Sans Summit Feature: Zhuang Wei Liang on Sock Puppets Jan 2020

Find out how cyber adversaries avoid identification, detection and attribution through the use of sock puppets.

Welcome to the (Sock) Jungle

Cyber adversaries can easily hide their identities, as they share among themselves ideologies and plans of wreaking havoc. One of their ways of remaining anonymous is by using sock puppets to avoid identification, detection and attribution.

A sock puppet is a fictitious identity used in online communities and social media to deceive others, and for other more sinister pursuits. To penetrate and expose these malicious groups or individuals, cybersecurity experts at Ensign InfoSecurity employ the same tactics, using Open Source Intelligence (OSINT) to augment their cybersecurity investigations, forensics, and adversarial emulation exercises. By combining OSINT, Human Intelligence (HUMINT), and proprietary intelligence sources, we are able to preempt cyber threats before they can do harm.

In the SANS OSINT Summit 2020, Zhuang Weiliang, Ensign’s Lead Consultant, shared how his 10-year experience in Singapore’s Armed Forces’ Counterterrorism web intelligence unit, along with his own personal research, has helped him unmask potential threats in the past. In his presentation, he outlined some effective ways of creating a sock puppet that can circumvent identity recognition protocols, including: 

  • Creating redirected email accounts 
  • Tapping SMS verification sites 
  • Paying anonymously for the services to create an account 
  • Tips on buying VPN services
  • Cultivating habits for social media avatars or sock puppets

Watch the video here:

Ensign Consulting

Provides insights on how organisations can enhance their security posture across their cybersecurity lifecycles

Ensign Systems Integration

Architects and deploys advanced cybersecurity solutions that bolster defences

Ensign Managed Security Services

Operates intelligence-led advanced detection, threat hunting and response services

Ensign Labs

Performs deep research to develop next-generation solutions for enhanced early warning detection capabilities