How to Fake Friends and Find People: A Build-A-Buddy Case Study

we're getting ready to get started next before we begin our next speakers are david david and alex dodd david schloss and alex dodd they'll be doing their own bios today and today they're giving us a talk about how to fake friends and find people correct all right thank you come on

yeah okay that's fine what's going on guys how's it going yeah so we're gonna start a little bit early i guess but that's all good and fun um so as you can see we're gonna give a presentation on how to fake friends and find people wait am i getting yelled at no all right cool um not yet yeah let's just jump right into it all right go ahead okay cool so this is uh obviously a slightly younger picture of me when i was full of life um i work for attack research for a security consultant firm uh researcher pentester cyber idiot number one uh both david and i are prior special operations air force veterans uh my linkedin

information is down here i don't have twitter because i'm a boring man and that's pretty much it that's me yeah and like you said you know both air force fats i'm uh the offensive security lead over ashland cyber and risk so i like to do a lot of the the red teaming stuff do some research stuff on the uh on the back end but you know it's it's a good old time it's a funnel job so i can't tell what oh there we go so um our goal for today right we want to we saw an uptick last year of uh everybody throwing away the hearts and minds um or the the facebook likes you know

hey there's a there's an issue going on in the world throw it away right now people are actually starting to involve themselves in these situations so last year was afghanistan this year seems to be the ukraine russian situation and we want people to continue to help out in these humanitarian crowdsourced efforts what's up oh is it oh oh god oh that that is thanks okay yeah so um we want you guys to continue to help out we want you guys to go and uh actually do it safely right a lot of these countries that people start helping out in aren't exactly friendly to americans you know so if they have the resources you don't want to get your

your identity blown up by them especially like from people from uh the taliban yeah which we'll hit on in a minute yeah so our agenda day cool so we're going to talk about what how you can maintain a little bit of anonymity and safety when you're performing these kind of operations uh we're gonna talk about sock puppets what are they why do you use them when to use one how to build it the process kind of from start to finish on how to create a believable and usable sock puppet so you are not doing these operations your fake gabe is performing these operations keeps yourself a little bit more anonymous and then yeah differences consequences

and good and bad implementations we'll hit those here towards the end yeah so we're going to talk a little bit about what our case study was about first off right so this is the personal experiences that we had in our observations during the execution of operation digital dunkirk you guys are unfamiliar with digital dunkirk that was an operation that happened last year with the afghanistan pull out it's not an officially it's not an official government operation right it's just something that a bunch of vets got together and they're like dude i worked with this guy for six months to a year and he's still not out of country so um there was a pretty large skill gap that was coming across

the board right there's people who have never done cyber stuff in their life and they're trying to help out in a huge cyber operation to push paperwork through to the us government they're trying to help individuals get from point a to point b you know get them out of country um isr the whole nine yards right uh so there was a wide skill range um and a lot of these people that that had the lower end of the skill range were actually just civilians of you know they worked as a contractor and they they got wind of it from a friend so a lot of like open cells very unorganized but it was a huge movement

you know i would i would say close close to a couple hundred thousand people were operating inside this go ahead okay so like defeat said what was operation digital dunkirk um obviously named roughly after the evacuation of dunkirk that i'm not going to do a world war history lesson um the collaborative distributed humanitarian effort by veteran civilians we had dental assistants i think at one point like just random people that were trying to help and that's who we want to hit with this talk is just people that are trying to help you might not have a lot of the experience of how to hide yourself but you still want to get involved this is what we're going to do

lots of distributed cells little tiny groups that got information from other slightly larger groups we were working in a group of about i don't know eight of thousands of people that were actually trying to get involved in this so lots of little tiny groups all kind of doing their cell organizational structure trying to get stuff done um we were all trying to basically get anybody that was in afghanistan that could get out and wanted to get out we're going to help you get out we're going to help you find and avoid checkpoints we're going to process your paperwork for you we're going to find you we're going to find your routes we're gonna try and get you out

um it includes all these people here american citizens special interest visas high profile afghan military targets all these guys that are like i need out now i don't have time cool we're gonna try and help yeah the basic result of this was close to like 150 000 afghan nationals that had helped the us government were able to escape out of afghanistan that were being persecuted by the taliban at this time uh translators interpreters all of our guys that are native there that we needed to be there for the last 20 years we told them we were going to get them out and then we just kind of ripped out i'm pressing buttons now all right so uh the first thing we're

going to talk about today right is uh what exactly are sock puppets right um sock puppets as most of you guys know are fake online personas that can help you mask who you are when you're doing things online um normally associated with the baddies right red teamers apts maybe three-fourths of tinder uh also maybe half of linkedin right there's a lot of people out there that use sock puppets to to hide their identity but on the upside this can be used for good right everything that we use for bad can be used for good so why does it matter why does it matter during humanitarian efforts well as i said the baddies have the internet

