U.S. military spy operation invades Facebook, Twitter, blogs and chatrooms

[Al-khiyal]

U.S. Central Command ‘friending’ the enemy in psychological war

March 1, 2011 -- The U.S. Central Command is stepping up psychological warfare operations using software that allows it to target social media websites used by terrorists. The Tampa, Florida-based military command that runs the wars in Iraq and Afghanistan recently bought a special computer program that troops use to create multiple fake identities on the Internet. The military uses the fictitious identities to infiltrate groups and in some cases spread disinformation among extremist organizations such as al Qaeda and the Taliban with the goal of disrupting their operations, according to documents and U.S. officials. The program is aimed at helping troops create and maintain realistic online personalities that will persuade extremists to allow them into chat rooms and bulletin boards by creating the appearance that they are logging on and posting messages or other contributions from anywhere in the world. Information operations generally are carried out by U.S. special-operations forces.

The software is used for what the military calls “information operations” that use “classified social media activities outside the United States to counter violent extremist ideology and enemy propaganda,” Centcom spokesman Commander Bill Speaks told The Washington Times. Information operations include activities designed “to influence, disrupt, corrupt or usurp adversarial human and automated decision-making while protecting our own,” according to Pentagon documents. Such activities include disinformation campaigns, or military deception; computer network operations, or hacking; and what used to be called psychological warfare operations or “psy-ops,” but is now referred to as “military information support operations.”

Defense Secretary Robert M. Gates issued a memo this year directing that military information support operations replace psychological warfare and transferring oversight and management of information operations from defense intelligence officials and to the Pentagon’s policymaking directorate. He said the change would enable better coordination of activities across the Pentagon and throughout the U.S. government. Under Mr. Gates‘ order, U.S. Strategic Command, where the military’s new cyberwarfare arm is based, will concentrate on military computer hacking and cyberdefenses. The Joint Staffs will take responsibility for deception operations and Special Operations Command will take the lead in military information support operations. Deception operations can be strategic and tactical and can be aimed at supporting U.S. policies or small-scale operations.

Former CIA Director and retired Air Force General Michael V. Hayden said in an interview that information operations like those at Centcom, using social media, are the cutting edge of U.S. military and intelligence activities that often require officials to rapidly determine how long-established rules and limits apply in the borderless world of the Internet. “I think a good word would be developmental,” Mr. Hayden said. “Operationally developmental, technologically developmental and legally developmental.”

Centcom purchased the $2.7 million software from San Diego-based Ntrepid, the same company that markets “Anonymizer,” a popular online tool that lets users hide their identities and locations on the Web. The company and its executives did not respond to several requests for comment. According to military procurement documents, the software will “enable an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries.” “Personas must be able to appear to originate in nearly any part of the world,” the documents stated.

Any computer that logs on to the Web generally does so from its unique Internet location, known as an Internet Protocol or IP address. The addresses often can be tracked back to specific corporations or agencies, and sometimes are pinpointed geographically. The software generates false IP addresses that are not linked to the U.S. military, thus making them appear to originate from specified parts of the world, the documents stated. “The service includes a user-friendly application environment to maximize the user’s situational awareness by displaying real-time local information,” the document said, a reference to information it can generate about the time, weather and local news in the pretend location of the fake persona.

The growth of a single global information culture and the growing ubiquity of the Internet pose challenges for U.S. military psy-ops warriors who are barred by law and policy from targeting U.S. audiences. Traditional information operations such as leaflets can be dropped on enemy troops, making it easy to exclude U.S. audiences. “Leaflets don’t blow across the world,” said Isaac R. Porche, a researcher at the RAND Corp. who has written about information operations. “That’s not the case” with Internet communications, he added. “Cyberspace doesn’t have borders,” he said.

The issue is further complicated by the most popular social media sites that are owned and operated by U.S. companies that enjoy many of the same rights and protections as citizens under U.S. law. The social networking site Facebook, for example, says that any effort to create false identities is a violation of the terms of service agreement required of all users. “Facebook has always been based on a real-name culture,” spokesman Andrew Noyes said. “It’s a violation of our policies to use a fake name or operate under a false identity, and we encourage people to report anyone they think is doing this.” He said the company had a special team that reviews these reports and “takes action as necessary.”

