It is not just the criminals and terrorists who use social media to perform social engineering. Law enforcement agencies have been known to use social media for investigative purposes as well, with varying results.
Private investigators use social engineering techniques to trick people into giving up personal and financial information all of the time. In fact, Kevin Mitnick, the infamous social engineer, worked as a private investigator for several years. It appears as though the police and federal authorities are beginning to adapt these practices as well.
Social media is already a well-established tool of Real-time Crime Centers for police departments in places such as New York, Houston and Cincinnati. However, there is a difference in passively analyzing social media data to detect crimes and actively using it to investigate. One of those active means involves creating fake social media accounts and using them to gain and exploit the trust of the “bad guys.”
The U.S. Federal Bureau of Investigation has used Facebook to go undercover with false online profiles to communicate with suspects. They have also gathered private information such as the identity of a target’s friends or relatives, postings, photographs and videos through these means.
These methods have not always been viewed as proper by the courts. The U.S. Drug Enforcement Agency was recently sued in civil court by a woman whose likeness in the form of pictures was used in an undercover sting. They ended up settling for 134,000 USD.
This trend appears to indicate that investigative techniques using social media will only grow in the future. Whether or not those techniques will involve social engineering remains unanswered.