KUALA LUMPUR, Nov 12 — It was perhaps a bit unfortunate, but in October, about a hundred journalists, civil rights advocates and representatives from non-governmental organisations, Internet rights activists, academics and lawyers from across Asia were gathered in Kuala Lumpur to discuss Internet rights and freedoms.
But while the Regional Conference on Media and Internet Freedom was an important event in itself, across town, a group of technologists, security professionals and hackers was attending a talk at the Hack In The Box Security Conference (HITBSecConf 2014) that had a direct relevance on the issues being discussed at the first conference.
At the HITB event, Haroon Meer and his team from South African-based Thinkst, an applied research company that focuses on information security, spoke about how certain parties – whether individuals with mischief in mind, organisations with vested interests, or certain nation-states – have been using false identities to control online conversations.
Unknown forces are making sure their voices are the loudest in online discourse.
In his talk Weapons of Mass Distraction: Sock Puppetry for Fun and Profit, Haroon and his team demonstrated how they successfully gamed systems ranging from mailing lists, online polls, Twitter and Reddit, to major news sites and comment systems. More importantly, they also collected forensic evidence that such tampering has already been going on.
“It’s the concept of rent-a-crowd, brought to the Internet age using sock puppets – essentially accounts that are created online that don’t really represent real people, and are used to sway people’s opinions in forums and other online get-togethers,” he told a rapt audience at HITBSecConf.
“So we thought, if we were an evil corporation or an ‘Evil.Gov,’ what would we do with sock puppets to try and influence hearts and minds? We looked at how we could control the narrative, how we could either get more attention to things or distract people from things, using sock puppets – essentially how we could increase or decrease eyeballs on the things we want.
“We looked at what can be done; what we think will be done; and what we see is already being done,” he added.
Haroon, who has spoken at previous HITBSecConf events, said that Thinkst’s efforts in this research was made possible by a grant by the Washington-based Open Technology Fund, which support projects that develop open and accessible technologies promoting human rights and open societies.
“In 2010, there was a very nice book by Tim Wu (The Master Switch: The Rise and Fall of Information Empires) which spoke about how all new technologies promise freedom, but then get subverted by the powers-that-be and actually end up working against you.
“He went through examples like radio, TV, the telegraph, and so on … and we’re already seeing signs of this, in terms of Internet control,” he added.
Haroon noted that as the Arab Spring became a phenomenon, Egypt quickly shut down access to the Internet, which is also what countries like Libya and Myanmar have done when faced with an unhappy citizenry.
From sledgehammers to mind hacks
Such brute force tactics are common in this part of the world. Independent news portal Malaysiakini has constantly been the target of hacker attacks, and more recently, the US-based Environmental News Service accused hackers, whom it alleged were funded by the Malaysian Government, of bringing down its servers.
“But one of the things you start to figure out is that countries that cut access to the Internet are actually playing like amateurs – because what the professionals do is that they use the Internet to help them crack down on their people,” said Haroon.
“What Tunisia did was to let its people access Facebook so that it could spot who the dissidents were, and then went after them. London, interestingly, did something similar” to identify the 2011 rioters, he added.
Censorship on the Internet can get routed around. But much like how US authorities learned during the protests of the 1960s that brute force was not as effective as infiltration, today’s regimes are learning that the art of deception makes a more effective tool.
“How would censors behave in a world of freely available user-generated content? Aaron Swartz was way ahead of us when he said: ‘So it’s not only certain people have a licence to speak, now everyone has a licence to speak. It’s a question of who gets heard’,” said Haroon, referring to the hacktivist and Internet Hall of Fame inductee who committed suicide in 2013.
“How is censorship becoming Censorship 2.0? We have some theories on this, and we had some stuff we tested out.
“The main reason we care about this is because we think that this sort of censorship is going to be more insidious than straight-up censorship, because it kind of combines a technical hack, and a mental hack of sorts – you actually think you’re free, but you’re being manipulated behind the scenes,” he added. — DNA