
Hacking Online Polls and Other Ways British Spies Seek to Control the Internet - unclebucknasty
https://firstlook.org/theintercept/2014/07/14/manipulating-online-polls-ways-british-spies-seek-control-internet/
======
cmsefton
I didn't realize GCHQ was in the SEO game. If they released an online tool,
they'll make a _mint_ selling this to marketing agencies.

Some examples:

AIRWOLF - YouTube profile, comment and video collection

BEARTRAP - Bulk retrieval of public BEBO profiles from member or group

BIRDSONG - Automated posting of Twitter updates

BIRDSTRIKE - Twitter monitoring and profile collection.

BUGSY - Google+ collection (circles, profiles etc.)

FATYAK - Public data collection from LinkedIn

FUSEWIRE - Provides 24/7 monitoring of Vbulletin forums for target
postings/online activity. Also allows staggered postings to be made.

GODFATHER - Public data collection from Facebook

GOODFELLA - Generic framework for public data collection from social networks.

INSPECTOR - Tool for monitoring domain information and site availability

RESERVOIR - Facebook application allowing collection of various information.

GATEWAY - Ability to artificially increase traffic to a website

GESTATOR - amplification of a given message, normally video, on popular
multimedia websites (Youtube)

SLIPSTREAM - ability to inflate page views on websites

TANGLEFOOT - is a bulk search tool which queries a set of online resources.
This allows analysts to quickly check the online presence of a target.

~~~
brador
Do they make these inhouse or purchase off the shelf/black market? How do they
get these tools?

~~~
Someone1234
In the UK: Contractors. Military contractors in particular are a huge industry
and they've moved into producing surveillance equipment as a natural progress
of what they produced previously.

They also buy from abroad (although mostly from the US and Israel, who both
produce software like this at a number of shops).

------
mkal_tsr
"Snowden: Dropbox is hostile to privacy, unlike 'zero knowledge' Spideroak" \-
[http://www.theguardian.com/technology/2014/jul/17/edward-
sno...](http://www.theguardian.com/technology/2014/jul/17/edward-snowden-
dropbox-privacy-spideroak)

and from
[https://firstlook.org/theintercept/document/2014/07/14/jtrig...](https://firstlook.org/theintercept/document/2014/07/14/jtrig-
tools-techniques/) under Honeypots we have, LONGSHOT - file-sharing and upload
website.

And Condoleezza Rice just got on their board. I haven't seen anything that
makes an official link between those but at least I moved off Dropbox :-P

~~~
laxatives
It scared the crap out of me when Dropbox asked if it wanted to save my
screenshot. Since when did it have access to things like that? I had a phone
interview with Dropbox a few weeks ago and they mentioned a ton of new
products that seemed vaguely offputting as well. After the screenshot prompt,
I immediately uninstalled Dropbox, but after a few days I realized it had a
bunch of useful backups so I ended up reinstalling it.

~~~
sp332
If the dropbox program is running under your user account, it has the same
permissions you do. Unless you're on Linux and have restricted it via
AppArmor.

~~~
mike-cardwell
Even with AppArmor in place, it still has access to read every key you press
in any other X11 app. Here's how I lock down Dropbox on my system:

[https://grepular.com/Protecting_Your_GNU_Linux_System_from_D...](https://grepular.com/Protecting_Your_GNU_Linux_System_from_Dropbox)

------
TomGullen
It's a revolting program they are running. You can't even justify a lot of
this stuff with "terrorism" or "national security".

Manipulation of public opinion is simply a power play.

These agencies are out of control and entirely untrustworthy. I feel entirely
powerless about it all as well.

~~~
orta
Don't vote for the big three. We've seen it with DRIP, and it will only get
worse with time. Start getting active with the green party, or the pirate
party UK.

Both of their manifestos are about individual liberty over state surveillance:
[http://www.greenparty.org.uk/values/](http://www.greenparty.org.uk/values/)
[https://pirateparty.org.uk/policy](https://pirateparty.org.uk/policy)

~~~
pjc50
Or one of the regional parties on this convenient list of those who voted
"no": [http://anotherangryvoice.blogspot.co.uk/2014/07/51-mps-
drip-...](http://anotherangryvoice.blogspot.co.uk/2014/07/51-mps-drip-
emergency.html)

SNP, Plaid, DUP, Alliance, SDLP.

------
agd
The original story (with more depth) is here
[https://firstlook.org/theintercept/2014/07/14/manipulating-o...](https://firstlook.org/theintercept/2014/07/14/manipulating-
online-polls-ways-british-spies-seek-control-internet/)

~~~
mc_hammer
this title is clearly fud, this is a relabeling of the actual tech - the
entire purpose of this is to manipulate forums and spread disinformation

------
discostrings
This story was in the first position on the front page less than an hour ago.
It was there for hours. The link was then changed from [0] to [1], and within
thirty minutes, it was on the second page at number 47. (It first took a drop
to around 17, hovered there for a while, then hit 47.)