right the taliban has the internet taliban actually controls all of afghanistan's isp now and you don't have to pay a whole lot to get information from people or on people right 99 cents off a pipl we'll give you uh the the last six known residents of an american citizen right um it's stupid cheap stupid easy to find people uh also you may see a cowboy hat here this is something that we had from soft it basically means don't cowboy it up right don't go out and break the law for unnecessary reasons if you're going to break the law do it smart i would say right especially if it's from another country all right so this is the part that i

have to read basically verbatim so these fake personas use in conjunction with good tactics techniques and procedures can be the difference between activists maintaining their ability to continue operations versus becoming a victim to harassment or worse and we've seen harassment and worse we'll talk about it later it's because these ttps were not implemented they were not used and these people exposed themselves directly to in our case directly to the taliban they said hi i'm rebecca um not a real name not a real name fake name we're not we're not doxing anyone here yeah but they expose themselves directly to these guys and that cause problems for them in their personal lives later so do it right and you'll be a heck of a

lot more safe is this one me again yes yeah all right so where to start is the most important thing and this one kind of kicked me is are you ready for this not am i technically incapably ready for this are you ready to take on the mental and emotional toll of what you're about to do in our operation this is not standard hacker security conference stuff in our operation we had people who lost lives we had people who got captured by the taliban are you ready to deal with that fact yeah i kind of wasn't yeah i did it anyway and it was not good it was it's rough to come back from so

first things first are you ready to deal with what's about to happen and then step zero is cash or card right the age old question so we're going to talk about going through these steps we're going to acquire temporary phone service we're gonna build your fake persona that's my favorite part uh and then we're gonna build an online presence this works best if you do it over a long period of time and you have kind of some of these on the shelf stacked up ready to use so it's not a five day old profile obviously that kind of raises some flags uh step four is do stuff uh step five is not actually profit it's

go run you're up yeah and and i'd just like to point out right so we're talking about afghanistan at this current moment but this is very relevant to a lot of people who are operating in the ukraine space right they you you guys may be part of some discord channels out there that are like oh yeah let's go hack russia right like if you're gonna do it do it smart right i'm not gonna tell you don't do it obviously yeah also not telling you to do it um right and that leads us specifically into this how sophisticated is your hostile entity a low-tech adversary is gonna be a lot easier to mess with online and help people get out of

country without repercussion to your personal health right it's very unlikely that the farc which is a south american terrorist organization is going to come to the united states and shoot you in your home very unlikely right is it very unlikely that the taliban will come here yeah i mean for for the most part i would say yeah it's pretty unlikely has it happened has like al qaeda or the terrorists come to the united states and kidnapped people yeah it happened to a seal team a couple years ago you know the threat is real when they have the money so you know you want to look at these two aspects and figure out who am i trying to screw with who am i trying

to help to get out of country and who's persecuting these people are they easily to are they easy to evade you know like a logical threat that doesn't have like very good cyber space detection or are are they going to be very ingrained in the telecommunications space right russia you go you start hacking stuff in russia they're going to know you're hacking stuff in their country they're pretty good at this iran's the same thing right even the taliban now before when they were taking over the space they didn't have con uh they didn't have control of the isps now they have control of the isps they have smart dudes you know they can they pick up their ways they have cyber

criminals out there so think about it in that case if you're looking at getting into this kind of activity which you know we all we would love for you guys to come and help as much as you can because there are plenty of persecuted people out there just be smart about it think about who you're going after if it's gonna be a very sophisticated threat actor maybe take some time to build out your sock puppet and bear in mind can you kick back one yeah bear in mind this can change midway through your operation right so for us the taliban before taking over kabul and the taliban following the takeover of kabul very different creatures

once that happened the game changed because now they had control over the isps they had control over all the traffic and out of country so the way it i guess be aware that it can change on you once you've been noticed once the geopolitical situation has changed in taliban now owns kabul and all the isps it changes so maintain some awareness of what's going on and whether or not you are currently dealing with not what you started dealing with yeah that was always that was a fun time yeah it was it was weird right because one minute they didn't have kabul so you could take your amsits out of country relatively easy hey get on the phone be like hey i

need you to move to the airport right now meet up with this contact go up and fly out and then when they took over kabul it was like i need you to take a right on 7th street and then don't go down mission right like something like that it was very much you have to navigate around and have so much open source intelligence to know where you need to get these people to avoid so i think this is you or is this me oh this is me okay so uh the age-old question cash or card i think this is the you know the common question left at def con right now do they accept card

they do so it's kind of weird but um there there are some pros and cons when building out your your uh sock puppet wow i forgot the name of it i'm talking about it uh so you know when bill now your sock puppet to using cash or some sort of uh really hard traceable uh material asset right so in this case the pros is it's really cool when you have a lot of cash right like everybody likes to have that in their wallet uh and you can spend things in singles but it is nearly impossible to trace the problem is is not everywhere is going to allow you to buy like your cell phone um or gift cards right visa gift

