By Stephen C. Webster
Feb 19, 2011
These days, with Facebook and Twitter and social media galore, it can be increasingly hard to tell who your "friends" are.
But after this, Internet users would be well advised to ask another question entirely: Are my "friends" even real people?
In the continuing saga of data security firm HBGary, a new caveat has come to light: not only did they plot to help destroy secrets outlet WikiLeaks and discredit progressive bloggers, they also crafted detailed proposals for software that manages online "personas," allowing a single human to assume the identities of as many fake people as they'd like.
The revelation was among those contained in the company's emails, which were dumped onto bittorrent networks after hackers with cyber protest group "Anonymous" broke into their systems.
In another document unearthed by "Anonymous," one of HBGary's employees also mentioned gaming geolocation services to make it appear as though selected fake persons were at actual events.
"There are a variety of social media tricks we can use to add a level of realness to all fictitious personas," it said.
Eerie as that may be, more perplexing, however, is a federal contract from the 6th Contracting Squadron at MacDill Air Force Base, located south of Tampa, Florida, that solicits providers of "persona management software."
While there are certainly legitimate applications for such software, such as managing multiple "official" social media accounts from a single input, the more nefarious potential is clear.
Unfortunately, the Air Force's contract description doesn't help dispel suspicions. As the text explains, the software would require licenses for 50 users with 10 personas each, for a total of 500. These personas would have to be "replete with background , history, supporting details, and cyber presences that are technically, culturally and geographacilly consistent."
It continues, noting the need for secure virtual private networks that randomize the operator's Internet protocol (IP) address, making it impossible to detect that it's a single person orchestrating all these posts. Another entry calls for static IP address management for each persona, making it appear as though each fake person was consistently accessing from the same computer each time.
The contract also sought methods to anonymously establish virtual private servers with private hosting firms in specific geographic locations. This would allow that server's "geosite" to be integrated with their social media profiles, effectively gaming geolocation services.
The Air Force added that the "place of performance" for the contract would be at MacDill Air Force Base, along with Kabul, Afghanistan and Baghdad. The contract was offered on June 22, 2010.
It was not clear exactly what the Air Force was doing with this software, or even if it had been procured.
Though many questions remain about how the military would apply such technology, the reasonable fear should be perfectly clear. "Persona management software" can be used to manipulate public opinion on key information, such as news reports. An unlimited number of virtual "people" could be marshaled by only a few real individuals, empowering them to create the illusion of consensus.
You could call it a virtual flash mob, or a digital "Brooks Brothers Riot," so to speak: compelling, but not nearly as spontaneous as it appears.
That's precisely what got DailyKos blogger Happy Rockefeller in a snit: the potential for military-run armies of fake people manipulating and, in some cases, even manufacturing the appearance of public opinion.