From Project PM
(Redirected from Attribution)
Jump to: navigation, search

Identification in this context is the practice of obtaining the identity of those who attempt to remain anonymous in their online affairs. Such a capability is being increasingly sought by governments and thus intelligence contractors as a means by which to reign in activity currently beyond their control.

HBGary CEO Aaron Barr compiled the following notes in 2010 on the process by which he hoped to identify Anonymous participants. Keep in mind that, as one of his colleagues told him at the time, the process outlined below is not exactly sure-fire. Nonetheless, Barr was indeed on the right track, which is presumably one reason why William Wansley, a VP at Booz Allen Hamilton, discussed his work on Anonymous and Wikileaks with him via e-mail and phone before eventually having him in to the office for a meeting in late January and then later denied this when a pair of Anonymous operatives called him at his home to ask about the relationship.

Here, then, are Barr's notes on identification as applied to Anonymous:


Organization is globally distributed with initiatives and operations started by individual groups. People lend a hand where they have capabilities and leaders seem to be both naturally selected as well as being historically connected with the organization.

They are relying on IP for anonymity. That is irrelevant with active social media users. U use IRC and FB and Twitter and Forums and Blogs regularly…hiding ur IP doesn’t matter.

Some thoughts for analysis. IRC/Forums/Blogs combined with Facebook and Twitter is great. Can you correlate times of posts? IRC they talk specifically about being in attacks. Can u correlate enough the time they are in IRC and the time they are online in FB?

At what point in an event was a friendship made, before or after?

To Figure more out about the person you need to go pre-event.

If you friend enough people you might be able to correlate people logging into chat with people logging in to Facebook.