Managing turmoil online

Dr Brenton Cooper at Fivecast argues that policing and intelligence agencies need AI-powered analysis to get ahead of threats

 

Online platforms have been through significant change in the last couple of years. For example, in social media we have seen the emergence of Bluesky and Threads, the growth of Truth Social, and the decline of X.

 

Alongside upheavals in mainstream social media platforms, the channels used by criminals, violent extremists and foreign actors are constantly in flux. They include 4chan, 8chan/8kun, and Discord, along with Telegram and even Tik Tok, WeChat, and Weibo. The “chan” sites harbour niche far-right communities, permit the posting of extreme content, and provide anonymity for users identified only by letters and numbers.

 

The proliferating number of channels, and the speed at which criminals, extremists, malign foreign powers, and conspiracists use them to spread deliberate disinformation, has become a major concern.

 

Threats to law and order originating online have gained such scale and developed so quickly that police and intelligence organisations cannot keep up using human skills alone. They need more advanced techniques to achieve the required speed of response. Organisations must make greater use of AI-powered open-source intelligence (OSINT) analysis tools alongside human expertise in intelligence gathering.

 

Technology to improve incident response

By using advanced data collection combined with AI-enabled risk analysis, today’s advanced OSINT technology automates complex intelligence tasks, helping analysts work through huge amounts of data to identify relevant information in a matter of seconds. This is particularly useful when dealing with violently motivated extremist groups or individuals.

 

Effective monitoring of social media could, for instance, have helped accelerate police responses to the widespread public disorder following the appalling murder of children in Southport in July 2024. Research by the Thinktank, Institute for Strategic Dialogue (ISD) found that in the 10 days after the Southport attack, posting activity on far-right Telegram channels rose by 327 per cent compared to the 10 days before.

 

In the wake of the Southport murders, algorithms that recommend content based on trending searches continued to amplify misinformation and ill-informed commentary, despite explicit official denials of falsehoods and rumours.

 

The ease of creating new accounts and using new channels allows threat groups to move quickly, even when accounts are shut down. Politically motivated agitators with little sophistication can use Telegram, TikTok, and other platforms where lack of moderation gives them almost free rein.

 

The changing complexities of social media use

Social media intelligence (SOCMINT), therefore, must be part of OSINT strategies in policing and intelligence work. Change-detection and trend analysis are critical in making sense of the data tsunami. Analysts gain valuable insights into changing narratives, movements, groups, and threat actors by deploying scalable, ongoing, repeatable, and consistent data collection techniques. They can identify trends and changes that are strong indicators of risk – using their own experience and other intelligence sources to assess what action is required.

 

SOCMINT capabilities can identify suspicious patterns of behaviour, levels of engagement, and probable goals for disinformation posts. In combination with human intelligence, SOCMINT can assess the spread of disinformation. It accelerates digital foot-printing, information-verification, and identity resolution when small teams are under pressure.

 

Police and intelligence agencies can leverage SOCMINT to uncover risks in keywords, hashtags, and map networks on mainstream and niche platforms. In addition, advanced technology solutions are now capable of analysing multi-media content including images, videos, memes, and new articles, looking for indicators of misinformation and other risks.

 

One of the advantages of advanced OSINT algorithms is that they keep up with the changes in meaning that online jargon and memes undergo as groups adopt them. For example, using optical recognition technology, OSINT solutions can detect text in images.

 

OSINT significantly helps with the identification and attribution of sources behind disinformation campaigns. It enables analysts to build a picture of the threat actors involved, their motivations, and their dissemination methods. This faster level of detection enables greater agility in responses once analysts assess there is a real danger of threats to civil order or the commission of illegal acts.

 

None of this is possible without OSINT technology which enables investigators and their small teams to collect and analyse huge volumes of open source data. Without advanced OSINT technology, the task is impossible even for the most well-resourced intelligence teams.

 

Tracing origins and networks across social media

With violently motivated political extremists, the technology enables rapid exploration of networks. Established groups often want to expand membership which leads them to make posts on niche forums accessible to OSINT technology. Terrorist organisations will also use accessible forums as they seek to inspire lone wolf operators.

 

Pulling multiple sources of online information together, of which social media is just a part, OSINT enables intelligence agencies and policing organisations to build a picture of motivations and methods. Once identified, they can gain insight into relationships and networks and spot the spread of activity on other forums or platforms.

 

This is effective because the reach of OSINT technology extends into millions of data sources across news streams, search engines, people and company databases, social media, watch lists, data leaks and the dark web. Smart prioritisation cuts out the noise while augmented intelligence enhances human decision-making and improves the processing of data.

 

The advantages of a single platform

A platform approach to OSINT is important so intelligence teams work in the most streamlined way possible, no longer switching between different and often incompatible technologies. An OSINT platform fits in with existing workflows of experienced intelligence and security professionals, augmenting their expertise.

 

With customisable risk detection frameworks, users can fine-tune the underlying AI models to detect novel risks quickly without having to enlist the help of data science experts. Built-in obfuscation provides the anonymity that protects operational goals, as the platform conducts sentiment analysis, rapid filtering and detection of keywords and phrases.

 

With intelligence and counter-terrorism chiefs in the UK and globally highlighting the dangers of social media misinformation and online radicalisation at a time of upheaval in the mainstream platforms, AI-powered OSINT technology has never been more relevant.

 

No UK police force or intelligence agency can afford to have banks of analysts trawling through billions of online data points. This is where advanced open-source intelligence comes to the fore, enabling authorities to get ahead of threats and achieve levels of insight and accuracy that have hitherto eluded them, and which are now vital for the protection of free societies.

 

---

 

Dr Brenton Cooper is CEO & Co-founder of Fivecast

 

Main image courtesy of iStockPhoto.com and Dragos Condrea