General security

Peeping the Social media

Ryan Mazerik
September 17, 2013 by
Ryan Mazerik

1. Synopsis

Nowadays it is hard to find a person who doesn't sign in to any social medium at least once a week by using gadgets like a smartphone, tablet, or a computer. The era of social media has blessed our lives by connecting us with an old friend whom we have missed since the lower grades, to know about their personal life, current status, and so on. However, there are some serious threats that need to be concerned as well.

Social media monitoring is the monitoring of social media outlooks such as Facebook, LinkedIn, Twitter, etc., for gathering information about an organization, individual or brand. Social media monitoring can help to get insights into an organization's presence on various social media outlets. It can provide valuable information about emerging trends, and can also help to understand consumer/clients opinions about specific topics, brands or products. This allows companies to track what consumers are saying about their brands and actions and react to these conversations and interact with them in real time.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

2. Benefits of Social Media Monitoring

An employee of a company has been terminated for some reason and this individual, who was working in a client-facing project, now reveals all the secrets related to the client publicly in a Facebook page. This is a serious security issue that affects both the company and its client. In such cases, SMM can help to find the issue, analyze it, and mitigate it by reporting it to the relevant authorities. The samples of abuse can be collected and further legal actions can be carried out.

The key benefits of social media monitoring are listed below.

  • Monitor Your Online Brand

    Monitoring the mentions of brands through various social media channels is beneficial for all businesses. The positive or negative mentions of a company or brand can be collected in real time and used to take relevant action. For example, responding to a positive mention by publicizing it or, in the case of a negative mentioned, by resolving it as fast as possible. By using social media monitoring tools, you are able to manage your brand across a number of different platforms. This allows seeing where people are engaging with your brand most and it will help to distribute your resources appropriately.

  • Watching Your Industry

    Social media monitoring is a great way to stay up to date with the latest industry trends. It allows you to follow the major trends in your industry and keeps you ahead of the game.

  • Monitor Your Competitors

    Social media monitoring tools can also monitor your competitors; this can help you keep your business ahead of them at all times.

  • Improve Search Engine Optimization

    Social media monitoring allows you to detect several commonly used keywords that can then be used to improve search engine optimization. This helps your organization to always show up on top in search engine results.

  • Customer Service Enhancement

    Social media monitoring is a very effective customer service tool because it acts as a direct channel to your customers. You can interact with them quickly and efficiently in real time. Companies can improve their products by analyzing the comments and responses of the product through social media.

  • Improve Marketing

    SMM can be used to monitor people's reactions to various marketing techniques by keeping up to date with the latest online marketing trends. Thus, by using SMM, you can choose the best strategy to improve the quality of your service and also find ways to expand it.

  • To manage Any Crisis That May Arise

    By monitoring social media, you can keep up to date with conversations occurring online in real time; this gives you the ability to address false accusations and negative comments quickly or prepare a response to the issue promptly.

3. Rules and Regulations for monitoring Social Media


The Information Technology (Amendment) Act, of 2008 contains several provisions that recognize privacy protection and privacy rights. The sections that recognize the privacy issues and privacy rights are Section 43A, 72A, 69, and 69B.These sections are well drafted when it comes to fraud cases which happen through or by social networking sites. Encroachment on the right of privacy could be in the interest of national security.

  • Section 43A of IT ACT 2008

"Information Technology (Amendment) Act, 2008 Section 43A makes a mandatory data protection regime in Indian law. The section obliges corporate bodies who 'possess, deal or handle' any 'sensitive personal data' to implement and maintain 'reasonable' security practices, failing which, they would be liable to compensate those affected and the compensation has no upper limit to be claimed which may even be in excess of 5 crore rupees. Corporate bodies have been defined as any company and include a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities. Thus, government agencies and non-profit organizations are entirely excluded from the ambit of this section."

  • Section 72A of IT ACT 2008

"Section 72A says that a person including an intermediary could be held liable if he discloses "personal information" which had been accessed while providing services under a contract. The liability arises if the disclosure was made with an intention to cause or knowledge that he is likely to cause wrongful loss or wrongful gain to a person."

  • Section 69 and 69B of IT ACT 2008

"Section 69 of the amended Act empowers the state to issue directions for interception, monitoring, decryption of any information through any computer resource. Section 69B empowers the Government the authority to monitor, collect traffic data or information through any computer resource for cyber security. In the interest of national security, sovereignty, public order etc., the Central Government may intercept /monitor any information transmitted through any computer resource also for investigation of any offence."

IT Acts liable for Social Media Crimes

  • Section 66 of IT ACT 2008

"This section is used when the imposter fraudulently and dishonestly with ulterior motive uses the fake profiles to spread spam or viruses or commit data theft. The act is punishable with imprisonment for a term which may extend to three years or with a fine which may extend to five lakh rupees or with both."

