All Things News

scouring the web one RSS feed at a time

Archive for the ‘CyberWar’ Category

Revealed: US spy operation that manipulates social media

with 2 comments

Did someone say, "Techno Experts?"

Straight from the Guardian: “The US military is developing software that will let it secretly manipulate social media sites by using fake online personas to influence internet conversations and spread pro-American propaganda.

A Californian corporation has been awarded a contract with United States Central Command (Centcom), which oversees US armed operations in the Middle East and Central Asia, to develop what is described as an “online persona management service” that will allow one US serviceman or woman to control up to 10 separate identities based all over the world.

The project has been likened by web experts to China’s attempts to control and restrict free speech on the internet. Critics are likely to complain that it will allow the US military to create a false consensus in online conversations, crowd out unwelcome opinions and smother commentaries or reports that do not correspond with its own objectives.

The discovery that the US military is developing false online personalities – known to users of social media as “sock puppets” – could also encourage other governments, private companies and non-government organisations to do the same.

The Centcom contract stipulates that each fake online persona must have a convincing background, history and supporting details, and that up to 50 US-based controllers should be able to operate false identities from their workstations “without fear of being discovered by sophisticated adversaries”.

Centcom spokesman Commander Bill Speaks said: “The technology supports classified blogging activities on foreign-language websites to enable Centcom to counter violent extremist and enemy propaganda outside the US.”

He said none of the interventions would be in English, as it would be unlawful to “address US audiences” with such technology, and any English-language use of social media by Centcom was always clearly attributed. The languages in which the interventions are conducted include Arabic, Farsi, Urdu and Pashto.

Centcom said it was not targeting any US-based web sites, in English or any other language, and specifically said it was not targeting Facebook or Twitter.

Once developed, the software could allow US service personnel, working around the clock in one location, to respond to emerging online conversations with any number of co-ordinated messages, blogposts, chatroom posts and other interventions. Details of the contract suggest this location would be MacDill air force base near Tampa, Florida, home of US Special Operations Command.

Centcom’s contract requires for each controller the provision of one “virtual private server” located in the United States and others appearing to be outside the US to give the impression the fake personas are real people located in different parts of the world.

It also calls for “traffic mixing”, blending the persona controllers’ internet usage with the usage of people outside Centcom in a manner that must offer “excellent cover and powerful deniability”.

The multiple persona contract is thought to have been awarded as part of a programme called Operation Earnest Voice (OEV), which was first developed in Iraq as a psychological warfare weapon against the online presence of al-Qaida supporters and others ranged against coalition forces. Since then, OEV is reported to have expanded into a $200m programme and is thought to have been used against jihadists across Pakistan, Afghanistan and the Middle East.

OEV is seen by senior US commanders as a vital counter-terrorism and counter-radicalisation programme. In evidence to the US Senate’s armed services committee last year, General David Petraeus, then commander of Centcom, described the operation as an effort to “counter extremist ideology and propaganda and to ensure that credible voices in the region are heard”. He said the US military’s objective was to be “first with the truth”.

This month Petraeus’s successor, General James Mattis, told the same committee that OEV “supports all activities associated with degrading the enemy narrative, including web engagement and web-based product distribution capabilities”.

Centcom confirmed that the $2.76m contract was awarded to Ntrepid, a newly formed corporation registered in Los Angeles. It would not disclose whether the multiple persona project is already in operation or discuss any related contracts.

Nobody was available for comment at Ntrepid.

In his evidence to the Senate committee, Gen Mattis said: “OEV seeks to disrupt recruitment and training of suicide bombers; deny safe havens for our adversaries; and counter extremist ideology and propaganda.” He added that Centcom was working with “our coalition partners” to develop new techniques and tactics the US could use “to counter the adversary in the cyber domain”.

According to a report by the inspector general of the US defence department in Iraq, OEV was managed by the multinational forces rather than Centcom.

Asked whether any UK military personnel had been involved in OEV, Britain’s Ministry of Defence said it could find “no evidence”. The MoD refused to say whether it had been involved in the development of persona management programmes, saying: “We don’t comment on cyber capability.”

OEV was discussed last year at a gathering of electronic warfare specialists in Washington DC, where a senior Centcom officer told delegates that its purpose was to “communicate critical messages and to counter the propaganda of our adversaries”.

Persona management by the US military would face legal challenges if it were turned against citizens of the US, where a number of people engaged in sock puppetry have faced prosecution.

Last year a New York lawyer who impersonated a scholar was sentenced to jail after being convicted of “criminal impersonation” and identity theft.

