Is it a good Idea to have a secret Internet Alias?
TechGromit
Member Posts: 2,156 ■■■■■■■■■□
in Off-Topic
Given that an anonymous UK Malware researcher Malwaretech was able to prevent the spread of the WannaCry ransomware malware, just by registering a domain, do you think it's a good idea having a secret identity for use in the Cyber Security field? Look at it this way, if say UK researcher was Bill Smith, and he came out and said I stopped the spread of this malware, he just cost unknown criminals tens of thousand’s, if not millions of dollars in profits. They would be less then happy with him and may seek to express there displeasure by hacking the hell out of him. Is it worth the media fame and fortune identifying yourself? I would think the potential aggravation of dealing with revenge hacking on a personal level is quite a deterrent in making your identity public. Malwaretech must think so, his website is registered by a company instead of a name, registered from Panama, and the company is the one that provides the whois service on the internet. Of course he is known by someone, you can’t contact the FBI and say hey this is Malwaretech and I figured out how to stop this malware attack. But his professional identity doesn’t intersect with his anonymous identity in any way.
Does anyone here have a secret identity they use to taking public credit for security work they do? I’m not talking about the aliases we use on this website, but I guess your Techexam alias could be your secret identity as well, but it not for me.
Does anyone here have a secret identity they use to taking public credit for security work they do? I’m not talking about the aliases we use on this website, but I guess your Techexam alias could be your secret identity as well, but it not for me.
Still searching for the corner in a round room.
Comments
-
cyberguypr Mod Posts: 6,928 ModAll I'll say is that as a security practitioner I hold multiple sockpuppet accounts with complex profiles for different purposes. If you are in InfoSec and not doing it this way, you are doing it wrong.
-
E Double U Member Posts: 2,233 ■■■■■■■■■■I tried to explain to my wife that my secret identities were work related, but she wasn't buying it.Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
PC509 Member Posts: 804 ■■■■■■□□□□I've got my public profiles, which all link back to me personally (easy to look up and find out who I am). I also have several other identities online that I can use for other reasons. Nothing nefarious, wife knows about them and is free to look at them.
-
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□I have a bunch of anonymous accounts that I created to tro!l people on social media sites.... Does that count?
-
rob42 Member Posts: 423If your job is 'Cyber Security' and you reveal who you, then get a different job!No longer an active member
-
tedjames Member Posts: 1,182 ■■■■■■■■□□Don't list on your LinkedIn page the tools you use to defend your company/agency. In fact, don't even list anything other than your title and company name..
-
sillymcnasty Member Posts: 254 ■■■□□□□□□□Up until I made a linkedin, there was no practical way to find me on the internet. Any email I used for a login was always a junk email. Fake name everywhere. I find it creepy that people can find me lol
-
dustervoice Member Posts: 877 ■■■■□□□□□□Yes i have about 15 different profiles.its difficult to keep track these days. normally i terminate accounts after mission is accomplished but i just cant be bothered any longer.
-
Iristheangel Mod Posts: 4,133 ModMy secret alias is Carlos Danger. That way they'll always assume it's that other guy :P
-
YFZblu Member Posts: 1,462 ■■■■■■■■□□TechGromit wrote: »Of course he is known by someone, you can’t contact the FBI and say hey this is Malwaretech and I figured out how to stop this malware attack. But his professional identity doesn’t intersect with his anonymous identity in any way.cyberguypr wrote:...If you are in InfoSec and not doing it this way, you are doing it wrong.rob42 wrote:If your job is 'Cyber Security' and you reveal who you, then get a different job!
-
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□Sigh. Regardless of what someone does for a living or what their title is, publicly disrupting criminal operations is something you would need to use an alias for.
Exactly! Did we learn nothing from our Superheroes who do this kind of stuff for a living? You guys all see what happens when the villain finds out the hero's identity. They go after the people close to them. Don't be that hero without a secret identity!! -
paul78 Member Posts: 3,016 ■■■■■■■■■■TechGromit wrote: »Given that an anonymous UK Malware researcher Malwaretech was able to prevent the spread of the WannaCry ransomware malware, just by registering a domain, do you think it's a good idea having a secret identity for use in the Cyber Security field?