cards um sometimes you have to use credit card to purchase these things especially if you go to somewhere like target there's no point are you with the target employee to buy something with cash because you're trying to get away with some illegal stuff later on right let's let's not make a scene here that's what the cowboy hat's for um and we don't endorse any of these these links up here that we're telling or we're throwing out we're just giving you ideas if you do want to get into this right you know look up do not pay privacy.com visa gift cards you know roll down to the visa headquarters down the way put up some cash in there i know you can

probably pull it off um you know red team it a little bit be safe about it uh i'm not endorsing criminal activity by the way don't don't go and do that but you know there is there is advantages to using cash but there is also disadvantages when going out there all right so step one is actually going to be get your temporary phone service this is where your build process is actually going to start a lot of services require you to have a cell phone number now has anybody tried to create a gmail account in the last what is it like two years what's your recovery phone number you don't have one you can't do it

go get a fake phone get a track phone a burner phone an att prepaid again i don't endorse these i don't care wherever get yourself a phone number um physical phones are cool you can go to walgreens cvs whatever buy a burner phone we ended up using virtual devices because i am a bum and i didn't want to get out of my chair so i'm not going to target i use bluestack set up a uh android virtual machine ran the phone inside there burner app is an app that gives you i think seven days of a free phone number go nuts party on is there a question yeah that's gonna have to come off i

can't hear say again i try not to recommend anything sir [Laughter] uh yeah so this is step one this is how you're gonna get your phone number once you have your phone number you can pretty much move on to step two which is telling google this is my recovery number give me my email address yeah so um here comes the fun fake too this is uh uh my favorite phrase when talking about building out your your persona online right is is don't be a tin or catfish don't actually put somebody else's face out there right there are plenty of tools that are really really cool you know you get like you get the uh the version of like iranian seth rogen

right here which i think is really awesome right um or even you know a little bit of zac braff in the bottom right but i mean ultimately these are all ai generated these aren't real faces it's not going to get somebody in trouble if somebody does a reverse image search which we've seen adversaries do and that's happened to one of our case studies in here you know we're not going to get anyone else in trouble you know so don't be don't be a tin or catfish and then when you start building out this fake persona really build out their their character who is this person what's their first and last name where'd they grow up what's their email

where they live what's their employment because all these minor details might seem really minuscule and really like unnecessary but depending on the level of the adversary that you're going against they're going to look at that and if they see this as immediately a fake profile they're going to start digging into that phone number and trying to figure out exactly who and where you are at so um if you need help with that uh this is the one thing i will recommend is that fake name generator i use it for my teams red teams all the time really really good application will build out everything right who their parents name was uh you know where uh where they live what they're

doing uh even a credit card number which is really weird because you're not gonna be able to use it but you know there's enough information in there to build the persona so let's do it uh you'll recognize this gentleman from the previous slide he's again not real uh there's some some artifacts in here that you can use to kind of figure out that he's not real his caller's all messed up on the right side his ears don't match uh he's a little goofy but once you compress it and stuff it into a uh what's the small picture yeah a little facebook icon picture you're not gonna see that stuff anyway um so this is about the last time where we do

something that's gonna be fun during one of these ops [Music] yeah and i just make fun of this guy the fun thing is like you get to enjoy it right like if you gave this guy like a completely stereotypical name i i you know he definitely looks like the first name would be john right uh he's a kent or kent sorry if your name is kent um you know but like you know you want to have fun with it because ultimately when you start joking around with the individual that you're looking at it's because you have some sort of bias of what this individual looks like and everyone is going to carry that similar bias when they're looking at these

profiles it's kind of screwed up to say but like we're only human right this individual here i would say as an occupation definitely looks like he was in the military maybe like a second lieutenant at one point in time and dropped out a little bit afterwards he's like i can't cut it i'm going back i'm gonna go be a finance guy you know so you can start building out this stuff definitely the username would look like uh something sporty you know maybe out of pittsburgh like steelers steelers08 that's when he was born you know have fun with it enjoy yourself build out when you build these out because you are going to build this out

months in advance if not years so if you can build multiple personalities then you know you're going to succeed in the long run and he's not real so it's really a pretty victimless crime here not necessarily so yeah so so make some stuff up give yourself a backstory and uh kind of fall into this role for a minute because uh now we now we move on to the next stuff which is substantially less fun is it i don't remember is well the presentation's fun we're goons but doing this stuff is substantially less fun yeah so this is actually the like hardest part uh if any of you have ever tried to set up a true