Commander Speaks said the Central Command program operates only on overseas social media sites. “We do not target U.S. audiences, and we do not conduct these activities on sites owned by U.S. companies,” he said. But restrictions like these placed on information operations are sometimes irksome to the troops carrying them out, Mr. Porche said. “At the lowest echelon of the actual operators,” he said, “there are complaints there that there’s too many hoops they have to jump through. … In a firefight, if you’re shot at, you return fire immediately. … The people who have to do the missions are always the ones who want to move the fastest.” But Mr. Porche said the limitations on “returning fire” in information operations were necessary. “You can’t just unleash an operation. It has to be coordinated. There are a lot of checks and balances,” he said.

John Delong, an official in charge of overseeing operations at the National Security Agency, the electronic signals intelligence and code-breaking agency, said he could not comment specifically on the Centcom operation. But he said it was a challenge in these emerging and dynamic areas to “play aggressively right up to the line” of what was allowed under law and policy. “Sometimes people think of the rules as these things that are fixed on paper,” he said. “They’re constantly changing; they interact with each other. There are constantly [new] interpretations coming down both internally and externally.”

[Al-khiyal]

Fake IDs:
Can we trust the social media battlefield?

March 12, 2011 -- Regular people organizing themselves through social media are credited with propelling the wave of anti-government protests across North Africa and the Mideast in recent weeks. But, given the anonymity of the Internet and the growing sophistication of tools designed to exploit it, what if the activists behind the upheaval aren't who they say they are? Or, more alarmingly, what if they aren't people at all? That's the chilling prospect raised in recent weeks, in the wake of revelations the U.S. Air Force has purchased software to generate fake online identities, complete with a credible backstory, email addresses, and even IP addresses that can situate the persona geographically or make them appear to have been online for some time. The news came to light after tens of thousands of documents and e-mails were obtained and published by the loose association of hackers that bills itself as "Anonymous." Incensed by the treatment of the U.S. Army private accused of leaking classified documents to WikiLeaks, "Anonymous" hackers made headlines with their denial of service attacks against credit card companies seen to be persecuting the whistleblowing website and its embattled founder Julian Assange. More recently, spurred by reports the private American cyber-security firm HBGary was working with the FBI to uncover the hackers' identities, they mounted an attack against the company's websites. In addition to electronically defacing HBGary websites, they downloaded tens of thousands of e-mails and then published them online where the details of the so-called "persona management software" were included alongside reams of classified and commercially sensitive information including company financials and research, product source code, and personal correspondence.

That's where a writer for the U.S.-based, left-leaning political blog Daily Kos came across emails discussing use of the software designed to create and manage fake personas, or online identities, with the aim of infiltrating, gathering information from and shaping the discussion on social media sites. Beyond pointing to the technical possibilities, however, the documents included a U.S. Air Force request for tender that outlines exactly what the military hoped such software might achieve. "Software will allow 10 personas per user, replete with background, history, supporting details, and cyber presences that are technically, culturally and geographacilly (sic) consistent," the document states, explaining that the program should also be able to make those personas falsely appear to be located in "nearly any part" of the world. "Individual applications will enable an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries." According to the contracting officer who handled the file at the MacDill Air Force Base in Tampa, Florida, the software is simply a commercial product purchased "for use by the government." When asked whether the Air Force is in fact using it, Contracting Officer Russell Beasley told CTV.ca that, "This contract supports classified social media activities outside the United States intended to counter violent extremist ideology and enemy propaganda."

Considering the possibility Canada's closest ally is eyeing the social media landscape as a public relations battlefield, a former officer with the Canadian Security Intelligence Service said he's not surprised. "It was to be expected," former CSIS agent Michel Juneau-Katsuya told CTV.ca in an interview from his home in Ottawa. "That a state takes control of the media, or that public opinion is monitored in this way is definitely plausible. It's just a new means." Now, we look back at historical examples of propaganda such as the wartime broadcasts of Tokyo Rose - with her pro-Japan reports packaged to appeal to Allied forces fighting in the Pacific - with a certain measure of fond nostalgia. But the fact is, every nation mindful of its political interests today remains actively engaged in shaping how it is perceived by the world. And as the means of communication change, so must the methods of controlling it. China, for example, where Juneau-Katsuya says controlling all forms of media "is in their blood," was revealed in published reports dating back to 2005, to be employing close to 300,000 people who monitored and shaped online discussion of the state and its policies on an ongoing basis. Even the Taliban, which outlawed access to the Internet during its rule in Afghanistan, has since become skilled at communicating on and disseminating its message through blogs, websites and social media. According to Juneau-Katsuya, "Both sides understand the power of manipulating messages." In that light, he said, word the U.S. or any other democratic nation is pursuing the means to shape the flow of ideas in the emerging social media is neither surprising nor shocking.

