The US government is offering private intelligence companies contracts to create software to manage “fake people” on social media sites and create the illusion of consensus on controversial issues. The contract calls for the development of “Persona Management Software” which would help the user create and manage a variety of distinct fake profiles online. The job listing was discussed in recently leaked emails from the private security firm HB Gary after an attack by internet activist last week.
According to the contract, the software would “protect the identity of government agencies” by employing a number of false signals to convince users that the poster is in fact a real person. A single user could manage unique background information and status updates for up to 10 fake people from a single computer.
The software enables the government to shield its identity through a number of different methods including the ability to assign unique IP addresses to each persona and the ability to make it appear as though the user is posting from other locations around the world.
Included in HB Gary’s leaked emails was a government proposal for the government contract. The document describes how they would ‘friend’ real people on Facebook as a way to convey government messages. The document reads:
* “Those names can be cross-referenced across Facebook, twitter, MySpace, and other social media services to collect information on each individual. Once enough information is collected this information can be used to gain access to these individuals social circles.
* Even the most restrictive and security conscious of persons can be exploited. Through the targeting and information reconnaissance phase, a person’s hometown and high school will be revealed. An adversary can create a classmates.com account at the same high school and year and find out people you went to high school with that do not have Facebook accounts, then create the account and send a friend request. Under the mutual friend decision, which is where most people can be exploited, an adversary can look at a targets friend list if it is exposed and find a targets most socially promiscuous friends, the ones that have over 300-500 friends, friend them to develop mutual friends before sending a friend request to the target. To that end friend’s accounts can be compromised and used to post malicious material to a targets wall. When choosing to participate in social media an individual is only as protected as his/her weakest friend.”
Other documents in the leaked emails include quotes from HB Gary CEO Aaron Barr saying, “There are a variety of social media tricks we can use to add a level of realness to all fictitious personas… Using hashtags and gaming some location based check-in services we can make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise, as one example.”
Additional emails between HB Gary employees, usually originating from Barr, discuss the vulnerability social networking causes.
One employee wrote, “and now social networks are closing the gap between attacker and victim, to the point I just found (via linked-in) 112 females, wives of service men, all stationed at Hurlbert Field FL – in case you don’t know this is where the CIA flies all their “private” airlines out of. What a damn joke – the U.S. is no longer the super power in cyber, and probably won’t be in other areas soon.”
Barr also predicted a steady rise in clandestine or secret government operations to stem the flow of sensitive information. “I would say there is going to be a resurgence of black ops in the coming year as decision makers settle with our inadequacies… Critical infrastructure, finance, defense industrial base, and government have rivers of unauthorized communications flowing from them and there are no real efforts to stop it.”