Unmasked - Ars Technica [26]
Aaron Barr, who in late 2009 was brought on board to launch the separate company HBGary Federal (and who provoked this entire incident by trying to unmask Anonymous), wrote in one e-mail, “We need to provide info on 12 monkeys and related JF [Juicy Fruit] asap,” apparently in reference to exploits that could be used to infect a system with 12 Monkeys.
HBGary also provided some Juicy Fruit to Xetron, a unit of the massive defense contractor Northrop Grumman that specialized in, among other things, “computer assault.” Barr wanted to “provide Xetron with some JF code to be used for demonstrations to their end customers,” one e-mail noted. “Those demonstrations could lead to JF sales or ongoing services work. There is significant revenue potential doing testing of JF code acquired elsewhere or adding features for mission specific uses.”
As the deal was being worked out, HBGary worked up an agreement to “provide object code and source code for this specific Juicy Fruit” to Xetron, though they could not sell the code without paying HBGary. The code included with this agreement was a “Adobe Macromedia Flash Player Remote Access Tool,” the “HBGary Rootkit Keylogger Platform,” and a “Software Integration Toolkit Module.”
The question of who might be interested in these tools largely remains an unknown—though Barr did request information on HBGary’s Juicy Fruit just after asking for contacts at SOCOM, the US Special Operations Command.
But HBGary Federal had ideas that went far beyond government rootkits and encompassed all facets of information warfare. Including, naturally, cartoons. And Second Life.
Psyops
In mid-2010, HBGary Federal put together a PSYOP (psychological operations) proposal for SOCOM, which had issued a general call for new tools and techniques. In the document, the new HBGary Federal team talked up their past experience as creators of “multiple products briefed to POTUS [President of the United States], the NSC [National Security Council], and Congressional Intelligence committees, as well as senior intelligence and military leaders.”
The document focused on cartoons and the Second Life virtual world. “HBGary personnel have experience creating political cartoons that leverage current events to seize the target audience’s attention and propagate the desired messages and themes,” said the document, noting that security-cleared cartoonists and 3D modelers had already been lined up to do the work if the government wanted some help.
The cartooning process “starts with gathering customer requirements such as the target audience, high level messages and themes, intended publication mediums… Through brainstorming sessions, we develop concept ideas. Approved concepts are rough sketched in pencil. Approved sketches are developed into a detailed, color end product that is suitable for publishing in a variety of mediums.”
A sample cartoon, of Iranian President Ahmadinejad manipulating a puppet Ayatollah, was helpfully included.
The document then went on to explain how the US government could use a virtual world such as Second Life to propagate specific messages. HBGary could localize the Second Life client, translating its menu options and keyboard shortcuts into local dialects, and this localized client could report “valuable usage metrics, enabling detailed measures of effects.” If you want to know whether your message is getting out, just look at the statistics of how many people play the game and for how long.
As for the messages themselves, those would appear within the Second Life world. “HBGary can develop an in-world advertising company, securing small plots of virtual land in attractive locations, which can be used to promote themes using billboards, autonomous virtual robots, audio, video, and 3D presentations,” said the document.
They could even make a little money while they’re at it, by creating “original marketable products to generate self-sustaining revenue within the virtual space as well as promote targeted messaging.”
We