It is unclear whether a persona management programme would contravene UK law. Legal experts say it could fall foul of the Forgery and Counterfeiting Act 1981, which states that “a person is guilty of forgery if he makes a false instrument, with the intention that he or another shall use it to induce somebody to accept it as genuine, and by reason of so accepting it to do or not to do some act to his own or any other person’s prejudice”. However, this would apply only if a website or social network could be shown to have suffered “prejudice” as a result.

• This article was amended on 18 March 2011 to remove references to Facebook and Twitter, introduced during the editing process, and to add a comment from Centcom, received after publication, that it is not targeting those sites.”

Written by Jason Jeffrey

August 8, 2011 at 3:26 pm

Posted in CyberWar, Military News, Political

LulzSec Offers to Take Revenge On Sega Hackers

leave a comment »

Straight from Reuters, the bastion of truth, “Japan’s Sega Corp joined the rapidly growing club of video game companies whose computer systems have been hacked by cyber criminals, the company said on Friday.

The news capped a week in which the Lulz Security group of hackers launched a cyber crime spree against other video game companies.

In an unexpected twist, Lulz responded to the news of the attack on Sega by offering to track down and punish the hackers who attacked the Japanese maker of video game software.

The drama surrounding the recent round of video game breaches paled compared to what PlayStation maker Sony Corp experienced following two high-profile attacks that surfaced in April. Those breaches led to the theft of account data for more than 100 million customers, making it the largest ever hacking of data outside the financial services industry.

They also exposed what turned out to be a large number of security holes in sites throughout the global Sony media empire. That led to a rash of attacks on Sony systems that undermined confidence in the company and made it the source of frequent jokes by security experts. Its security staff scrambled to repair vulnerabilities in its network as independent experts identified new problems via remote scans and disclosed them to Sony and the public.

Sega said that some personal information about an unspecified number of Sega Pass online network members had been compromised in the attack, according to a letter the company sent to customers on Friday that was published on the PlayStation LifeStyle.net website.

Customer email addresses and birthdates, which can be read in plain text were taken, as were passwords, which could not be read in plain text because they had been scrambled or encrypted using security software before being stored in the database.

Sega shut down the Pass network on Thursday, the day it learned of the breach, telling customers in a note on its website that it was “undergoing improvements.” It was not immediately clear when it would go back online.

The video game developer is a division of Japan’s Sega Sammy Holdings, which makes game software such as Sonic the Hedgehog as well as slot machines.

Sega was one of the biggest video game consoles makers in the 1990s, but pulled out of the market in 2001 in response to disappointing sales of its Dreamcast system, which had debuted in 1998 to widespread industry praise. Dreamcast lost ground to newer products developed by Sony and Nintendo.

It now focuses on developing video games for systems made by other companies.

LULZ GETS INVOLVED

While the FBI is likely to be called in to investigate the attack on Sega, as the bureau typically is in such cases, its agents may find themselves competing for clues with members of Lulz Security hacking group.

In its offer to assist Sega, the Tweet from Lulz hinted that its leaders might count themselves among a small but highly loyal group of gamers who still play on the aging Dreamcast console.

“Sega – contact us,” Lulz said in its Tweet to the video game developer. “We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.”

Lulz offered to see that the cyber criminals are punished for attacking Sega shortly after ending its own crime spree that included attacks on several other video game companies.

The Lulz hackers, who publicize their attacks on their own website and via Twitter, said on Friday that they had stolen customer records of some 200,000 users of the online video game Brink. Officials at Xenia Media, the developer of Brink, could not be reached for comment.

Lulz last week also attacked several other industry players, saying it was working on behalf of disgruntled players who had ordered the attacks via telephone hotlines that Lulz set up in the United States and Europe to solicit such requests.

Tribalware.net and EVE from Innogames were among the victims of the Lulz campaign against video game makers. The hacking group also attacked servers that help run two other online games — “League of Legends” and “Minecraft” — and it hit the The Escapist website, which provides video game news.

Lulz had hacked into Nintendo in an attack that it disclosed on June 3, but the incident has not appeared to have serious consequences for the company. The hacking group published a data file over the Internet that it said contained details on the way Nintendo set up one of its web servers.

Such data could be valuable to other hackers planning future attacks on Nintendo because the data potentially could leave clues as to possible security weaknesses in the game maker’s network.”

The Lulz Boat

Written by Jason Jeffrey

June 21, 2011 at 4:28 pm

Posted in CyberWar, Video Games

Follow

Get every new post delivered to your Inbox.