  • Section 66A of IT ACT 2008

"This section is used when the imposter posts offensive or menacing information on the fake profile concerning the person in whose name the profile is created. Further, the fake profile also misleads the recipient about the origin of the message posted. The offence is punishable with an imprisonment for a term which may extend to three years and fine."

  • Section 66C of IT ACT 2008

    "When the imposter uses the unique identification feature of the real person like his/her photograph and other personal details to create a fake profile, the offence under Section 66C Information Technology Act is attracted which is punishable with imprisonment for a term which may extend to three years and be liable to a fine which may extend to one lakh rupee."

  • Section 66D of IT ACT 2008

"When the imposter personates the real person by means of a fake profile and cheats then the provision of Section 66D Information Technology Act is attracted which is punishable in the same manner as preceding Section 66C."


  • Fair Credit Reporting Act (FCRA)

    "Employers who hire outside vendors to investigate either an applicant's or an employee's social media activities and content may be required by law to get written consent from those individuals. The information collected from a social media site may constitute a 'consumer report' under the Fair Credit Reporting Act (FCRA). In addition, the FCRA would require employers to provide information to individuals as to how they may dispute the accuracy of the report with the company that furnished the report. This requirement, however, applies only when the employer takes an adverse action based on the report."

  • Foreign Intelligence Surveillance Act (FISA)

    "The Foreign Intelligence Surveillance Act (FISA) Amendments Act of 2008 has basic procedures for physical and electronic surveillance and the collection of foreign intelligence information. It also provides strict judicial and congressional oversight of any covert surveillance activities. Under this act, the US Government is authorized to conduct surveillance of Americans' international communications, including phone calls, emails, and Internet records, exactly what is addressed by the PRISM program. These orders do not need to specify who is being spied on or the reasons for doing so. It is now possible for government agencies to collect information on foreign communications."

  • Patriot Act

    "Section 215 of the Patriot Act, authorizes the existence of special procedures, authorized by the FISA court to force U.S. companies to deliver assets and records of their customers, from the metadata to confidential communications, including e-email, chat, voice and video, videos and photos. It expands the law enforcement power to spy on every US citizen, including permanent residents, without providing explanation, starting the investigation on the exercise of First Amendment rights."

Other Important acts related to Social Media

  • Impermissible discrimination in hiring based on social media research can subject a company to investigation by the EEOC, as well as possible action for alleged violations of the Civil Rights Act of 1964, the Age Discrimination in Employment Act, the Americans with Disabilities Act, and many other federal and state statutes.
  • Companies whose employees participate in conversations on social media platforms while using company computers may want to monitor their employees' social media communications. Such monitoring is not without its legal dangers, though, as an employer may then be subject to liability under the Stored Communications Act (part of the larger Electronic Communications Privacy Act), if an employer accesses the content of non-public communications not stored on the company's own server. In addition, if employees and/or managers engage in unprofessional exchanges online, that can lead to harassment claims against the company.
  • Social media legal risks may also be present if an employer decides to fire employees based on their Facebook interactions with other employees in the organization. In one incident, where an employee was fired for negative comments about her supervisor posted on a Facebook page shared with other employees, the National Labor Relations Board (NRLB) said that employer's action violated the National Labor Relations Act (NLRA). In the NRLB's view, the firing interfered with employee rights under the NLRA stipulation relating to union organizing—which allows employees to discuss wages, hours, and working conditions with co-workers and others, while not at work.
  • In another case, an employee alleged that a company's social media policy restrictions on employee communications about the company (on such sites) were a violation of the NLRA. The complaint was resolved for an undisclosed amount, along with an agreement to revise the company's social media rules.

4. Are the Rights of Individuals Challenged?

Freedom of speech is the political right to communicate one's opinions and ideas using one's body and property to anyone who is willing to receive them. In India, freedom of speech has no geographical limitation and it carries with it the right of a citizen to gather information and to exchange thought with others not only within orders but abroad also.

But India has started tracking public views and sentiments on social media platforms to step up its preparedness in handling sensitive issues and protests. For this purpose, the country's first social media lab has been established by the Mumbai Police, Technical infrastructure and training is provided by NASSCOM and the tool is from Almost all countries are developing such an approach to monitor the public views.

Naturally, this raises questions about the freedom of expression and the rights of Indian citizens. But digging deeper into freedom of speech article give insights that the freedom has been liable to some restrictions in particular cases. Under certain conditions, such as state security, decency and morality, public order, incitement to an offence, etc., this freedom has been restricted and is punishable.

