Sock Puppet Accounts
Sockpuppet Accounts for Red Teaming and Research
Sockpuppet accounts are fictitious profiles created on various digital platforms, primarily used for red teaming, civilian Open Source Research (OSR), and research purposes. These accounts simulate attacker behaviors, gather information without revealing the researcher’s identity, or verify system vulnerabilities.
This page holds only publicly available information with no connection to any organization.
Ethical and Legal Considerations
Authorization: Ensure all activities using sockpuppet accounts are authorized by all stakeholders and are within legal and ethical boundaries.
Transparency: Use sockpuppets only in scenarios where deception is legally and ethically justifiable and necessary for the outcome of the research or red team exercise.
Data Protection: Handle any data collected through these accounts responsibly in accordance with applicable privacy laws and regulations.
Terms of Service: Review and comply with the Terms of Service of any platform used to host sockpuppet accounts. Breaching these terms can lead to account suspension and legal repercussions.
Community Guides
- JC The Elder created the Puppet Creation Outline, which works best when opened using Obsidian.
Setting Up the Environment
Dedicated Devices: Use separate devices to manage sockpuppet accounts to avoid cross-contamination with personal or work devices.
Virtual Machines: Set up virtual machines using software like VMware or VirtualBox for each sockpuppet to isolate their activities from your main operating system.
KASM - Remote Virtual Environment: A self-hosted virtual environment for testing, limited to 5 users at a time.
See the server guide for setting up your KASM instance.
Secure Networks: Connect via VPNs or utilize networks not associated with your personal or work identities.
Best Practices for Sockpuppet Interaction
Engagement: Interact consistent with the designed persona but avoid over-engagement that could lead to increased scrutiny.
Documentation: Maintain thorough documentation of all engagements, noting the times, dates, nature of interaction, and any responses received.
See the section for more information.
Creating Sockpuppet Accounts
Choosing Platforms
- Determine which platforms are most relevant to your objectives. Common choices include social media networks, chat applications, dating applications, forums, and online communities.
Account Creation
Email Addresses: Use separate email addresses to register each sockpuppet account. Services like SimpleLogin or Annonaddy provide a level of obfuscation and security.
Profile Details: Craft believable profiles with consistent details that fit the background and purpose of each sockpuppet.
Paying for Services: Services like Privacy.com allow alias credit cards that can be limited and help maintain or obfuscate an account.
Tools for Managing Sockpuppets
Multi-Account Management Software: Tools like Multilogin or SessionBox can help manage multiple browser profiles securely.
StoryForge: Message creation tool based on your brand, audience, and goal. Can maintain your desired tone and shape messages around specific audiences.
Virtual Private Networks (VPNs): Use VPNs to mask the IP addresses associated with each account to prevent linkage of the accounts to each other or to the real user.
Managers: A vital tool for maintaining strong and unique credentials for multiple accounts.
SimpleLogin: Tool for creating alias email addresses.
QubesOS: Utilize QubesOS for a security-focused operating system that compartmentalizes each sockpuppet into separate, secure virtual machines.
Operational Security for Sockpuppets
See Guides for detailed steps on fingerprinting mitigation.
Browser Fingerprinting Mitigation: Use anti-fingerprinting tools like the Tor Browser or configure your browser settings to minimize fingerprintability.
Consistent Story Maintenance: Regularly update sockpuppets’ background stories and interactions to maintain consistency and believability.
Using Sockpuppet Accounts in Red Teaming
See Teaming page for more details.
Reconnaissance: Gather intelligence on targets using sockpuppets to simulate various outsider threats without revealing real identities.
Phishing Campaigns: Use sockpuppets to conduct controlled phishing campaigns to assess the readiness of the target organization against social engineering attacks.
Countermeasures and Detection Prevention
- Regularly Update Security Measures: Stay ahead of detection techniques by updating operational security measures and using the latest tools to protect sockpuppet anonymity.