If
the internet is to exist as a means by which to promote transparency
and freedom, it must of course be protected from those forces which seek
to instead use it for purposes of secrecy and control. The problem lies
in recognizing those forces, which are not comprised merely of
flamboyant dictators with obviously evil intent, but also include a
number of benevolent-seeming institutions that operate for what they
believe to be the greater good of mankind. But good intentions do not
guarantee good outcomes, as history confirms. Recent history in
particular has given the world reason to be suspicious of those who
believe they have the right to use public resources for the purpose of
manipulating that same public, no matter the excuses given or the
promises made. It is a fine thing, then, that the latest such project
has been revealed by accident and may now be scrutinized by a public
that was never meant to know of its existence.
In
early February, as the Anonymous collective was continuing its
month-long effort to assist protesters living in Tunisia and other North
African dictatorships, the CEO of intelligence contracting firm HBGary
Federal boasted to Financial Times about
having infiltrated the group and identifying some of its most active
participants. The next day, a small team of hackers associated with
Anonymous retaliated by infiltrating the servers of HBGary Federal and
its parent company HBGary, acquiring more than 70,000 e-mails and other
documents which together provide an unusual look into the interplay
between federal contractors and U.S. government agencis. A great deal of
wrongdoing became evident almost immediately, with reporters
understandably focusing on a complex scandal in which Bank of America
and the U.S. Chamber of Commerce had hired a prestigious law firm to arrange for a campaign of dirty tricks against those parties which the two institutions perceived as threats to their own interests.
As that incident and its implications continued to play out in the media, a different but related issue came to light when Raw Story discovered that HBGary had written up a detailed proposal by which to win a contract with the U.S. Air Force,
which itself had put out a call for bids on the creation of something
called persona management software. The requested apparatus would have
allowed 50 users to each control 50 personas - essentially
non-existent people who could be deployed for purposes of propaganda.
As the solicitation puts it:
Software
will allow 10 personas per user, replete with background , history,
supporting details, and cyber presences that are technically, culturally
and geographacilly [sic] consistent. Individual applications will
enable an operator to exercise a number of different online persons from
the same workstation and without fear of being discovered by
sophisticated adversaries. Personas must be able to appear to originate
in nearly any part of the world and can interact through conventional
online services and social media platforms. The service includes a user
friendly application environment to maximize the user's situational
awareness by displaying real-time local information.
When
asked about the matter, CENTCOM spokesman Bill Speaks had little choice
but to acknowledge what amounted to a smoking gun, telling reporters
that this particular program supports classified social media
activities outside the U.S., intended to counter violent extremist
ideology and enemy propaganda. Speaks sought to further reassure the
press by noting that it would be illegal for such efforts to target U.S.
citizens.
Of
course, the billions of non-Americans to whom such assurances do not
apply are thus left vulnerable to targeting by this sophisticated
propaganda measure, which will inevitably expand in scope as allowed by
improvements in technology and development. Americans, meanwhile, ought
not to take any comfort in the promise that such methodology will never
be used for the purposes of shoring up the domestic support that
generals require to achieve their specific objectives. Less than 24
hours after Speaks told his countrymen that they need not fear any
illegal propaganda by the military, my colleague Michael Hastings of Rolling Stonerevealed the exact opposite to be true.
The U.S. Army illegally ordered a team of soldiers specializing in
psychological operations to manipulate visiting American senators into
providing more troops and funding for the war, he wrote upon his
return from Afghanistan in an article that appeared on February 23rd,
and when an officer tried to stop the operation, he was railroaded by
military investigators.
Even
if the U.S.s top generals somehow manage to prevent those under their
command from violating the legal and ethical guidelines that have
already been disregarded in this and previous instances, the mere
development of persona management by any party, for whatever reason,
will almost certainly lead to such technology being utilized in a manner
that threatens the integrity of civic life throughout the world. The
U.S. and other governments depend on an array of intelligence
contractors to produce capabilities of the sort, and we need not merely
suspect that some of those contractors might provide similarly powerful
capabilities to other parties that would use them against their own
enemies; this was illustrated quite plainly through the e-mails obtained
by Anonymous.
Which
brings us back to HBGary, one of the bidders on the persona management
project for the USAF. As noted, the federal contractor had teamed up
with two other firms under the name Team Themis; the plan called for
each company to contribute its particular brand of expertise towards the
establishment of a highly organized corporate information war apparatus
which would then be hired out to those companies with an interest in
disrupting and discrediting its enemies. Unsurprisingly, it found quick
success; the law firm Hunton & Williams asked Team Themis to prepare
a covert campaign by which to effectively destroy Wikileaks on behalf
of its own client Bank of America. This was to be accomplished through a
variety of tactics involving malware, DDOS attacks, disinformation, and
social engineering. Hunton & Williams also provided Team Themis
with information on union leaders and left-wing activists compiled by
another of its clients, the U.S. Chamber of Commerce, which wanted
Themis to use it for the purpose of obtaining further data on the
families of Chamber critics in support of what appears to have been
intended as a campaign of sabotage and intimidation.