[Al-khiyal]

As executive producer of the boutique marketing firm Frank, Richard Carmichael is well aware of the benefits to any organization, including governments, who seek to take control of their image. "We all know they've been doing it for centuries," Carmichael said, adding that the fact it has been going on so long doesn't take the sting out of the prospect governments may now be wading into the sea of social media. "It's just that the platform they're using now is the one that was freeing us, that was giving us back our voice and our platform to be heard above the noise," he lamented in a telephone interview from his office in Toronto. Of course, politicians are people too, and as such have gravitated towards social media alongside the general population. Minister of Industry Tony Clement springs immediately to mind as a leader among Canadian politicians using social media, as does Prime Minister Stephen Harper's communications director Dimitri Soudas. "Mr. Soudas has a lot of friends of on Facebook," Juneau-Katsuya remarked. "The reason why he's got so many friends is that he wants to communicate messages," the former spy said. "Some people call it propaganda, some people call it marketing, some people call it sales, give it the twist you want, but the mechanism is basically the same at the end of the day." The difference lies in the potential effectiveness of a single, personally targeted status update sent to your inbox, versus the scattershot chances through more traditional media.

Corporations have long understood the distinction and have sought to seize on the value and benefits of social media by controlling it for their own purposes. The tobacco industry is held up as a leader in the manipulation of public opinion to support attitudes that flies in the face of medical evidence, for instance. "We call it reputation management, but it's really kind of the same thing," Mindshark Marketing CEO Zamir Javer told CTV.ca. "It's helping to control what's being propagated on the Internet." As an example, Javer said his company has long handled corporate clients eager to counteract the effects of disgruntled customers who post their negative opinions online. Given that an outspoken individual can wield the same influence online as an entire corporation when it comes to someone researching a potential purchase on the Internet, Javer says businesses are highly motivated to ensure their message is out there too. "Corporations and companies have realized that there's something that they need to try and take control of here to see if they can manipulate or somehow contribute to this swaying of decisions," Javer told CTV.ca in a telephone interview from his company's headquarters in Scarborough, Ontario. It works, Javer says, because the masses are hard-pressed to avoid the herd mentality. But even though we're aware of society's collective fallibility, we've become so accustomed to the technique in its varying degrees that many people choose to "friend" corporations fully aware they will be subjected to marketing messages. The distinction, Carmichael said, is that we sign on understanding the consequences. We may go out and 'friend' Starbucks, he continued, "but at least we know what we're getting ourselves into. When you elect a government or stand behind a candidate you believe that what you're getting is what you see." If we later discover that a politician's tweets are actually the product of a deliberate deception, a marketing team, or some sort of automated bot, it amounts to a betrayal of trust.

And what if the stakes are even higher than promoting a purchase or soliciting a vote? Could a shadowy band of foreign intelligence operatives somehow propel an entire country to revolution? Juneau-Katsuya said we now know Mubarak supporters were active online during the recent uprising in Egypt, attempting to split the rebellion. But, when asked if a broader, covert manipulation may have been in play in the recent uprisings that spread across North Africa and the Mideast, Juneau-Katsuya said without any solid indications that was the case, "anything is possible." That doesn't necessarily mean a keyboard jockey sitting in a darkened office can spark a revolution with a few 140-character messages sent from half-a-world away, though. "To be able to telecontrol a demonstration from Washington or Virginia or Beijing you cannot simply do it through Twitter," he told CTV.ca. "If someone is seeking to control at a distance or provoke at distance a revolution, you definitely still need people on the ground the old fashioned way." That means 'agents agitateurs' on the scene, ready to stimulate or prime whatever crowd accepts the invitation to join a Facebook revolution. In light of what we now know about covert CIA operations throughout Central America and elsewhere, however, is the possibility really that far fetched?

