Sock puppetry is the practice of creating and operating fake online identities, known as sock puppet accounts, for various purposes. In OSINT (Open-Source Intelligence), sock puppets are a powerful tool used by investigators to gather information, infiltrate online communities, and conduct investigations while maintaining anonymity.

The Power of Sock Puppets

Sock puppets have been used on the internet since its early days. They have been employed by political campaigns to shape public opinion, corporations to control their brand narrative, and individuals to influence online conversations.

However, sock puppets have also been used for noble causes. The case of "Sweetie," a virtual 10-year-old Filipino girl created by the Dutch children's rights organization Terre des Hommes, demonstrates the potential of sock puppets in fighting crime and showcasing the fact that sock accounts are used in the wild. Sweetie was used to identify and apprehend online predators, resulting in the arrest of over 1,000 individuals across 71 countries. More information about the Sweetie case can be found at Telegraph Article.

We will approach the creation of a sock puppet account in a professional manner, meaning that we will strive to be as diligent as possible at each step. Please note that not all sock puppet accounts are intended for general purposes; some may be crafted to infiltrate a specific community or target.

Steps to Create a Sock Puppet Account

Craft a digital persona:

Develop a detailed backstory, personality traits, and online behaviors that mirror a real person.

An initial step would be to visit a site like FakeNameGenerator to create a draft, or give you an idea of where to start.

To create a comprehensive persona, consider the following questions:

        • Name: What is your sock puppet's full name?
        • Demographics:
        • Age: How old is your sock puppet?
        • Gender: What is your sock puppet's gender identity?
        • Location: Where does your sock puppet reside?
        • Occupation: What is your sock puppet's profession or job title?
        • Education: What is your sock puppet's educational background?
        • Marital Status: Is your sock puppet single, married, divorced, or in a relationship?

Psychological Profile:

        • Personality Traits: Is your sock puppet introverted or extroverted? Are they confident, shy, or ambitious?
        • Interests and Hobbies: What does your sock puppet enjoy doing in their free time? Are they passionate about sports, music, or art?
        • Political Views: Does your sock puppet have any strong political opinions or affiliations?
        • Religious Beliefs: Does your sock puppet adhere to a particular religion or have spiritual beliefs?

Use-Case:

        • Purpose: What is the primary objective of your sock puppet account? Is it for passive reconnaissance or active engagement?
        • Target Audience: Who is your sock puppet designed to appeal to or interact with?
        • Communication Style: How does your sock puppet communicate online? Are they formal, casual, or humorous?

Backstory:

        • Family Background: What is your sock puppet's family history? Do they have any siblings or notable relatives?
        • Life Events: What significant events have shaped your sock puppet's life? Have they faced any major challenges or achieved notable successes?
        • Aspirations: What are your sock puppet's goals and dreams for the future?

Create a comprehensive persona document to maintain consistency and authenticity.

Build an online presence

    • Establish profiles on relevant social media platforms, forums, and websites that align with the persona's interests and expertise
    • Use AI-generated images from platforms like This Person Does Not Exist (https://www.thispersondoesnotexist.com/) or Midjourney (https://www.midjourney.com/) for profile pictures and supporting images to enhance authenticity
    • Engage with relevant communities and create content that showcases the persona's unique perspective and expertise. Question yourself what communities would the persona be part of
    • Depending on the community or target to infiltrate/investigate, the persona can be modified by removing or adding specific elements
    • For example, some threat actors use cat pictures on their Telegram profiles, include specific details in their bios, or add humorous locations like Microsoft HQ or an antivirus company's headquarters. Pay attention to details
    • Adapt the profile to fit the target community and avoid looking out of place
    • Consider creating generic sock puppet profiles for general purposes and crafting specific profiles from scratch to investigate a particular target or community

Implement OPSEC measures

    • Use virtual phone numbers from providers like Moremins.com (https://www.moremins.com) for account verification and secure communication
    • Choose privacy-focused email providers like ProtonMail (https://protonmail.com/) or Tutanota (https://tutanota.com/)
    • Employ secure payment methods such as privacy-oriented cryptocurrencies or virtual credit cards, for example https://privacy.com/
    • Follow an OPSEC checklist:
      • Use a reliable VPN or Tor to mask IP address and location
      • Employ strong, unique passwords and enable two-factor authentication (2FA)
      • Avoid using the same usernames, email addresses, or profile pictures across different sock puppet accounts
      • Remove EXIF metadata from images before uploading to prevent information leaks
      • Exercise caution when interacting with other accounts
      • Regularly review the sock puppet's online presence for inconsistencies or red flags
      • Maintain detailed records of the sock puppet's activities and interactions
      • Stay informed about the latest OPSEC best practices and adapt strategies accordingly

Adapt and refine

    • Try and stay up-to-date, check if the way social media works change, interact with the OSINT community and exchange knowledge AKA Reddit
    • Regularly assess and refine the sock puppet persona to maintain credibility and relevance
    • Update the sock puppet's online presence to reflect changes in real-world events, trends, and discussions
    • Maintain detailed records of the sock puppet's activities and interactions for accountability

Challenges and Considerations


Creating and maintaining a convincing sock puppet account requires skill, effort, and constant attention to detail. OPSEC is paramount to prevent the sock puppet's identity from being compromised. Remember, even a single detail that connects to your real identity can jeopardise your sock puppet's integrity. By adhering to an OPSEC checklist and remaining diligent, you can minimize the risk of compromising your sock puppet accounts.

Ethical considerations are equally important. Sock puppet accounts should be used responsibly and within legal boundaries.

I will be creating more useful guides in the near-future where we will explore Sock accounts applied to investigations, and possibly the creation of some Sock accounts for specific investigative purposes.

Remember, it is all in the details.