Privacy Research using Active OSINT Techniques

Abstract

Internet users are typically required to provide personal information to companies and organizations in exchange for information or services. After registering, however, they are typically left in the dark about how their information is processed, stored, and shared, which has led to research efforts to understand the privacy implications associated with Internet usage. Fake identities are one documented methodology for performing open-source intelligence (OSINT) privacy research while limiting the ethical concerns surrounding using real-human personally identifiable information (PII). The Use and Abuse project at the Virginia Tech National Security Institute has developed the underlying architecture necessary for generating, deploying, and tracking fake digital identities at scale. This thesis investigates the characteristics that compose digital identities and generates a model for the repeatable generation of robust fake identities. Additionally, this thesis utilizes open-source intelligence techniques and employs fake identities to investigate the privacy implications of cybersquatting attacks. Finally, the potential use case of large language models (LLMs) to mimic personality for fake identities using psychological factors, in order to expand their usefulness in more complex internet domains and increase their believability, is explored.