No matter what's actually going on behind the scenes, just considering the possibilities is enough to darken Carmichael's mood. "If these people are able to go and use surreptitious tools that can amplify what real, genuine people are doing and drown it out, it will become a battle of who can spend the most money to drown everybody else out. Then it just becomes like any other media form," he lamented. "The social media was supposed to be the medium that gave the power back to the little guy to be able to speak freely, communicate and have a platform to be heard. Now somebody's found a way to drown out those little voices." But Juneau-Katsuya's not convinced the end of social media is nigh. Even if half of all social media personas were in fact organs of foreign government, that would still leave half as real living, breathing, thinking people. For that group, and whatever percentage of social media chatter they represent, he believes there's a positive consequence to the rise in unfiltered global communication. "It allowed the people to communicate, and gave power to the real people to go around what the government was not necessarily capable of stopping," he said. Taken in the context of the post-9/11 paradigm, Juneau-Katsuya says citizens are not only more interested than ever in their own collective security, they don't trust governments to handle it in their best interests. Until the social media companies come up with their own identity verification policies, when it comes to assessing whether you're being duped by a fake persona, Carmichael suggests applying a simple "sniff test" based simply on gut instincts. "You can sniff out ambiguous, generic enough information in profiles to realize if someone was a real person," he said. "I don't know how many people are going to be detectives like that, but I've done it before." Javer's suggestions follow the same tack. "The reality is a lot of the personas that are out there, the ones that are not real, you'll find that if you dig deeper and try to engage with them in conversation, it'll really lead to nothing," he said. "If you're finding that you're seeing a lot of fluff out there, it's sometimes just a matter of digging a little bit deeper to see if there's true conversations and engagement happening." Whether you actually investigate each of your followers' authenticity or not, however, Carmichael says it boils down to having a "critical eye" and bearing in mind what's now technically possible. "I think it's a good lesson for anyone to always, always think before you react to anything that you receive, or see, or read and use good judgment."

[Al-khiyal]

Revealed:
U.S. spy operation that manipulates social media

March 17, 2011 -- The U.S. military is developing software that will let it secretly manipulate social media sites such as Facebook and Twitter by using fake online personas to influence internet conversations and spread pro-American propaganda. A Californian corporation has been awarded a contract with United States Central Command (Centcom), which oversees U.S. armed operations in the Middle East and Central Asia, to develop what is described as an "online persona management service" that will allow one US serviceman or woman to control up to 10 separate identities based all over the world. The project has been likened by web experts to China's attempts to control and restrict free speech on the internet. Critics are likely to complain that it will allow the U.S. military to create a false consensus in online conversations, crowd out unwelcome opinions and smother commentaries or reports that do not correspond with its own objectives.

The discovery that the U.S. military is developing false online personalities – known to users of social media as "sock puppets" – could also encourage other governments, private companies and non-government organisations to do the same. The Centcom contract stipulates that each fake online persona must have a convincing background, history and supporting details, and that up to 50 U.S.-based controllers should be able to operate false identities from their workstations "without fear of being discovered by sophisticated adversaries". Centcom spokesman Commander Bill Speaks said: "The technology supports classified blogging activities on foreign-language websites to enable Centcom to counter violent extremist and enemy propaganda outside the U.S." He said none of the interventions would be in English, as it would be unlawful to "address U.S. audiences" with such technology, and any English-language use of social media by Centcom was always clearly attributed. The languages in which the interventions are conducted include Arabic, Farsi, Urdu and Pashto.

Once developed, the software could allow U.S. service personnel, working around the clock in one location, to respond to emerging online conversations with any number of co-ordinated Facebook messages, blogposts, tweets, retweets, chatroom posts and other interventions. Details of the contract suggest this location would be MacDill air force base near Tampa, Florida, home of U.S. Special Operations Command. Centcom's contract requires for each controller the provision of one "virtual private server" located in the United States and others appearing to be outside the U.S. to give the impression the fake personas are real people located in different parts of the world. It also calls for "traffic mixing", blending the persona controllers' internet usage with the usage of people outside Centcom in a manner that must offer "excellent cover and powerful deniability".

