Sockpuppets: The Art of Deception
In any sort of OSINT Investigation, many sites require an account to interact with the adversary . That’s where Sockpuppets come into play . Sockpuppets are basically can be defined as your Alternate Persona that has a social media account. It provides a level of anonymity during Investigations as well as OPSEC not just to the person conducting the Investigation but also to the Target that is being investigated. Creating successful puppets is an art, and the knowledge of creating them is not widely covered as everyone has their own tradecraft for it.
Before we set up our sock, we need to consider a few questions, such as the Target in question, their interests, your IP address, your behavior of clicking, and how you’ll blend in with them. You will also have to consider Anonymity oriented account vs a Privacy Oriented account.
You will just need to create an account with enough details to bypass site verification. After creating your account, you will also have to do an investigation on your own account, just to see if it can be traced back to you or not. It’s generally good OPSEC to do it if you’re planning to make a Persistent Account.
Setting Up your Sock
A few things you should have in hand before we work on making our sockpuppets are:
- An Email like ProtonMail, Tutanora, or if you’re doing an Investigation where you don’t worry about being tracked Gmail, Outlook, Yahoo. (Note: Sometimes Encrypted emails may get flagged)
- Burner Number or a VoIP Number
- VMs (VMware, Hyper-V, Oracle VM, etc.)
- VPN (I personally prefer ProtonVPN or ExpressVPN)
- If you truly want to be Persistent you can also use a Dedicated System for it.
Depending on who is your target, you’ll need to set up an account with a name that is common to that country. It tends to reduce any form of suspicion if the site tries to push notifications, such as LinkedIn. Personality-wise you need to think about their workplace, their interests, hobbies. If you’re making a persistent account you can build their friends and family as well.
Images linked to the sockpuppet can be created using AI-generated faces and then face-swapped. Or if you wish to, you can use a stock photograph that has been modified heavily will work as well. Images that are created should not show results if reverse image searched.
Depending on how you want to create an account and what kind of account you’re going for, your core considerations should be:
- Date and Place of Birth
Phone Numbers are required by a lot of the social media account creation for verification. So having a prepaid sim card or a VoIP Phone Number is always good.
You can start off by creating an Identity from here https://www.fakenamegenerator.com/ and then configuring it according to your target’s interest.
Depending on what account you’re creating sometimes you may require a Credit Card or a Social Security Number.
Taking Care of your Sockpuppet
If you’re making a persistent sockpuppet, you will have to care for it by keeping a level of interaction between your account and your interests. Some will also go as far as setting up a family account and friend’s account related to your sockpuppet account. Keeping that level of interaction between Interests and your account keeps it from being burned. You will also have to take into consideration the IP as frequent changes will be flagged and will cause it to get burned. Basically do not do what you won’t do on your real account.
You will also need to set up a password manager as in most investigations you’ll need multiple sockpuppet accounts on different sites as well as fallback accounts incase if an account gets burned.
On Your Browser, you will have to add Tracker Management Extensions like Privacy Badger and AdBlocker. You will also need a Cookie Management Extension like EditThisCookie. Using something like Blur is also great.
The Methodology of Creating a Sockpuppet in a Nutshell
- Making an Encrypted email from ProtonMail and using a Burner VoIP Number.
- Generating initial details from fakenamegenerator.com and modifying it according to what suits the investigation
- Any payment to be done through privacy enabled services like Bitcoin, OneVanilla Prepaid Cards, etc.
- Using a Paid (NOT Free) VPN service or setting up your own service by using AlgoVPN.
- Adding Privacy Oriented Extensions on your browser.
- Creating your Socks: Facebook, Twitter, Instagram, LinkedIn.
There fore setting up a proper sockpuppet account and persistently using it to investigate the adversary can be counted as one of the very important aspect. The upcoming blogs will be focused on some deeper aspects of OSINT , which will include some practical examples too 😉. If you are looking for harnessing your OSINT skills , would suggest getting familiar with TraceLabs . A pretty neat and dedicated platform which can help you to level up your OSINT game ! Till then happy investigating .