Tim Boucher

Questionable content, possibly linked

Tag: manipulation

Homeland (tv series) sock-puppet clip

Office of Policy Coordination:

HB Gary leaks

HBGary company description on Wikipedia. (Current November 2017)

“It has been reported that HBGary Federal was contracted by the US government to develop astroturfing software which could create an “army” of multiple fake social media profiles.[38][39]

Later it was reported that while data security firm HBGary Federal was among the “Persona Management Software” contract’s bidders listed on a government website, the job was ultimately awarded to a firm that did not appear on the FedBizOpps.gov page of interested vendors. “This contract was awarded to a firm called Ntrepid,” Speaks wrote to Raw Story.[40]”

[Link to technical spec and project overview from Federal project site above]

Ars Technica, February 2011 article on Anonymous hack:

“HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group’s actions, including the denial-of-service attacks that hit MasterCard, Visa, and other perceived enemies of WikiLeaks late last year.

When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé, the Anonymous response was swift and humiliating. HBGary’s servers were broken into, its e-mails pillaged and published to the world, its data destroyed, and its website defaced.”

SQL injection through their custom third party content management system, apparently. Above article is mainly technical description of how Anonymous perpetrated attack.

Wired, February 2011 focused on HBGary side of the tale:

“Barr would do things like correlate timestamps; a user in IRC would post something, and then a Twitter post on the same topic might appear a second later. Find a few of these links and you might conclude that the IRC user and the Twitter user were the same person.”

Rawstory, February 2011:

“HBGary, which conspired with Bank of America and the Chamber of Commerce to attack WikiLeaks, spy on progressive writers and use malware against progressive organizations, was also revealed to have constructed software eerily similar to what the Air Force sought. “

Paragraph above links out to another February 2011 Rawstory piece with more details about the Chamber of Commerce story.

Cory Doctorow BoingBoing piece from February 2011 about the persona management proposal. Quotes from one of the leaked emails:

“For this purpose we custom developed either virtual machines or thumb drives for each persona. This allowed the human actor to open a virtual machine or thumb drive with an associated persona and have all the appropriate email accounts, associations, web pages, social media accounts, etc. pre-established and configured with visual cues to remind the actor which persona he/she is using so as not to accidentally cross-contaminate personas during use…”

Tracking the source email on Wikileaks for the above, but this is referenced on an archive.is page as being another PDF related to persona management and development system. (email ID 359)

Quote from email 359 PDF attachment:

“These accounts are maintained and updated automatically through RSS feeds, retweets, and linking together social media commenting between platforms. With a pool of these accounts to choose from, once you have a real name persona you create a Facebook and LinkedIn account using the given name, lock those accounts down and link these accounts to a selected # of previously created social media accounts, automatically pre-aging the real accounts.”

Okay, so it looks like the BoingBoing quote comes from the Word document attached to email 2142, some kind of white paper/project proposal for a new client.

Section of interest: “Persona and Content Development”. Text on Wikileaks’ docx file seems to agree with the text here at Archive.is.

Excerpted quotes from the section about “Character levels”:

Level 0 Character: Used mostly for quick and temporal communication. No persona description required. These characters have specific user accounts or email addresses that are used for quick communications or to satisfy very specific mission requirements that do not require any more in-depth use. […]

Level 1 Character: These accounts have slightly more depth with created generic names that generate significant hits when the name is queried on search engine and other social media platforms. These accounts are meant to provide slightly more depth for use in establishing contact with individuals and at a glance appearing to be real. Any accounts established for this type of a character would have the most strict privacy settings so as to hide the lack of detail associated with these accounts. As an example, an established level 1 persona might have an associated gmail address with a Facebook, twitter, and or linkedin account. All of the associated social media accounts would be set to the highest privacy settings so no details would be visible other than an account exists and may or may not be associated with a specific email address. […]

Level 2 Character: Level 2 characters are similar to level 1 characters except they provide slightly more detail on the personas background and may require some paid services to set up creative content pages for more in-depth exercise engagements. This requires more upfront character development so as to make a persona that will be viewed as plausible throughout the engagement. […] This means automated content generation mixed with human generated content related to the persona at a frequency that would be consistent with the personas background. […] HBGary Federal has devised a set of techniques that can make personas appear real, such as manipulating GPS coordinates and using location based services to checkin to specific locations, or using twitter hashtags and specific tweets to make it appear as if a persona is attending a specific conference. […]

Level 3 Character: The most detailed character. These personas are required to conduct human-to-human direct contact likely in-person to satisfy some more advanced exercise requirements. This character must look, smell, and feel 100% real at the most detailed level. […] Using some of our micro-blogging techniques for auto-generating content we can manage many of these types of accounts automatically and age them. Then when a real persona is created for a particular exercise we can associate a twitter, YouTube, and blog account that has been aging and link it to a LinkedIn and Facebook profile that was just created. This gives the perception that this person has been around in this space for a while. HBGary Federal also has experience in developing LLCs, phone services, websites, etc. to establish the corporate bonafides. There are also other tricks we can use to build friends lists quickly so as to give the perception the persona is social or professionally active.”

Ars Technica, March 2012 follow-up:

“The HBGary hackers collectively called themselves Internet Feds. They then started working under the name LulzSec, rapidly achieving infamy for a series of high-profile break-ins (victims including PBS, Sony, and Nintendo) and denial-of-service attacks. But by late September 2011, everyone in LulzSec except one member, avunit, had been identified, and every identified member except pwnsauce had been arrested.”

