Friday, April 08, 2011

Exclusive: Military’s ‘persona’ software cost millions, used for ‘classified social media activities’

By Stephen C. Webster
Most people use social media like Facebook and Twitter to share photos of friends and family, chat with friends and strangers about random and amusing diversions, or follow their favorite websites, bands and television shows.

But what does the US military use those same networks for? Well, we can't tell you: That's "classified," a CENTCOM spokesman recently informed Raw Story.

One use that's confirmed, however, is the manipulation of social media through the use of fake online "personas" managed by the military. Raw Story recently reported that the US Air Force had solicited private sector vendors for something called "persona management software." Such a technology would allow single individuals to command virtual armies of fake, digital "people" across numerous social media portals.

These "personas" were to have detailed, fictionalized backgrounds, to make them believable to outside observers, and a sophisticated identity protection service was to back them up, preventing suspicious readers from uncovering the real person behind the account. They even worked out ways to game geolocating services, so these "personas" could be virtually inserted anywhere in the world, providing ostensibly live commentary on real events, even while the operator was not really present.

When Raw Story first reported on the contract for this software, it was unclear what the Air Force wanted with it or even if it had been acquired. The potential for misuse, however, was abundantly clear.

A fake virtual army of people could be used to help create the impression of consensus opinion in online comment threads, or manipulate social media to the point where valuable stories are suppressed.

Ultimately, this can have the effect of causing a net change to the public's opinions and understanding of key world events.

'Classified social media activities'

According to Commander Bill Speaks, the chief media officer of CENTCOM's digital engagement team, the public cannot know what the military wants with such technology because its applications are secret.

"This contract," he wrote in reference to the Air Force's June 22, 2010 filing, "supports classified social media activities outside the U.S., intended to counter violent extremist ideology and enemy propaganda."

Speaks insisted that he was speaking only on behalf of CENTCOM, not the Air Force "or other branches of the military."

While he did reveal who was awarded the contract in question (PDF), he added that the Air Force, which helps CENTCOM's contracting process out of MacDill, has even other uses for social media that he could not address.

A series of targeted searches for other "persona management software" contracts yielded no results.

Mystery bidder

While data security firm HBGary Federal was among the contract's bidders listed on a government website, the job was ultimately awarded to a firm that did not appear on the FedBizOpps.gov page of interested vendors.

A controversy over the HBGary firm, which recently had its inner-workings dumped onto the Internet by hackers with protest group "Anonymous," was what initially brought the "persona" contract to light.

HBGary, which conspired with Bank of America and the Chamber of Commerce to attack WikiLeaks, spy on progressive writers and use malware against progressive organizations, was also revealed to have constructed software eerily similar to what the Air Force sought.

"This contract was awarded to a firm called Ntrepid," Speaks wrote to Raw Story. "In addition to the classified activities this software supports, USCENTCOM, like most military commands, does use social media to inform the public of our activities. I should emphasize that such uses do not employ the kind of technology that was the subject of this contract solicitation."

Ntrepid Corporation, registered out of Los Angeles, bills itself as a privacy and identity protection firm in some job postings, and a national security contractor in others, but its official website was amazingly just one page deep and free of even a single word of description.

In spite of their thin online presence, Speaks said the firm was awarded $2,760,000 to carry out the "persona management" contract.

He added that it was unclear why the contract went to an unlisted bidder, and that he would try to find out and report back.

Update: On Wednesday morning, Speaks issued the following statement: "Federal Business Opportunities is a tool used to advertise Government requirements. When a requirement is posted on the FedBizOpps.gov website, potential offerors can enter their information into the interested vendors section but, they are not required to in order to be eligible to compete. Additionally, an offeror need not have access to the FedBizOpps.gov website in order to compete for Government contracts."

Privacy? Or something else?

Ntrepid's chief technology officer, Lance Cottrell, founded the privacy firm Anonymizer, Inc. in 1995, making him a global leader in identity protection and cryptography. He also runs theprivacyblog.com.

Far from just being involved in privacy efforts, Ntrepid is a player in the national security realm and was invited to give a presentation for the US EUCOM i3T conference, which took place in Berlin last week.

Event organizers described the affair as a series of talks "on the challenges to developing technology, demonstrations of advanced technology pertinent to facilitating and/or enabling security and stability, ways and means of analyzing socio-cultural risks and opportunities, and the operationalization and execution of solutions to mitigate or avail issues with U.S. and multinational partners."

Featured speakers included the US EUCOM director of intelligence, the director of the Air Force Research Labratory and the chief information officer of the Defense Intelligence Agency, among other high-profile names.

While the company is remarkably scarce with information on their website, descriptions of the firm's goals seem to vary depending on their job openings.

One post seeking a "senior QA test engineer," filed with corporate candidate tracking firm Catsone.com, describes Ntrepid as "the global leader in online privacy, anonymity, and identity protection solutions".

But another help wanted ad, seeking an "intelligence analyst" on Appone.com, described Ntrepid as "a leading provider of technology and managed services to national security customers in the areas of cyber operations, analytics, language engineering, and TTL".

Its customers are both public and private sector, the ad said.

A Linked In profile of the company cited them as providers of "software, hardware, and managed services for cyber operations, analytics, linguistics, and surveillance." It had at least 30 employees, according to the business networking site, all located in either San Diego or Washington, DC.

Cottrell himself has advocated on behalf of civil liberties, claiming that widespread Internet surveillance tends to provide no real security benefits.

Efforts to contract both Ntrepid Corporation and Mr. Cottrell did not trigger a response by late Tuesday. A phone number could not be located.

Updated from a prior version after the contract disappeared from a government website.