter saves records of them.
According to Jones, federal or state prosecutors might be able to get a warrant to force Twitter to hand their records over if they have probable cause to look at certain DMs sent during a specific time frame.
DMs or Facebook pages might hold a wealth of information for investigators who are focusing on a certain person or for prosecutors who are preparing to put a suspect on trial.
"Facebook and Twitter will be really helpful once they've identified a suspect," Jones added. "Who are they talking to? Who are they identifying with? What messages have been sent?"
Some day, social media may become a predictive tool for law enforcement. Olds said. Government computers might analyze patterns of posts, frequency and word choice against profiles of people who have become increasingly unstable.
"I think that's the future of this," he said. "In the old days, if someone in the neighborhood started acting wacky, the neighbors would intervene or call the authorities. Now a lot of people interact more online than they do in person. I'd look to develop profiles and algorithms to see if I can spot people before they go off the deep end."
Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, on Google+ or subscribe to Sharon's RSS feed. Her email address is email@example.com.
Read more about social media in Computerworld's Social Media Topic Center.