The danger of investigating without managed attribution
Our customer is a social networking site that allows users to read, post and interact with content on its platform. As social media has become ubiquitous around the world, its use reflects the gamut of the human experience — the good, the bad and the ugly. Investigating misuse and illegal activity on the platform has become a key focus for the company, with a dedicated trust and safety team established to investigate and deal with such violations.
As a popular social media platform, our customer is concerned about the integrity of the content that’s posted on their site. The company maintains a policy of not permitting any posts related to terrorism and other illegal and dangerous activities. When such posts are flagged, it’s the job of the trust and safety analysts to research the origins of inappropriate content; determine the people or organizations responsible for the post; and if any real threats are uncovered, share their findings with law enforcement. However, the analysts themselves could get into trouble with the law if they aren’t careful when visiting certain websites and forums.
Analysts themselves could get into trouble with the law if they aren’t careful when visiting certain websites and forums.
-Controlling details of analysts’ digital fingerprint
While investigating a terrorism-related post, the company’s analyst had to venture away from the social media platform and follow the suspect into online chat rooms. The analyst was using his regular computer and browser, connecting from home, while working remotely. Naturally, sites that are frequented by terrorism suspects are typically under close surveillance by law enforcement. Without proper control of the details of his digital fingerprint — details relayed via the browser about itself, the analysts’ device and his browsing behavior —the analyst was putting himself at risk in two critical ways:
- He risked the terrorists in the chat room using the details of his digital fingerprint to uncover his true identity and perceive him as a threat to their activities
- He risked the law enforcement monitoring the chat room mistaking him for doing the same, and mistaking him as an actual terrorist
That second risk came home to roost. While eating breakfast at home with his family, the analyst received a visit from an FBI agent. The authorities had no trouble tracing his IP address and wanted to ask him about his involvement with the people and organizations that patronized the chat rooms.
While this particular incident could be chalked up to one huge misunderstanding, the importance of maintaining anonymity and managing attribution when performing online investigations is very real. Silo for Research was purpose-built to help analysts traverse the darkest corners of the web without revealing their identity and affiliation. Silo for Research is equipped with a full array of tools designed to make online investigations safe, effective, and anonymous. Analysts can use any of Silo’s egress points to appear to be connecting from anywhere in the world; set their time zone and language preferences to support their location choice; and safely collect, store, and share evidence with their teams and law enforcement agencies. Silo uses a cloud browser, so corporate networks remain safe from any malware that lurks on suspicious sites.
The incident with the FBI prompted the social media company to adopt a policy for using Silo for Research for all sensitive investigations for their trust and safety teams going forward.