Tim Boucher

Questionable content, possibly linked

Tag: hb gary

Vyacheslav Volodin – Chairman of State Duma

I put together a post looking at sources for a software application used by the Chairman of the State Duma of Russian Vyacheslav Volodin.

Vedomosti, May 2014 – auto-translated from Russian:

“Coming at the peak of the meeting rallies, the new team of Vyacheslav Volodin radically revised the attitude towards working with the network audience, placing a stake on systemic manipulation of public opinion through the tools of new media.

This work was recognized so effective that it was decided to send these weapons outside – to the American and European audiences.

According to sources close to the presidential administration, preliminary work began in the fall of 2013. The strategy was agreed upon by Volodin, after which they selected the performers and began to create the infrastructure.

Curators of the external direction are called those who were previously engaged in the domestic market. Work on the West is only just unfolding, but already now it is becoming noticeable.”

So their premise is that the technology infrastructure developed after internet crackdowns in Russia in 2011 was so successful they exported it. And this written in 2014, which seems all the more prescient.

But as we know, Americans were developing similar technologies at a government level in 2010/2011 time period as well. (Also HB Gary leak.)

Here’s that mention of India and Thailand again:

“At the same time, the hired Russian structures themselves use subcontractors around the world. While it was possible to reliably establish their working contacts with groups in Germany, India and Thailand. Most likely we are talking about natives of Russia.

Now the system that is being built in America and Europe exists in a test mode. Mostly they are engaged in classical information-analytical work.

The so-called “Anonymous International” group has laid out some of the documentation, possibly related to the activity of one of the main “American” teams (download the folder at http://www.sendspace.com/file/q3jft3).

This is the new, external department of the “nest of trolls,” which was exposed in September 2013 in an investigation (“http://www.novayagazeta.ru/politics/59889.html) of Novaya Gazeta.””

(Note: The sendspace link above to Anonymous International/Shaltay Boltay leaks is not functional.)

Cripo.com.ua May 2014 article, auto-translation:

“At the end of May, a group of hackers from the “Anonymous International” began publishing a series of documents received from the hacked electronic mailboxes of Olga Dzalba, a financier of the Internet Research Agency (AIE), a structure based in the suburbs of St. Petersburg – Olgino – in the summer of 2013, the order of the head of the company “Concord” Eugene Prigozhin. In addition, in the open access were reports on the work done, addressed to a man by the name of Volodin.

Vedomosti , by the way, links the Kremlin’s adopted strategy for manipulating public consciousness through new media with the name of Vyacheslav Volodin, the first deputy head of the presidential administration.

As it follows from the documents analyzed by Fontanka.ru , under a single management a scheme was built out of Internet agencies with hundreds of paid bloggers and commentators, as well as several media outlets in Russia and Ukraine. Their maintenance is estimated at 33.5 million rubles a month, of which more than 17 million – in cash. Financial documents are full of notes “not of.” – Apparently, “not officially.””

BBC February 2012:

“Mr Volodin is widely considered one of the country’s most influential and ambitious hardliners.

He is a deputy prime minister and the government’s chief of staff, and as such is the brains behind Vladimir Putin’s presidential election campaign.”

His Wikipedia page, current to November 2017:

“In October 21, 2010 he was appointed Deputy Prime Minister under Dmitry Medvedev. as well as—after the dismissal of Sergey Sobyanin in connection with his approval to the Mayor of Moscow—Chief of Staff of the Presidential Executive Office.”

Medvedev and Sobyanin connection.

Interesting, via same Wikipedia source:

“In April 28, 2014, following the Crimean status referendum, the U.S. Treasury put Volodin on the Specially Designated Nationals List (SDN), a list of individuals sanctioned as “members of the Russian leadership’s inner circle.”[4][5][6][7][8] The sanctions freeze any assets he holds in the US[7] and ban him from entering the United States.[9]

On 12 May 2014, Volodin was added to the European Union sanctions list due to his role in the 2014 Crimean crisis.[10] He is barred from entering the EU countries, and his assets in the EU have to be frozen.”

The Moscow Times, September 2016:

“Vyacheslav Volodin was brought in to mastermind Putin’s victory in the 2012 presidential election after the Bolotnaya protests in December 2011.”

