Everyone gets Facebook friend requests from strangers. We used to worry about them being identity thieves. Nowadays, those strangers might be spooks.
Many experts agree cyberspace is the battleground of the future, and for good reason. We see that future playing out in many ways, even now. There are real cybersecurity threats out there, as the recent hacking of the Office of Personnel Management demonstrates. Experts estimate the cost of information lost to hackers could be as high as $4.6 billion.
This isn’t The Pirate Bay sharing films and music via free torrent downloads. This is actual damage from ideological foes like ISIS and North Korea. China alone accounts for 70% of intellectual property theft. One Air Force counter strategy took a play from Russia’s playbook: create an online army of trolls.
Russian trolls pump out 135 comments, 50 news article posts, and maintain 6-10 Facebook and Twitter accounts per 12-hour shift. But Russia uses actual humans to do this work, while the Air Force commissioned software to allow one service member to control the same number of online identities, accounts known as “sock puppets,” toward purposes not specified.
In 2010, Air Force contractors took bids for developing this software on FedBizOps (which is a real government website, despite sounding like a subsidiary of Cash4Gold) as legally required for potential contractor opportunities. According to the contract synopsis the Air Force wanted:
“50 User Licenses, 10 Personas per user. Software will allow 10 personas per user, replete with background, history, supporting details, and cyber presences that are technically, culturally and geographacilly consistent. Individual applications will enable an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries. Personas must be able to appear to originate in nearly any part of the world and can interact through conventional online services and social media platforms. The service includes a user friendly application environment to maximize the user’s situational awareness by displaying real-time local information.”
That’s 500 people spreading disinformation and propaganda, much more than the mass emails your parents send to all their friends.
The U.S. Central Command (CENTCOM) has the same technology. It might even be better than the Air Force’s request, as CENTCOM’s can fool geolocating services, allowing for misinformation and propaganda (or anything else the software could provide) from anywhere in the world.
“This contract supports classified social media activities outside the U.S., intended to counter violent extremist ideology and enemy propaganda,” said Commander Bill Speaks, the chief media officer of CENTCOM’s digital engagement team.
In contrast, the Air Force’s guidelines for actual humans posting on blogs and social media is actually pretty well constructed.
One of the original bidders for the software was the now-defunct HBGary, whose CEO infamously bragged he was able to take down hacker collective Anonymous, the same collective who subsequently dumped HBGary’s secret documents onto the Internet, where it was found HBGary had developed similar software as a part of the U.S. government’s ongoing not-so-secret supervillain plan to destroy the Wikileaks website.
Whatever the persona technology was for, it was launched in March 2011, presumably in support of Operation Earnest Voice. For the record, it would be illegal for the Air Force or CENTCOM to use “sock puppet” accounts against American citizens.