It has always seemed natural to me, a community coming together to solve community issues by voting. However, there is the assumption that the folks voting are members of the community. When the community is relatively small and folks know one another, there is a trust. That trust comes from association. However, whether the community is small or large, identity, who the person is- the identity is not something chiseled in granite. Much as an actor assumes a role, it has become almost trivial for folks in the audience around the globe to assume a role of their choosing. Things, people, context, etc. are not always what you assume them to be.
Identity can be formed by being born, going to school, your friends around you, your resume, your job, the house you have, your car, etc.
Then there are folks that choose to value their anonymity. They can be those that value privacy.
There can be those, that because of their work, require anonymity.
There can be those that choose to live outside the boundaries of society and the law.
In days of old, those wanting a new identity would go to some out of the way room, do business with a shifty character, put down some cash, and a new John Doe is born.
In today’s world, there is no need to deal with the underworld. A few clicks and a new you are almost instantly brought into existence.
I have no idea how many people there are in the world. Two, three billion. A big number. I have no idea how many “real” social media accounts there are in the world. Another big number. Maybe a billion profiles.
Social media accounts have profiles. Profiles have attributes. There are attributes for name, email address, interests, location, etc. It is the value of an attribute that is part and parcel of an identity. In today’s world of the Internet, click here and a new persona, things, reasons, and who someone is are often not reality. Let’s see how easy it is to create a false reality.
There are those that wish to remain anonymous – privacy first — and there are those that wish to hide their true identity because of intended criminal activity. If someone has bad intentions, a starting point is to create a false profile on social media. Creating a false profile is not that difficult for even those with little technical expertise. There are times that Tor, a VPN, or validating the new account can take a little fiddling. A Sock Puppet is an identity – profile on a social media site that has less than true attribute values.
There was a time that folks were identified by names. Say the name “Bob Jones” and a mental image would show a “picture” of Bob Jones. Progress, the Internet connects a billion folks. Bob Jones becomes bob.jones@myneighbor.net. Perhaps the same smiling images pops up in your mind when you see the email address bob.jones@myneighbor.net. If Bob Jones wants another identifier, he does not need to file legal papers. All he needs to do is create an email address such as reverend.bob.jones@churchofthecoolfolks.org and Bob Jones now has a new identity. Bob needs to be careful when he sets the new email address up — get a service provider, not a big named provider, hide his location Tor, VPN, etc. so that the new provider does not know where Bob Jones is located. And be able to validate the email account. And then there is a choice of a browser. Browsers do not come set to protect your best interests.
Not a problem. There is Fast Mail where privacy is paramount and aliases possible.
When establishing an account, hiding where you are is required. You don’t want to leave breadcrumbs. There are social media providers that are able to detect a VPN connection and will tag you as suspicious. Work around, go to a coffee shop, one not next door to your residence. Leverage the hot spot. Then bail.
Social Media sites will ask you to validate your cell phone address. Must be a cell phone number. Get some SIM cards from Amazon. Use an old Android phone will a new SIM card. Validate. Change phone number in profile to VOIP.
The Social Media site may require a new image. The above image is of a person that does not exist. The power of a Generative Adversarial Network (GAN) and the web site here.
Creating a new false name, background, resume, physical space, they are all available from free services on the Internet.
Both the Enterprise and the Cloud present the case for a Zero Trust Architecture. Perhaps my takeaway is that Zero Trust is applicable to social media. Anyone can be anyone that they want to be. It is up to folks that have social media account to protect themselves and to understand that because there is a social media account, the identity pointed to by the social media profile, means little. Validate and then, very, very slowly trust.
From a very high level down to each line in a script. Extremely well written, timely and a relatively quick read for both technical and non-technical.
Discover more from Threat Detection
Subscribe to get the latest posts sent to your email.