More HBGary Federal Fallout: The Government Wants To Buy Software To Fake Online Grassroots Social M

More HBGary Federal Fallout: The Government Wants To Buy Software To Fake Online Grassroots Social Media Campaigns

www.techdirt.com

The latest in the long line of revelations from the HBGary Federal email leak, is that HBGary Federal wanted to create software that could make it easy for staffers to create and maintain a massive number of fake online social network personas, allowing them to control virtual armies of totally fake people, whose only mission is to spy on others and spew paid-for propaganda. But, what's even more amazing is that not only did the emails reveal HBGary Federal employees talking about building a platform for letting people more easily manage an army of fake personas, but that the US government pu

(visit the link for the full news article)

Now this sounds exactly like some crazy conspiracy threory - way out the the wings - but ... there's an actual e-mail trail, and a formal "Solicitation" for a proposal on this web site:

Persona Management Software

All I can say is ... wow. That's stuff that Joseph Goebbels would be jealous of! That's going way beyond Ok, and way into the realm of population control propaganda. Regardless of where it's claimed to have been targeted to be used, there's nothing to prevent such a thing from being used anywhere.

I guess this goes towards all the stuff people have been saying lately (some on the left, and some on the right), that we're at the point of crossing a line where the Government and the Military don't work for the people any more - it's becoming the other way around.

Personally, I find both this particular "Solicitation" and it's implications, to be a very scary and disturbing idea.


www.techdirt.com
(visit the link for the full news article)

It's not going to work out well, the software I mean
It's not at all like from a crazy sci-fi movie
Because there is no way the software could be that sophisticated that it would make all personas seem as authentic.

reply to post by EnhancedInterrogator


We are truly living in the matrix

There's people on this site I'm sure are getting paid to spew "paid-for propaganda". Just look for the common themes among the political trollers.

ps.: Kudos to Anon for pulling back the curtain and revealing this to the world.

Existing thread: www.abovetopsecret.com...

reply to post by rogerstigers


Ah. Didn't see that one. Sorry.

Apparently, somebody managed to decrypt some stuff that was in ecrypted attachments in the HBGary leaked e-mails, and found a great deal more detail on their development and sale for "rootkits" (plural) - over the last several years:

Black ops: how HBGary wrote backdoors for the government

Also in the article is some discussion about them finding some MalWare on external sites (with verbiage apparently intended to draw Al Qaeda's attention), that they may have recognized as being US-military "launched".

They were apparently selling the basic "rootkit" for about $60k US. They were working on another even more transparent one (code-named "12 Monkeys"), that would sell for about $240k US.

Here are some tid-bits ..

That money [$60k] bought you the rootkit source code, which was undetectable by most rootkit scanners or firewall products when it was tested against them in 2008. Only one product from Trend Micro noticed the rootkit installation, and even that alert was probably not enough to warn a user. As the HBGary rootkit document notes, "This was a low level alert. TrendMicro assaults the user with so many of these alerts in every day use, therefore most users will quickly learn to ignore or even turn off such alerts.

When installed in a target machine, the rootkit could record every keystroke that a user typed, linking it up to a Web browser history. This made it easy to see usernames, passwords, and other data being entered into websites; all of this information could be silently "exfiltrated" right through even the pickiest personal firewall.

Apparently, the successfully tested the "product" in 2007 and it passed all scans by all the common anti-virus and personal software on the market. The also re-tested it in 2008. Here's a picture of their summary:

On April 14, 2009, Hoglund outlined his plans for the new super-rootkit for Windows XP, which was "unique in that the rootkit is not associated with any identifiable or enumerable object. This rootkit has no file, named data structure, device driver, process, thread, or module associated with it.

The magnitude of this should not be underestimated. Laws will need to be changed to assure that the Political process is kept pure. Though the Air Force must have the peoples best interest in mind, Political parties, PAC groups, and even nefarious people could use this to control public opinion.

Great find!

Originally posted by SamTGonzalez
reply to post by EnhancedInterrogator

 

We are truly living in the matrix

no we're not? We're living in 2011 with the Internet - these bungholes at HGBary et al are playing the same games as those they seek to outwit... and lost.

What the hell has 'the matrix' got to do with it?

Catchcrys are wearing thin guys... Take the red pill, follow the blue rabbit, and wait for neo, man... oO

reply to post by ModernAcademia


the software is only a platform for real humans to manage hundres or more online personas. Its not the computers writing stuff and pretending to be humans, So this is very plausible.

reply to post by EnhancedInterrogator


It will be amazing to see the software that comes out over the next few years as we are still in the infancy of cyber warfare. Stuxnet was a major release - a historical event if you ask me.

And with the protests in the Middle East having been fueled by social networking communications, I think that we will see much more of this in the future.

And just for those that did not already know:
The new rootkits not being detected by anti-virus software - well of course they can't detect it! While some AV try to detect malware based upon suspicious activity (and fail), the best antivirus engines use signatures to detect ALREADY KNOWN threats. So any new or future threats can not be detected until people report them as malware. Then the signatures are added to the AV engine database. In addition, the malware is used in conjunction with Zero-Day Attacks.


S&F

reply to post by VonDoomen


But still messages would have to be generated automatically as they would probably not sit and write 5 000 unique sentences for the 5 000 personas to use. Then there wouldn't be much point in the whole software.

reply to post by badw0lf

Originally posted by badw0lf

What the hell has 'the matrix' got to do with it?

Maybe you should watch the matrix trilogy, then come back and ask me the same question again.

It makes me wonder exactly what they know about human psychology.

HBGary obviously left the world of Infosec some time ago and went to spookland.

There was evidence in other emails where they planned to use disinformation and smear tactcs against the Chamber of Commerce's enemies.

The news is so crazy right now, but it would be nice if it could be covered better.

Originally posted by SamTGonzalez
reply to post by badw0lf

 

Originally posted by badw0lf

What the hell has 'the matrix' got to do with it?

Maybe you should watch the matrix trilogy, then come back and ask me the same question again.

Riiiight.. Because only a few people have ever see the matrix..

I'll do that and get right back..

..

Oh hai, seen it.. Umm..

Stiill what I said... Did miss an important bit?

reply to post by badw0lf

Originally posted by badw0lf

Riiiight.. Because only a few people have ever see the matrix..

I'll do that and get right back..

..

Oh hai, seen it.. Umm..

Stiill what I said... Did miss an important bit?