Inside Cyber Warfare - Jeffrey Carr [66]
Both the United States and the Russian Federation armed forces have been struggling to find a way to prevent, reduce, or control the spontaneous writings of their troops on their personal web pages in a variety of social media, which often reveal far too much information on matters impacting OPSEC. If this information is scraped, filtered, and aggregated properly, it can easily provide an asymmetric advantage to one’s enemy.
For an intelligence operative who is seeking to recruit and turn a person employed in a sensitive position, social software is a dream come true. No longer do case officers have to rely solely on arranging in-person meetings or one-to-one engagements to build relationships that may lead to turning a foreign service officer into an espionage asset, for example.
Today, almost the entire recruitment process can be done online, from finding likely candidates to building out a profile, to crafting an online presence with a backstory that will act as a suitable lure.
The new case officer might very well be a social network analyst familiar with the open source information retrieval library called Lucene, Hadoop for scaling thousands of nodes of information, and Nutch for data retrieval, parsing, and clustering—all fed by the APIs that each social software service have conveniently created to entice developers to build new, fun applications on top of their platforms.
Spook Finder 1.0, anyone?
Catching More Spies with Robots
A more sophisticated alternative is the use of robots (bots) that, with the right programming, can appear online as a genuine person.
The following content was provided by a Russian technologist and member of the Project Grey Goose team at my request. It represents, at the time of this writing, a serious and emerging threat present on Russian social networks, but Project Grey Goose investigators expect to see these capabilities migrate over to Facebook and other social software sites in the very near future.
The automation and virtualization of social network entities
Automation and simulation of artificially created activities performed inside Russian social networks (vKontakte.ru and Odnoklassniki.ru) are virtualizing communication to the degree that one cannot be certain of who he really is becoming friends with.
In a normal social network scenario, a user would create a profile, upload a couple of pictures, record his ties to universities and/or place of work in the profile, and, for the most part, then be ready to find and begin socializing with friends or colleagues. But how does one tell the real thing from a virtual mock-up?
That is what’s happening right now in the Russian social networks VKontakte.ru and Odnoklassniki.ru. Virtual entities are pretending to be real people in a way that enables criminals to gather personal information from the unsuspecting.
If a social network relies on a system of “votes” or ratings to validate trust, getting most of them to elevate the “trust” to an adequate level already can be automated.
If a site is vulnerable to a cross-site scripting attack, thousands of users can be affected within mere seconds, just by pushing a button on the operator’s workstation.
If a group of people does not like a particular participant or the site itself, it takes only 10,000 rogue users connecting simultaneously to bring the server down and cause denial of service attacks.
If one needs a user’s trust or password (which is very close to being the same thing in certain circumstances), there’s nothing to prevent the operator to invite unsuspected users to a social honeypot, a virtual society created by the attacker to lead “the herd” to adversarial actions.
These mechanisms exist today in the Russian cyber underground and are available at a very affordable price.
Owning social network users for a small budget of $300–$1,300
The following scenario may be fully automated:
Find valid user account/IDs.
Register thousands