Investigators comb social nets to look for bombing clues

Online forums, Twitter and Facebook could hold info about Boston Marathon bombers

With federal and state investigators searching for clues about the person or organisation behind the Boston Marathon bombing, social networks could hold a treasure trove of information.

"I would imagine that the authorities are casting a wide net and will have certainly taken note of anyone celebrating what happened in Boston whether it's on Twitter or an online forum," said Dan Olds, an analyst with The Gabriel Consulting Group. "If they haven't already, I think social networks will become part of the default investigative method."

On Monday, two bombs went off at the finish line of the world-famous Boston Marathon as onlookers cheered and runners crossed the finish line. So far three people, including an eight-year-old boy, have been killed and more than 170 have been injured. As of Tuesday afternoon, doctors at various hospitals reported that 17 people remain in critical condition.

The FBI has taken over the investigation into the bombing, working with the Boston Police Department, the ATF and the DEA. They have asked people who were at the race to send them photos and video that could help in the investigation.

Both terrorism and digital forensic specialists say investigators certainly are searching social networks as they try to piece together what happened leading up to the explosions.

"There already have been people monitoring the typical online forums - like Jihadi forums or other extremist forums and old-school message boards," said Mila Johns, a special projects researcher with the National Consortium for the Study of Terrorism and Response to Terrorism. "They've been looking for claims of responsibility or claims of solidarity. People tell us all kinds of things."

Johns acknowledges that the savviest criminals might not be so cavalier as to post their plans or to publicly celebrate on forums or social networks, like Facebook, Google+ and Twitter.

However, she also noted that criminals aren't always masterminds.

People planning a coordinated event might think that no one is paying attention to what they say or do online. They also might think that there's too much information -- the digital equivalent of white noise -- online for investigators to catch. Social media users, for example, were expressing their sympathy and support for the city and the victims of the bombing with FaceBook pages and in Tweeter commentss

That assumption, though, might be a big mistake, said Keith Jones, an independent computer forensics examiner.

"I would look at social media if I was investigating this," said Jones. "The very, very first thing I would do is do some searches. You'll get a lot of white noise because you'll have CNN and all that crap in the way, but if you keep looking, you could find online discussions about planning the attack. I don't know what the searches would give me, but that's why you look. You might find a forum where someone didn't set the security permissions correctly and it's not as private as they thought it was."

He also noted that it would be foolish to plan a terrorist attack or celebrate one online without using code words, encryption or anonymizer tools. But investigators, luckily, find a lot of foolish and sloppy criminals.

"I've done international IP theft cases and I've seen people write, 'I will take this part from my job and send it to China,' " said Jones. "I think people get the false feeling that everything is private even in an email forum or a social network. I think if I can't say this loudly in a room of lawyers, I shouldn't write it. Not everyone thinks that way."

He also said he would try to cull through direct message, or DM, exchanges on Twitter. People tend to think they're more private, not realizing that Twitter saves records of them.

According to Jones, federal or state prosecutors might be able to get a warrant to force Twitter to hand their records over if they have probable cause to look at certain DMs sent during a specific time frame.

DMs or Facebook pages might hold a wealth of information for investigators who are focusing on a certain person or for prosecutors who are preparing to put a suspect on trial.

"Facebook and Twitter will be really helpful once they've identified a suspect," Jones added. "Who are they talking to? Who are they identifying with? What messages have been sent?"

Some day, social media may become a predictive tool for law enforcement. Olds said. Government computers might analyze patterns of posts, frequency and word choice against profiles of people who have become increasingly unstable.

"I think that's the future of this," he said. "In the old days, if someone in the neighborhood started acting wacky, the neighbors would intervene or call the authorities. Now a lot of people interact more online than they do in person. I'd look to develop profiles and algorithms to see if I can spot people before they go off the deep end."

Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, on Google+ or subscribe to Sharon's RSS feed. Her email address is

See more by Sharon Gaudin on

Read more about social media in Computerworld's Social Media Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesMobile/WirelessNetworkingsecuritywirelesstwittermobilesocial mediafbiinternet

More about CNNFacebookFBIGoogleTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sharon Gaudin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts