Is it a good Idea to have a secret Internet Alias?

TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
Given that an anonymous UK Malware researcher Malwaretech was able to prevent the spread of the WannaCry ransomware malware, just by registering a domain, do you think it's a good idea having a secret identity for use in the Cyber Security field? Look at it this way, if say UK researcher was Bill Smith, and he came out and said I stopped the spread of this malware, he just cost unknown criminals tens of thousand’s, if not millions of dollars in profits. They would be less then happy with him and may seek to express there displeasure by hacking the hell out of him. Is it worth the media fame and fortune identifying yourself? I would think the potential aggravation of dealing with revenge hacking on a personal level is quite a deterrent in making your identity public. Malwaretech must think so, his website is registered by a company instead of a name, registered from Panama, and the company is the one that provides the whois service on the internet. Of course he is known by someone, you can’t contact the FBI and say hey this is Malwaretech and I figured out how to stop this malware attack. But his professional identity doesn’t intersect with his anonymous identity in any way.

Does anyone here have a secret identity they use to taking public credit for security work they do? I’m not talking about the aliases we use on this website, but I guess your Techexam alias could be your secret identity as well, but it not for me.
Still searching for the corner in a round room.

Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    All I'll say is that as a security practitioner I hold multiple sockpuppet accounts with complex profiles for different purposes. If you are in InfoSec and not doing it this way, you are doing it wrong.
  • E Double UE Double U Member Posts: 2,229 ■■■■■■■■■■
    I tried to explain to my wife that my secret identities were work related, but she wasn't buying it. icon_sad.gif
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • PC509PC509 Member Posts: 804 ■■■■■■□□□□
    I've got my public profiles, which all link back to me personally (easy to look up and find out who I am). I also have several other identities online that I can use for other reasons. Nothing nefarious, wife knows about them and is free to look at them.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    I have a bunch of anonymous accounts that I created to tro!l people on social media sites.... Does that count?
  • rob42rob42 Member Posts: 423
    If your job is 'Cyber Security' and you reveal who you, then get a different job!
    No longer an active member
  • tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
    Don't list on your LinkedIn page the tools you use to defend your company/agency. In fact, don't even list anything other than your title and company name..
  • sillymcnastysillymcnasty Member Posts: 254 ■■■□□□□□□□
    Up until I made a linkedin, there was no practical way to find me on the internet. Any email I used for a login was always a junk email. Fake name everywhere. I find it creepy that people can find me lol
  • dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    Yes i have about 15 different profiles.its difficult to keep track these days. normally i terminate accounts after mission is accomplished but i just cant be bothered any longer.
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    My secret alias is Carlos Danger. That way they'll always assume it's that other guy :P
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    TechGromit wrote: »
    Of course he is known by someone, you can’t contact the FBI and say hey this is Malwaretech and I figured out how to stop this malware attack. But his professional identity doesn’t intersect with his anonymous identity in any way.
    Are you aware that @malwaretechblog was doxxed over the weekend? His identity is known. He says himself, he assumed he would be doxxed at some point. In his case, the key is in preparing for that moment instead of relying on obscurity to ensure his safety. The alias is a mustache and a pair of glasses. It was never going to keep him unknown. With all the work he did documenting the Necurs botnet I wouldn't be surprised if he was privately identified in the past.
    cyberguypr wrote:
    ...If you are in InfoSec and not doing it this way, you are doing it wrong.
    rob42 wrote:
    If your job is 'Cyber Security' and you reveal who you, then get a different job!
    Sigh. Regardless of what someone does for a living or what their title is, publicly disrupting criminal operations is something you would need to use an alias for. But blanket statements suggesting that all serious infosec people should use an alias, are just wrong. Infosec is far too broad for that type of thing.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    YFZblu wrote: »
    Sigh. Regardless of what someone does for a living or what their title is, publicly disrupting criminal operations is something you would need to use an alias for.

    Exactly! Did we learn nothing from our Superheroes who do this kind of stuff for a living? You guys all see what happens when the villain finds out the hero's identity. They go after the people close to them. Don't be that hero without a secret identity!!
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    TechGromit wrote: »
    Given that an anonymous UK Malware researcher Malwaretech was able to prevent the spread of the WannaCry ransomware malware, just by registering a domain, do you think it's a good idea having a secret identity for use in the Cyber Security field?
    He's actually not anonymous. I believe he's a Proofpoint researcher iirc - I'm sure if you look - you can find him.

