Threat Intelligence  ·  Social Graph
· 7 min read

Your Inner Circle Is the Weakest Signal

Attackers do not always target you directly. Your PA, your driver, your family — each is a node in a social graph that maps everything a direct search cannot find. The people closest to you are frequently your largest exposure vector.

The social graph as an intelligence product

In signals intelligence, a social graph is a map of relationships between individuals: who communicates with whom, how frequently, and under what context. In open-source intelligence, the same concept applies — but the signals are public: LinkedIn connections, tagged photographs, mutual endorsements, shared event attendance and mentioned relationships in bios and posts.

For an executive who has maintained careful operational security over their own accounts — minimal social media, privacy-screened company registrations, no public personal information — the social graph attack is the primary route. It does not require breaking through their security posture. It routes around it entirely, through the people who have not applied the same care.

The four highest-value nodes

Personal assistants and executive assistants

A PA's LinkedIn profile is a comprehensive intelligence source. It confirms the principal's full name and title (in the PA's "works for" field), the organisation, the office location, the PA's direct contact details and — frequently — a professional photograph in which the principal's premises or vehicle are visible in the background. The PA's professional network also confirms other members of the executive team.

PAs are also the primary target for social engineering. A well-constructed pretext call to a PA — drawing on details harvested from their public profile — achieves objectives that no amount of technical intrusion against the principal directly could. Calendar access. Travel confirmation. Contact details for family members.

Household and security staff

Drivers, household managers and personal security staff frequently list their employment on LinkedIn with the principal's name or company name in their profile. This confirms the principal's home jurisdiction — and sometimes neighbourhood — through the staff member's commute radius and their prior employer history. Security staff may also list former principals, creating a pattern that confirms the subject's security arrangements and any known gaps in coverage.

Spouse and adult children

A partner's Instagram or Facebook account — even when set to "friends only" — often has a public profile photograph, a tagged location for the family home, and a bio that identifies the family. A child's university social media presence, a teenager's public Spotify playlist or a spouse's public charity board listing confirms family structure, residential address and daily patterns with high confidence.

In a recent assessment, the subject maintained zero public social media presence and had applied a KvK privacy shield to their company registration. Their home address was confirmed within 14 minutes via a tagged photograph on their adult son's Instagram — a photograph taken at a birthday dinner in the family home, with the street number visible through a window reflection.

Board colleagues and co-investors

Connections confirmed through shared board memberships or co-investment relationships expose strategic information that the subject may have deliberately kept undisclosed. A co-investor whose own public filings reference the subject establishes the relationship. The co-investor's network then expands the subject's known associates, potential conflicts of interest, and undisclosed financial exposures.

How social graph attacks materialise

The primary downstream risk from social graph exposure is not passive — it is active social engineering. An adversary who has mapped the inner circle can construct scenarios that are operationally credible:

  1. Pretext calls to the PA — posing as a known associate, a bank representative or a security vendor, with enough confirmed detail to be convincing. The objective is calendar information, travel plans or contact details for the principal.
  2. Targeting family members directly — a phishing campaign against a spouse or adult child that exploits the relationship to the executive. A compromised family email account provides access to personal communications and financial information.
  3. Physical surveillance facilitation — using the confirmed home address and pattern of life established through the inner circle to plan physical access. The information required to do this is routinely visible through a combination of three or four public social media profiles in the subject's immediate network.
  4. Reputational operations — using undisclosed relationships confirmed through the social graph to construct narratives about the subject's associations, financial dealings or personal conduct.

What inner-circle hardening looks like

The executive cannot unilaterally control the digital posture of their family members, their PA or their security staff. What they can do is ensure that those individuals understand the specific risks that their public information creates — and are given the tools and guidance to reduce it.

In our engagement process, inner-circle exposure is assessed as part of the full subject profile. Where significant vectors are identified through family or staff accounts, we provide specific, actionable recommendations for each individual — not generic privacy advice, but targeted guidance on the specific posts, connections and information that represent live exposure.

The goal is not to make the inner circle invisible. It is to ensure that the information visible through them does not enable the scenarios described above.

Next step

Know what your inner circle reveals about you.

Our exposure assessment maps your full social graph from an adversary's perspective — and identifies every node that creates operational risk, with specific remediation guidance for each.

Request intake
← Back to all briefings