On
its surface, the Team Themis affair demonstrates the extraordinary
dangers inherent to the practice of the U.S. federal government relying
on private firms to produce technology which those same firms can then
hire out to unethical corporations and other institutions; one might
come to the initial conclusion that such things should be developed by
the U.S. internally to avoid such problems. The problem is that the
federal government itself has facilitated the situation; as the e-mails
revealed, it was the Justice Department
that recommended Hunton & Williams to Bank of America for the
purpose of launching unspecified attacks against Wikileaks, for
instance. And one of the two other firms that made up Team Themis,
Palantir Technologies, had been founded in 2004 in part through an
investment by In-Q-Tel, a CIA-chartered investment firm that was itself
founded to facilitate the development of new technologies of potential
use to the U.S. intelligence community. In fact, to the extent that one
examines the intelligence contracting culture that beget the Team Themis
conspiracy, one begins to discover an interlocking directorate of
government agencies and private interests that work towards their
various common goals in a way that has dealt further damage to
transparency, the rule of law, and even simple decency at a time when
such things are already in short supply.
This
is the environment that I and several of my associates in the Anonymous
movement entered into in early February of this year when HBGary CEO
Aaron Barr began publicly bragging about having infiltrated our
participant base - the incident that has since spawned the wider
investigation into persona management. I spoke to Barr a few hours after
five Anon operatives had launched our counterattack; throughout the ten-minute conversation,
this respected figure of the federal contracting world repeatedly lied
to me about his intentions, claiming that he never sought to get Anons
arrested and that he had never sought to get in touch with the FBI about
his findings when the e-mails taken from the company clearly showed
otherwise.
This
dishonesty in the face of verifiable facts appears to be a hallmark of
the industry. A week or so after other investigators came across
HBGarys bid on the persona management contract, I came across another
series of e-mails in which Barr had been in communication with
military/intelligence contractor Booz Allen Hamilton and specifically
the office of vice president William Wansley, who had spoken to Barr via
phone and even brought him in for a meeting at their Virginia offices
after having discussed Wikileaks, Anonymous, and the methodology by
which Barr hoped to disrupt both groups. I called Wansley to ask him
about the purpose of this conversation; he told me
that Booz had no business dealings with HBGary, nor have we ever.
Presumably Barr had been brought in for purely social reasons.
In
the process of making other calls by which to determine Boozs interest
in Anonymous, I happened to reach a former employee who was willing to
speak to me. This person confirmed our initial supposition that Booz was
indeed involved in persona management, describing the software as a
good product but akin to a gun insomuch as that it could be used for
good but heavily misused in the wrong hands. The informant was of the
opinion that Boozs hands were not exactly the right ones. Convinced
that persona management was a wider problem than initially suspected, a
few of us decided to launch a wider investigation, dubbed Operation
Metal Gear, which I announced on Russia Today on March 13th. Initial press coverage of our efforts prompted new informants and offers of research assistance, in turn leading to such discoveries as a 2007 IBM patent proving that persona management efforts had been going on for years. Meanwhile, journalists at The Guardian, Tech Herald,
and other outlets began making their own discoveries concerning the
fast-increasing list of those institutions known to be involved in the
dangerous push towards automated propaganda.
After
two months of research on the part of dozens of activists, journalists,
and citizen investigators, its become obvious that the cottage
industry of deploying semi-automatic sock puppets for the purposes of
disinformation and espionage has expanded to include a great number of
public and private institutions. There is as of yet no way of telling
how widespread the practice has become or exactly to what end such
things are being used. Uncertainty in this case is concerning enough,
but to understand the true extent of the danger, consider the
possibilities available to any government or corporation that is capable
of putting out its preferred take on reality in such a way as to make
it appear to be coming from the public itself. To the extent that this
degenerate practice is allowed to continue, the internet will become a
means by which to obscure the truth, rather than reveal it.
Anyone
who considers the situation hopeless should consider what has already
been accomplished over just two months by a mere handful of people who
have dedicated themselves to fighting back against those responsible for
this assault on transparency. Certainly the majority of people will not
bother to join us in this fight, but nor do we need the majority to
mount an effective counter-campaign; when information is the means by
which a conflict is waged, all that is required to wage it is a
dedicated, loosely-knit effort by those who know how to acquire and use
that information. Anyone may join us in compiling data on those who
develop or utilize persona management, information which we are organizing at a central venue
in order to assist journalists and activists in launching their own
investigations - and any information they obtained is then added back to
that central venue, which thus serves as the centerpiece of what might
be termed a crowd-sourced investigation. Persona management and
related efforts depend on secrecy; our response, then, will depend on
scrutiny.