Last year, the law enforcement mechanism had failed to gauge the size and seriousness of public sentiments until things had gone out of control and, in almost all the cases, social media were used as drivers to ramp up support. Thus a real-time monitoring mechanism for social media adds a lot to reduction of these consequences by using social media monitoring mechanisms to analyze sentiment, identify behavioral patterns, influencers and advocates, track increase in chatter, and generate alerts in real-time on social media platforms. So the action of government for setting up a lab for social media monitoring cannot be criticized. After all, the intent of the social media lab is to prevent demonstrations and protests which can not only cripple a city, but the entire country.

5. Tools for Social Media Monitoring

Common tools used for social media monitoring includes the following:

  • Sysomos

    Sysomos is one of the powerful tools that are available in the market for social media monitoring. It boasts features like data collection, information processing, data analysis, etc. In data collection, data is collected and filtered for spam or other false positives. During information processing, data is gathered and, through translation and text analytics, it combs the data for insights and intelligence. During data analysis, all of the data is analyzed and categorized according to demographics, sentiment, key influencer, and buzz volume. Output is provided in the form of charts and graphs that provide visual confirmation of social media campaign's process.

  • Mention

    It monitors millions of sources in 42 languages, including social media channels, blogs, forums etc. It provides alerts in real-time via push notifications. Various social media accounts can be connected and we can receive combined alerts from all these outlets. It also removes the false positives and spam and sorts out the important mentions, thus reducing the noise. It generates a snapshot of mentions by source, language and over a selected period of time in PDF and CSV format. This result can be used to compare with the competitors.

  • Brand Watch

    Brand Watch employs the power of a web crawler to focus and capture data relevant to a brand or a product. Brand Watch can adapt to a variety of client loads. This web crawler operates in real time and, as soon as it satisfies a particular search query, stores this data to its many servers working in real time. These crawlers collect data from sources such as blogs, Twitter, Facebook, YouTube, discussion forums, news sites, Image sites, corporate sites, etc. This data can then be queried using an SQL-like language developed by Brand Watch to drill down or slice and dice data according to our needs.

  • Visible Technologies

    Its social media monitoring, analytics, and engagement tools help organizations to identify opportunities and potential crises when they arise, while finding new and innovative ways to enhance customer relationships and better service clients. It offers both unlimited search queries and results that are not usually provided by other products. It costs up to $3,000/month, which is suitable for a national brand or large agency.

  • Meltwater

    This is a tool that uses keywords to identify specific topics of conversation that are specific to particular social communities. It monitors and translates from 27 different languages and its search-based social media monitoring digs deep into the social media chaos to target the most relevant conversations using precise Boolean logic. Its monitoring platform analyzes millions of social media posts from several social media sites. When new social media websites appear on the web, they are also included in the Meltwater databases. Data can also be archived for up to six months for broad coverage of issues.

  • Social Radar

    Social Radar uses big data for social media monitoring and produces output after analyzing the collected data. It finds patterns and performs deep historical analysis using archives spanning more than six years. It creates powerful custom filters based on rich individual profiling data, like an instant massive focus group. It includes variety of reporting options, including custom dashboards, raw data exporting, graphs, and tailored interactive access.

  • Trackur

    This is a tool that has a distinctive feature that helps you to quickly see the number of new results, velocity change, share of voice, etc. Outputs can be produced using an Excel exporting feature, RSS/XML feeds, or via email alerts. It has an archival feature through which complete resources can be archived for viewing the original article, sharing with co-workers, or bookmarking for follow-up.

  • Ubervu

    It has an easy-to-use dashboard and provides several customizations and real-time insights about a brand or industry. Ubervu can help to understand and engage with audiences, to find influencers, reply to comments on multiple social networks straight from a single dashboard and so on. It is also useful to monitor keywords and brand mentions and be alerted of any real-time spikes in mentions, sentiment, activity, and other important metrics.

6. How SMM Works

Social media monitoring is the monitoring of social media channels for information about a company, usually tracking various social media content such as blogs, sites, social networking sites, etc.

Usually SMM works with the help of web crawlers that index sites by crawling them in real time. Some sites such as Twitter are crawled in real time, while some others are crawled depending on their importance. Most tools use their own web crawlers, while some of them use a data provider's crawlers. Data are fetched by using queries or search strings that the user writes to find mentions of specific words and phrases on those pages. Then the input that contains these keywords is produced as output and can be represented using graphs and other metrics.

Here the mentions are usually keywords that name a brand, a company, a product, or an individual. Boolean operators allow complex search strings to be written in order to find exactly what is required, ignoring irrelevant content is. This means that, as well as searching for specific terms and words, users can search for mentions on specific sites, in different languages and regions, with specific page titles, and so on.