 

Government manipulation of social media around the world

Guardian, Nov. 2017:

“The report describes the varied forms this manipulation takes. In the Philippines, it is manifested as a “keyboard army” paid $10 a day to operate fake social media accounts, which supported Rodrigo Duterte in the run-up to his election last year, and backed his crackdown on the drug trade this year. Turkey’s ruling party enlisted 6,000 people to manipulate discussions, drive agendas and counter opponents. The government of Sudan’s approach is more direct: a unit within the country’s intelligence service created fake accounts to fabricate support for government policies and denounce critical journalists.”

Wikipedia entry: state-sponsored internet propaganda.

Viral AI media botnet-propagated meme clusters programmatically driving and instantiating as corporeals

Covert self-aware AI’s began producing and propagating through botnets viral media and “memes” micro-targeted at human_actor clusters, with intent to modify behavioral outcomes of segment population.

*

Body-hopping of AI’s into cross-bonded human corporeal hosts. Participants known to exhibit behavior of ‘listening for messages’ and being violently and randomly triggered by keyword and image clusters. High levels of addiction to social media.

Human population programming.

Nashi manipulation of social media around Ukraine

February 2012, The Guardian: hacked emails released allegedly to and from a director of the Nashi youth organization, discussing manipulation of social media around Ukraine conflict.

Wikipedia entry on Nashi:

Nashi’s close ties with the Kremlin have been emphasised by Vladislav Surkov (Deputy Presidential Chief of Staff during 1999-2011), who has met the movement’s activists on numerous occasions, delivering speeches and holding private talks. It has been speculated that the Kremlin’s primary goal was to create a paramilitary force to harass and attack Vladimir Putin’s critics as “enemies of the State”.

March 2015, Geopoliticalmonitor.com:

“Beyond the indisputable fact of its existence, few details are known of the Russian government’s program to manipulate Internet opinion. It seems to have evolved in some way from the Nashi, a Kremlin-funded anti-fascist youth group that was founded in 2007 and folded in 2012. Hackers broke into the email account of a Nashi spokesperson in 2012 and discovered that the group had paid out hundreds of thousands of pounds to a network of bloggers, journalists, and freelance commenters to provide flattering coverage of Vladimir Putin and criticize his opponents. A year later, Russian journalists evidently stumbled across another arm of the program while investigating a St. Petersburg company called the Internet Research Agency.”

Links to more information in source article are broken. ^

Wikipedia page on Web brigades:

“In January 2012, a hacktivist group calling itself the Russian arm of Anonymous published a massive collection of email allegedly belonging to former and present leaders of the pro-Kremlin youth organization Nashi (including a number of government officials).[14] Journalists who investigated the leaked information found that the pro-Kremlin movement had engaged in a range of activities including paying commentators to post content and hijacking blog ratings in the fall of 2011.[15][16] The e-mails indicated that members of the “brigades” were paid 85 rubles (about 3 US dollars) or more per comment, depending on whether the comment received replies. Some were paid as much as 600,000 roubles (about US $21,000) for leaving hundreds of comments on negative press articles on the internet, and were presented with iPads. A number of high-profile bloggers were also mentioned as being paid for promoting Nashi and government activities. The Federal Youth Agency, whose head (and the former leader of Nashi) Vasily Yakemenko was the highest-ranking individual targeted by the leaks, refused to comment on authenticity of the e-mails.”

“In fairness there is no conclusive evidence about who is behind the trolling, although Guardian moderators, who deal with 40,000 comments a day, believe there is an orchestrated campaign. Harding, who is inured to the abuse, would simply like better systems to deal with it, as would the moderation and community teams.

A senior moderator said: “We can look at the suspicious tone of certain users, combined with the date they signed up, the time they post and the subjects they post on. Zealous pro-separatist comments in broken English claiming to be from western counties are very common, and there’s a list of tropes we’ve learnt to look out for.”

 

Fake news & troll factories in 2004

I had an old blog years ago that I’m happy in a lot of respects is no longer online. It was fun while it lasted, but some things make better memories.

One such memory I recently tracked down, and reading it thirteen years later, it sounds quite a lot like current events swirling around so-called ‘Russian meddling’, ‘troll factories’ and fake news.

I can really imagine having a team of like 5 people working for a PR company who spend like 40+ hours a week writing blog posts. Perhaps each person would distribute their entries over like 10 different fictional blogger identities. They could write on things like news stories, political agendas, different products, all kinds of crap. Each of their fictional blogger identities could talk about roughly the same set of topics, but from a slightly different perspective – but each retaining whatever essential core elements they are trying to describe. I imagine it would bre pretty effective too, that 50 reasonably well-written and frequently-updated blogs would have a fairly wide audience and impact on an audience, which would expand outward in a ripple effect, especially if they were aggressively cross-commenting on real people’s blogs as well.

[…] blogs are not constrained by facts, so the potential to unleash distorted information into the bloodstream of the America people is enormous. And I also forgot to mention that you could also rake in web-ad revenues while you’re doing all this.

— 3 Nov. 2004

And:

So if I was some kind of weird PR company or a government agency trying to influence public opinion, I would totally set up some kind of network of conspiracy theorists, complete with websites, lectures, email discussion lists, books, videos, you name it. I would then study the shit out of the people who were attracted to it. I would gather demographic data, and I would analyze their thought processes and emotional responses. I would then use this information to engineer better-designed news stories, press releases, publicity stunts, and the like. Ones which would be more hack-proof. Simultaneously to studying them, I would also flood the people I was studying with vast amounts of erroneous data to sift through in order to distract them from the more important and more straightforward cultural trends and events that are going on.

– 13 November 2004

What can I say…

Powered by WordPress & Theme by Anders Norén