Enterprise Safety
How carrying a ‘sock puppet’ can help the gathering of open supply intelligence whereas insulating the ‘puppeteer’ from dangers
11 Jan 2024
•
,
4 min. learn
Within the untold expanse of on-line data and communication, the flexibility to seek out the sign within the noise and discern the authenticity of information and its sources turns into more and more essential.
We’ve beforehand regarded on the mechanics of open supply intelligence (OSINT), the apply of amassing and analyzing publicly obtainable data for investigative functions, and particularly how cyber-defenders can use it to remain a step forward of attackers.
On this article, we’ll deal with a software generally utilized in OSINT: so-called sock puppet accounts, how they’re created and used, together with the dangers that their use might entail.
What are sock puppets?
Put merely, sock puppet accounts are fictitious identities that present their masters with anonymity whereas utilizing social media platforms, dialogue boards, e-mail and different on-line companies. They are often harnessed for OSINT investigations as a way to assess rising cyberthreats, collect data on on-line fraud, abuse and different illicit actions and accumulate proof of such wrongdoing, observe extremist ideologies or acquire different insights into particular developments or points.
The data collected by these analysis accounts usually goes deeper than the readily disclosed data and will require establishing relationships with different individuals. The entities that leverage these accounts run the gamut and vary from legislation enforcement, personal investigators and journalists to intelligence analysts, community defenders and different safety practitioners, together with for efforts geared toward detecting and mitigating potential threats.
However, these pretend personas may also be deployed to do the bidding of malicious actors, who might use sock puppets to assist unfold spam or extract data from or in any other case manipulate their targets. These accounts are additionally usually utilized in disinformation efforts to assist steer discussions in a selected course, amplify false narratives, form public discourse and in the end sway opinions a couple of broader societal subject or a corporation.
Sock puppets in OSINT
Sock puppet accounts allow OSINT practitioners to mix into on-line communities and collect data with out revealing their true id and with out concern of reprisal, particularly the place their private security might be jeopardized. They will present their “puppeteers” with entry to closed or personal teams that may in any other case be inaccessible to exterior observers.
Creating sock puppets requires a good quantity of strategic planning that considers variables equivalent to the selection of platforms which are house to the best quantity of data on targets all the best way to considering via after which practising correct operational safety measures.
So as to keep away from disclosing their proprietor’s true IP deal with and for different operational safety causes, these accounts are sometimes utilized in tandem with instruments equivalent to digital personal networks (VPNs), Tor (particularly when accessing the darkish internet) and proxy companies or, the place their use shouldn’t be permitted, a public Wi-Fi connection.
When organising and managing sock puppet accounts, a burner cell phone can also be mandatory. The identical goes for devoted password administration instruments like KeePass and useful instruments equivalent to Firefox Multi Account containers that separates every of the investigator’s digital lives.
Clearly not all sock puppets are made alike. Leaving apart non permanent ad-hoc accounts, that are discarded as soon as their job (equivalent to registering on an internet site or sending an e-mail) is accomplished, maybe the most typical and attention-grabbing use case is social media accounts, and people require much more effort.
This begins with the creation of an e-mail account that can’t be traced again to its proprietor after which a sensible id with detailed (although, in fact, fictitious) private data. It’s simply as vital to craft a reputable backstory and use a constant voice and tone that’s additional supported by sustained exercise over time within the type of feedback, posts and pictures. A plan that lays out the account’s actions – equivalent to figuring out and visiting different accounts, posting feedback, and sustaining a sensible persona general – helps keep away from setting off alarm bells.
Figuring out potential sock puppets
Sock puppet accounts could be noticed by:
- behavioral sample evaluation: sock puppets might observe related behavioral patterns, equivalent to reposting the identical messages or utilizing repetitive language, or displaying a scarcity of interactions with actual customers or little to no engagement as such.
- analyzing profile particulars: for instance, a scarcity of detailed private data and the usage of inventory photos are clear giveaways.
- cross-checking and verification: evaluating data offered by sock puppets with different sources, which helps validate collected information.
Sock puppets in motion
Sock puppets play a pivotal position in OSINT, offering its practitioners with a strong software for gathering data whereas sustaining their anonymity. Nevertheless, understanding the related threats and potential pitfalls can be important for conducting efficient and moral investigations. For starters, investigators must keep away from the chance of discovery and be effectively versed in figuring out sock puppet accounts that could be used for counterintelligence functions.
Importantly, the usage of sock puppet accounts additionally includes moral issues and doable authorized dangers or restrictions, and it must align with the meant targets and keep away from inflicting unintended hurt. The ‘puppeteers’ also needs to rigorously weigh the advantages and downsides of those personas and be sure that their use aligns with moral requirements, authorized necessities, and the general aims of accountable data gathering.
