What is managed attribution? The term may be new to some analysts and researchers conducting online investigations, but what it represents is critical to their tradecraft. Without managed attribution, investigative targets can spot when someone’s on their tail; as a result, they may feed analysts disinformation, pack up shop altogether or seek retribution against analysts or their organization. In essence, without managed attribution, the investigation can be blown.

What is Managed Attribution?

Managed attribution is a way to proactively control one’s online identity and shape what others perceive about them, their position and their intent while browsing.

When conducting online investigations, the researcher’s goal is to blend in and not attract any unwanted attention, while still being able to browse safely and engage with their adversaries to glean useful intelligence. By completely disguising their digital fingerprint, they have a much easier time staying undercover and finding the truth behind shady financial dealings, illegal activity, suspicious behavior and potential threats to their organization and clients.

Blending In vs. Hiding

To avoid leaving some digital breadcrumbs behind when visiting target sites, some researchers use a private browsing mode. While intentions are good, switching on private browsing practically signals to adversaries that someone is snooping, prompting them to look into that visitor’s online activity even more.

Even with private browsing, search engines still track your activity in other ways like supercookies, which remain active even if cookies are blocked in browser settings. And there are many ways besides cookies that users can be tracked online; for example:

  • Canvas fingerprinting: taking a fingerprint of an image rendering engine on your machine
  • E-tags: continuous tracking of objects that a user has viewed/clicked on
  • Battery status API: a way to identify a mobile device across sites

Managed Attribution Disguises More Than Location

As many online investigations involve sites and organizations in multiple countries, some researchers use a VPN to disguise their true location. While VPN can spoof location, it can’t disguise other aspects of the “location narrative” — obvious giveaways such as language, time zone and keyboard settings, as well as browser, OS and device details. Managed attribution can manipulate all of these elements, creating an online identity that matches the average visitor to a particular site and won’t arouse suspicion with the site’s webmaster.

You may also like: What VPNs and Incognito Mode Still Give Away in Your Online Identity

With a purpose-built managed attribution solution, online investigations are less likely to be spoiled due to shoddy tradecraft. Not only does managed attribution improve investigation quality and productivity, it also helps make sure that investigators stay safe and their organizations protected.

Read More

Read the flash report on managing attribution in online investigations. Learn how to manage attribution and blend in during research:

  • Learn the pitfalls of VPN, private browsing and “dirty” machines that only provide a partial disguise
  • See how managed attribution decreases risk even in dark web investigations
  • Know what capabilities to look for in a managed attribution solution

See how Silo for Research provides the security, attribution management and auditability investigators need, especially in highly regulated and at-risk organizations.