Written by Happy Rockefeller Wed Feb 16, 2011
As I wrote yesterday , there is a leaked email that has gotten surprisingly little attention around here. It's the one where Aaron Barr discusses his intention to post at Daily Kos - presumably something negative about Anonymous, the hacking group. But that's not the email I'm talking about here.
As I also mentioned yesterday, in some of the emails, HB Gary people are talking about creating "personas", what we would call sockpuppets. This is not new. PR firms have been using fake "people" to promote products and other things for a while now, both online and even in bars and coffee houses.
But for a defense contractor with ties to the federal government, Hunton & Williams, DOD, NSA, and the CIA - whose enemies are labor unions, progressive organizations, journalists, and progressive bloggers, a persona apparently goes far beyond creating a mere sockpuppet.
According to an embedded MS Word document found in one of the HB Gary emails, it involves creating an army of sockpuppets, with sophisticated "persona management" software that allows a small team of only a few people to appear to be many, while keeping the personas from accidentally cross-contaminating each other. Then, to top it off, the team can actually automate some functions so one persona can appear to be an entire Brooks Brothers riot online.
Persona management entails not just the deconfliction of persona artifacts such as names, email addresses, landing pages, and associated content. It also requires providing the human actors technology that takes the decision process out of the loop when using a specific persona. For this purpose we custom developed either virtual machines or thumb drives for each persona. This allowed the human actor to open a virtual machine or thumb drive with an associated persona and have all the appropriate email accounts, associations, web pages, social media accounts, etc. pre-established and configured with visual cues to remind the actor which persona he/she is using so as not to accidentally cross-contaminate personas during use.
And all of this is for the purposes of infiltration, data mining, and (here's the one that really worries me) ganging up on bloggers, commenters and otherwise "real" people to smear enemies and distort the truth.
This is an excerpt from one of the Word Documents, which was sent as an attachment by Aaron Barr, CEO of HB Gary's Federal subsidiary, to several of his colleagues to present to clients:
To build this capability we will create a set of personas on twitter, blogs, forums, buzz, and myspace under created names that fit the profile (satellitejockey, hack3rman, etc). These accounts are maintained and updated automatically through RSS feeds, retweets, and linking together social media commenting between platforms. With a pool of these accounts to choose from, once you have a real name persona you create a Facebook and LinkedIn account using the given name, lock those accounts down and link these accounts to a selected # of previously created social media accounts, automatically pre-aging the real accounts.
Yes!!! That's how democracy and the first amendment are supposed to work.
In another Word document, one of the team spells out how automation can work so one person can be many personas:
Using the assigned social media accounts we can automate the posting of content that is relevant to the persona. In this case there are specific social media strategy website RSS feeds we can subscribe to and then repost content on twitter with the appropriate hashtags. In fact using hashtags and gaming some location based check-in services we can make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise, as one example. There are a variety of social media tricks we can use to add a level of realness to all fictitious personas
I don't know about you, but this concerns me greatly. It goes far beyond the mere ability for a government stooge, corporation or PR firm to hire people to post on sites like this one. They are talking about creating the illusion of consensus. And consensus is a powerful persuader. What has more effect, one guy saying BP is not at fault? Or 20 people saying it? For the weak minded, the number can make all the difference.
And another thing, this is just one little company of assholes. I can't believe there aren't others doing this already. From oil companies, political campaigns, PR firms, you name it. Public opinion means big bucks. And let's face it, what these guys are talking about is easy.
Just today I was listening to Stand Up with Pete Dominic on XM's POTUS channel. He was talking about the Wisconsin labor attack and how he had seen a lot of people email and contact the show in support of the Teachers there. Then he added a "but": "I've also seen a lot of anti-labor people on Twitter..."
Really? I thought. How do we know if those are real people? Twitter has to be the easiest thing to fake and to automate with retweets and 180 characrer max sentences. To the extent that the propaganda technique known as "Bandwagon" is an effective form of persuasion, which it definitely is, the ability for a few people to infiltrate a blog or social media site and appear to be many people, all taking one position in a debate, all agreeing, for example, that so and so is not credible, or a crook, is an incredibly powerful weapon.
How many times have you seen a diary get posted that reports some revelatory yet unfavorable tidbit about someone only to see a swarm of commenters arrive who hijack the thread, distract with a bunch of irrelevant nonsense, start throwing unsubstantiated accusations and ad hominem attacks to where before you know it, everyone's pretty much forgotten what the diary said in the first place.
Some times diaries deserve to be swarmed. But what if a diary is swarmed and it's really just one asshole working for a law firm that represents the oil company your diary was attacking?
I don't know about you, but it matters to me what fellow progressives think. I consider all views. And if there appears to be a consensus that some reporter isn't credible, for example, or some candidate for congress in another state can't be trusted, I won't base my entire judgment on it, but it carries some weight.
That's me. I believe there are many people though who will base their judgment on rumors and mob attacks. And for those people, a fake mob can be really effective.
I have no idea what to do about this problem, except just make sure everyone knows its possible, and so watches out for it.
-------------------------------------
Lastly, some here are falling for the meme that HB Gary personel, and especially Aaron Barr himself, are incompetent buffoons. This is a mistake. While Mr Barr may be a fool, he was not the one who fell for a spear fishing attack that allow an, apparently, 16 year old girl to gain access to their servers.
I have rummaged through the leaked email, some of which contain resumes for employees there. These guys are recruiting people with incredibly advanced skills from many different agencies and top universities like MIT.
HB Gary and its subsidiary, HB Gary Federal, as well as Berinco and Palantir, employed a lot of extremely qualified people with backgrounds in the NSA and ATT and other major organizations/corporations. These guys are pros.
Aaron Barr may be a mockery to Anonymous for running his mouth off. As he should be. But he's not an idiot and he wasn't the one who gave out the company's keys to a 16 yo girl.
I wanted to make this clear because it is in the interests of government and propagandists, and anyone else who wants this story to go away to try and blow all this off as one little company who wrote a proposal no one even read and who isn't even competent enough to protect its own servers so no one should pay any attention at all to what they were up to.
That is the narrative being spun, even here on this site, and it is entirely fictitious.
We are under attack. And the attackers are damn good at what they do. Pretending they're not, or that this isn't happening isn't going to make it better.
I do believe there are limitation to the effectiveness of such an attack on this site and others like it. This isn't twitter, and bullshit only goes so far, no matter how many personas are spreading it.
But everyone needs to be aware that not only are sites like this a target of attack, but that Daily Kos has been mentioned specifically as a target of attack.
Maybe this whole thing will be liberating. Maybe people will develop stronger spines and not be so easily swayed by raving mobs.
UPDATE: From another email, I found a government solicitation for this "Persona Management Software".
This confirms that in fact, the US Gov. is attempting to use this kind of technology. But it appears from the solicitation it is contracted for use in foreign theaters like Afghanistan and Iraq. I can't imagine why this is posted on an open site. And whenthis was discovered by a couple of HB Gary staffers, they weren't too happy about it either:
The first email just had the title, "WTF Dude?"
The response email said, "This is posted on open source. Are you fucking serious?"
Here's the link to the solicitation at website "FedBizOps.gov". Yes, that name doesn't sound like cronyism at all...