Watch the stream
Our personas are fabrications and constructions of our inner self that we project outwards. We do this through various means and influences such as race, gender, sex, ability, age, culture, religion, norms, class, and status. For the “real world” aka “irl” we do all this by expression in our clothing, makeup, hairstyling, our hobbies, our network of friends, colleagues, and acquaintances. We leverage all of these facets and we create masks, personas, that we think will best interact with the world around us. The same concepts apply when creating personas for infiltrating online communities. Online communities are built on trust, reputation, and currency which can take various forms such as data, crypto, intel and notoriety. This talk is an exploration of techniques; linguistics, OPSEC, OSINT, and SOCENG. Tactical operations and concepts like hours of online operation, timezone shifting, and using low ranking accounts as canon fodder for probing, and psychological models used in the infiltration of emerging threat actor groups.
Persona Theory applies the understanding of threat actors, how they think, how they operate, their language, their motivations, fears, methods, the "game" and reflects it back at them like an obsidian mirror. The talk features case studies showcasing active infiltration chat logs and we present this first hand showing how established ransomware threat actors communicate during their ARP (Active Recruitment Phase). Recruitment for RaaS (Ransomware-as-a-Service) functions very similarly to a job interview. You need to show you got the goods such as the ability to provide your initial access into organizational infrastructure, pentesting, and overall business acumen. The case studies go from initial contact, to obtaining the ransomware builder and affiliate panel access. We also explore the use of transliteration (preserving pronunciation) vs translation (preserving meaning) and how machine translation engines like DeepL and Google Translate aren't necessarily the best for passing yourself off as a native speaker.
Tammy Harper Senior Threat Intelligence Researcher, Flare
Tammy is a Senior Threat Intelligence Researcher and Certified Dark Web Investigator at Flare. She is a contributor and volunteer threat intelligence researcher for the open-source project RansomLook. When not working on threat intelligence, she listens to techno and ambient music. Her other hobbies include street and nature photography, reading, camping, hiking, and learning about theoretical astrophysics, hypothetical stars, and exotic forms of matter.