Could we have an explanation of what's going on here? How can penalties from
flagging be this steep for a story with 200 upvotes and 90 comments? Why did
the position suddenly change shortly after the link was changed, but not right
away?

[0]
[http://www.slate.com/blogs/future_tense/2014/07/15/documents...](http://www.slate.com/blogs/future_tense/2014/07/15/documents_show_gchq_manipulating_online_information_like_web_polls_and_traffic.html)

[1]
[https://firstlook.org/theintercept/2014/07/14/manipulating-o...](https://firstlook.org/theintercept/2014/07/14/manipulating-
online-polls-ways-british-spies-seek-control-internet/)

------
jjgreen
The nasty and antidemocratic behaviour of GCHQ is, at last, losing them
sympathy:
[http://golem.ph.utexas.edu/category/2014/03/should_mathemati...](http://golem.ph.utexas.edu/category/2014/03/should_mathematicians_cooperat.html)

------
mnem
To be fair though, hasn't everyone who has started playing with HTTP in code
manipulated online polls at some point just to learn? Does anyone actually put
any weight in online polls other than linkbait headline sites?

~~~
tripzilch
Of course. But that is nothing "to be fair" about.

It's wrong to do so if you're a teenage hacker who just discovered scripting,
and it's wrong to do so if you're a government.

And the latter is IMO much worse than some teenage kid playing around because
of scale, impact, accountability and the fact that, in a "democracy", the
government should be influenced by the people and not the other way around.

~~~
mnem
Really? It's wrong? By what measure? It's certainly not illegal to manipulate
online polls. In fact, I personally find it quite amusing to do so, in certain
cases.

Do you agree?

[ ] Yes [ ] No

~~~
tripzilch
I agree it can be amusing.

I try to never conflate the meaning of the words "illegal" and "wrong", as
they are rather orthogonal, even if many people do not realize this.

And I think it's _wrong_ (unethical) to do so for a multitude of reasons. Two
main ones are because it's misleading to people reading/interpreting the
results, and that it's actively trying to sabotage the intent of whoever set
up the poll.

Don't get me wrong though, if we're talking about a stupid or silly poll, on a
stupid or silly site, or if it's in the context of a really good prank, etc,
it can be a forgiveable type of "wrong". In fact in certain circumstances one
could even argue that it's not actually completely wrong, simply because I
wouldn't want to live with a system of ethics where pranks are never right.
That's a tricky one (as is often the case with discussions about ethics).

However, that's not really the type of manipulating of polls we were
discussing here.

------
discostrings
It would be incredibly easy to use this sort of program to game visibility on
HN.

This story itself serves as the perfect example. When it was submitted four
days ago [0], it quickly took a huge ranking hit and dropped off the front
page. When a story drops off the front page this quickly, it's nearly
impossible for it to get the upvote momentum required to gain any additional
visibility. And the same URL can't be submitted again, so the opportunity for
discussion of the article has essentially been removed.

Then, we're left discussing a breaking story as the top item four days later,
when a summary report about the original story that contains no new
information is published on Slate.

One might be quick to blame moderators, but in the discussion of another
recent First Look story, dang said most of the penalty came from users
flagging the story. [1] How many users flagging the story does it take to
produce this outcome? Does GCHQ just need three accounts with a little karma
to seriously diminish visibility here for days? Safeguards should be developed
to prevent this sort of malicious activity. Maybe some sort of collusion
penalty, where if the same users are flagging the same stories, the effect is
diminished? Or a greater restriction on the maximum penalty?

[0]
[https://news.ycombinator.com/item?id=8031791](https://news.ycombinator.com/item?id=8031791)

[1]
[https://news.ycombinator.com/item?id=8008472](https://news.ycombinator.com/item?id=8008472)

EDIT: And it's happened again! This story was #1 when the link was to [3].
About a half hour ago, the link was changed to firstlook.org, and within
minutes, the story fell to the center of the main page. Now, thirty minutes
later, it's at number 47 (with 200 points after six hours). It was at the top
for hours, then dropped to 47 within thirty minutes of the link being changed.
The fact that flagging happened right after the link was changed seriously
suggests that some someone has automated monitoring for First Look links to
flag.

[3]
[http://www.slate.com/blogs/future_tense/2014/07/15/documents...](http://www.slate.com/blogs/future_tense/2014/07/15/documents_show_gchq_manipulating_online_information_like_web_polls_and_traffic.html)

------
lotsofmangos
Of all the predictors of future dystopia, I think Asimov may be closest with
the Foundation series in a weird kind of a way. I do wonder who the mule is
though.

------
higherpurpose
This is why we shouldn't touch online voting systems with a ten foot pole.
Stuff like blockchain and next-gen/biometric auth systems give us some hope
that in the future we can eventually have online voting for elections, but I'd
still like it to be researched and tested for _decades_ before such a system
is implemented in a country.

~~~
mkal_tsr
Just automate out the politicians, no greed nor corruption!

~~~
icegreentea
Then you can just game the algorithm directly. No need to fiddle with human
intermediates.