uh sock puppet in the last two years you'll know that having a proper email address and having a good phone number is going to be like the bane of all existence [Music] some services that provide burner phones are actually banned from gmail right they have like the whole thing uh their whole phone list where they're like you can't use this we know this is a burner app go go find something else right so it is a pain the last time we used burner app it did work i don't know if that's the case anymore might not be the case after today if one of you guys works uh somewhere at like google so don't ruin

it for all of us leave us alone yeah so uh the first thing you want is obviously a privacy based email that's everything that you're going to like communicate over right when we were working with the afghanis um we were getting passport numbers similar to their social security numbers everything that we needed to fill out those paperwork and we're getting it over to the proper authorities right to our to our military buddies that were on the ground pulling people in right because they have to identify the individual with their name their picture their id numbers everything so in these efforts that's typically what you have to get you have to confirm that the person is

who they are saying they are because we all know how cheap a fake id is hopefully it's about 250 for a u.s american passport if you don't allegedly allegedly yeah um part two it's getting something like a common email right this is where you're gonna sign up with your facebooks your your linkedins your whatsapp whatever it may be um and then yeah part three that's that's when you're gonna build all of the uh the profiles out to communicate because you always want to have a primary a secondary and a tertiary communication when you're running any sort of humanitarian op uh yeah yeah and like we mentioned earlier it's best to have these kind of on deck

built out several of them so they're old they're two years old they're not four minutes old trying to start communications with somebody they look a little bit more real and then throw them away when you're done and make another fresh new one so age him a little bit fine wine fine wine all right so if you were engaging with a sophisticated enough organization which we talked about earlier right taliban post kabul russia uh whatever sophisticated organizations you're going to want to hide who you are and where you are so kind of goes without saying use a vpn use a series of vpns tunnels and tunnels and tunnels hide yourself change your origination point and my favorite part is if it's a government

use exit vpn nodes that are in countries that are unlikely to participate in investigation for instance literally anywhere in europe if you're operating in russia again i don't recommend that you do that they're not going to cooperate if russia says hey i need these vpn logs europe's going to go no um china and india don't like each other particularly india and pakistan north korea south korea whatever just find a place that's not going to cooperate with wherever your operation is because they're not going to cooperate and they're not going to help get you burned um if you find an accident note out of north korea for a vpn tell us about it because it would be pretty cool

[Laughter] yeah so uh you know what now uh you've had this you've had this uh sock puppet for for a few months maybe a year or so what do you do now well you do the we'll we'll do a live you go live right uh things to do when you are working in a humanitarian effort and this is very very important and i can't stress enough i'll grab the mic with two hands validate who you're talking to right this is something that we actually saw not being adhered to with more of the untrained individuals that were helping us out in the in the larger group right only use uh temporary devices for communication once you're

done you don't want it anymore trust me the taliban will call you they've done it that russia will call you they've done it you know iran china any other place that that has sort of a uh a background of being kind of malicious out there and not really caring they'll definitely call you on it they'll figure it out so throw the device away right um yeah i put it up there twice because i can't stress that one enough too and then when i mentioned this before but always create a communication plan in the military we call it pace right primary uh alternative contingency and emergency it's a good idea just in case you lose contact with an individual we had one

individual that we did lose contact over a phone because the taliban took her phone and smashed it and how do we get a hold of her facebook weirdly enough right so there are other opportunities to communicate with individuals and you just have to think what do they have access to create a paste pan plate uh pace plan for everything uh and everybody and then the last thing is create a dress word this was really important in afghanistan for when people thought they were being followed by taliban because then we could move our individuals that were in country to be kind of like a buffer zone right so some sort of duress word that we can go okay

scrap everything we're going to an emergency communication we know we're probably going to lose the primary um things to not do i don't remember that i wrote this thing oh yeah don't be in active communication when the person's on the move this was kind of a weird one this is something something that we learned post-military right uh this is because if they're talking in english in a ca in a country that speaks arabic somebody's gonna notice and if somebody notices that they're gonna take that phone and then now you've just burned that primary communication method so don't talk while they're moving just send them the instructions and be like please please follow these instructions and delete this message yeah uh second

thing don't group participants or multiple peop refugees in the same communication channel right if one of those individuals get burned they all get burned so you know their phones numbers are inside that group channel too don't do it just don't be lazy copy and paste don't promise anything this is more for your mental health right if you say hey i'm going to get you out of here it's the same thing for docs right we're going to do our best we're going to do our best right and usually they're bot their best is good it gets them but if you start promising i'm going to get you out of here alive and the next thing you

hear is somebody getting shot it's going to screw you up a little bit you know i i don't know how many of you guys have spent time in the military but it's not like the movies right even if you're hearing it still screws you up and then um last thing you know don't don't forget to do the things in the things to do section oh it's still me no no it's mine so again your mental health is important you cannot help if you are unable to function right i watched the talk earlier was it yesterday about burnout yeah it's going to happen real fast doing this kind of stuff you're going to get burned out

