A DECEPTICON and AUTOBOT walk into a bar: Python for enhanced OPSEC
2020-09-04, 16:30–17:10, Main stream

When we see the terms Natural Language Processing (NLP) or Machine Learning (ML), often, our guts are correct, and it is vendor marketing material, frequently containing FUD. As someone who unapologetically loses their mind at vendor FUD and buzzword bingo, I was reluctant to use those terms in a submission. After tinkering with various libraries in Python and R with the use of some OSINT and SOCMINT techniques, I have found a use for NLP and ML that is 100% FUD free.

Topics that I have frequently spoken about in past years is disinformation, deception, OSINT, and OPSEC in a framework I often call DECEPTICON. When working through learning NLP and ML in Python, it dawned on me: marry these technologies with DECEPTICON for good. Enter the DECEPTICON bot. The DECEPTICON bot is a python-based tool that connects to social media via APIs to read posts/tweets to determine patterns of posting intervals and content then takes over to autonomously post for the user. What is the application you ask: people who are trying to enhance their OPSEC and abandon social media accounts that have been targeted without setting off alarms to their adversaries. Use case scenarios include public figures, executives, and, most importantly – domestic violence and trafficking victims.


Abstract:
When we see the terms Natural Language Processing (NLP) or Machine Learning (ML), often, our guts are correct, and it is vendor marketing material, frequently containing FUD. After tinkering with various libraries in Python and R with the use of some OSINT and SOCMINT techniques, I have found a use for NLP and ML that is 100% FUD free.

Topics that I have frequently spoken about in past years is disinformation, deception, OSINT, and OPSEC in a framework I often call DECEPTICON. When working through learning NLP and ML in Python, it dawned on me: marry these technologies with DECEPTICON for good. Enter the DECEPTICON bot. The DECEPTICON bot is a python* based tool that connects to social media via APIs to read posts/tweets to determine patterns of posting intervals and content then takes over to autonomously post for the user. What is the application you ask: people who are trying to enhance their OPSEC and abandon social media accounts that have been targeted without setting off alarms to their adversaries. Use case scenarios include public figures, executives, and, most importantly – domestic violence and trafficking victims.

Outline:

  • Intro (1:00)
  • Basis for Research (3:00)
    • Why the initial research?
    • Preconceived notions
  • Crash Course into Infosec BS Buzzword Bingo (7:00)
    • OSINT
    • SOCMINT
    • Machine Learning
    • Natural Language Processing
  • Existing “Iterations” (10:00)
    • Marketing
    • SEO
    • Government
    • Sentiment Analysis
    • OSINT
  • The idea of incorporating with DECEPTICON (15:00)
    • Overview of DECEPTICON
    • Limitations
    • Use cases
  • The process of writing the code for the tool (20:00)
    • My python and R competencies starting out
    • Books used
    • Tools built along the way
    • Realization of outcome of initial preconceived notions
  • Beginning of implementation for test run (23:00)
    • Methods for determining frequency of:
      • Posting/Tweeting (Macro level; days, weeks, months)
      • Posting/Tweeting (Micro level; frequency of posts during times posted)
      • Sentiment of posts
      • Grammar and spelling rhythm and heuristics
      • Topics posted about
      • Locations Checked into
  • Failures and causes (25:00)
    • Instances where algorithms or learning techniques were wrong
    • Instances where the learning was improperly monitored
    • Instances where dataset was too large or too small (overfitting or underfitting)
  • Refinement process (33:00)
    • Changes to design where applicable
  • Accounts used (35:00)
    • Explanation of metrics and design for test account
  • Code and Demo (37:00)
    • Demo
  • Questions (40:00)

Joe is currently a Senior OSINT Specialist at Qomplx, Inc. and previously maintained his own blog and podcast called Advanced Persistent Security. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. As a member of the Password Inspection Agency, Joe has placed 2nd in the HackFest Quebec Missing Persons CTF powered by TraceLabs, 2nd in the BSides Atlanta OSINT CTF, and 3rd Place in the 2018 & 2019 NOLACon OSINT CTFs. Joe has independently placed 2nd in the HackFest Quebec SECTF, 4th Place in the DerbyCon OSINT CTF, and 2nd Place in Hacker Jeopardy at Hack in Paris. Joe has contributed material for the likes of TripWire, AlienVault, ITSP Magazine, CSO Online, Forbes, and Dark Reading as well as his own platforms.