~~~
mkal_tsr
Not if it's open-source (or at least, harder to game).

All you gotta do is co-opt the "Read the Bills Act" with a requirement to
video-record the congress-person reading the bill (as that becomes their
affidavit). Make that open-source, and then it just starts bleeding out. Auto-
upload that to an app where people could get speech-to-text transcription /
notifications / annotate sections / review past laws being read by past
congress-people / etc. From there, ensure all bills can be edited in a central
and private repositories (probs git, erryone likes git, though svn treats me
well), so that all final bills can have all individual contributions clearly
marked/annotated automatically. Oh look, auto-matching bill-text with campaign
contributions :-P. Code is law. Patch the corruption.

~~~
jqm
If automation can take away Joe Factory Workers' job it could take away his
managers job as well.

And even more important it could take away his governments job. I mean.. how
much worse could it do?

------
zeristor
So how come the UK does so badly in the Song for Europe contest then?

------
eponeponepon
> GATEWAY: “Ability to artificially increase traffic to a website.”

Are they actually just talking about DDoS here? It seems an unusually
euphemistic description if so, given how plin-spoken a lot of the previously
published documents are.

And if not, why would they want or need to increase traffic? I'm puzzled.

~~~
meowface
I think they mean things like artifical visitor inflation. For example, to
make a Youtube video "viral" they could seed it with 30,000 fake views. Or,
perhaps, they could mass upvote certain HN threads as soon as they're
posted...

Remember that intelligence agencies generally care more about exploitation
(figuratively) and manipulation than attack.

------
pjc50
Clearly they were losing the arms race with 4chan.

------
canvia
I wonder if upvotes and downvotes on news aggregation sites could be
considered to be online polls.

------
richardmjohn
"ANGRY PIRATE"?

[http://www.urbandictionary.com/define.php?term=angry+pirate](http://www.urbandictionary.com/define.php?term=angry+pirate)

~~~
SideburnsOfDoom
The naming strategies are discussed here:

[http://www.theguardian.com/uk-
news/shortcuts/2014/jul/16/wha...](http://www.theguardian.com/uk-
news/shortcuts/2014/jul/16/what-gchq-geeky-misogynistic-code-names-tell-us)

------
bayesianhorse
Seriously, schoolchildren can manipulate online polls.....

~~~
grey-area
Obviously defeating a naive online poll is trivial, but it is also trivial to
detect.

Presumably this software does it in untraceable ways - with a botnet of IPs
from the country in question, with delays and stutter etc so that it is
indistinguishable from real traffic.

You should not underestimate the power of online actions in shaping opinion -
for example if stories on a particular tech consistently made the top of HN, a
significant no. of people would start thinking it was popular amongst this
demographic.

If a BBC or Daily Mail story which was a puff piece for GCHQ was consistently
on the top of their 'most read' section, people would be far more exposed to
that story over a given period. etc.

~~~
Torgo
Running completely gameable, "unscientific polls" should be considered
journalistic malpractice. It was annoying and stupid before, continuing to do
so going forward knowing that it will be abused by governments and hidden
organizations to manufacture consent is unacceptable.

~~~
grey-area
This is in no way confined to polls. Almost every website has a voting
component of some kind, be that measuring which stories are read most,
allowing up/downvotes, Q&A or comment systems etc. It doesn't have to be a
straightforward poll to be gamed.

I think it would be better to address the malpractice by our governments than
to blame journalists - if the gov. is sufficiently determined, and is given
the funds to spend on it, they will find ways to distort online discourse. The
UK has just increased funding for 'intelligence' (what an oxymoron) by £800
million, so you can expect more of this to come, and we should lay the blame
where it belongs - with those agencies poisoning the well of online
discussion.

------
rayiner
Online polls are worthless anyway. In high school, someone in our class hacked
an online poll to win a contest to get Mandy Moore to perform at our school.
NBD.

~~~
nick_riviera
No they're not.

There are some online pollsters such as YouGov who predict significant
outcomes with quite good accuracy. We're not talking about vBulletin polls or
anything here - their entire business is polls. They also monitor the trends
and opinions of people towards products, political parties and other things.

Technically you could ruin a brand or political party by doing a pre-election
poll, quoting the stats on newsnight and demotivating the voters into voting
for another party to avoid wasting their vote. This _does_ happen. It wouldn't
surprise me if cash changed hands here and there to make it happen.

If GCHQ got at the dataset or manipulated it with shill accounts at the
pollsters then they could have significant power over the measure of public
opinion.

~~~
rayiner
Yes they are. A representative sample of the population is not online, period,
and the huge self-selection bias in the sorts of websites they visit
necessitates some very substantial black magic to get numbers out.

~~~
nick_riviera
I don't disagree with that at all. The stats are completely bollocks but they
indicate a trend reasonably well even with the selection bias.

What I'm saying is that they do have influence and after all, that's what GCHQ
are about even if the numbers are wrong.

~~~
nick_riviera
HN hostilities already...

Even Reddit (yes REDDIT) is better than this hole.

