“Oh look, I’ve got a friend request on Facebook!” But is it real? It could be a person or it could be a spammer. We’ve all become used to the deluge of incompetent marketing spam that rolls in waves through the various social networks, but here’s a new one: military in disguise.
The Air Force is contracting for software that will manage fake identities. Specifically, identities on social media platforms. That means that you could possibly end up with a government plant in your friends list.
Details about the contract hit the Internet a few days ago, when hacker Cryptome.org broke into the email account of HBGary, and shared what he or she found there on the Internet. Since HBGary’s motto, proclaimed on its website, is “Detect, Diagnose, Respond,” and its field is information security, you can bet that there are people in some rather hot water over this.
Allison Diana, a writer for Information Week, links to the original solicitation and sums it up:
According to Solicitation Number: RTB220610, the armed services division sought a software program that could manage 10 personas per user, including background; history; supporting details, and cyber presences that are ‘technically, culturally and geographacilly [sic] consistent. Individual applications will enable an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries. Personas must be able to appear to originate in nearly any part of the world and can interact through conventional online services and social media platforms. The service includes a user friendly application environment to maximize the user’s situational awareness by displaying real-time local information.’
So, the military wants 500 social media identities that can be masked so as to appear to be from anywhere on the planet. All with a consistent set of appropriate social media outposts: Facebook, Twitter, etc. Considering our nation’s ongoing war footing, I can hardly call this shocking, although I am surprised to see this coming from the Air Force rather than the FBI or CIA.
Of course, one thing that does immediately spring to mind is the potential for this to be used for monitoring people and communications stateside as well. The polarized political climate of the U.S. could easily lead to some extensive rationalizations being made in the name of security. Monitoring and surveillance technologies have always gone hand in hand with the potential for abuses. Abuses that could well be see as being likely in light of prior allegations made against HBGary.
Erik Sherman, a writer for BNET, comments in his recent post on the subject:
What makes this story more complex is that one of the vendors interested in the contract was HBGary Federal, a division of HBGary allegedly hired by the U.S. Chamber of Commerce to attack Chamber critics, as my BNET colleague Alain Sherter writes. Bank of America (BAC) allegedly also hired HBGary Federal to develop plans to attack WikiLeaks, which had rumored to be readying a release of internal BoA documents.
Whether true or not, these past allegations do paint HBGary in a light that would seem to make it a prime target for hackers. The veracity of the those allegations is something that may well be resolved once the content of the email dump has been sifted through. One observation on the subject that amused me greatly was this comment in a post on Foreclosureblues:
Anyway. The really bad news is that this isn’t theoretical, the Air Force actually secured the rights to 500 fake personas, claiming they’d be used at MacDill AFB, Kabul, Afghanistan and Baghdad, Iraq. Strange, MLM bots manage to do this on Twitter all the time and don’t need to shell out huge amounts of money to do it.
The fact that this is government contract makes a lot of people nervous. After all, the current and prior administrations both have pretty bad track records when it comes to making their words and actions agree when it comes to Internet policies. Darlene Storm, a reporter for ComputerWorld, notes this as well:
So while the U.S. government can talk a good talk, what it does and what it says often doesn’t seem to jive. Gasp, I know, it’s not a big shocker but sometimes I find that utterly frustrating. The President wanted an Internet Kill Switch, the FBI keeps pushing for backdoors on all-things-Net. What happened to a code of ethics? Does it disappear behind closed doors, dirty deeds done in the dark and used against the American people who are supposed to be free to express themselves?
While writing this, I reached out to my friend Sean Hastings for his thoughts on the matter. As one of the founders of HavenCo, he is usually pretty in tune with this sort of thing. Years in information technology and cryptography give him exactly the background needed to comment on this issue. Here’ are his thoughts on the subject:
While the obvious fear is that the discovery that government agencies want multiple fake identities on social networks indicates some elaborate scheme for the government to spy on people’s online conversations and insert spin and propaganda into the discussions, it may be far less sophisticated than all that. It may just be about fake IDs.
Consider that intelligence agencies regularly have agents, using fake names and backgrounds, operating around the world. Until recently, if someone were to run a background check on such an agent in an attempt to verify the validity of their claimed identity, they would be checking on documents filed with government agencies and a few other institutions that the government has strong influence over universities-banks-credit rating companies.
Today, however, a quick check of someone’s online presence could be quite telling. If John Q. Smith really grew up in Nebraska, where is his Facebook page with links to his Nebraska high school friends and family? Why doesn’t he have a Twitter account where he argues politics with random strangers in 140 characters or less intellectual volleys?
To create a realistic cover story in today’s world would require not only a single fake online presence, but dozens of supporting characters who leave annoying Farmville requests on your agent’s wall.
What do you think? Is this merely the logical extension of classic intelligence tactics, or do you see it more as a Trojan horse for allowing surveillance of unpopular opinion? We would love to hear your thoughts on the subject!
Source: “Why Did the U.S. Military Buy 500 Fake Internet Personas?,” Foreclosureblues, 02/19/11
Source: “Air Force Seeks Fake Online Social Media Identities,” InformationWeek, 02/22/11
Source: “Army of fake social media friends to promote propaganda,” ComputerWorld, 02/22/11
Source: “So, Why Does the Air Force Want Hundreds of Fake Online Identities on Social Media? [Update],” BNET, 02/18/11
Image by Anonymous 9000, used under its Creative Commons license.