The contract calls for the development of "Persona Management Software" which would help the user create and manage a variety of distinct fake profiles online. The job listing was discussed in recently leaked emails from the private security firm HBGary after an attack by internet activist last week.
Click here to view the government contract (PDF) (original)
(UPDATE 3/5/11: The official web listing seems to have been removed. PDF copy is still available though)
According to the contract, the software would "protect the identity of government agencies" by employing a number of false signals to convince users that the poster is in fact a real person. A single user could manage unique background information and status updates for up to 10 fake people from a single computer.
The software enables the government to shield its identity through a number of different methods including the ability to assign unique IP addresses to each persona and the ability to make it appear as though the user is posting from other locations around the world.
Included in HBGary's leaked emails was a government proposal for the government contract. The document describes how they would 'friend' real people on Facebook as a way to convey government messages. The document reads:
- "Those names can be cross-referenced across Facebook, twitter, MySpace, and other social media services to collect information on each individual. Once enough information is collected this information can be used to gain access to these individuals social circles.
- Even the most restrictive and security conscious of persons can be exploited. Through the targeting and information reconnaissance phase, a person’s hometown and high school will be revealed. An adversary can create a classmates.com account at the same high school and year and find out people you went to high school with that do not have Facebook accounts, then create the account and send a friend request. Under the mutual friend decision, which is where most people can be exploited, an adversary can look at a targets friend list if it is exposed and find a targets most socially promiscuous friends, the ones that have over 300-500 friends, friend them to develop mutual friends before sending a friend request to the target. To that end friend’s accounts can be compromised and used to post malicious material to a targets wall. When choosing to participate in social media an individual is only as protected as his/her weakest friend."
Other documents in the leaked emails include quotes from HBGary CEO Aaron Barr saying, "There are a variety of social media tricks we can use to add a level of realness to all fictitious personas... Using hashtags and gaming some location based check-in services we can make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise, as one example."
Additional emails between HBGary employees, usually originating from Barr, discuss the vulnerability social networking causes.
One employee wrote, "and now social networks are closing the gap between attacker and victim, to the point I just found (via linked-in) 112 females, wives of service men, all stationed at Hurlbert Field FL - in case you don't know this is where the CIA flies all their "private" airlines out of. What a damn joke - the U.S. is no longer the super power in cyber, and probably won't be in other areas soon."
Barr also predicted a steady rise in clandestine or secret government operations to stem the flow of sensitive information. "I would say there is going to be a resurgence of black ops in the coming year as decision makers settle with our inadequacies... Critical infrastructure, finance, defense industrial base, and government have rivers of unauthorized communications flowing from them and there are no real efforts to stop it."
The creation of internet propoganda software is only one of HBGary's controversial activities. According to Wikileaks competetor and occasional collaborator Cryptome.org, several other progressive organizations were intended to be targeted including anti-war activist, anti-torture organizations and groups opposed to the US Chamber of Commerce.
The emails also include a number of other embarrasing entries including the purchase of the book "The Multi-Orgasmic Man: Sexual Secrets Every Man Should Know" from Amazon for $6.76.
No comments:
Post a Comment