Read on Twitter
We've gotten a lot of responses after calling out that sock account last night. Those who have been following us know this has been an ongoing issue for many people in infosec. Let's examine what happened and what we can do moving forward. 1//
First off, who is Kenny? Kenny is a person who has spent well over a year targeting women in infosec, gaining their trust through various accounts and guilt trips, and becoming a huge emotional burden. Then, when his targets stick up for themselves, he threatens their safety. 2//
He has threatened to "find people" at cons (which for many of his targets are work events), and he has also threatened to show up at people's houses / work. He hit new lows recently by forging screenshots to make it look like someone was suicidal to get cops called on them 3//
He uses a multitude of sock accounts he sets up on Twitter using multiple cheap android phones and sim cards. Here are multiple screenshots of taunts, and him flat out revealing his harassment infra and leaking his SIM cards ICCID. 4//
There have been many threads about Kenny, but it's hard, because no one wants to dox, or cause any real harm. Many have been deleted due to guilt or harassment, not just by Kenny, but my members of this community for causing "drama". Here's Azeria: 5// https://twitter.com/Fox0x01/status/1293732844066476037
We've been watching and consistently calling out his sock accounts when we find them. We noticed this account because of very specific TTPs that this person. A major tactic is that he usually always pretends to be an underrepresented person in Infosec. 6// https://twitter.com/thugcrowd/status/1290694299580080129
For more back story we have some threads. He also cannot resist commenting on threads about him, so expect to have some of his accounts revealed in the replies lol. 7//
https://twitter.com/thugcrowd/status/1291210480443416576
and https://twitter.com/thugcrowd/status/1286881317347561474
https://twitter.com/thugcrowd/status/1291210480443416576
and https://twitter.com/thugcrowd/status/1286881317347561474
Now you have some history, let's talk about what you can do. We noticed red flags specific to this person, but sock accounts are nothing new. It's important to know some of the signs of a sock account/astroturf effort. Here are some awesome tips: 8// https://twitter.com/ChristinaLekati/status/1316320704342691840
It can be difficult to call out a supposed or known sock account, because they can rely on the pre-existing trust they farmed. They also can flat out deny and try to make you look crazy. It's usually best to give objective details to another person and see what they say. 9//
If in doubt, take a screen shot! Better yet, get their Twitter ID. This will allow you to see if they changed their handle. You can use https://tweeterid.com/ or similar. You can also connect your account with Spoonbill to track username/bio changes https://spoonbill.io/ 10//
You might see a meteoric rise for a new account, and who knows, they might be a real person with something interesting to say, but best practices should not be to throw yourself at a new person just to welcome them. This specific action is what is currently being abused. 11//
People like Kenny know that all it takes is one trusted person to give them some grand welcome, and tag a million people in a reply, to get the ball rolling. He knows who follows back. He knows all of the common frustrations we share and will commiserate over. 12//
This is spearphishing at a community scale. It's grifting. They know everything about us. They don't do anything else in their life except watch all of us and figure out what we react to. It's like a sentient, malignant version of the algorithms that serve us tons of ads. 13//
Just like a good spearphish, they will play to your ego, play to your fears, play to the structures you create in your life and community that will allow guard to be let down. They will know what resources you've shared, cons you've spoken at, and will try to flatter you. 14//
What do you do if you are targeted?
1. Don't overshare with anyone who DMs you out of the blue.
2. Actually view their profile. If you don't have time to do that, then don't respond!
3. Keep track of weird questions.
4. If in doubt, talk to someone.
15// https://twitter.com/thugcrowd/status/1291392312287821824
1. Don't overshare with anyone who DMs you out of the blue.
2. Actually view their profile. If you don't have time to do that, then don't respond!
3. Keep track of weird questions.
4. If in doubt, talk to someone.
15// https://twitter.com/thugcrowd/status/1291392312287821824
Last point - Why does this continue? How are we this deep into this and still nothing has been done? Much of this failing comes on community support. We don't believe victims. They jump through hoops just to get the decency of believing them when they say they are in danger. 16//
Feel free to add your own responses to this by the way. This was just a 1000ft. view for many people who are outsiders observing this situation. We would love to hear more insight from others. We'll be adding to this thread if necessary as well. 17//
Another quick point: They know exactly how to play on your heart strings by feigning responses like this, and even when being called out, they double down. All this does is serve to delegitimize underrepresented people and make people trust them less (as if they need that). 18//
What did we say? He can't keep his mouth shut and loves returning to threads about him to confirm that his sock account is indeed him. We've been tracking this one too, and what do you know? He blocked us after posting this.
https://twitter.com/SabrinasWand/status/1316434187352596480
19//
https://twitter.com/SabrinasWand/status/1316434187352596480
19//
Twitter ID is 1313283855256748033 in case he changes the handle again.
