Remember Aaron Barr, the HBGary Federal social media ‘expert’ who tackled Anonymous and ended up getting comprehensively hacked and 50,000 of his company emails published?
Well, in those emails, apparently, (according to Daily Kos) were some that disclosed HBGary Federal advocating a sockpuppet army … using ‘personas’ … to, among other things, ‘smear enemies‘ (a little like the cowboys schoolboys who’ve gone after my name online.
According to an embedded MS Word document found in one of the HBGary emails, it involves creating an army of sockpuppets, with sophisticated “persona management” software that allows a small team of only a few people to appear to be many, while keeping the personas from accidentally cross-contaminating each other. Then, to top it off, the team can actually automate some functions so one persona can appear to be an entire Brooks Brothers riot online.
Persona management entails not just the deconfliction of persona artifacts such as names, email addresses, landing pages, and associated content. It also requires providing the human actors technology that takes the decision process out of the loop when using a specific persona. For this purpose we custom developed either virtual machines or thumb drives for each persona. This allowed the human actor to open a virtual machine or thumb drive with an associated persona and have all the appropriate email accounts, associations, web pages, social media accounts, etc. pre-established and configured with visual cues to remind the actor which persona he/she is using so as not to accidentally cross-contaminate personas during use.
And all of this is for the purposes of infiltration, data mining, and (here’s the one that really worries me) ganging up on bloggers, commenters and otherwise “real” people to smear enemies and distort the truth.
This is an excerpt from one of the Word Documents, which was sent as an attachment by Aaron Barr, CEO of HBGary’s Federal subsidiary, to several of his colleagues to present to clients:
To build this capability we will create a set of personas on twitter, blogs, forums, buzz, and myspace under created names that fit the profile ( satellitejockey, hack3rman, etc ) . These accounts are maintained and updated automatically through RSS feeds, retweets, and linking together social media commenting between platforms. With a pool of these accounts to choose from, once you have a real name persona you create a Facebook and LinkedIn account using the given name, lock those accounts down and link these accounts to a selected # of previously created social media accounts, automatically pre-aging the real accounts.
Yes!!! That’s how democracy and the first amendment are supposed to work.
In another Word document, one of the team spells out how automation can work so one person can be many personas:
Using the assigned social media accounts we can automate the posting of content that is relevant to the persona. In this case there are specific social media strategy website RSS feeds we can subscribe to and then repost content on twitter with the appropriate hashtags. In fact using hashtags and gaming some location based check-in services we can make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise, as one example. There are a variety of social media tricks we can use to add a level of realness to all fictitious personas
Phoneys, fakes and charlatans.
Read the discussion at Daily Kos. Most interestink!
So, Twitter, Facebook etc — are they going to have to set up anti-sockpuppet algorithms like Google? Even if they do, professional weasels and non-buffoons like Aaron Barr of HBGary Federal will try to find away to game the system …