by Stephen C. Webster
February 18, 2011
These days, with
Facebook and Twitter and social
media galore, it can be increasingly hard to tell who your "friends" are.
But after this, Internet users would be well advised to ask another question
Are my "friends" even real people?
In the continuing saga of data security firm
HBGary, a new caveat has come to light:
not only did they plot to help destroy
WikiLeaks and discredit progressive bloggers, they also
crafted detailed proposals for software that manages online "personas,"
allowing a single human to assume the identities of as many fake people
as they'd like.
The revelation was among those contained in the
company's emails, which were dumped onto bittorrent networks after hackers
with cyber protest group "Anonymous" broke into their systems.
In another document unearthed by "Anonymous," one of HBGary's employees also
mentioned gaming geolocation services to make it appear as though selected
fake persons were at actual events.
"There are a variety of social media tricks
we can use to add a level of realness to all fictitious personas," it
Eerie as that may be, more perplexing, however, is a federal contract from
the 6th Contracting Squadron at MacDill Air Force Base, located
south of Tampa, Florida, that solicits providers of "persona management
While there are certainly legitimate applications for such software, such as
managing multiple "official" social media accounts from a single input, the
more nefarious potential is clear.
Unfortunately, the Air Force's contract description doesn't help dispel
suspicions. As the text explains, the software would require licenses for 50
users with 10 personas each, for a total of 500.
These personas would have
"replete with background, history,
supporting details, and cyber presences that are technically, culturally
and geographically consistent."
It continues, noting the need for secure virtual
private networks that randomize the operator's Internet protocol (IP)
address, making it impossible to detect that it's a single person
orchestrating all these posts.
Another entry calls for static IP address
management for each persona, making it appear as though each fake person was
consistently accessing from the same computer each time.
The contract also sought methods to anonymously establish virtual private
servers with private hosting firms in specific geographic locations. This
would allow that server's "geosite" to be integrated with their social media
profiles, effectively gaming geolocation services.
The Air Force added that the "place of performance" for the contract would
be at MacDill Air Force Base, along with Kabul, Afghanistan and Baghdad. The
contract was offered on June 22, 2010.
It was not clear exactly what the Air Force was doing with this software, or
even if it had been procured.
Though many questions remain about how the military would apply such
technology, the reasonable fear should be perfectly clear.
"Persona management software" can be used to
manipulate public opinion on key information, such as news reports. An
unlimited number of virtual "people" could be marshaled by only a few real
individuals, empowering them to create the illusion of consensus.
You could call it a virtual flash mob, or a digital "Brooks Brothers Riot,"
so to speak: compelling, but not nearly as spontaneous as it appears.
That's precisely what got DailyKos blogger Happy Rockefeller in a snit: the
potential for military-run armies of fake people manipulating and, in some
cases, even manufacturing the appearance of public opinion.
"I don't know about you, but it matters to
me what fellow progressives think," the blogger wrote.
"I consider all
views. And if there appears to be a consensus that some reporter isn't
credible, for example, or some candidate for congress in another state
can't be trusted, I won't base my entire judgment on it, but it carries
"That's me. I believe there are many people though who will base their
judgment on rumors and mob attacks. And for those people, a fake mob can
be really effective."
It was Rockefeller who was first to highlight
the Air Force's "persona" contract, which was
available on a public website.
A call to MacDill Air Force Base, requesting an explanation of the contract
and what this software might be used for, was answered by a public affairs
officer who promised a call-back.
No reply was received at time of this
Other e-mails circulated by HBGary's CEO illuminate highly personal data
about critics of the US Chamber of Commerce, including detailed information
about their spouses and children, as well as their locations and
professional links. The firm, it was revealed, was just one part of a group
called "Team Themis," tasked by the Chamber to come up with strategies for
responding to progressive bloggers and others.
"Team Themis" also included a proposal to use malware hacks against
progressive organizations, and the submission of fake documents in an effort
to discredit established groups.
HBGary was also behind a plot by Bank of America to destroy WikiLeaks'
technology platform, other emails revealed. The company was humiliated by
members of "Anonymous" after CEO
Aaron Barr bragged that he'd "infiltrated"
A request for comment emailed to HBGary did not receive a reply.
Update - HBGary
Federal among bidders
A list of interested vendors responding to the Air Force contract for
"persona management software" included HBGary subsideary HBGary Federal,
further analysis of a government website has revealed.
Other companies that offered their services included,