Operational Security Part 5: Online Personas
By Richard McEachin
Privacy Vs. Anonymity
Privacy and anonymity are different things entirely. Privacy means the exchanged information is not visible to people outside the conversation but the parties to the conversation are known or can be identified. Anonymity means that at least one party to the conversation is unknown and cannot be identified. Your network connection should be set-up to provide privacy and facilitate anonymity.
By Richard McEachin
The security intelligence personnel will need to learn to use VPNs, VMs, DNS spoofing, Tor, and online personas during data collection to maintain anonymity. This article is about managing the use of online personas.
On the Internet, nobody knows you’re a dog
A persona is a fictitious person used to gather information. This persona must be acceptable to the group with which it is trying to interact. The purpose of all online interactions is to elicit useful information and insights into the target group’s intentions. Diligent management control over the behaviour of all personas ensures that they do not stray into any legally or morally questionable statements or activity.
Most of your online intelligence effort depends on your ability to use online personas in chats rooms, forums, and on social media sites. To be successful, you must get inside the threatening group’s social media network as early as possible to listen and participate in their online conversations.
You risk your entire online intelligence effort if your online personas are misused. Your policy regarding the use of personas begins with six rules.
1. Do not personate any living person.
2. Do not personate a representative of any existing business or anything to do with government.
3. Do not cause anybody to be concerned for his or her own safety or the wellbeing of any person, business, company, or property.
4. Never fan the flames! Never act as an agent provocateur!
5. Senior management must know what the stock of personas is doing. Control this using something like MS OneNote that is not networked and on which the data is encrypted. Only the people authorised to use a persona should have access to this. Record every use of a persona and its online interactions. This requires diligent management oversight that includes input from legal counsel and your PR experts. Purge these records and the online messages periodically as per your deletion policy.
6. Sophisticated systems for acquiring and handling source material, analysis, reporting, and persona control will require more sophisticated support to keep everything running and to prevent unauthorised access. You must decide on what type of support you can afford based upon security risks and the costs that come with the proposed support system.
The longer you maintain an online persona within an activist group, the more effective it may become. Reporting data collected from social media requires diligent scrutiny to obscure the online personas used to collect the data.
Reporting should never mention the persona used to collect a given piece of data. This is more than the decision-maker needs to know. Destroy the records of online interactions at the earliest possible opportunity to prevent exposure of your methods and personas.
All reporting should explain sources and methods used without exposing the actual persona employed to collect the data. This should clearly illustrate that collected data resulted from legal and ethical methods.
Screen clips may expose the persona in use at the time of the screen clip. Develop a clear policy regarding the use of screen clips in all reporting. You also need a clear policy regarding the deletion of source content that identifies online personas and data that becomes outdated or irrelevant.
If you do not do these things, then eventually accusations of ‘spying’ on innocent people will surface and the opposition may have solid evidence to prove it. It will not matter that they had no right to interfere with your business or property—the opposition will portray you as an evil corporate thug that spied on them. If the mainstream media persistently reports this portrayal, your reputation may suffer long-term damage.
The more sophisticated and connected your intelligence operation becomes, the more likely the opposition will penetrate it. You, rather than the opposition, determine what they find and expose.
Richard B. McEachin is the principal of McEachin & Associates Ltd. (ConfidentialResource.com).