• CSNP

BEWARE the SOCK PUPPET! An OSINT Technique in Social Engineering

Author Reynaldo Gonzalez

When we go online, it provides us the opportunity to explore, learn something new, or share moments and experiences with friends, family, and strangers through social media. In some cases, we can be someone else, be someone different in the Internet. What we do online, where we browse, and what we share has both a positive and negative impact to the digital footprint we leave behind. Our digital breadcrumbs have value to those that look for it.

 

In the same way that we can be "someone else" online, it can be used by Sock Puppets to gather information about us where we become a target or someone we know or where we work become a target through us. Sock Puppets are basically aliases, fictitious persona profiles created by someone else with specific goals in mind and is part of an OSINT Social Engineering technique. Sock Puppets are used by OSINT investigators, law enforcement, nation state actors, spy agencies, hackers, privacy advocates, journalists, penetration testers, and pretty much anyone wanting to be someone else. In order for a Sock Puppet to be effective, it needs to be credible and consistent with how a real person behaves online.

 

A Sock Puppet will have a name, phone number, email address, user accounts, social media profiles, credit cards, photos, etc. Most importantly, it will have a personality that shows where he or she works, their interests, where they went to school, who their friends and family are, etc. Building this into a profile helps to make the fake profile as a credible individual that interacts online. The downside is that a Sock Puppet may very well be already "someone" you interacted with and befriended in one way or another. If or when this happens, depending how you have set up your social media privacy settings, can impact what information the sock puppet gleans from you. The result is they can use that collected information to target you further with other Social Engineering techniques or target someone through you. This can lead to many different cybersecurity concerns.

 

It is not wrong to use your own Sock Puppet online but you want to be aware that they do exist and are part of OSINT research, passive reconnaissance, and investigations. Be careful who you befriend online and what information you share especially when you haven't officially met that person. Know that you may interact with one, so don't make yourself an open book while being online.

 

If you want to learn more about Sock Puppets, visit:

https://osintcurio.us/2018/12/27/the-puppeteer/

https://www.secjuice.com/the-art-of-the-sock-osint-humint/

 

About the Author: Reynaldo Gonzalez is a Principal Cybersecurity Architect at United Airlines, Houston Chapter Lead for CSNP, and is an adjunct professor at Lonestar College CyFair teaching Cisco networking and cybersecurity courses.


Photo Source: hackaday.com via https://www.osinttechniques.com/fictional-accounts.html


105 views
  • Instagram
  • Twitter
  • LinkedIn
  • Youtube
  • Github
  • Slack
  • Facebook

Copyright CSNP - CyberSecurity NonProfit