you're going to get hurt sorry it's going to suck um so take care of yourself right at the end of the day you're still a people still be a people take care of yourself uh know your limits don't take on more stuff than you can handle we had people do this uh actually we again talk about this guy here in a little bit um basically our i don't want to call them leadership our information channel goons we're saying hey i've got 10 more numbers i got 50 more numbers i got five more people i got 10 more people i need to find these people and this guy i can't remember what fake name we gave him later he was

taking them all he's like i got it i got it i got it i got it i got it i'll take him i'll take him i'll take 10 more i'll take five more don't do that because you can't handle all of that you're not superman super person human whatever you can't do it you know there's a limit don't push past your limit know your limits plan a way to brief and debrief from this find a way that you can decompress when this is done because it is going to end and you need you need a tactic to decompress from it tactics not the word i was looking for people right yeah um and then you have

to very important you have to understand when your involvement is more of a detriment than it is help at a certain point during digital dunkirk we basically had to say hey look i'm sorry you talking to me is now more dangerous for you than not talking to me you're on your own i've done everything i can i cannot continue to do this it will get you hurt you have to know where the line is and you have to understand where your involvement is more dangerous than the help that you're providing yeah and just to kind of jump on that that mainly comes from your support on the ground right you don't get into these operations typically when there's

nobody in country um they can happen we've seen them happen but it's not very common right when the ukrainian russian situation that's been going on right there are people in country actively trying to get some of these individuals out so it's not like hey uh we have no assets there right so uh just kind of think of it that way how much how much support do you have because if you start trying to help these people and tell them to go places and you have no eyes on the ground how are you helping them you know oh whoops next okay yeah we really need to find a slide for that uh so consequences of bad

implementation or ttps when you're doing or tactics techniques and procedures for those who don't know what ttp is hopefully that's everybody um when when you're doing these kind of operations and you mess up right you have the potential to lose your anonymity which is the most important thing on the internet especially when dealing with people who do not like us um you could have the potential of your privileged information being disclosed or the individual that you're trying to help is now disclosed to the to the public internet um you can compromise multiple objectives that are in your operation so this complete be things like uh safe houses or routes that you're trying to move your

individuals in you can get harassment from the baddies which is pretty common right they if they're not going to go after you they're probably just going to harass you and there is a true potential of loss of life here especially when working with higher level adversaries that really just don't care about how far their reach into the world goes i think this is still me yeah yeah so the risk to you right we've kind of talked about stock puppets we kind of gave you an idea of how you're going to build it but what is the risk to you when you're when you're operating than this uh it can be very difficult to disconnect 100 from your

your sock puppet and somebody like the us government or the russian or chinese governments they do have the capability to go back and and figure out exactly where you came from right a sophisticated enough threat actor or government um can still definitely find you network traffic monitoring financial tracking it's all out there we're very connected we're a credit-based economy now we're not a cash-based economy right so think about that it's on you guys to not get doxxed it's on nobody else right it's not the guy who's leading the operation to tell you okay well maybe we shouldn't put our phone number out on the public internet right it's on you think about it um and like

we said the last thing what can what can happen what can go wrong you get online harassment travel uh restrictions threats uh i'm pretty sure i'm banned from quite a few countries and that's probably not because of this but for other reasons um and then for all you fed boys and girls out there clearance implications right a lot of people that we worked with in this engagement we're like fbi cid osi military government right you name it this is technically not allowed by any means if you're going to communicate with the terrorist threat you have to put it on your sf-86 it's out there right and that can cause clearance implications and it did happen

we had one guy that uh he was working with one of his contacts his contact goes through a checkpoint phone gets picked up last number gets dialed old boy picks up the phone and now he's talking with the taliban the taliban whoever it was well now technically have you ever been in communication with a terrorist organization is uh ah yeah technically yeah i got to check that box on my security clearance forms try explaining that so there are clearance implications for anybody that does i'm not going to ask you to put your hands up because spot the fed's not working today uh there are clearance implications it can't happen this was you hey so we talked very briefly about

rebecca um this is just a lady that wanted to get involved she had no prior experience with any military technical she's not a security person she's not a hacker she was i think she was a dental assistant if i'm guessing right if i'm remembering that right yeah some sort of medical assistant she just found out about it through a friend through a friend through a friend i want to get involved and she was killing it she was helping us she was doing great except some of this stuff happened the the taliban confiscated her contact's phone searched her phone number problem here is she's using her personal phone number this is why we talked earlier about

don't do that so now she's getting calls and texts and messages and whatsapp and all kinds of stuff directly from some taliban goon at a checkpoint this is a problem right they found her facebook profile they found that where she lived how many kids she had they found all this information and they're harassing her they're threatening her and her children it's unfortunate it's sad it's terrifying this is why we wrap it up yeah she went through this for like weeks right um the entire team had to after the operation had to like help her secure her facebook right lock everything down remove information from the internet there's a lot more like time implication to to kind of

