This article is part of a broader series on opposition research and OSINT.
If you would like to contribute or want to suggest an amendment or work with me on my upcoming articles on Facebook, Tumblr, Reddit and more send me an email on [email protected].
What is Opposition Research?
In politics, opposition research (also called oppo research) is the practice of collecting information on a political opponent or other adversary that can be used to discredit or otherwise weaken them.
The information can include biographical, legal, criminal, medical, educational, or financial history or activities, as well as prior media coverage, or the voting record of a politician.
Opposition research can also entail using “trackers” to follow an individual and record their activities or political speeches.
Source: USA Today
Note: Most of the processes within this article are automated by top tier opposition research agencies and experts. If you’re interested in protecting yourself from opposition research, TurgenSec offers a service called Digital Futureproofing.
How to protect yourself from Opposition Research?
Protecting yourself from opposition research is a tricky business, especially if you’re a public figure who has been in the spotlight for many years.
What is Digital Futureproofing?
Digital Futureproofing is the process of monitoring and controlling your digital footprint (and the footprints of closely associated individuals) such that your personal data cannot be weaponized against you.
You are giving out data on yourself all the time online, do not let hackers and your opposition use it against you through breaches and opposition research.
Twitter Opposition Research Tools
A selection of tools and resources that can be used for opposition research.
tinfoleak is an open-source tool within the OSINT (Open Source Intelligence) and SOCMINT (Social Media Intelligence) disciplines, that automates the extraction of information on Twitter and facilitates subsequent analysis for the generation of intelligence.
Taking a user identifier, geographic coordinates or keywords, tinfoleak analyzes the Twitter timeline to extract great volumes of data and show useful and structured information to the intelligence analyst.
Type in any Twitter ID or @handle, and it will be converted into the respective ID or username.
Enter search keywords, or even a link, and this tool will find the first tweet that contains that term. Use search operators or put everything in “double quotes” for an exact match.
You can use search operators within this tool making it a surprisingly powerful tool.
Search Twitter using a large variety of filters. The resulting searches can be saved, as well as adjusted within the search box or the url.
Scale your business on Twitter with JARVEE’s all-in-one social media platform. Whether managing conversations with new clients or doing customer care for the existing ones, with JARVEE everything is seamless. Twitter marketing has never been easier and you’ll be up there among the best of the best.
There are countless other top level Twitter automation tools available online and if you’re after a powerful grey-hat tool I would suggest searching on Black Hat World Forum’s marketplace. They might cost a few tens of dollars a month or a couple of hundred dollars to buy, but save you MANY hours.
Account analysis tool. Very useful for exploring Twitter bios to find accounts of interest.
This tool also allows you to compare accounts along with further paid features.
Spoonbill lets you see profile changes from the people you follow on Twitter or other social networks.
(No changes in screenshot because I just registered hehe)
I actually have several different tweaks on this that you can get from me by emailing me on [email protected].
User-friendly interface giving account analysis, including for interactions between accounts.
Lots of useful tools to be had here.
Download a user’s most recent 200 Twitter Favourites (Likes)
Account analysis that allows multi-language searches and saved snapshots of results. From NU Knight Lab.
A custom search that allows you to use Google to search for Twitter lists by keyword.
Deadbird tracks the tweets of Twitter users to see if they have been deleted. You can click on tweets on a user’s timeline or stream to be taken to the full tweet page along with replies to the tweet at the time it was saved.
Crate is coming to an end. Learn more here.
Who follows whom?
Insights about any public Twitter profile.
Emotional patterns analysis.
Realtime map of last geolocalized tweets delivered.
“Specify the Twitter username of your friend, or even your favorite celebrity, and we will figure out the sleeping pattern of that person.”
Search for Twitter users leaks.
Realtime chat rooms based on twitter hashtag.
Find out who Twitter users are stalking (and who is stalking them).
A private Twitter account means that whatever you post can only be seen by your followers, all of whom you have to manually approve. This also means that anyone who doesn’t follow you or doesn’t have permission to view your feed won’t be able to see your tweets. Source: Business Insider
If a Twitter account has been set to private, and you do not have access to it a good place to start is to google search the username in quotation marks. Many websites cache Twitter accounts of interest so if they have ever been public they should have a record of the tweets the account has sent.
There are several resources aimed at recording a variety of different accounts including my personal favourite: Politwoops: All deleted tweets from politicians.
The Wayback Machine is a powerful tool that caches the internet and many Twitter accounts. Entering in the account URL can provide you with a treasure trove of information about the account, including historical tweets that may have since been deleted.
Getting Access to Private Accounts
Getting private accounts to allow you to follow them (especially if they are public figures), is surprisingly easy. Conduct some modest background research on the target, create a quick pretext and design a slick looking account that wouldn’t stand out if they followed the target.
Note: Depending how much the target cares about security it is worth following them without doing the below pretexting. You can easily test this by creating and utilising a few accounts. Easy wins are VERY easy to score on Twitter.
