101 Ways I Screwed Up Making a Fake Identity

Posted on October 13, 2016 by hacks4pancakes    

As most of you know, my professional area of expertise in security is
incident response, with an emphasis on system / malware forensics and
OSINT. I’m fortunate enough in my position in the security education and
con community to sometimes get pulled into other directions of blue
teaming and the occasional traditional penetration testing. However, the
rarest of those little fun excursions are into the physical pen testing
and social engineering realm. In the breaking into buildings and
pretending to be a printer tech realm, I’m merely a hobbyist.🙂

Therefore, it was a bit remarkable that in the course of developing some
training, there was a request for me to create some fake online personas
that would hold up against moderately security savvy users. I think most
of us have created an online alter ego to some extent, but these needed
to be pretty comprehensive to stand up to some scrutiny. Just making an
email account wasn’t going to cut it.

So Pancakes went on an adventure into Backstop land. And made a lot of
amusing mistakes and learned quite a few things on the way. I’ll share
some of them here, so the social engineers can have a giggle and offer
suggestions in the comments, and the other hobbyists can learn from my
mistakes. Yes, there are automated tools that will help you do this if
you have to do it in bulk for work, but many of the problems still
exist. (Please keep in mind that misrepresenting yourself on these
services can cause your account to be suspended or banned, so if you’re
doing more than academic security  education or research, do cover your
legal bases.)


Reply via email to