disconnect her a little bit more cancel her phone number and then go get a new one right through through a whole different service but ultimately at the time the taliban was in a position to come over to the united states and start whacking people thankfully but i don't really think they're in a position now to to be honest but i mean how many of you guys would like being called day in and day out by some guy in afghanistan threatening to kill you your kids your your husband your wife whoever it may be right it's not fun it's not enjoyable it's probably terrifying individuals on a less serious well i guess less high serious implications

note it took time away from our operation because we had to stop communicating with our contacts and finding people and tracking people and go all right becky sit down here's how we're going to lock your stuff up and we had to spend a couple of days away from our actual operation in order to help her get herself locked up better so there are implications to her there's implications to the entire operation as a whole this is why we use fake information really becky docks herself at the end of the day it was rough though i mean we make a joke about it but it's still it's not a fun situation to be in so uh the next example here is bobby

tables um not confirmed on his last name though uh this guy was a prior government employee he he was pretty good technical honors it's not to say that like having technical knowledge means that you know what you're doing we've seen plenty of it admins put their normal user account in enterprise admins right we've all been there maybe um github secret key talk guy but you know you have a better idea of what you're supposed to do with like vpns and disconnection and all that jazz uh his big thing though is this is a guy who would raise his hand in the middle of our ops brief every day and be like i want more contacts at the end of

it he had like 50 55 contacts it was insane um but this but this guy took all those contacts wrapped them up into one chat and was directing all of these 55 individuals to a safe house now the safe house that we had just got stood up uh we crowdsourced the money to about 15k right uh and this dude is like hey i need you guys all to go over here they're all in different regions it's not like they're all in the same place not everybody's in kabul right so he's like i need to get on like highway 101 just drive up north um so he told where the the save house was one of the uh the contacts him and his

family got captured by the taliban the taliban did ssi which is a military thing of just stripping everything off of you and doing intelligence figuring out who what when this thing uh they found the group chat off of whatsapp realized where this safe house was and then they raided the safe house right so the rest of those individuals that were going there that's 15k out the door we're not getting that back i guarantee you that uh we didn't get any of that money back and now we have to find close to 100 individuals a place to stay while we figure out exactly how we're gonna get them out of country so taking too much at once while it may seem like hey

i can handle this it's just a computer it's just a phone number it's it's a lot harder than you think and the other thing about bobby here is that not only did he blow all of our safe house information he blew all of the information for every other person in that chat so if every single one of you is in a group chat with me do you trust me not to get my phone compromised otherwise you're all in trouble don't it's not a good idea so every single person in that group chat then had their information available to guys that are looking for them so yeah bobby blew our safe house but that was probably going

to happen anyway the problem is bobby blew all these other people that are moving around trying to get out yeah it's it's fun times you know good times with bobby tables he's always screwing stuff up yeah this slide's real short uh the consequences of doing it right are really short uh you didn't screw up good job uh you didn't get doxxed you got your mission done any sort of problems and hiccups and issues you guys have are easy to move through and fix on the way there's not a lot here do it right and there's not a lot on the slide this one's good so this is again a fake name fake face we put the black bar over

it because it vaguely resembles one of our friends from a prior life uh pedro here is prior military high technical knowledge knows how to implement opsec which i realize now we haven't said out loud yet opsec is operational security it's the concept of protecting your operation without going into a three-hour powerpoint slide brief about opsec speaking of which yeah all right cool um so he had a little bit of prior experience i'm not saying that in order to do this you have to have prior military experience i'm saying that he happened to have the information because of where he came from um he helped us establish the communication with a bunch of contacts again unlike bobby he knew how to do it

right he separated them all he segregated him he kept them all away from each other they didn't know about each other um this guy's done several successful ops in this same kind of realm um i don't even know what they all are i don't know this guy's name i i don't i don't know who this actually is i've got a couple of handles for him that's it i don't even know who this is he knows how to secure himself he knows how to build sock puppets he might be a sock puppet i don't know but this is a good implementation yeah i i mean it's hard to kind of expand on this right like if if you know

you know if you don't know you don't know and which is ultimately why we're trying to tell you guys this today there are ways of doing this safely by implementing basic security hygiene on top of what you're doing when you're building out a uh a sock puppet so you know be like pedro be a homie uh he didn't go by gabe unfortunately like everybody else in the group but um he's pretty cool this one's fun so when you're done with this burn it down right get rid of it destroy everything snap your phone sim if you have a physical phone delete your virtual machines format your hard drives close your accounts i am a hillbilly

from montana anybody else like shooting at hard drives no cool all right jethro it is yeah pet your dog call your therapist man burn it down you're done now shut the door get rid of everything that can potentially tie you back forensically or be tempted to pick up this old email address and read through the stuff that you get rid of it burn it all of it be gone yeah i mean the only thing we kept from this operation is that first photo of gabe er you know the fake friends and fine people um i ultimately this is the thing that most people find hardest to give up i don't know what it is about tech people but we

