• CSNP

BEWARE the SOCK PUPPET! An OSINT Technique in Social Engineering

Updated: Apr 21

Author Reynaldo Gonzalez

Comic book drawing of two faced man

When we go online, it provides us the opportunity to explore, learn something new, or share moments and experiences with friends, family, and strangers through social media. In some cases, we can be someone else, be someone different in the Internet. What we do online, where we browse, and what we share has both a positive and negative impact to the digital footprint we leave behind. Our digital breadcrumbs have value to those that look for it.

 

In the same way that we can be "someone else" online, it can be used by Sock Puppets to gather information about us where we become a target or someone we know or where we work become a target through us. Sock Puppets are basically aliases, fictitious persona profiles created by someone else with specific goals in mind and is part of an OSINT Social Engineering technique. Sock Puppets are used by OSINT investigators, law enforcement, nation state actors, spy agencies, hackers, privacy advocates, journalists, penetration testers, and pretty much anyone wanting to be someone else. In order for a Sock Puppet to be effective, it needs to be credible and consistent with how a real person behaves online.

 

A Sock Puppet will have a name, phone number, email address, user accounts, social media profiles, credit cards, photos, etc. Most importantly, it will have a personality that shows where he or she works, their interests, where they went to school, who their friends and family are, etc. Building this into a profile helps to make the fake profile as a credible individual that interacts online. The downside is that a Sock Puppet may very well be already "someone" you interacted with and befriended in one way or another. If or when this happens, depending how you have set up your social media privacy settings, can impact what information the sock puppet gleans from you. The result is they can use that collected information to target you further with other Social Engineering techniques or target someone through you. This can lead to many different cybersecurity concerns.

 

It is not wrong to use your own Sock Puppet online but you want to be aware that they do exist and are part of OSINT research, passive reconnaissance, and investigations. Be careful who you befriend online and what information you share especially when you haven't officially met that person. Know that you may interact with one, so don't make yourself an open book while being online.

 

If you want to learn more about Sock Puppets, visit:

https://osintcurio.us/2018/12/27/the-puppeteer/

https://www.secjuice.com/the-art-of-the-sock-osint-humint/

 

About the Author: Reynaldo Gonzalez is a member of CSNP leading the Houston Chapter, a Principal Cybersecurity Architect at United Airlines, and is an adjunct professor at Lonestar College CyFair teaching Cisco networking and cybersecurity courses.


Disclaimer: The content and information provided in this blog is provided for informational purposes as the sole opinion of the author for CSNP dedicated to providing cybersecurity knowledge to the community and in no way represents the author’s employers and employer affiliation.


Photo Source: hackaday.com via https://www.osinttechniques.com/fictional-accounts.html


280 views0 comments

Recent Posts

See All