Open Source Intelligence 2: Creating and Validating a Sock Puppet

Getting to the core of the subject matter, Jeff Bardin describes the process of creating personas and making those as trustworthy as possible for optimal assimilation with the adversaries.

Creating personas by desired parameters

Creating personas by desired parameters

When you create a sock puppet, if you’re having a hard time with this, you can go to fakenamegenerator.com and start with your own sock puppet (see right-hand image). It’s a great space to go to. You put in what you’d like, whether it’s Australian, Chinese, Arabic, male or female, and it gets you a good start in creating your sock puppet, which you can then start loading up into an Excel spreadsheet.

But you have to add more things into this, you have to tell all about yourself in there: what your education level is, what your interests are, your religious preferences, your political leanings. And all of that needs to be in line with the people you’re going to target, or the foreign intelligence services, or the different folks that you’re after out there.

Get some credentials for the sock puppet

Get some credentials for the sock puppet

And when you do this as well, at this site, fakenamegenerator.com, you can also create credit card numbers that aren’t real, but they will pass a sniff test: MasterCard, Visa – they’ll look like a real credit card; they’re not, but they will pass the first test if someone is looking to validate your credit cards out there. And you can get those right off of fakenamegenerator.com as well (see image to the left).

They will also generate for you in the US and Canada what’s called the Social Security Numbers or national identity numbers that you can use. So, it’s a good little site that I recommend you go to when you start creating your sock puppets, so you can start creating this persona that will get you into their sites.

Identity Generator does the trick too

Identity Generator does the trick too

There’s another site called Identity Generator that you can go to as well (see right-hand image). This one is not quite as detailed as fakenamegenerator.com, but it’s still a good site to go to. You can put in certain parameters, as you can see here, and it can export it out to .csv or SQL, if you want to really build a huge database of sock puppets; and what you get when you create it is just a whole list of names, addresses, emails. To get the email you have to go out and actually create this; it does not automatically create it for you. But it gives you a good start.

Keeping track of all the personas

Keeping track of all the personas

This is kind of a spreadsheet that I use that actually extends (left-hand image). I have about 39 active sock puppets, so sometimes I forget who I am and my names. If you’re actually psychologically challenged or schizophrenic, this is good, because you’re used to having multiple personalities.

But when you create these sock puppets, again, they’ve got to be key towards your target, and they have to talk to what sites you’re actually using this sock puppet on, and who you are friending on those sites. And sometimes it becomes tough to keep them separated, but it’s something you have to do, it’ll at least give you an idea of what you’re using out there. These are actually some I’d used in the past and I’m no longer using; but blood types, height, weight, you name it – you want to detail this out as much as possible so you really know who you are when you’re doing this.

Tools to stay anonymous

Tools to stay anonymous

Now, when you want to become anonymous, there’s a lot of different things out there, and these are just a few tools – most of them are free, some of them cost – that you can use to hide your IP. Some of these plug right into Firefox; they can plug into other tools out there as well. If you really want to find these, you can just go into Firefox extensions or add-ons, and search for “anonymous”, “anonymity”, and it will give you a whole listing of tools.

Some of these are like IPredator that was used by LulzSec and Anonymous. IPredator is actually a VPN out of Germany, and it costs a few bucks, but Anonymous group and LulzSec actually used this to try and penetrate my site and actually get into other sites. So, if you see IPredator coming into your website when you look at the logs, I’d be a little bit worried, because it usually means someone is after you.

Crypto.cat is a tool where you can have encrypted chat back and forth, and when you’re done with that chat, about 30 minutes later it just all goes away. There is no record of it; it’s a good little tool to use as well. There is one here called CoDeeN that is actually a proxy server out of Princeton University that you can plug into your browser.

Either way, of course you want to use a virtual machine to set up in case you go to a site and you might get infected, possibly; this way you can just wipe it clean. There’re multiple different ways to hide your IP, but it’s really required when you want to make sure that your IP looks like where you’re coming from. Some of these tools out here allow you to fast flux your IP, much what botnets do; your IP will change every so many minutes and jump around the world to different locations, and change your IP just like in fast flux on a botnet, and it’s hard to track it down. You will never lose your connection when you have this type of solution out there. Most of those cost, but you can actually daisy chain some of these as well.

Setting up configuration for PC and VM

Setting up configuration for PC and VM

So, you’ve got your sock puppet; you can set up a Windows-based machine. This is kind of a sample of that (see right-hand image); I know a lot of folks here probably use different types of Linux and like command line interface, but in hacking that’s probably more appropriate; in more of the cyber intelligence arena you don’t need to have that, because you’re not going to hack them, you’re going to get inside and become them. This is a sample set up with a Windows 7 machine, setting up a virtual machine and using different Tor solutions out there that hide your IP.

Read previous: Open Source Intelligence by Jeff Bardin

Read next: Open Source Intelligence 3: Retrieving the Target’s Online Activity Traces

Like This Article? Let Others Know!
Related Articles:


  1. Dave Kennedy says:

    Code of Ethics for Competitive Intelligence Professionals http://www.scip.org/About/content.cfm?ItemNumber=578

    “To accurately disclose all relevant information, including one’s identity and organization, prior to all interviews.”

    Please stop and give it some consideration before rationalization begins.

  2. admin says:

    Dear Dave,

    We appreciate that Metasploit author has posted a comment on our website. I’m not entirely sure what you mean, but this article is a trascript of Jeff Bardin’s speech “So You Want to Be a Cyber Spook – Open Source Intelligence” at Hacktivity 2012 conference.

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: