Sock Puppets for OSINT

Image edited, but original image credit goes to https://www.123rf.com/photo_11872372_shadows-of-people-walking-along-a-cobblestone-street-seville--andalucia-spain.html

WHAT IS A 'SOCK PUPPET' (AVATAR) ACCOUNT?

A sock puppet account is a fake online identity created for various purposes, such as spreading disinformation, conducting cyberattacks, or engaging in illegal activities. However, in OSINT and HUMINT, sock puppet accounts can be used for legitimate and legal purposes, such as conducting research or investigations.

In OSINT, sock puppet accounts can be used to gather information from public sources, such as social media platforms, online forums, and other websites. Sock puppet accounts can help researchers and investigators to access information that is not readily available or that requires special access.

In HUMINT, sock puppet accounts can be used to establish relationships with individuals and groups to gain valuable information. For example, a law enforcement officer may use a sock puppet account to infiltrate a criminal organization and gather information on their activities.

DISINFORMATION, AND POLITICAL CAMPAIGNS - SOCK PUPPETS AND BOTS HAVE MANY FACES

In recent years, there have been several high-profile cases of sock puppet accounts being exposed for their malicious or unethical purposes. For example, in 2018, it was revealed that a Russian organization had used hundreds of fake social media accounts, including sock puppets, to interfere in the 2016 U.S. presidential election. These accounts were used to spread disinformation and influence public opinion.

Similarly, in 2019, Facebook removed several sock puppet accounts operated by a marketing firm that had created fake personas to promote political campaigns in various countries. These accounts had been used to spread false information and manipulate public opinion.

These cases highlight the need for ethical and responsible use of sock puppet accounts in OSINT and HUMINT.

Even today, because of the evolving geopolitical landscape and vast of information online, we see many "bots" or "sock puppets" on Twitter almost every day influencing and engaging and variety of topics and discussion domains.

NOT ONLY POLITICAL

1. Marketing and Advertising: Companies can use bots and sock puppets to promote their products or services on social media platforms. Bots can be programmed to like or share posts, respond to user comments, or follow certain hashtags. Such accounts can be used to create a positive image for a company or brand, engage with customers, and gather feedback (similar to buying fake reviews on various popular platforms).

2. Law Enforcement: Law enforcement agencies can use sock puppets to infiltrate criminal organizations, gather information on their activities, and identify key players. Sock puppet accounts can be used to establish relationships with individuals and groups, gain their trust, and gather information that can be used in investigations. Good example of this is child safety, pedophiles, cyber crime, and relevant threat actors.

3. Research and Investigations: Researchers and investigators can use bots and sock puppets to gather information from public sources, such as social media platforms, online forums, and other websites. Bots can be used to scrape data, monitor conversations, or track trends.

CLARIFICATION: SOCK PUPPETS VS "BOTS"? Sock puppet account and a bot is that a sock puppet account is operated (manually) by a human, while a bot is an automated software program that performs tasks on its own (and is often checked upon by a human) e.g., analysis, statistics, and maintenance.

MY PERSONAL TIPS: ALWAYS ANSWER THESE 4 THINGS BEFORE ->

WHAT - are the objectives , what's the goal or purpose? HOW - is it executed? what tools or infrastructure or hardware is needed? WHO - is my persona (background, details), OR who is the target?

WHERE - where is the persona located or where should it be focused on for engagement/collection or other purposes?

KEY 'HIGH LEVEL' CONSIDERATIONS TO CREATING AN ACCOUNT

* Note - This is only high level and does not deep dive into the many deep layers of various domains and considerations when it comes to creation, objectives, maintenance, and operational security of such accounts as well as other critical nuances.

TIPS TO IDENTIFY, IF YOU'RE SPEAKING TO A FAKE PERSONA / BOT

Carefully analyze and look for things like these:

1. Profile Information: Check the profile information of the account. Look for inconsistencies or suspicious information, such as a profile picture that looks too perfect or too generic, or a profile that lacks personal information or has inconsistent details, DoB, details, interests, likes, hashtags, etc etc. (Depending on platform).

2. Activity: Check the user's activity on social media platforms. Look for patterns in posting times, types of content posted, or engagement with other users. Sock puppets may have irregular posting times or post a lot of content at once, followed by long periods of inactivity.

3. Connections: Check the account's connections on social media platforms. Look for suspicious connections or relationships, such as a large number of followers or friends with no activity or engagement, or connections with users that have similar suspicious profiles.

4. Language and Writing Style: Check the account's language and writing style. Look for inconsistencies in language, grammar, or slang, or a writing style that seems too perfect or generic, or with typos, or translated.

5. Behavior: Check the account's behavior on social media platforms. Look for suspicious behavior, such as overly aggressive or inflammatory comments, comments that seem to have a hidden agenda, or comments that seem to be out of context or irrelevant, or no comments at all (no info is info also).

6. Use of Automation: Check for signs of automation, such as posting at the same time every day (scheduled), posting identical messages across multiple platforms (cross match), or posting with a frequency that is beyond human capability.

7. Photo: Signs of AI generated image of an individual.