Enterprise Safety
How sporting a ‘sock puppet’ can support the gathering of open supply intelligence whereas insulating the ‘puppeteer’ from dangers
11 Jan 2024
•
,
4 min. learn
Within the untold expanse of on-line info and communication, the flexibility to seek out the sign within the noise and discern the authenticity of information and its sources turns into more and more important.
We’ve beforehand seemed on the mechanics of open supply intelligence (OSINT), the follow of accumulating and analyzing publicly obtainable info for investigative functions, and particularly how cyber-defenders can use it to remain a step forward of attackers.
On this article, we’ll deal with a device generally utilized in OSINT: so-called sock puppet accounts, how they’re created and used, together with the dangers that their use could entail.
What are sock puppets?
Put merely, sock puppet accounts are fictitious identities that present their masters with anonymity whereas utilizing social media platforms, dialogue boards, e mail and different on-line companies. They are often harnessed for OSINT investigations so as to assess rising cyberthreats, collect info on on-line fraud, abuse and different illicit actions and gather proof of such wrongdoing, monitor extremist ideologies or achieve different insights into particular tendencies or points.
The data collected by these analysis accounts usually goes deeper than the readily disclosed info and will require establishing relationships with different individuals. The entities that leverage these accounts run the gamut and vary from regulation enforcement, personal investigators and journalists to intelligence analysts, community defenders and different safety practitioners, together with for efforts aimed toward detecting and mitigating potential threats.
However, these pretend personas can be deployed to do the bidding of malicious actors, who could use sock puppets to assist unfold spam or extract info from or in any other case manipulate their targets. These accounts are additionally usually utilized in disinformation efforts to assist steer discussions in a specific route, amplify false narratives, form public discourse and in the end sway opinions a few broader societal situation or a corporation.
Sock puppets in OSINT
Sock puppet accounts allow OSINT practitioners to mix into on-line communities and collect info with out revealing their true id and with out worry of reprisal, particularly the place their private security might be jeopardized. They’ll present their “puppeteers” with entry to closed or personal teams that might in any other case be inaccessible to exterior observers.
Creating sock puppets requires a good quantity of strategic planning that considers variables equivalent to the selection of platforms which can be house to the best quantity of data on targets all the best way to considering by means of after which training correct operational safety measures.
With the intention to keep away from disclosing their proprietor’s true IP tackle and for different operational safety causes, these accounts are sometimes utilized in tandem with instruments equivalent to digital personal networks (VPNs), Tor (particularly when accessing the darkish internet) and proxy companies or, the place their use just isn’t permitted, a public Wi-Fi connection.
When establishing and managing sock puppet accounts, a burner cell phone might also be needed. The identical goes for devoted password administration instruments like KeePass and helpful instruments equivalent to Firefox Multi Account containers that separates every of the investigator’s digital lives.
Clearly not all sock puppets are made alike. Leaving apart momentary ad-hoc accounts, that are discarded as soon as their job (equivalent to registering on a web site or sending an e mail) is accomplished, maybe the commonest and attention-grabbing use case is social media accounts, and people require much more effort.
This begins with the creation of an e mail account that can not be traced again to its proprietor after which a practical id with detailed (although, after all, fictitious) private info. It’s simply as necessary to craft a reputable backstory and use a constant voice and tone that’s additional supported by sustained exercise over time within the type of feedback, posts and photographs. A plan that lays out the account’s actions – equivalent to figuring out and visiting different accounts, posting feedback, and sustaining a practical persona total – helps keep away from setting off alarm bells.
Figuring out potential sock puppets
Sock puppet accounts may be noticed by:
- behavioral sample evaluation: sock puppets could comply with comparable behavioral patterns, equivalent to reposting the identical messages or utilizing repetitive language, or displaying a scarcity of interactions with actual customers or little to no engagement as such.
- analyzing profile particulars: for instance, a scarcity of detailed private info and using inventory photos are clear giveaways.
- cross-checking and verification: evaluating info offered by sock puppets with different sources, which helps validate collected knowledge.
Sock puppets in motion
Sock puppets play a pivotal function in OSINT, offering its practitioners with a strong device for gathering info whereas sustaining their anonymity. Nevertheless, understanding the related threats and potential pitfalls can be important for conducting efficient and moral investigations. For starters, investigators have to keep away from the danger of discovery and be nicely versed in figuring out sock puppet accounts that could be used for counterintelligence functions.
Importantly, using sock puppet accounts additionally includes moral issues and attainable authorized dangers or restrictions, and it must align with the meant objectives and keep away from inflicting unintended hurt. The ‘puppeteers’ also needs to fastidiously weigh the advantages and disadvantages of those personas and make sure that their use aligns with moral requirements, authorized necessities, and the general targets of accountable info gathering.