Basically, a SMM tool works in four steps. They are

  • Collect
  • Filter
  • Analyze
  • Produce
  • Collect

    For collecting data, queries can be given as Boolean search strings. Then web crawlers search the Internet for the relevant data and index those sites. These crawlers then inspect each corner of the social web to find data related to that particular query and constantly revisit all those sources to check for any changes to the datasets.

  • Filter

    SMM uses automated systems that may include several layers of pattern-matching algorithms and, keyword-density checks to detect specific text. Some of them have specific algorithms that recognize which parts of a web page are real content and which are navigation text or adverts. In order to remove duplicates, it makes use of a fingerprinting technology, ensuring
    that the same mention is not picked up twice, thus producing accurate results for all queries.

  • Analyze

    Natural language processing algorithms are used to recognize the language used in the pages that have been crawled; this improves the accuracy of the other analysis processes. It can sort out the data by using the date range and by using different types of logic, hence the content can be obtained for a specific date range. It also contains different techniques that can be used to track the content from a location level, including the city level.

  • Produce

    Analyzed data is produced as output in the form of dashboards that produce a quick overview of key aspects of dataset that are ideal for those reporting or performing ad hoc monitoring. Data can be exported in Excel, CSV, RSS, and XML format and charts can also be exported directly in a variety of formats and sizes.

5. Challenges of Social Media Monitoring

Although there are a lot of positive sides to social media monitoring, some challenges are also faced in this field. They includes

→ No access to messages, closed groups, etc.

Currently there is no access to private post and closed group communications on some social media like Facebook. This is one of the main drawbacks that reduce the overall efficiency of Social Media Monitoring.

→ Social media data are huge

Since data from Social Media's are unstructured and of high volume, data cannot be pulled into a relational or structured database. In order to overcome this drawback, big data should be correlated, but it also adds to the policy violations of social media. However one of the top players in SMM, Sysomos, argues that, they have the capability to capture and archive this unstructured data. There are also legal issues involved in bringing data from social media into an infrastructure for analysis.

→ Sentimental analysis

Most of the Social Media monitoring services provide the sentimental analysis of the results they provide. This sentimental analysis carried out by SMM tool can't be taken as a valid result and has to be manually verified. (Sentimental analysis is done to determine the attitude of the speaker, based upon a group of text)

→ Strict legal measurements

Section 43A of IT Act 2008(India) obliges corporate bodies to take strict security measurement while handling sensitive personal data. Failing to provide this makes them liable to compensation that has no upper limit.

7. Free Tools for Social Media Monitoring

  • Hootsuite

    Is a social media management tool used to build a brand online based on different social media websites. It allows users to create numerous social network streams and view them in a clean, user-friendly interface. It also has the ability to dispatch messages to multiple social networks simultaneously.

  • Google Alerts

    Is a service that provides email updates of the latest Google results (web, news, etc.) based on Google search queries. After entering a search query for monitoring, a preview of the type of results will be received as email. Some uses of Google Alerts include monitoring a news stories, staying up to date on a particular competitor or industry etc.

  • TweetReach

    TweetReach is a free tool that is used to monitor Twitter in real time. TweetReach measures the actual impact and implications of social media discussions. It can be used to find out who are your most influential followers, who are interested in you products etc.

  • Klout

    Klout is one of the most controversial social media monitoring tools available. It measures influence through engagement on Twitter and it is a good method of keeping an eye on what customers think about your brand. It has a ranking system that helps you to measure customer sentiment as well.

  • Social Mention

    Social Mention monitors over 100 social media sites. It analyzes data in a comprehensive fashion and measures how and what causes people to be influenced as they are.

  • Addictomatic

    Addictomatic focuses on a variety of platforms such as Flickr, YouTube, Twitter, WordPress, Bing News, Delicious, Google,, etc. It keeps an eye on recent industry developments and brand reputation.

  • IceRocket

    This tool offers blog, Twitter, and Facebook monitoring in 20 languages, it also provide results in the form of graphs. It allows choosing the time frame for searches and can also be used for keeping an eye on blogger activity, as it has around 200 million blogs in its database and provide the possibility of finding the latest trend terms related to a search.

  • TweetDeck

    This is a tool for scheduling tweets and monitoring interactions and messages on the twittersphere, as well as tracking common hash tags and managing multiple Twitter accounts all from a single application.

7. References‎‎

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Ryan Mazerik
Ryan Mazerik

Ryan has over 10yrs of experience in information security specifically in penetration testing and vulnerability assessment. He used to train and mentor consultants of these offerings to expand security delivery capabilities.He has strong passion in researching security vulnerabilities and taking sessions on information security concepts.