More links and quotes I compiled regarding 2011 Russian election protests.

Reuters February 2012:

“He has mostly kept in the shadows, especially since he became first deputy chief of staff in the presidential administration in a reshuffle following the start of mass protests over alleged fraud in a December 4 parliamentary election.

Volodin’s challenge is to ensure Putin wins 50 percent of the votes on March 4 to avoid a second-round runoff, which could undermine his authority.”

United Russia links.

Associated Press, September 2016.

“While Volodin has largely stayed in the shadows, he is considered one of Russia’s most influential officials, a puppet master who has directed the parliament’s work and engineered elections. He was also widely seen as a driving force behind a string of draconian laws in response to massive anti-Putin protests in 2011-2012.”

Regarding Putin election situation of 2012, BBC September 2011:

“Russian Prime Minister Vladimir Putin says he has accepted a proposal to stand for president in March 2012.

Addressing the ruling United Russia party’s annual congress, Mr Putin and current President Dmitry Medvedev backed one another to switch roles.”

… “He had already served two terms as president before Mr Medvedev took over in 2008. Mr Putin was barred by the constitution from running for a third consecutive term.”

… “Under recent constitutional amendments, the new president will have a six-year mandate rather than four years as before. He or she will be able to serve no more than two consecutive terms, meaning Mr Putin could be in office until 2024.”

… “However, along with genuine messages of support, a #putin2012 hashtag appeared which raised suspicions of manipulation among bloggers.

It was being promoted, in part, by tweeters who had registered on Twitter on the same date, 27 June 2011, some within seconds of each other, with account locations that spanned Russia.”

 

Shepherds & Sheepdogs (Botnets)

Good Rolling Stone November 2016 article on Medium with this description of how botnets may operate:

“To explain how they work, Ben Nimmo, a fellow at the Atlantic Council’s Digital Forensic Research Lab, uses a shepherding analogy. “A message that someone or some organization wants to ‘trend’ is typically sent out by ‘shepherd’ accounts,” he says, which often have large followings and are controlled by humans. The shepherds’ messages are amplified by ‘sheepdog’ accounts, which are also run by humans but can be default-set “to boost the signal and harass critics.” At times, the shepherds personally steer conversations, but they also deploy automation, using a kind of Twitter cruise control to retweet particular keywords and hashtags. Together, Nimmo says, the shepherds and sheepdogs guide a herd of bots, which “mindlessly repost content in the digital equivalent of sheep rushing in the same direction and bleating loudly.””

Overall description bears similarity to the description of LOIC/Low Orbit Ion Cannon, as described in this February 2011 Wired article about the guy who brought the HB Gary leaks down on himself:

“The report that came back focused on the Low Orbit Ion Cannon, a tool originally coded by a private security firm in order to test website defenses. The code was open-sourced and then abandoned, but someone later dusted it off and added “hivemind mode” that let LOIC users “opt in” to centralized control of the tool. With hundreds or thousands of machines running the stress-test tool at once, even major sites could be dropped quickly.”

HB Gary leaks

HBGary company description on Wikipedia. (Current November 2017)

“It has been reported that HBGary Federal was contracted by the US government to develop astroturfing software which could create an “army” of multiple fake social media profiles.[38][39]

Later it was reported that while data security firm HBGary Federal was among the “Persona Management Software” contract’s bidders listed on a government website, the job was ultimately awarded to a firm that did not appear on the FedBizOpps.gov page of interested vendors. “This contract was awarded to a firm called Ntrepid,” Speaks wrote to Raw Story.[40]”

[Link to technical spec and project overview from Federal project site above]

Ars Technica, February 2011 article on Anonymous hack:

“HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group’s actions, including the denial-of-service attacks that hit MasterCard, Visa, and other perceived enemies of WikiLeaks late last year.

When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé, the Anonymous response was swift and humiliating. HBGary’s servers were broken into, its e-mails pillaged and published to the world, its data destroyed, and its website defaced.”

SQL injection through their custom third party content management system, apparently. Above article is mainly technical description of how Anonymous perpetrated attack.

Wired, February 2011 focused on HBGary side of the tale:

“Barr would do things like correlate timestamps; a user in IRC would post something, and then a Twitter post on the same topic might appear a second later. Find a few of these links and you might conclude that the IRC user and the Twitter user were the same person.”

