p2pnet view P2P | Freedom:- I’m about as non-technical as they get and I’m totally lost when it comes to understanding how it’s possible to create online “personas” — virtual people who can be remotely controlled, singly or together.

And that’s even if I understand the basic contention correctly; that HBGary, the sorry US ‘security’ company hacked by Anonymous, has managed to create hordes of doppelgangers which/who can be controlled en masse

Do I have that right? Can it be real?

Yes — “replete with background, history, supporting details, and cyber presences that are technically, culturally and geographacilly [sic] consistent”.

Nor is HBGary by any means alone.

‘As many as you’d like … ‘

“In the continuing saga of data security firm HBGary, a new caveat has come to light: not only did they plot to help destroy secrets outlet WikiLeaks and discredit progressive bloggers, they also crafted detailed proposals for software that manages online ‘personas,’ allowing a single human to assume the identities of as many fake people as they’d like”, says the Raw Story.

“The revelation was among those contained in the company’s emails, which were dumped onto bittorrent networks after hackers with cyber protest group ‘Anonymous’ broke into their systems.

“In another document unearthed by ‘Anonymous,’ one of HBGary’s employees also mentioned gaming geolocation services to make it appear as though selected fake persons were at actual events. ‘There are a variety of social media tricks we can use to add a level of realness to all fictitious personas,’ it said.”

In an earlier p2pnet post, I quoted Happy Rockefeller as saying in Daily Kos >>>

According to an embedded MS Word document found in one of the HB Gary emails, it involves creating an army of sockpuppets, with sophisticated “persona management” software that allows a small team of only a few people to appear to be many, while keeping the personas from accidentally cross-contaminating each other. Then, to top it off, the team can actually automate some functions so one persona can appear to be an entire Brooks Brothers riot online.

That’s for “the purposes of infiltration, data mining, and (here’s the one that really worries me) ganging up on bloggers, commenters  and otherwise ‘real’ people to smear enemies and distort the truth.”

Rockefeller quotes from the post >>>

Persona management entails not just the deconfliction of persona artifacts such as names, email addresses, landing pages, and associated content.  It also requires providing the human actors technology that takes the decision process out of the loop when using a specific persona.  For this purpose we custom developed either virtual machines or thumb drives for each persona.  This allowed the human actor to open a virtual machine or thumb drive with an associated persona and have all the appropriate email accounts, associations, web pages, social media accounts, etc. pre-established and configured with visual cues to remind the actor which persona he/she is using so as not to accidentally cross-contaminate personas during use.

Too much? Not at all. It’s frighteningly real.

Cyber presences

Raw Story also links to a federal contract from the 6th Contracting Squadron at MacDill Air Force Base, south of Tampa, Florida which reads >>>

Solicitation Number:
RTB220610
Notice Type:
Sources Sought
Synopsis: Added: Jun 22, 2010 1:42 pm Modified: Jun 22, 2010 2:07 pmTrack Changes

0001- Online Persona Management Service. 50 User Licenses, 10 Personas per user.
Software will allow 10 personas per user, replete with background , history, supporting details, and cyber presences that are technically, culturally and geographacilly [sic] consistent. Individual applications will enable an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries. Personas must be able to appear to originate in nearly any part of the world and can interact through conventional online services and social media platforms. The service includes a user friendly application environment to maximize the user’s situational awareness by displaying real-time local information.

0002- Secure Virtual Private Network (VPN). 1 each
VPN provides the ability for users to daily and automatically obtain randomly selected IP addresses through which they can access the internet. The daily rotation of the user s IP address prevents compromise during observation of likely or targeted web sites or services, while hiding the existence of the operation. In addition, may provide traffic mixing, blending the user s traffic with traffic from multitudes of users from outside the organization. This traffic blending provides excellent cover and powerful deniability. Anonymizer Enterprise Chameleon or equal

0003- Static IP Address Management. 50 each
Licence protects the identity of government agencies and enterprise organizations. Enables organizations to manage their persistent online personas by assigning static IP addresses to each persona. Individuals can perform static impersonations, which allow them to look like the same person over time. Also allows organizations that frequent same site/service often to easily switch IP addresses to look like ordinary users as opposed to one organization. Anonymizer IP Mapper License or equal

0004- Virtual Private Servers, CONUS. 1 each
Provides CONUS or OCONUS points of presence locations that are setup for each customer based on the geographic area of operations the customer is operating within and which allow a customer?s online persona(s) to appear to originate from. Ability to provide virtual private servers that are procured using commercial hosting centers around the world and which are established anonymously. Once procured, the geosite is incorporated into the network and integrated within the customers environment and ready for use by the customer. Unless specifically designated as shared, locations are dedicated for use by each customer and never shared among other customers. Anonymizer Annual Dedicated CONUS Light Geosite or equal

0005- Virtual Private Servers, OCONUS. 8 Each
Provides CONUS or OCONUS points of presence locations that are setup for each customer based on the geographic area of operations the customer is operating within and which allow a customer?s online persona(s) to appear to originate from. Ability to provide virtual private servers that are procured using commercial hosting centers around the world and which are established anonymously. Once procured, the geosite is incorporated into the network and integrated within the customers environment and ready for use by the customer. Unless specifically designated as shared, locations are dedicated for use by each customer and never shared among other customers. Anonymizer Annual Dedicated OCONUS Light Geosite or equal

0006- Remote Access Secure Virtual Private Network. 1 each
Secure Operating Environment provides a reliable and protected computing environment from which to stage and conduct operations. Every session uses a clean Virtual Machine (VM) image. The solution is accessed through sets of Virtual Private Network (VPN) devices located at each Customer facility. The fully-managed VDI (Virtual Desktop Infrastructure) is an environment that allows users remote access from their desktop into a VM. Upon session termination, the VM is deleted and any virus, worm, or malicious software that the user inadvertently downloaded is destroyed. Anonymizer Virtual Desktop Infrastructure (VDI) Solution or equal.

Contracting Office Address:
2606 Brown Pelican Ave.
MacDill AFB, Florida 33621-5000
United States

Place of Performance:
Performance will be at MacDIll AFB, Kabul, Afghanistan and Baghdad, Iraq.
MacDill AFB , Florida 33679
United States

Primary Point of Contact.:
Russell Beasley,
Contracting Officer
russell.beasley-02@macdill.af.mil
Phone: (813) 828-4729
Fax: (813) 828-5111

Adds Raw Story:

“A list of interested vendors responding to the Air Force contract for “persona management software” included HBGary subsideary HBGary Federal, further analysis of a government website has revealed.

“Other companies that offered their services included Global Business Solutions and Associates LLC, Uk Plus Logistics, Ltd., NevinTelecom, Bunker Communications and Planmatrix LLC.”

Now you know. Or do you?

Because this isn’t unusual. In fact, fake people seem to be de rigeur.

Think about it.

Jon Newton – p2pnet

Follow me on Twitter.

Raw Story – Revealed: Air Force ordered software to manage army of fake virtual people, February 18, 2011
p2pnet – HBGary ‘nearing completion of incident response’, February 18, 2011
Daily Kos – The HB Gary Email That Should Concern Us All, February 16, 2011

First they ignore you, then they laugh at you, then they fight you, then you win ~ Mahatma Gandhi

World War III will be a global information war with no division between civilian & military participation ~ Marshall McLuhan

Use free p2pnet newsfeeds for your site. Subscribe to p2pnet.net | rss feed: http://p2pnet.net/feed

---

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.

This entry was posted on Saturday, February 19th, 2011 at 10:43 am and is filed under Freedom, P2P. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 8775 times