Think back to the last time you read a blog post, then posted a comment at the bottom. You might have ended up participating in a discussion with another reader, who’d also left a comment. Could you be 100% certain that other commenter was a real person? Chances are they were, but in some parts of the world, particularly where the U.S. military has a presence, they sometimes are not.
In Iraq and Afghanistan the military has started using software that allows it to create fake online identities to counter enemy efforts to recruit new members, using tactics like posting fake comments on blogs.
The practice was highlighted last night when the online hacking collective Anonymous released documents and e-mails highlighting the use of software to create multiple, fake online profiles, also known as “sock puppets” or “virtual armies” to sway public opinion. Anonymous, which has a small team of half a dozen supporters conducting their own investigation into the documents, claims the software has been used to track users on social networks like Facebook in foreign countries.
The group links to a solicitation document from the military last June requesting software that would allow one user to control 10 “personas… replete with background, history, supporting details, and cyber presences that are technically, culturally and geographacilly [sic] consistent.”
Military spokesman Michael Lawhorn confirmed the military bought this software from NTrepid, a California software security company last August, and that it is being used in Iraq and Afghanistan. “It’s designed to be used on site where the enemy wants to radicalize potential recruits,” he said. The software could for instance be used to create fake aliases who leave counteracting comments on local blogs that are sympathetic to groups promoting terrorism. (See Wired’s “Jihadis’ Next Online Buddy Could Be A Soldier.”)
He added that the software could not be used to track and identify individuals, and that “all of our operations receive extensive legal reviews to ensure compliance with all domestic and international laws.”
Anonymous’ real beef is with another security firm, Booz Allen Hamilton, a publicly-traded company based in McLean, Virginia that brought in sales of $5.1 billion in fiscal 2010. It points to a series of contracts the Defence Departments lists with the firm announced last May, including one described as providing “combat-ready forces to conduct secure cyber operations in and through the electromagnetic spectrum” worth $24.3 million. The hackers believe this contract also pertains to using groups of fake online personas on the Internet.
Crucially, they claim the software may also have been used to track anonymous online users, and that authorities in Azerbaijan used it to cross-reference and link two dissidents together through Facebook, leading to the arrest of both earlier this year. Their evidence of this is pretty wobbly: they point to strong connections between Azerbaijan and the U.S. Military and note that Booz Allen having offices in Azerbaijan.
James Fisher, a spokesman for Booz Allen said he could not comment on “rumor or speculation” or on contracts, beyond the information publicly available through the Federal Procurement Data System.
Anonymous’ latest information release comes from e-mails that were taken from the servers of HBGary Federal, a software security firm that another small team of supporters hacked last month in retaliation for its CEO claiming to have identified members of the collective. Those emails, including some details of the “fake virtual armies” were posted online, prompting a few press reports about the Air Force’s tender for software companies to develop so-called persona management software. Guardian columnist George Monbiot wrote that, “Software like this has the potential to destroy the internet as a forum for constructive debate.”
Why is Anonymous even bothering to investigate this? Having emerged from the image board 4chan in 2008 the loosely-connected group has evolved in recent months to become a gateway to pseudo political activism. Late last year it temporarily disabled the web sites of Visa, MasterCard and PayPal in retaliation for their nixing funding services for WikiLeaks. More recently they have targeted government web sites–including Tunisia, Egypt and Libya–in the midst of the Arab uprising.
One Anonymous member on Monday leaked emails that alleged Bank of America had engaged in improper loan practices. The group’s motivations are broad, though social anthropologist and NYU professor Gabriella Coleman has said that Anonymous tends to fight internet censorship.
Having dubbed their investigation Operation Metal Gear, the hackers said last night that this software was “nothing new for those of us familiar with the way the net works,” but added the “idea behind Metal Gear seems to be ‘weaponizing’ sockpuppets, in order to influence the face of revolutions that are based within social networking sites.” Their investigation continues.
* Anonymous: US army of fakes tracks Facebook users
James Nixon, thinq_