    Like @cyberguypr - I have a few sockpuppet accounts that I use. Those are for lurking and to use services anonymously. But I also have alter-ego's where some are more anonymous than others. Like this one on TE. It really depends on what you want to accomplish. Many security researchers use handles as an alter-ego but it's not necessarily to be anonymous.
  • blatiniblatini Member Posts: 285
    E Double U wrote: »
    I tried to explain to my wife that my secret identities were work related, but she wasn't buying it. icon_sad.gif

    +1

    I don't really do this, but I also don't participate in many forums outside of TE. While my posts here are generally embarrassing in their own right I don't think any of them will get me sent to the mental ward or worse (yet)
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    UnixGuy is my real name icon_cool.gif


    But yes, I take it a step further and never use my real name on social media...completely different identity. Not because of working in "InfoSec"
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • jelevatedjelevated Member Posts: 139
    Absolutely. Keep separate user names and credentials for each message board you surf. I learned this is important primarily because you cannot change your user name or delete your account on most bulletin boards!

    Nothing is as good an example of this other than that red shirt undecided election guy, Ken Bone. http://www.thedailybeast.com/articles/2016/10/14/ken-bone-s-disturbing-reddit-history-shows-he-s-not-nearly-as-adorable-as-we-thought?via=twitter_page using the same name for Reddit, he posted some really REALLY crazy stuff on there.
  • E Double UE Double U Member Posts: 2,229 ■■■■■■■■■■
    Did we learn nothing from our Superheroes who do this kind of stuff for a living?

    I learned how great of a disguise glasses are from Superman.

    "Hey Super, oh wait, it's Clark. Have you seen Superman? He was just here."
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • jstockjstock Member Posts: 21 ■□□□□□□□□□
    E Double U wrote: »
    I learned how great of a disguise glasses are from Superman.

    "Hey Super, oh wait, it's Clark. Have you seen Superman? He was just here."

    This comment, made me think of this https://www.youtube.com/watch?v=NxtunkBUcRo. Lol
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□

    YFZblu wrote: »
    Are you aware that @malwaretechblog was doxxed over the weekend? His identity is known. He says himself, he assumed he would be doxxed at some point


    No I wasn’t aware, but I did say in my post he was known by someone, you can’t interface with creditability with the FBI and other government agencies anonymously. When a newspaper throws around enough money to identify a source, someone’s bound to talk, although it was claimed he was identified by tracking down his digital foot print, not sure if I believe that or not.
    Still searching for the corner in a round room.
  • OctalDumpOctalDump Member Posts: 1,722
    I wonder if part of this is that Info Sec attracts some of the more paranoid (it's not paranoia if they really are out to get you) types, so maybe some of the people in Infosec would naturally be inclined to act anonymously or pseudonymously online even if they weren't doing this for a job.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • jcundiffjcundiff Member Posts: 486 ■■■■□□□□□□
    My line of work requires the use of multiple sock puppets, I have my personal social media pages, but I am very limited on who I add. None of my sock puppets have any common links between them and my personal stuff, although a couple of them know each other :)
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • shimasenseishimasensei Member Posts: 241 ■■■□□□□□□□
    In short, yes :)
    Current: BSc IT + CISSP, CCNP:RS, CCNA:Sec, CCNA:RS, CCENT, Sec+, P+, A+, L+/LPIC-1, CSSS, VCA6-DCV, ITILv3:F, MCSA:Win10
    Future Plans: MSc + PMP, CCIE/NPx, GIAC...
  • ande0255ande0255 Banned Posts: 1,178
    I figure if a security genius like Iris can have their own picture as their profile avatar, then I could come out of the shadows and change mine to my real picture too! :D
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    Go for it. Not too worried about the kind of discussions we are having on here and most of my professional forums, LinkedIn, study groups, and blog to try to mask my identity on it. Plus it would kill any personal branding from all of that.

    I would assume if you were looking to create a secret identity or mask your identity separate from your other online personas, there's probably a reason behind it beyond what we do here. :)
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
Sign In or Register to comment.