The Consequences of Mismanaged Attribution
MA at a Distance: Managing Your Online Attribution While Teleworking
An Ntrepid Academy Blog Series
At this point in our blog series, we’ve reviewed the importance of managing your online attribution while teleworking, and discussed why some supposed DIY managed attribution (MA) solutions may still leave you vulnerable. So what? Why does potentially mismanaged attribution matter when extended telework has introduced so many other challenges?
It matters because the consequence of employing poor managed attribution practices is exposure—exposure of your online activities, your professional affiliation, and, potentially, your true identity. This exposure, in turn, can jeopardize your research, your investigation, your ability to execute your mission, or your continued access to social media platforms and other operational spaces.
Ntrepid Academy’s newest OSINT case study, “Mismanaged Attribution,” illustrates the consequences of poor MA practices. “Mismanaged Attribution” is the byproduct of Ntrepid Academy’s research on white supremacist extremists (WSE) and how they use social media to organize, communicate, and propagandize. The objectives of this research are: (1) to identify WSE’s tactics, techniques, and procedures on social media; (2) to assess WSE’s operational security (OPSEC) on various social media platforms; and (3) to record the lessons learned from an MA perspective.
“Mismanaged Attribution” focuses on a suspected WSE actor operating on Telegram, the encrypted and pseudonymous messaging application. This actor was ostensibly trying to conceal their true identity, yet Ntrepid Academy analysts were able to map the actor’s presence on a variety of platforms, including Twitter, Instagram, Gab, and Facebook. Our analysts were also able to confirm the actor’s true identity, location, multiple user names, family members, and broader social network.
So, how were we able to identify this WSE actor? Because they mismanaged their online attribution. Here are the lessons learned from our case study:
First, be cautious about linking multiple social media accounts. We all have social media accounts; some are used for professional networking and others are used to share photos of our quarantine haircuts. The WSE actor at the center of our case study had two groups of social media accounts: those used to propagate WSE content and personal accounts. However, the actor used the same username across multiple accounts and referenced one social media account in the bio of another. This enabled our analysts to move from the WSE set of accounts to the personal accounts.
Second, oversharing can lead to overexposure. Our target used their social media accounts as we all do: to share seemingly innocuous information. Yet, a few of the images, tweets, comments, and memes that this actor shared provided breadcrumbs about their location, name, and even technical information about their mobile device.
Third, you may be secure, but how about your network? One of the biggest mistakes the suspected WSE actor made was tagging a family member who had a public social media presence in their social media posts. This allowed our analysts to review the publicly available information on the family member’s profile and confirm the WSE actor’s identity. By tagging a family member, our target assumed that family member’s risk.
The guest star of “Mismanaged Attribution” was not operationally secure on social media—far from it. But, it was not because they didn’t intend to conceal their identity. Rather, it was because they did not employ proper OPSEC or MA practices.
Managed attribution is an active process of managing the technical and behavioral information you’re communicating as you operate online. This includes being deliberate with your online activities, especially as we continue to work from home using our personal infrastructure and resources to conduct potentially sensitive activities. It’s easy to become complacent, but as our “Mismanaged Attribution” case study demonstrates, even one minor mistake can have cascading consequences.
To learn more about managed attribution and to sign up for one of Ntrepid Academy’s open-enrollment webinars, please visit our page.