You don’t understand incipient AI, and nor do I, but whatever it is it’s fast
Technology
-
-
Media and state agencies would be well advised to start building their followings outside the traditional social media silos before the storm clouds gather
-
Posted in:
Don’t Feed The Bots
One in four Twitter followers of Philip Boucher Hayes is a fake account, the RTÉ broadcaster announced on his Twitter feed recently. Around the end of August, Boucher Hayes had noticed an uptick in new followers on Twitter, which he had monitored since. “Previously 100/150 people would follow me every week”, Boucher Hayes posted on Twitter. “Suddenly it became 800/1500 a week. Most had Irish-sounding names. None had tweeted. They were all following the same high-profile Irish accounts”. Boucher Hayes noted that many of the accounts had usernames consisting of a name followed by a series of random digits, such as @ John87654321 or @Mary12345678. This pattern, suggestive of names being mass-generated automatically, had also been seen earlier in the year among many ‘Brexit-bots’ in the UK. Although Boucher Hayes reported the increase in fake followers to Twitter, the pattern continued unchecked. “Either most of the high-profile Irish accounts have grossly inflated numbers of followers (which is admittedly a bit of a “so what?”) or someone is amassing a very large Twitter mob for some as yet unidentified purpose”, Boucher Hayes posted. “Either way it further erodes confidence in an increasingly compromised platform. Twitter doesn’t seem worried, maybe its users will be”. The same phenomenon may also account for the large numbers of fake followers identified for the @rte2fm radio account by the anonymous account of ‘Secret RTE Producer’ (@rtesecretpro), and would certainly make more sense than the national broadcaster spending licence-fee money to boost a social-media headcount. Perhaps reflecting official sensitivities, as Village was going to press, 2FM had reduced from thousands to 45 the number of accounts it was following. In recent testimony to the US congress, Twitter estimated five percent (16 million) of its accounts belong to fake users. Bots in turn can be divided into subgroupings. Spambots post URLs, hoping to encourage users to click on them, either to sell a product, or to lead users to a malicious website, which can infect their browsers and take over their laptops or phones. By contrast, influence bots seek to influence public opinion, whether by spamming hashtags, promoting artificial trends, pushing smear campaigns and death campaigns, or boosting political propaganda. “Artificial trends can bury real trends, keeping them off the public and media’s radar. Smear campaigns and death threats can both intimidate vocal opponents and dissuade would-be speakers. The link between propaganda and legitimate political speech is a fine one, of course, and in some cases is entirely in the eye of the beholder. Nevertheless, bots can be used to amplify the propagandist’s desired message”, noted Nathalie Marechal, a researcher with the University of California, writing in the International Journal of Communication in 2016. A 2016 study found that Twitter’s algorithms would eliminate a bot which tweeted spam links, but would not delete the associated accounts that retweeted the original post. This meant bot networks could all retweet a message hundreds of times, at the loss of only a handful of original tweeting accounts each time. Analysts at the University of Washington in Seattle studied a network which they named the Syrian Social Botnet, which worked not only by posting pro-Assad news and promoting astroturfing, but by flooding timelines with irrelevant news. A hashtag about the Syrian civil war would be flooded with irrelevant reports about other stories, for example from Hurricane Sandy, swamping the system with noise and making the hashtag useless for search purposes, a practice known as smokescreening. Another network – the Star Wars Botnet – discovered by researchers at University College London, numbering over 300,000 accounts, was so-called because the accounts each posted random snippets of text from Star Wars novels in the minutes after they were set up. A large number of the bots followed a handful of real users, and it seems to have been built for this purpose, and sold to users who wanted to inflate their follower counts and exaggerate their popularity. Bots can also be used to create page impressions, as Twitter and Facebook accounts are often used as logins by readers of news sites. This could exaggerate page views and ad impressions on websites seeking to defraud advertisers. A second botnet uncovered by the same London-based researchers numbered over 500,000 accounts, and was behind a large-scale spamming attack on Twitter in 2012. Gavin Sheridan, who worked as innovation director with Storyful, the News Corp-owned online news-verification company started by Mark Little in 2010, says it is not possible to determine who might be behind this nascent bot army until it is activated. (And indeed, now that it had been noticed, its usefulness may have been diminished to such an extent that it is never used). “I’ve read a lot of research, and I’ve seen the bot armies myself”, says Sheridan. “There were bot armies for California leaving the Union, for Texas leaving the union, there are pro-Erdogan ones in Turkey, one for Catalonia, one for Scotland leaving the UK: all bot armies in some shape or form”. “I started looking at [the Irish botnet] about two weeks ago. I wasn’t being followed by them but I noticed them following other people. A couple of people contacted me and said that they seemed to be being followed by strange accounts. There’s a couple of interesting things about these bots. One thing is the rapidity with which they are following certain users, the second thing is that they appear to have Irish-sounding names, not all of them, but a certain number, so if I look at, say, a prominent member of the Repeal the Eighth movement, I’ll see that of the last 50 followers, about half are newly set up – in the last few weeks. They have never tweeted and engage in no other activity. Some follow 50, some follow 80 accounts, that include people prominent in the Repeal the Eighth campaign. I’d have to analyse every single checking account to see if they follow people on the other side of the debate, but so far they’re also