The multiple persona contract is thought to have been awarded as part of a programme called Operation Earnest Voice (OEV), which was first developed in Iraq as a psychological warfare weapon against the online presence of al-Qaida supporters and others ranged against coalition forces. Since then, OEV is reported to have expanded into a $200 million programme and is thought to have been used against jihadists across Pakistan, Afghanistan and the Middle East. OEV is seen by senior U.S. commanders as a vital counter-terrorism and counter-radicalisation programme. In evidence to the U.S. Senate's armed services committee last year, General David Petraeus, then commander of Centcom, described the operation as an effort to "counter extremist ideology and propaganda and to ensure that credible voices in the region are heard". He said the U.S. military's objective was to be "first with the truth".

This month Petraeus's successor, General James Mattis, told the same committee that OEV "supports all activities associated with degrading the enemy narrative, including web engagement and web-based product distribution capabilities". Centcom confirmed that the $2.76 million contract was awarded to Ntrepid, a newly formed corporation registered in Los Angeles. It would not disclose whether the multiple persona project is already in operation or discuss any related contracts. Nobody was available for comment at Ntrepid. In his evidence to the Senate committee, General Mattis said: "OEV seeks to disrupt recruitment and training of suicide bombers; deny safe havens for our adversaries; and counter extremist ideology and propaganda." He added that Centcom was working with "our coalition partners" to develop new techniques and tactics the U.S. could use "to counter the adversary in the cyber domain".

According to a report by the inspector general of the U.S. defence department in Iraq, OEV was managed by the multinational forces rather than Centcom. Asked whether any UK military personnel had been involved in OEV, Britain's Ministry of Defence said it could find "no evidence". The MoD refused to say whether it had been involved in the development of persona management programmes, saying: "We don't comment on cyber capability." OEV was discussed last year at a gathering of electronic warfare specialists in Washington DC, where a senior Centcom officer told delegates that its purpose was to "communicate critical messages and to counter the propaganda of our adversaries".

Persona management by the U.S. military would face legal challenges if it were turned against citizens of the U.S., where a number of people engaged in sock puppetry have faced prosecution. Last year a New York lawyer who impersonated a scholar was sentenced to jail after being convicted of "criminal impersonation" and identity theft. It is unclear whether a persona management programme would contravene UK law. Legal experts say it could fall foul of the Forgery and Counterfeiting Act 1981, which states that "a person is guilty of forgery if he makes a false instrument, with the intention that he or another shall use it to induce somebody to accept it as genuine, and by reason of so accepting it to do or not to do some act to his own or any other person's prejudice". However, this would apply only if a website or social network could be shown to have suffered "prejudice" as a result.

[Al-khiyal]

America's absurd stab at systematising sock puppetry

The U.S. government's plan to use technology to create and manage fake identities for social interaction with terrorists is as appalling as it is amusing. It's appalling that in this era of greater transparency and accountability brought on by the internet, the U.S. of all countries would try to systematise sock puppetry. It's appallingly stupid, for there's little doubt that the fakes will be unmasked. The net result of that will be the diminution, not the enhancement, of American credibility. But the effort is amusing as well, for there is absolutely no need to spend millions of dollars to create fake identities online. Any child or troll can do it for free. Millions do. If the government insists on paying, it can use salesforce.com to monitor and join in chats. There is no shortage of social management tools marketers are using to find and mollify or drown out complainers. There's no shortage of social-media gurus, either.

Tools are quite unnecessary, though. Just get yourself a fake email account, Uncle Sam, and you can create and manage anonymous and pseudonymous identities across most any social service. Hell, if the government wants to spread information around the world without being detected, why doesn't it just use WikiLeaks? Oh, that's right. Secretary of State Hillary Clinton called WikiLeaks disclosures "not just an attack on America [but an] attack on the international community". The leaks, she said, "tear at the fabric" of government. Yes, indeed, they tore at the fabric of the Tunisian government and helped launch the revolts in the Middle East and a wave of freedom – and, we hope, democracy – across borders. The movement of liberation we are witnessing came not from war and weapons or spying and subterfuge but from a force more powerful: transparency; openness; honesty.