Like @cyberguypr - I have a few sockpuppet accounts that I use. Those are for lurking and to use services anonymously. But I also have alter-ego's where some are more anonymous than others. Like this one on TE. It really depends on what you want to accomplish. Many security researchers use handles as an alter-ego but it's not necessarily to be anonymous. -
blatini Member Posts: 285E Double U wrote: »I tried to explain to my wife that my secret identities were work related, but she wasn't buying it.
+1
I don't really do this, but I also don't participate in many forums outside of TE. While my posts here are generally embarrassing in their own right I don't think any of them will get me sent to the mental ward or worse (yet) -
UnixGuy Mod Posts: 4,570 ModUnixGuy is my real name
But yes, I take it a step further and never use my real name on social media...completely different identity. Not because of working in "InfoSec" -
jelevated Member Posts: 139Absolutely. Keep separate user names and credentials for each message board you surf. I learned this is important primarily because you cannot change your user name or delete your account on most bulletin boards!
Nothing is as good an example of this other than that red shirt undecided election guy, Ken Bone. http://www.thedailybeast.com/articles/2016/10/14/ken-bone-s-disturbing-reddit-history-shows-he-s-not-nearly-as-adorable-as-we-thought?via=twitter_page using the same name for Reddit, he posted some really REALLY crazy stuff on there. -
E Double U Member Posts: 2,233 ■■■■■■■■■■NetworkNewb wrote: »Did we learn nothing from our Superheroes who do this kind of stuff for a living?
I learned how great of a disguise glasses are from Superman.
"Hey Super, oh wait, it's Clark. Have you seen Superman? He was just here."Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
jstock Member Posts: 21 ■□□□□□□□□□E Double U wrote: »I learned how great of a disguise glasses are from Superman.
"Hey Super, oh wait, it's Clark. Have you seen Superman? He was just here."
This comment, made me think of this https://www.youtube.com/watch?v=NxtunkBUcRo. Lol -
TechGromit Member Posts: 2,156 ■■■■■■■■■□
Are you aware that @malwaretechblog was doxxed over the weekend? His identity is known. He says himself, he assumed he would be doxxed at some point
No I wasn’t aware, but I did say in my post he was known by someone, you can’t interface with creditability with the FBI and other government agencies anonymously. When a newspaper throws around enough money to identify a source, someone’s bound to talk, although it was claimed he was identified by tracking down his digital foot print, not sure if I believe that or not.
Still searching for the corner in a round room. -
OctalDump Member Posts: 1,722I wonder if part of this is that Info Sec attracts some of the more paranoid (it's not paranoia if they really are out to get you) types, so maybe some of the people in Infosec would naturally be inclined to act anonymously or pseudonymously online even if they weren't doing this for a job.2017 Goals - Something Cisco, Something Linux, Agile PM
-
jcundiff Member Posts: 486 ■■■■□□□□□□My line of work requires the use of multiple sock puppets, I have my personal social media pages, but I am very limited on who I add. None of my sock puppets have any common links between them and my personal stuff, although a couple of them know each other"Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
-
shimasensei Member Posts: 241 ■■■□□□□□□□In short, yesCurrent: BSc IT + CISSP, CCNP:RS, CCNA:Sec, CCNA:RS, CCENT, Sec+, P+, A+, L+/LPIC-1, CSSS, VCA6-DCV, ITILv3:F, MCSA:Win10
Future Plans: MSc + PMP, CCIE/NPx, GIAC... -
ande0255 Banned Posts: 1,178I figure if a security genius like Iris can have their own picture as their profile avatar, then I could come out of the shadows and change mine to my real picture too!
-
Iristheangel Mod Posts: 4,133 ModGo for it. Not too worried about the kind of discussions we are having on here and most of my professional forums, LinkedIn, study groups, and blog to try to mask my identity on it. Plus it would kill any personal branding from all of that.
I would assume if you were looking to create a secret identity or mask your identity separate from your other online personas, there's probably a reason behind it beyond what we do here.