are always so proud of like what we built we're like but look at it man dump it you don't need it what are you gonna do with it it's like those dvi cables why do you still have dvi cables i know you all have dv vga who still has a vga cable in here yeah i see a few hands throw them away throw them away who uses vga anymore yeah for server racks yeah yeah all right you get a pass you get you get a pad yep get the get the rack a little pull out you don't need it so here's our down and dirty review you know the really quick things you should know what a sock puppet is you don't

need to know exactly you know everything about it we do highly recommend that you go out and read a little bit more of how to do this in other techniques and tactics you have an idea of when to use them when you're not being a criminal um what else we got you know where to start cash a card remember always pick that up silly techniques how to build one keep it fun keep it light enjoy what you're doing at the end of the day you're not getting into a humanitarian op because you're like you have to do it like oh man bob told me i have to go do a humanitarian up today like you're doing

it because you want to do it so have fun when you get into this process know how to use them know what you're doing you know the differences between good and bad implementations and hopefully none of you guys make the same mistakes as becky or bobby tables and you should have somewhat of an understanding of inherent risk when it comes down to messing with nation state actors or uh terrorist organizations and at that point we'll leave it up to any questions we got one in the back

yeah i mean i don't think you necessarily have to wait the full two year mark but but basically for those who couldn't hear um you know it's like in order to kind of get into this field this realm of activist activity uh you want to start building your profiles now and over the course of a couple months you can have a plethora of different faces uh you know a split personality in on the internet uh to say but yeah i i would say give it a good stock puppet six to six months to a year is is a solid disconnect and very who you're trying to make right so i've got one in eastern europe i've got one

in south korea i've got one in england i've got one in mexico because you never know what's gonna pop up and you're not gonna be able to use i think we said gabe used to live in kabul and then he moved to boston or something something weird like that that's not going to help me in colombia make a bunch of them sit them on a shelf have the tools ready but yeah to your point make several make them over the course of time and have them on the shelf and ready very where they are what they look like what their names are where they live what they do give yourself some variability to work with

yeah you like one go nuts

oh that that works out perfectly yeah hey um so if you have a sock puppets that have a lot of friend requests is it good to accept those because you want to have a lot of friends or is it better to be cautious about whom you accept i say hit them all right sometimes a good a good technique when you're when you're building out a sock puppet especially on something like facebook or linkedin is to have some sort of buffer room because nobody's gonna believe that that gabe here with two friends is a real person right like oh that seems a little weird so uh you know you go on fiverr spend like three bucks and get

like three thousand friends it's my favorite way of making friends um yeah it's my only way of making friends uh but no i i t to your question i think that it's better to have a larger range of of numbers right instead of just having one or two z uh sock puppets it's gonna make it more believable sorry and one more question um what are some common fingerprinting um location geolocation slip ups that you've seen uh you mean like with people like active in the environment they'll just screw up uh the fun one i think is usually your phone number right if you're calling from a plus one number in a plus four one area like afghanistan uh that stands

out big time when somebody's doing ssi on the uh on the phones right they're like ah plus four one plus four one plus plus one let me call that one there are yeah there there are there are ways to get fake phone numbers in other countries and we definitely encourage you all to find the different products that are out there some may be on that tour thing that you may have heard of right but look at look at those areas as well as getting phone numbers especially if you're going to communicate with individuals in a whole different country i see wyatt here

that you are available to help out whenever you need to in different regions um but that's a lot of maintaining um these personalities so if you have like five different personalities in different regions what do you guys recommend as uh like activity with these uh different personalities like facebook and email um things like that when you are on social media you can't just have like a personality that's been made five years ago and then hasn't been touched in like a year or five years so what do you guys recommend on maintaining all of that and keeping everything straight is there anything that you guys recommend on um note taking for these personalities and things like that

yeah great question so um i don't sit there and spend 17 hours a day on facebook maintaining seven personalities uh i can't i can't do it i spend zero hours on facebook i don't i don't do it um i build personalities occasionally i'll pop in and post a photo from wherever i'm supposed to be from you don't have to be this very super super active uh facebook personality in order for a lot of this stuff to work we are looking for a cursory glance does it pass so if somebody looks at my profile they're probably not going to spend two hours scrolling my entire photo feed and looking at all of my birthday photos they're not going to do it they're going

to look they're going to be like yep gabe move they might look at how old the profile is zero friends 200 friends whatever couple of photos how old is it where's the phone number from it's a cursory glance because at the end of the day you're throwing this thing away anyway um but yeah i i cannot afford to spend so much time on facebook maintaining eight 10 12 profiles something i'll do python's really cool right just scrape everything from a country and just repost it it sounds dumb right they're like hey happy birthday to rodrigo and you're like you don't even have a friend named rodrigo dude and you're like yeah whatever right it's that cursory glance right if