I remain sorely disappointed that the Obama administration's reflexive response to the WikiLeaks revelations was to clamp down and then condemn, attack, and reportedly torture the alleged leaker and his allies in accountability. Obama missed the opportunity to separate himself from a secretive and sometimes deceitful history of government. He could make good on his campaign pledge to run the transparent administration. Even while disapproving of the theft of documents, he could acknowledge the lesson of the leaks: that government keeps too much from its people. Government is secret by default and transparent by force when it should be transparent by default and secret by necessity. He and Clinton could separate themselves, too, from a history of clandestine interference in foreign politics and of prioritising security over democracy – that is, propping up co-operative dictators instead of supporting the rights of their subjects. They could now offer support to any liberated people to establish their new national orders. They could operate under the belief that the truth will out and the faith that the truth shall set people free.

I have spent the last year researching the benefits of publicness for an upcoming book, Public Parts. I believe we are at the very early stage of a second Gutenberg revolution. In the Observer, John Naughton suggests we imagine ourselves as pollsters on a Mainz bridge in 1472, 17 years after the first printed Bibles (we are less than 17 years from the first web pages). Ask the people how likely they think it will be that Gutenberg's invention will:

(a) Undermine the authority of the Catholic church?

(b) Power the Reformation?

(c) Enable the rise of modern science?

(d) Create entirely new social classes and professions?

(e) Change our conceptions of "childhood" as a protected early period in a person's life?

I'll be accused by the corps of curmudgeons of being an internet triumphalist, daring to compare Gutenberg's tool to Tim Berners-Lee's. Fine, we'll find out in a century who's right. In the meantime, I think we can agree that it's sad to see the U.S. government taming the power of the net to stoop to the morals of a clumsy Nigerian spammer.

[Al-khiyal]

U.S. military launches spy operation using fake online identities

March 17, 2011 -- The U.S. Military has purchased software designed to create and control false online personas in an attempt to use social media and other websites to counter anti-U.S. messaging. According to the contract between US Central Command (Centcom) and California company Ntrepid, the software would let each user control 10 personas, each "replete with background, history, supporting details, and cyber presences that are technically, culturally and geographically consistent." The software would also be able to let personas "appear to originate in nearly any part of the world" and interact through "conventional online services and social media platforms," while using a static IP address for each persona to maintain a consistent online identity. These false online personas, also known as "sock puppets," would be equipped to seem like real people while entering online discussion through blogs, message boards, chats, and more. With a false persona, a user could discredit opponents, or create the semblance of consensus.

Centcom spokesman Commander Bill Speaks told The Guardian that the software "supports classified blogging activities on foreign-language websites to enable Centcom to counter violent extremist and enemy propaganda outside the U.S." The technology would not be used in America, or by American owned companies - which include major social media sites like Facebook and Twitter. "We do not target U.S. audiences, and we do not conduct these activities on sites owned by U.S. companies," Speaks told the Washington Times. At a senate hearing March 1, Centcom commander James N. Mattis said, "Our enemies operate within cyberspace (and its associated relevant physical infrastructure) to plan, coordinate, recruit, train, equip, execute and garner support for operations against the U.S., its allies and interests. Clearly, in the information age, our military must adapt to this new domain of warfare."

The online persona project is thought to fall under the domain of Operation Earnest Voice, which oversees Centcom's Information Operations, and in the words of Mattis, "seeks to disrupt recruitment and training of suicide bombers; deny safe havens for our adversaries; and counter extremist ideology and propaganda." The users controlling the personas would be hidden in a variety of ways, including randomizing the IP addresses they accessed the software with, and "traffic mixing," or blending web traffic with that outside of Centcom to provide "excellent cover and powerful deniability."

The strategy may sound familiar. Last month, hacker group Anonymous unloaded a batch of 50,000 emails from security firm HBGary, where documents indicated that the firm was in the process of developing their own persona management software. The document outlined some of the proposed strategies for creating verisimilitude: Using hashtags and gaming some location based check-in services we can make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise, as one example. There are a variety of social media tricks we can use to add a level of realness to all fictitious personas.

[Al-khiyal]