-
With worldwide news leading with elaborate but anonymous hacking operations that have interfered with recent elections in the US and France – and pose a threat to the upcoming one in the UK – many are wondering how a foreign intelligence agency can conduct a surveillance or hacking operation without engaging with local law enforcement. Many have speculated why Ireland had been spared the terrorist attacks seen in other countries across Europe. It is possible there is a form of ‘Entente Cordiale’ between Islamic extremists and Irish law enforcement ensuring we remained untouched. In such circumstances a foreign agency would naturally be suspicious of any shared information and might look to conduct operations in a more ‘independent’ manner. Finding Targets Surveillance requires getting close to chosen targets to establish behaviour patterns and movements with the ultimate goal of eavesdropping on meetings and conversations to establish their intentions. The initial challenge would be to actually find a person of interest. There are many technologies that can be brought to bear on this problem including surveillance satellites, but there are far easier ways. Extremists need to hide where there is a large population, which immediately limits the choice of locations to one of only three or four cities in Ireland. Assuming an Islamic extremist is also somewhat devout, this narrows the search down to locations around our few mosques. They don’t need to live close by, merely to attend. Peppered around our target mosques will be mobile-phone-network antennae. Whenever a phone is powered on, when leaving religious services in a mosque for example, it reaches out to a number of mobile phone antennae to establish a connection. There would be two pieces of information of interest to our agency here, the initial connection information and the call detail records – more on those a little later. The initial connection information allows specific mobile phones to be identified. From this our agency might establish an initial group of targets, and start tracking on a rudimentary level. The phones don’t have to be smartphones with fancy GPS units, although that would make the process easier: the information is fundamental to the operation of the network and it is generated by every phone. Each phone has a unique identity that is used to tie it with all sorts of interesting information. Of particular interest is the call detail record, or CDR, used by telephone companies and hackable using illegal software. The CDR is a little nugget of information that underpins billing on mobile networks. It identifies, among other things, the number that is making a call, the number that is receiving the call, how long the call lasts and information on the telephone exchanges from which a general location of the caller and receiver could be largely established. From a CDR our agency could now track down a billing address and also a range of associates. Now it can start to infiltrate the homes of its targets. Through the Front Door Many extremists like the Internet, for its propaganda-spreading potential, sharing videos and pictures of their beliefs, ideals and manifestos, sometimes with abandon. Watching ISIS videos in a public place is not the best way to stay hidden so they have Internet connections to their homes. With the details from the CDR in hand, our agency could target Facebook, Twitter, Google and all of the other multiple Internet hangouts frequented by our extremists. With very little information a user’s Internet Protocol, or IP, address can be established. The IP address, while not unique, is enough to identify an Internet Service Provider; from there it’s a short hop for an intelligence agency to get to the Internet router, the anonymous device with the flashing lights connecting the extremist’s house, and probably yours, to the Internet. Suddenly, and invisibly, the agency can penetrate the perimeter of the target’s house. Closing the Noose The Internet router represents an extraordinary vulnerability in a house if not properly protected. Every Internet-enabled gadget connects through this single device and, to a sufficiently well-trained operative, it provides a digital potpourri of surveillance opportunities. There are three things to note at this stage, first the router cannot be properly protected, second even the poorest of intelligence agencies have sufficiently-well-trained operatives and finally routers can be compromised for weeks and months before raising any suspicion. Using the router as a stepping-stone, laptops, smart phones, tablets and increasingly ‘smart’ televisions all with microphones and cameras that can be turned on remotely and silently become available to the agency. The extremist has literally brought the surveillance device into their home and opened the door through which it can be accessed. Phishing for fun and Electoral Disruption The recent attacks on election campaign candidates fall into the realm of ‘phishing attacks’, bait-and-hook attacks with bad spelling. Phishing attacks present emails, instant messages and websites under a false flag. They look legitimate, but their entire purpose is to have the target reveal sensitive information such as passwords or bank account details. In the case of Macron, a mysterious Russian cyber espionage group, ‘Fancy Bear’ aka APT28, possibly associated with the Russian military intelligence agency GRU, last month registered decoy domain names, the addresses that drive the internet, which resembled the name of En Marche. Using these domain names, a flood of communications would have been issued, often, ironically, containing a security warning requesting password verification leading back to the false-flag domain. With this simple step, a user’s credentials are obtained, leaving access to the legitimate systems utterly compromised. In the case of Macron, those domains include onedrive-en-marche.fr and mail-en-marche.fr. OneDrive of course is the name of the cloud-based document service offered by Microsoft. The attackers’ standard mode of operation is to access these systems to download sensitive documents and materials, releasing it to the internet via Wikileaks or other leak sites, or through their own sites, to an agog international public. The Next Domestic Surveillance Device What do Siri, Alexa, Cortana, Amy, Bixby and Google Home all