Rawstory, February 2011:

“HBGary, which conspired with Bank of America and the Chamber of Commerce to attack WikiLeaks, spy on progressive writers and use malware against progressive organizations, was also revealed to have constructed software eerily similar to what the Air Force sought. “

Paragraph above links out to another February 2011 Rawstory piece with more details about the Chamber of Commerce story.

Cory Doctorow BoingBoing piece from February 2011 about the persona management proposal. Quotes from one of the leaked emails:

“For this purpose we custom developed either virtual machines or thumb drives for each persona. This allowed the human actor to open a virtual machine or thumb drive with an associated persona and have all the appropriate email accounts, associations, web pages, social media accounts, etc. pre-established and configured with visual cues to remind the actor which persona he/she is using so as not to accidentally cross-contaminate personas during use…”

Tracking the source email on Wikileaks for the above, but this is referenced on an archive.is page as being another PDF related to persona management and development system. (email ID 359)

Quote from email 359 PDF attachment:

“These accounts are maintained and updated automatically through RSS feeds, retweets, and linking together social media commenting between platforms. With a pool of these accounts to choose from, once you have a real name persona you create a Facebook and LinkedIn account using the given name, lock those accounts down and link these accounts to a selected # of previously created social media accounts, automatically pre-aging the real accounts.”

Okay, so it looks like the BoingBoing quote comes from the Word document attached to email 2142, some kind of white paper/project proposal for a new client.

Section of interest: “Persona and Content Development”. Text on Wikileaks’ docx file seems to agree with the text here at Archive.is.

Excerpted quotes from the section about “Character levels”:

Level 0 Character: Used mostly for quick and temporal communication. No persona description required. These characters have specific user accounts or email addresses that are used for quick communications or to satisfy very specific mission requirements that do not require any more in-depth use. […]

Level 1 Character: These accounts have slightly more depth with created generic names that generate significant hits when the name is queried on search engine and other social media platforms. These accounts are meant to provide slightly more depth for use in establishing contact with individuals and at a glance appearing to be real. Any accounts established for this type of a character would have the most strict privacy settings so as to hide the lack of detail associated with these accounts. As an example, an established level 1 persona might have an associated gmail address with a Facebook, twitter, and or linkedin account. All of the associated social media accounts would be set to the highest privacy settings so no details would be visible other than an account exists and may or may not be associated with a specific email address. […]

Level 2 Character: Level 2 characters are similar to level 1 characters except they provide slightly more detail on the personas background and may require some paid services to set up creative content pages for more in-depth exercise engagements. This requires more upfront character development so as to make a persona that will be viewed as plausible throughout the engagement. […] This means automated content generation mixed with human generated content related to the persona at a frequency that would be consistent with the personas background. […] HBGary Federal has devised a set of techniques that can make personas appear real, such as manipulating GPS coordinates and using location based services to checkin to specific locations, or using twitter hashtags and specific tweets to make it appear as if a persona is attending a specific conference. […]

Level 3 Character: The most detailed character. These personas are required to conduct human-to-human direct contact likely in-person to satisfy some more advanced exercise requirements. This character must look, smell, and feel 100% real at the most detailed level. […] Using some of our micro-blogging techniques for auto-generating content we can manage many of these types of accounts automatically and age them. Then when a real persona is created for a particular exercise we can associate a twitter, YouTube, and blog account that has been aging and link it to a LinkedIn and Facebook profile that was just created. This gives the perception that this person has been around in this space for a while. HBGary Federal also has experience in developing LLCs, phone services, websites, etc. to establish the corporate bonafides. There are also other tricks we can use to build friends lists quickly so as to give the perception the persona is social or professionally active.”

Ars Technica, March 2012 follow-up:

“The HBGary hackers collectively called themselves Internet Feds. They then started working under the name LulzSec, rapidly achieving infamy for a series of high-profile break-ins (victims including PBS, Sony, and Nintendo) and denial-of-service attacks. But by late September 2011, everyone in LulzSec except one member, avunit, had been identified, and every identified member except pwnsauce had been arrested.”

 

Powered by WordPress & Theme by Anders Norén