the twitter feed is completely empty who's gonna follow it realistically uh other than maybe going on fiverr um you know i i think the best way typically to mimic behavior is to just gather up as much as you can and just dump it over time i think we have time for five more what's up

it's kind of cool that they're running around with the mics now we can actually hear uh i had a quick whoa that's a lot i had a question about um your distributed kind of resources for this operation i would imagine like one of them was so good at being a sock pocket sock puppet they seem like a sock puppet themselves like how are you maybe not how but like did you verify like that they could be useful assets for this operation and like how difficult was that given that necessarily meeting in a room um also i know if you like guys watch work watch workaholics but you guys definitely got a blake anderson and uh design thing going on here and i

really appreciate it yeah i've gotten the blake anderson comment quite a few times i think my ceo tells me i'm blake anderson almost every other day um so just to make sure i'm i'm understanding your question correctly it's how do we verify our stockpop is going to work in country

yeah so most of the people that we have worked with right uh most of those people come from the soft community the one thing that you can trust the military veterans to do is we don't ever leave that lifestyle right when we're done we're like oh yeah cool i can make real money now but i'm not doing anything so you know like with afghanistan popping off like i was asked if i wanted to go in country and verify people uh if i could bring a gun sure but if i couldn't nah right and so a lot of the contacts that we know are just prior contacts that we've worked with um sometimes you'll fall into an operation especially with like

ukraine russia situation where you have a dude that's vouching for another dude right uh it's almost uh robert downing jr from uh what is that movie thunder whatever but yeah you get the idea it's like a dude playing a dude this guy's another dude right like it's just verification through trusted channels that you're working with to where you can go i trust this guy like our safe house the dude that set up our safe house was some guy who bought lumber for us for like three years and we're like can you just dump a bunch of money into this hotel and tell them to not ask questions they were like yeah all right cool and

so that's how we were setting up a lot of resources so it's it's more of like trusting who is vouching for the individual then you are trusting who the individual is so especially with verification processes it's like hey let's get on whatsapp show me your face right you can do a video call over the internet uh it's not going to cost you a dime so do a video call here's your face here's your passport i know you are you are you distressed no all right throw your phone around the room let me make sure cool we verified you let's continue so it is a little bit of a process but if you're working with individuals

who've done this before they should be helping you learn a little bit uh another another kind of way that you'll see it done is we're going to protect us so i'm not going to talk to you my puppet's going to talk to your puppet so i've defended myself and you in that way okay and that helps to keep you safe from the other people inside that organization now that's not to say that the other people in your organization have been vetted to be functional and useful and ready to go but i have defended myself against that by saying timmy and gabe are going to talk you don't know my name i don't know yours that's fine we're going to be gabe

okay cool they're running with the mic

you look gorgeous knock it off asking from kind of a volunteer management position during operation no operation digital dunkirk there was a lot of misinformation going around from taliban twitter accounts or is being interpreted by unexpected inexperienced volunteers not understanding the slang that was involved or just setting things through google transit tran translator do you have any recommendations for when you're leading a group of volunteers such as this for helping to manage that very reactive mode that it's easy to get into when working on operations such as this you got an answer for that one i got some bad answers for that one so the the one thing that i learned in the military with like the ic community is

everything is take everything with a grain of salt right what you've heard from one source needs to be confirmed through several sources you can't just have a single source of truth uh it's not you know it's like if you were to take solarwinds approach on on when they got hacked oh we're not hacked like everybody else is saying you're hacked bro um so take everything that you get with a grain of salt and understand that what you see may not exactly be what is happening uh the russia ukraine situation is a great example of why propaganda works right because russia's like we're not killing anybody and ukraine's like you're killing everybody same thing with the taliban taliban's like we're not

shooting anybody and the next thing you see is a video out there of them blowing up the uh the north end gate of the airport so um when you're working in these and you're brand new the biggest thing everything is a grain of salt don't trust anything you see until you have multiple sources that confirm exactly that fact and any other fact that isn't confirmed within the statements should be just taken as probably false right error of caution there great question though we got one right here where's our i think we have time for one more or no maybe a question okay we got we got time for one last

what is that i'm forgetting what the site is so i've purchased a cell number is there a workaround for like the geo location like from the you know ping to the tower uh geo locating me somewhere else than where i want to be blue okay thanks yeah no i would say going through bluehost and changing there it's really you can root the phone and then spoof your your position your geolocation but it is it is iffy like if it's a sophisticated enough threat actor they're gonna be like yeah we know what's going on so same idea with like mac address spoofing but uh i think that's our time so thank you everyone you know party hard don't

do drugs we're not your dad have fun have a good rest of the day