Navigating threats with data visualization: RiskWand risk intelligence
At Pendulum, we're not just redefining the landscape of threat and risk intelligence; we’re empowering organizations to convert risks into...
4 min read
Pendulum : May 14, 2024
When it comes to managing risks associated with online content, YouTube stands out as one of the most challenging platforms for analysts to monitor effectively. Despite its challenges, it remains a critical platform with a continually expanding user base and definitely will be relevant for the unforeseen future. Every minute, over 500 hours of video content is uploaded to YouTube, making it impossible for a person to manually screen every single video to detect potential risks. Even with a small team, checking every video is unrealistic due to time constraints. Fortunately, there are many tips, tricks, tools and methods that can improve risk detection and mitigation. We will explore the most effective ones below.
Let’s start with the basics. While every analyst is rather familiar with Boolean keyword search operators on Google, not many people know that these same principles can be applied on YouTube as well, offering a more refined and efficient search experience. This is particularly beneficial for brands with generic or complex names, as YouTube’s native filtering options are rather limited, hence advanced search operators can make an impact.
The most basic operators are: “”, +, and –. Parentheses help to find specific phrases, while plus and minus signs refine the search even further by including or excluding specific words or phrases. However, it is the more advanced search operators that truly enhance the search process, such as “before:[date]” and “after:[date].” These operators enable searches within a very specific range of time when the video was uploaded. This could be very general, such as “before:2019”, much more precise, such as “before:2018-07-22”, or even a combination of both.
There are some people that dislike the YouTube search engine and prefer to actually look for YouTube videos using Google search with additional operators. For example, a search query like “threat intelligence site:youtube.com” in Google will provide you with a list of videos about threat intelligence uploaded to YouTube.
While these advanced search techniques can be time-consuming, there are open-source tools powered by LLMs (Large Language Models) that can streamline the process. These tools are particularly useful for independent analysts or OSINT (Open-Source Intelligence) enthusiasts looking to conduct more advanced keyword searches. Experimenting with these tools can significantly improve the efficiency of your investigations, making them a valuable resource for anyone looking to enhance their YouTube search capabilities.
Identifying the right videos is just the beginning. We need to understand what is being said or shown and, even better, get a broader context of a channel or an entire narrative. Speed control and automatic transcription tools make it slightly easier to skim videos, but analyzing large datasets remains time-consuming. The first step is to scrape the videos or extract the audio to save some disk space. This can be achieved using youtube-dl, a command-line program that simply allows you to download YouTube videos, or by doing some programming yourself, if you’re technically inclined. After the data collection phase, you can proceed to transcription. There are several free options available that can help with this task. One of them is Google PinPoint, a lesser-known tool designed for journalists that integrates with Google Drive. PinPoint has an automatic OCR (optical character recognition) feature for images and transcribes video and audio files within a chosen folder. This creates a small database with identified names and places. However, it is worth noting that PinPoint transcribes content in only one language at a time, so investigating a multi-language threat agent will require splitting the content into language-based sets. For example, if you’re analyzing hundreds of videos uploaded by a prolific fringe group, PinPoint can help you create a searchable database that can be navigated with simple keywords to browse through the transcripts.There are other useful tools such as Filmot, which scrapes all transcriptions available on Google and allows an investigator to search for specific words and phrases without needing to download anything. Despite the availability of these tools, analyzing videos still involves some degree of manual effort, a bit of IT proficiency, and a significant amount of time.
All videos uploaded to YouTube have easily accessible metadata that sometimes can be very handy. One of the free tools that is good for this task is MW Metadata. This tool allows you to retrieve all available data from videos, playlists, or channels. Some videos can even be geolocated on rare occasions. This will give you some potential new leads and information, so checking what is included in the metadata is always a good step but it is important to note its limitations. MW Metadata primarily focuses on basic information such as titles or descriptions, making it more suitable for simple investigations or preliminary searches. However, it is crucial to remember that important information can sometimes be hidden within a 90-minute video, and metadata alone will not reveal this.
When dealing with online threats, we should always be aware that content from threat agents can be long gone before we even initiate an investigation. Fringe groups, controversial figures, extremists frequently violate platform guidelines, prompting moderation measures leading to account suspension and content deletion. Even if they avoided detection, they can just decide to go undercover by simply deleting their own account to evade scrutiny. Without archived content, we risk finding ourselves in a very anxious situation without any evidence to pursue. While there is no magic solution to retrieve deleted content, there are a few tools that can save the project. One is YouTube Video Finder, which searches a link in 10 different web archives in search of deleted videos. Unfortunately, it is not always possible to retrieve a full video but with a little bit of luck, we might get at least metadata, if not more. To mitigate the risk of losing critical content, it’s wise to adopt a habit of archiving content from the get-go. It can be very tedious, but it is better to be safe than sorry. Prevention is key, and it’s better to be prepared than to regret not archiving important content.
Threat agents often use more than just one account to broaden their exposure. It’s important to recognize that many alternative platforms to YouTube have more relaxed moderation guidelines, allowing such agents to thrive. Look for reuploads or additional content on platforms like Bitchute and Rumble. Additionally, TikTok is also a significant platform due to it being the number one fastest growing platform in the world. Beyond video-based platforms, you have to also be aware of content found on Instagram, Reddit, and even podcasts. Each platform may require a unique search approach, which can be time-consuming. Nonetheless, exploring platforms beyond YouTube is essential, regardless of the threat agent's headquarters.
Exploring these methods should provide you with a solid foundation for approaching your next threat detection task. While open-source tools are valuable for smaller projects, organizations dealing with substantial risks may benefit from advanced, reliable paid tools and services. Pendulum, for example, offers a comprehensive solution for detecting and mitigating threats across various platforms including YouTube, Bitchute, podcasts, X and more. With integrated LLMs and proprietary ML technology, Pendulum automatically tracks and analyzes narratives, topics and communities to surface unknown threats and summarizes content into snippets to easily identify the significance of the potential risk. Pendulum also has long-lasting data retention, up to 3 years on some platforms, keeping found content even if it has been deleted from the original platform. Remember, proactive risk management is key to protecting your business in today’s digital landscape. See for yourself by booking a demo today.
At Pendulum, we're not just redefining the landscape of threat and risk intelligence; we’re empowering organizations to convert risks into...
In the world of business risks, where Strategic Intelligence has taken center stage, risk analysts are the critical navigators in this complex...
Social media has evolved beyond personal updates and viral cat and challenge videos, becoming a crucial hub for real-time information. In an era...