Managing Your Attribution: Nobody, Anybody, or Somebody
When you are trying to operate online, it may seem obvious that you need an alias; the question is, what kind?
Listen to the Ntrepid Cast podcast on this topic.
In this blog, I am going to share with you my framework for the four forms of online identity. Each form of identity serves a specific purpose and is useful in different contexts. They include: Nobody, Anybody, Everybody, and Somebody.
Nobody identity
Our first alias, the “Nobody” identity, is overtly anonymous. Opponents can see that this person is using tools – like Tor or VPN services – to hide. While all identifying information is stripped, this makes it obvious that the online user is actively attempting to hide.
This overt anonymity is not necessarily bad. Nobody identities are completely appropriate in certain contexts. For instance, when interacting with hackers or criminals on the dark web, anything other than a stripped identity would stand out; acting anonymously is expected within that culture.
However, a completely obscured identity would raise alarms if it were to be used for conventional financial transactions or while interacting on popular social media.
Anybody identity
On the other hand, the “Anybody” identity does not appear to be hiding, but also lacks clear and expressed real-world identification. This identity’s associated IP address appears unremarkable, and its browser fingerprints are typical of an ordinary person.
Anybody identities are most commonly used for OSINT and other similar operations in which you passively gather information. These identities may have accounts on various services, but only insofar as they need the accounts to access public posts. Additionally, Anybody identities don’t have significant backstopping or a robust network of friends and connections.
Everybody identity
Sometimes, a single identity is not sufficient. “Everybody” identities comprise part of a virtual crowd; they are useful when the intensity of a data collection effort would attract attention to an individual identity.
A normal person can visit hundreds of web pages per day. But if a mission requires a user to visit millions of pages, that user’s identity is going to be exposed. By using thousands of Everybody identities, you can diffuse the online activity, ensuring one individual is not creating unrealistic amounts of traffic.
At the same time, Everybody identities generally don’t include backstopping, which would make the aliases appear realistic to a human investigator. In these instances, avoiding automated detection by targeted systems is the most important goal. Though it is unlikely that anyone will individually investigate any of these identities, if some are discovered, they can be easily discarded or replaced.
Somebody identity
With the “Somebody” identity, you adopt a specific, persistent alias. This identity has a name, biography, ethnicity, nationality, and other personal characteristics.
The Somebody alias will certainly maintain accounts, usually on multiple platforms. Each of those accounts will also include appropriate profile photos and connect into coherent social networks.
Somebody identities are designed to endure investigation and scrutiny. Consider using Somebody identities when interacting with real people or conducting extended operations in restricted environments, like closed groups and private chatrooms.
Potential trade-offs
Since Somebody aliases seem to be the most effective forms of online identity, why not use them all the time? The biggest issue involves cost. Fully backstopped accounts that will withstand investigation require a lot of work to create. Additionally, Somebody accounts are very specific. For example, a Russian mobster identity would be entirely inappropriate for investigating a college admissions scandal.
Anybody identities, on the other hand, are quick, cheap, and disposable. However, they are easily detected during interactions with real people.
Nobody accounts appear to have something to hide, which looks suspicious in many situations. The commercial privacy provider protecting the Nobody alias might also be penetrated by your opponents. Special Counsel Robert Mueller’s investigation of the Democratic National Committee hackers demonstrated this potential VPN vulnerability: the FBI discovered the hackers’ true Moscow-based IP address despite their use of a Russian anonymizing VPN service. Thus, you may require another type of identity to back up the Nobody identity.
Finally, only Everybody identities can accomplish high volume data collection, but they will not stand up to any level of scrutiny.
So how do you choose?
In the end, there is no “one-size-fits-all” alias identity. These four identity forms exist on a spectrum. A given alias might not fit cleanly into one of these categories, but the framework serves as a useful tool for making your decisions.
For each operation, you should think carefully about which form of identity is most appropriate. Picking the right types of identities for your mission can ensure you remain undetected, while also avoiding needless expense.
Watch the full video here.