It is worth noting that you can easily change the username and name of your twitter account, so it is a good idea to have a modest selection of Twitter accounts with 2000-9000 followers and following under 400 people. This will create an account that looks very legitimate.
You can purchase accounts and followers easily through BHW or through a SSM panel for marketing. Check out BHW’s social media marketplace and you’ll find countless options.
You’ll want to fill up your feed with relevant tweets over a series of weeks so that any investigation by the target won’t throw up alarm bells.
You’ll also want to be following (and ideally followed by) other professionals within the niche of the target.
This is all a lot of work so I suggest pulling together 5-10 RSS feeds of relevant news outlets to automate your tweets and using a twitter automation tool such as Jarvee or any of the countless other automation tools that can be found with a little bit of digging on Black Hat World forum.
Jarvee and most decent Twitter automation tools available on the black hat internet marketing forums will take a bit of getting used to.
For bigger projects and management of 5+ accounts, proxies will need to be used along with countless sims (I have over 1000 sitting in my bedroom).
Some accounts that are easy to automate and tend to not raise any real questions (some require a simple automatable website alongside them):
- Think tanks
- Academic Research Companies/institutions (ones from friendly seeming companies work alarmingly well – Sweden, Denmark etc…)
- Startup Companies
- Recruiters (sometimes)
There are countless other pretexts you can adopt and test, but your success really comes down to your ability to research and discover what will work with the target.
Spread the net wide and hit the target over a series of weeks with different pretexts.
Twitter Advanced Search
Use Advanced Search to find the latest news and world events faster. Find popular people, hashtags and photos for any topic you can imagine. Source: Twitter
Approach: With opposition research for compromising tweets, it is important to start with the low hanging fruit first. Your time is finite, do not waste it looking for the hidden stuff when the obvious stuff is out there.
The Twitter advanced search is a powerful tool for finding compromising or regrettable Tweets that could be used in opposition research.
Most of the search functionality is pretty self explanatory and if there is interest I can write further articles showcasing some interesting techniques for finding Tweets and interactions.
Where to start?
Start very simply. Enter a Twitter account username.
Then enter in an exact term or search term you think the person could have tweeted and could be used against them through opposition research.
You’ll soon see that once you search for some results that you no longer have to use the above slow advanced search display and can simply use the text form.
Low Hanging Fruit
Low hanging fruit tends to be pretty easy to find and is what you should shoot for first. Once you have a grip of the standard operators you can create a record of common terms that can easily be taken and applied to multiple people to find angry or incriminating tweets.
Below I will showcase some REALLY simple search terms to find tweets of interest.
"swear word" (from:@Name)
"racist word" (from:@Name)
"sexit word" (from:@Name)
I have created a document which contains a series of offensive, sexist and racist words to cross reference with.
(Offensive Content Warning) It can be found here.
Editor Note: We are working on a free tool for finding tweets and favourites that contain these words (or your own list of words) for specific accounts. Stay tuned and follow us on Twitter to get notified when we release it.
I’m sure you get the idea, this isn’t complicated stuff. If this gets you no results you’ll want to begin broadening your search. Start playing around with accounts that mention the target in terms of events they should not have attended. This gets a lot easier if you have a firmer understanding of the environment the target operates in.
Knowledge is powerAll the Social Engineers
You can take the advanced search to really new levels if you have done your research on the target in question and understand the context. Obviously this varies on a case by case basis and depends on your time investment.
Share videos on Twitter by recording through the app, importing from your device, or uploading to twitter.com. Source: Twitter Help
Premium Search Operator:
Premium: operator available with real-time and historical PowerTrack. A subset of these are available with the 30-Day and Full-Archive search APIs. See this table for a product-by-product list of available operators.
Matches Tweets that contain native Twitter videos, uploaded directly to Twitter. This will not match on videos created with Vine, Periscope, or Tweets with links to other video hosting sites.
Advanced Search Operators:
Matches Tweets that contain an uploaded video, Amplify video, Periscope, or Vine.
Matches Tweets that contain a Periscope video URL
Filtering through videos
If the individual has a few videos or you know what you are looking for, then simply watch through the videos.
If that’s not the case, you’ll want to take some steps to speed the process up. Download all the videos and run them through a Video>Text transcription service. PC Mag did an article on these services which can be found here. I’ve not used any of these so I cannot speak for their quality.
Tool that may be of use: Logo detector – Finds and identifies logos in videos. Can also be used for uploaded images.
Once you’ve got a text version of the videos you can begin to do some manual filtering of the content. Or you can use some smart technology to do it for you. Depends how much money you have.
If you’re doing this manually, good-luck, 90% of the leads you’ll find will likely be other people speaking or bad transcription tool glitches.
There are also tools out there which will analyse videos, depending on your budget using them speeds the entire process up tenfold.
This article was written by Nathaniel Fried, co-founder of TurgenSec.com.
If you have more tools, resources or guidance to add to this article, send me an email on [email protected].