In association with heise online

21 February 2011, 09:45

Security firm proposes next-generation fake identities for PR

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In a blog post on the Daily Kos, Happy Rockefeller talks about some overlooked emails from the archives published by Anonymous, in which staff members at HBGary Federal talk about a concept that allows individual users to lead a group – if not an army – of non-existent individuals to create the impression of a consensus in forums where contrary opinions are common.

What HBGary Federal call Persona management involves not just ensuring that the artifacts of the persona (name, address, age etc) are not in conflict with each other". They envisage a human user operating pre-built virtual machines which contain personas that already have e-mail accounts set up and are members of social networks. A Word document that Aaron Barr, CEO of HBGary subsidiary HBGary Federal, sent around describes how to create at one fell swoop personas on Twitter, in blogs, forums, and on MySpace and give these personas names. The accounts are maintained and "pre-aged" automatically via RSS feeds, re-tweets, and cross-links to each other in social media comments.

Barr discusses a small project to show how such personas could really take off. His aim was to use a persona to manipulate and distribute the Low Orbit Ion Canon – the tool used in Operation Payback. A second persona was to "find" and complain about this trojan version. The first persona would then lose face, but the alleged finder would gain prestige. The email communication on this project ended when Barr's developer refused to play along, mailing: "I'm not compiling that shit on my box!"

In an offerPDF to Mantech, the head of HBGary Federal said the development of a prototype for persona management and data collection is worth around $100,000. The target of such activities is therefore clear based on Mantech's impressive list of customers: the Defense Intelligence Agency, US Navy, Air Force, Army, Marine Corps, FBI, NSA, Department of Homeland Security and so on. Shortly after unknown parties cleverly managed to break into HBGary's systems, The H reported on how HBGary is apparently working on root kits and spy programs for similar clientele.

Non-existent identities have long been used in PR to affect public opinion, though generally real people have been behind the fake identities, writing the desired comments or reviews in return for cash payment. Rockefeller says this new attempt raises the ante because it allows small groups to have a big impact; a wave of protest at a blog will cause people to doubt their own positions.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit