
The HB Gary Email That Should Concern Us All (Sockpuppet Management Software) - ph0rque
http://www.dailykos.com/story/2011/02/16/945768/-UPDATED:-The-HB-Gary-Email-That-Should-Concern-Us-All
======
DanielBMarkham
I've found that in the last couple of years, I keep expecting the internet to
be one way and it keeps being another.

So for instance, they say if you want people to read your work, concentrate on
quality. But that's bullshit, what you need to concentrate on is popularity.
On any given day, boards all over the place are full of high-ranking articles
that are crap that people vote on simply because the author is popular.

Then they say that the wisdom of the crowds will help pick clear winners. But
the wisdom part begins to look like mob rule and crowds can be easily gamed,
as this article shows.

I could go on, but I think I'm not alone in realizing that the cool
interconnected internet that I wanted and the one we're actually getting are
two completely different things.

So on one hand I congratulate this author -- we critically need to get this
information out and emphasize it. But on the other hand, it's just another in
a long series of "So, you thought it worked this way? Boy were you wrong."
kind of things.

So I'm left wondering: do we all just sit around and whine about how things
aren't turning out the right way? Go out and "fight the system" Adapt? Make
the most of it? What? While you can fight the system if it's the local town
government putting up a stoplight, fighting the system effectively and
honorably where the system is billions of people of hundreds of cultures all
interacting randomly is a bit too much to fit in my head.

Apologies for the rant. Just seemed like a pattern I've noticed of late.

~~~
iuguy
Whenever I think of things like your comment I'm reminded of the wisdom of
Mahatma Gandhi:

    
    
        “Be the change you want to see in the world.”

~~~
snth
I don't think this helps much with the problem outlined in the original post.
All you need is one guy running this "persona management" software to offset
lots of guys refusing to use it.

~~~
iuguy
RyanMcGreal hit the nail on the head with his comment. I made a comment in a
different thread about Apples subscription along the lines of how the Internet
tends to route round things, which I think may apply here too.

Bear in mind the history of PGP
([http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_in...](http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_investigation))
as a prime example of this. When Egypt had it's Internet cut off, the
Egyptians routed around it. They became the change they wanted to see and
Mubarak had to step down.

Given that semi-automated astroturfing is a popular pastime for corporations,
having the government astroturfing offers relatively little by way of
difference except in certain circumstances where resources become an issue for
corporations (e.g. identification). Much of what's proposed already exists
elsewhere in the blackhat market anyway.

So how do you fight it? If you care enough about it, _any way you can_.
Disinformation is as old as the hills. Exposing it is one way, discrediting
the source is another, counterdisinformation yet another still. Not
participating in places where known or suspected personas exist is probably
best. For the truly organised group of today (and for the casual group of
tomorrow) there's darknets and offline means of communication.

------
bugsy
The Chinese government has the "50 cent army" which is a 300,000 strong
persona ops set. Many are Chinese students in the US who are required to post
pro-China posts while in school and pretend to be a random western
sympathizer. This is the largest and most organized, but there are tons of
these and you see them on all the major boards. Can identify them when there
is something really indefensible and they are in defending it with statements
like "Well, as far as I know, none of the Wall Street companies broke any
laws. So if you are concerned, maybe you should blame the government for
deregulating." Their accounts are full of certain themes that enable you to
identify them.

At first I typed up here techniques on how to recognize them but on second
thought I don't want to give them ideas on how to correct.

Of interest to me right now is whether this propaganda war can be widely
unveiled. It's hard since there are likely thousands of different PR ops
posting stuff so there's no single pattern, and it's subtle to distinguish
between this and zealous and sincere advocates of things. It would also be
pretty easy to dismiss zealous advocates as PR ops as an attack strategy
against advocates. Maybe that will eventually mean sincere advocates will end
up having to blog more with their real name and photo to be taken seriously.

~~~
kgtm
"Maybe that will eventually mean sincere advocates will end up having to blog
more with their real name and photo to be taken seriously."

Isn't this exactly what "they" are after? Once that happens, there won't be
any need for such armies. The end of anonymity means the end of free speech.

~~~
bugsy
Yeah it's kind of a different topic, I probably shouldn't have been
extemporanializing (sp?) at the end of my comment and kept it more focused.

I agree with that about anonymity. People will be more tempered in what they
say. Only today there is a story that a blog
(<http://natalieshandbasket.blogspot.com/>) I had been following by a teacher
was "outted". The teacher was suspended and is going to be fired because she
told the truth about her students, who she didn't name.
([http://www.phillyburbs.com/news/news_details/article/28/2011...](http://www.phillyburbs.com/news/news_details/article/28/2011/february/10/blog-
puts-teacher-in-hot-water.html)) The students have since commented that
although everything she said was true, she shouldn't have been allowed to say
it and they want her to be fired as punishment, and that looks like it will
happen. The blog was extremely useful because it showed what is really going
on in schools. She had thought only her friends knew about it though and that
obviously wasn't true since I had no idea who she really was until today, but
I knew about her secret blog since it had been linked to from some site
previously, and then I bookmarked and followed it. No doubt a lot of other
people did this as well. Her mistake was to even let her friends know who she
was because one of them outted her. Also she had a small thumbnail of herself
sitting in the distance, which may have confirmed to someone who she was.

Without this anonymity, there is absolutely no doubt whatsoever that she would
not have been able to say the things she did. We can see exactly what happened
as soon as her identity was known.

A persona such as an anonymous blog can have as much credibility as someone
whose birth certificate you have seen and held. The key is that it's an
established and consistent persona with a personality. So some are sincere and
promote free speech and honesty, others are manipulative lies paid for by
governments and corporations. Which is which you can tell (I sure hope) by
looking at their history of posting. One may post unpopular ideas and be worth
listening to and you know they are real because there is a human je ne sais
quois (sp?) that identifies them as real, something that is not present in 50
cent army posts.

~~~
jhancock
There has never been a guarantee of no repercussions from utilizing free
speech, anon or not. Many pay a high price for speaking their mind. And not
just from government. The first front that keeps people in line is their
peers, community, and jobs. Its sad, but that's how things have always been,
China and U.S.

~~~
nitrogen
The fact that free speech has always carried risks doesn't mean that it always
should.

By reducing the risks and increasing anonymity, people will be able to say
things that would've been too risky before. In some cases that's a bad thing,
but in general I expect it to be beneficial to democracy and society.

------
alexophile
Social/crowdsourced companies do this all the time, they just don't have such
sophisticated software. But that's hardly an inconceivable jump - I would
certainly not be surprised to see a number of in-house versions of this at
work all over the internet.

I worked with an early stage company that relied on user-generated content
that essentially did this but didn't tell the new CMs, so we spent the first
couple weeks trying to get increased activity out of the clones.

Bonus example, there was an interview with the founder of thathigh.com on here
not too long ago where he talked about doing exactly this.

The game isn't new, only the players - and you can always spot a newb, even if
he has really nice equipment.

[Edit, appending part of my reddit comment on the sme article]: Here in
Chicago, elections are (or at least were for a long time) considered to be
basically a running joke. It's a city of horriffic corruption, and everyone's
pretty much gotten used to it. This should be far more unsettling than gov
contractors manufacturing an echo chamber. At least when they're sneaky about
it you know they're scared.

------
anguslong
tl;dr Contractor develops psyops backend for the cloud. Creates fake persona
pool. Uses anonymizer/chameleon for IP obfuscation, vmware/virtualbox
instances for each persona, enables deploying to vps around the world. Uses
system to age personas via social/email accounts and salt with rss, social &
checkin data.

RFP:
[https://www.fbo.gov/index?s=opportunity&mode=form&id...](https://www.fbo.gov/index?s=opportunity&mode=form&id=d88e9d660336be91552fe8c1a51bacb2&tab=core&_cview=1)

~~~
bugsy
That is a pretty & _!@(_ &ing awesome link you pulled out there with an actual
Air Force project that does just this thing.

Wow. Saved to disk in case that page vanishes without a trace.

~~~
joelhaus
Ha, saved as well... it's a gem.

I've got to believe that the social networks and Google have been thinking
about way to combat this problem too. I wonder what kind of impact Google's
open-source two-step authentication [1] (and other types of mobile device
verification systems [2]) will have on efforts to develop meaningful persona
management software. If implemented properly, mobile device verification would
surely inhibit such efforts.

[1] <http://code.google.com/p/google-authenticator/> [2]
[http://openid.net/2009/09/09/yahoo-paypal-google-equifax-
aol...](http://openid.net/2009/09/09/yahoo-paypal-google-equifax-aol-verisign-
acxiom-citi-privo-wave-systems-pilot-open-identity-for-open-government-2/)

EDIT: Didn't notice before, so not sure if they just added it, but the same
RFP is duplicated & linked to at the bottom of the article.

~~~
caf
I reckon if you can afford to do this, you can afford to buy one phone per
puppet.

~~~
joelhaus
True, but it introduces a number of manual procedures into, what would
otherwise be, an automated workflow.

Even if the only obstacle was to connect each phone to your network, it would
still slow the rise of an army of zombie personas.

------
jcromartie
What's more amazing is the USAF solicitation for bids on this kind of
software. They say it's for use in Afghanistan, Iraq, and _Florida_.

~~~
imajes
that'd be where they'd observe it from, or whatever other neutral ops outside
of the theater of war is; not that they intend to use it against florida.

~~~
jcromartie
I understand it is not to be used in Florida, but it's CENTCOM from what I
understand. That would seem to indicate a more overarching and widespread
intent.

~~~
GHFigs
USSOCOM (Special Operations Command) which includes most Civil Affairs and
Psychological Operations groups is also headquartered at MacDill.

------
narrator
I used to see sock puppets on yahoo finance message boards for small energy
companies. The sock puppet would repeat the same five or six canned messages
several times a day under multiple aliases. They would never reply to
criticism or anyone responding to their posts. I would come back weeks later
and the same sock puppets would still be there with the same repetitive
slightly varying messages posted in enormous quantities.

my suspicion is that this was some bigger energy companies paying some black
PR to pay people (probably in a business process outsourcing sweat shop
somewhere in a developing country) to repetitively post these things, or write
scripts to do so, in order to drive down the price of these small energy
companies so they could be acquired.

The hallmark of a sockpuppet is not responding with anything but a canned ad-
hominem response, and posting the same set of talking points in enormous
volume.

~~~
bugsy
> The hallmark of a sockpuppet is not responding with anything but a canned
> ad-hominem response, and posting the same set of talking points in enormous
> volume.

That's a good list for that style of Persona. Here's an example:

<http://www.reddit.com/user/jmeasley/>

------
jarin
Wow, kind of makes you wonder what really sparked off the revolutions in the
Arab world, doesn't it?

------
scrollbar
I've always assumed this kind of psyops has been used by, if not govt
agencies, PACs or private entities. Digg commenters in particular.

------
jsm386
I am not going to take a position one way or the other as I know nothing about
them, but I've seen this group come up as an issue on Reddit every so often:
<http://en.wikipedia.org/wiki/Jewish_Internet_Defense_Force>

see: <http://www.google.com/search?q=site%3Areddit.com+jidf>

------
bediger
Ha ha! The leak that blows the sockpuppets/trolls wide open! We knew this day
would arrive, and it finally did.

But the bigger question: why didn't dailykos.com link to the Aaron Barr email
in question? I ask for two reasons. First, it seems kind of Mainstream Media
of them to not link to it. Trying to keep us on your site, Kos, or is this one
of those "sensitive" things that must be kept out of the common man's hands, a
gatekeeper function that newspapers used to exercize? Second, I want to find
out more about the Persona Management Software. It seems like an opportunity
for an open source project.

~~~
GHFigs
_The leak that blows the sockpuppets/trolls wide open!_

Could you elaborate on this? The article only talks about ideas contained in
Word documents.

~~~
bediger
Elaborate on this? Certainly. Visit a website that allows comments, and posts
articles on controlversial topics. Say, techdirt.com or groklaw.net. Read all
the comments for 10 articles. You'll quickly come to the realization that a
number of the differently-named identities repeat a large number of the same
ideas, concepts and talking points.

But all these differently-named identities have different habits of usage.
Maybe one of them can't be bothered to use the shift-key, like e e cummings.
One of them is named "Darryl" and posts rather rambling comments. A few of
them are anonymous cowards. But over the course of a few weeks diligent
followers of the comments in a blog see that all the trolls start using the
same talking points at the same time. Maybe a phrase like "rich user
experience" shows up in all troll comments one day. A few weeks later, any
number of people chime in with "I love linux as much as the next guy, but
Microsoft has a great product this time."

What I mean by "blows the sockpuppets/trolls wide open" is that this
revelation finally explains how a site like Groklaw.net or techdirt.com can
attract such a large number of persistent detractors. Sockpuppet/Persona
Management explains how a single person can create a large number of different
trolls with different writing characteristics, different vocabularies, but all
with the same point of view.

~~~
GHFigs
This is just an alternative explanation for an observed phenomenon. Actual
human beings are entirely capable of reduction to repeatable talking points
and strangely fanatical persistence given the right framing and environment.

------
jleader
I can't believe no one's mentioned <http://xkcd.com/810/> about training sock
puppet bots to make relevant contributions to the conversation.

------
motters
This is the first time that I've heard about "Persona Management Software",
and I think it raises some serious questions. Taken to its logical conclusion
systems like this could be used to influence the outcomes of elections and
other kinds of collective decision making, so there's a debate to be had over
whether use of this kind of software should be legal or to what extent it
should be regulated if it's used by companies or government agencies.

------
ChuckMcM
"On the internet, nobody knows you are a stick drive."

The concept isn't particularly astonishing, Here is the TV show from 71 that
used this for entertainment <http://www.imdb.com/title/tt0067551/>

Of course with the Internet everything can be bigger/badder/etc. Looking at is
from the perspective of algorithmic search (my current interest) its
fascinating to see software which creates an entire "fake community" using
things like markov-chain spam on hastily concocted php forum sites to simulate
an organic community of interest.

Literally, there is no way to know. Maybe we'll know that AI is here when it
devlops sentience and then posts something witty on our facebook wall. New
trust models, not 'friending' anyone you haven't met in person, alternative
communities for verbal interaction.

It just reminds me of the adage that demand creates products to fill that
demand as soon as the economics favor creation.

------
wybo
Faking dozens of personas online gives a whole new meaning to the phrase 'we
are legion'.

Scary indeed.

------
jrwoodruff
It surprises me that this hasn't been done already. In fact, I would be
willing to bet that somewhere, this type of software exists in some form. I'm
fairly sure (although cannot prove, of course) that I watched this happen to a
blog critical of a large publishing company here in the U.S.:

[http://gannettblog.blogspot.com/2009/07/trolls-inc-take-
this...](http://gannettblog.blogspot.com/2009/07/trolls-inc-take-this-with-
grain-of-salt.html)

Probably didn't use fancy software, but there certainly appeared to be a
concerted attack effort against the blogger for an extended and sustained
period of time.

------
Natsu
During the 2008 elections, it was hard to miss the fact that one guy managed
to get the first comment on almost every single news site with comments.

Maybe he had no life, but I strongly suspected that that was his job. Also, he
vanished immediately after the elections were over.

------
Vivtek
If they're worried about this level of sockpuppetry, wait until the
sockpuppets get automated. It's this kind of lapping-up-against-the-
Singularity stuff that will make H. sapiens obsolete in the end.

~~~
bugsy
Well the article does talk about that. And there are plenty of bot posters out
there as well, they were quite notorious in manipulating stock prices.

Terminology note - sockpuppet is a Persona that is created to back up the
opinions of second Persona. The general term here seems to be Persona, of
which sockpuppet is a specific kind of Persona.

~~~
Vivtek
Bah. It's still a sock puppet. Calling it a persona just makes it sound
reputable.

------
Anon84
I wonder if any of the ones we found with Truthy (
<http://truthy.indiana.edu/> ) were generated in this way

------
b_emery
I think this illustrates a need for an HN-like internet-global karma system.
That is, unless some of you have sockpuppet armies upvoting your comments.

Say it isn't so!

~~~
epochwolf
And who will you trust to implement such a system? How would you prevent
gaming? How do you prevent someone from bribing the operators?

------
NHQ
Would creating fake personas be considered government propaganda?

------
ttt567
In Internet quantity is quality.

------
philthy
Nigerians, scammers, fraudsters, and all other sorts of Internet criminals
already do this kind of stuff and have for years. Plus this happens in the
real world, it's just called identity fraud. This once again further proves
the technological ineptitude of the US Government and it's contractors, this
isn't in any way an advanced concept. HB Gary got rooted by a 16 year old
girl, what is everyone so worried about?

------
unsigner
Somehow the left considers the Internet their backyard, and are extremely
surprised and offended when opponents dare to play with "their" toys.

~~~
locopati
Can you expand on your comment to explain how it makes any sense?

~~~
hristov
Unfortunately, the "explanation" feature is not built into the sockpuppet
software yet, it is still in alpha, but I am sure in a 6-9 month period you
will be able to get some kind of vague generic explanation.

~~~
CamperBob
I can hardly wait until the CAPTCHA is replaced by the Voight-Kampff test.

