Your Clues About Your Real Life and OSINT

You need to act and fully adopt a role as an actor would do for a performance. You need to become a different person, think, and act like that person. This is not a technical mitigation but a human one. You can only rely on yourself for that.

Ultimately, it is mostly up to you to fool those algorithms by adopting new habits and not revealing real information when using your anonymous identities.

Ross Ulbricht: Arrogance or Stupidity?

You’ve undoubtedly heard of the Silk Road. What was supposedly the most secure, anonymous, and impenetrable platform was swiftly taken down after investigators starting to collect very damning clues about the site’s owner. For instance:

  • An undercover DEA agent who became an admin on the site discovered that the site was configured in Pacific Time, indicating the user was on the West Coast[1]
  • Ulbricht used the same username (“altoid”) on multiple websites which made it incredibly easier for investigators to connect the various accounts[2]
  • What ultimately gave away Ulbricht’s real identity was the fact that the username ‘altoid’ was registered using his personal email address[3]

Your Clues about your Real Life and OSINT:

These are clues you might give over time that could point to your real identity. You might be talking to someone or posting on some board/forum/Reddit. In those posts, you might over time leak some information about your real life. These might be memories, experiences, or clues you shared that could then allow a motivated adversary to build a profile to narrow their search.

A real use and well-documented case of this was the arrest of the hacker Jeremy Hammond[4] who shared over time several details about his past and was later discovered.

There are also a few cases involving OSINT at Bellingcat[5].

Related Posts