The web has recently been buzzing with the discovery that the Air Force has placed an RFP to buy ‘Persona Management Software’ that would allow them to assume limitless fake online identities in order to create the illusion of public support.
Click here for the details surrounding the discovery of this type of software: http://www.echelon2.org/wiki/Persona_Management
Recent news article: http://www.rawstory.com/rs/2011/02/18/revealed-air-force-ordered-software-to-manage-army-of-fake-virtual-people/
I decided to briefly outline how an open-source system could, hypothetically, be created to counter an attack of this kind. It all centers around our friend Selenium (WebDriver) and web automation.
The central object in such a framework will naturally be the ‘Persona’ object. It should hold all information relevant to an ‘identity’: name, geographic location, gender, race, email address, personal website, etc. This should be restricted to basic data types, text, integers, etc., save service specific data for service connectors.
Now that you have a ‘Persona’ entity there needs to be sets of connectors that are basically the instructions for a specific online service like Facebook, LinkedIn, GMail, Yahoo Mail, AIM, IRC, etc. The connector should hold the functions for creating a new account, modify account details, login, logout, etc.
The connector gives the persona the ability to interact with the designated service in whatever manners are necessary. Obviously these connectors would need to be kept up to date with site changes. Be warned that service REST-ful API’s may pose a security risk.
Geographic Proxy List
In order to maintain geographic consistency for a persona it will be necessary to configure the persona’s access to the web to go through a proxy from that region. British persona should be on a UK IP, protestor from San Fran should use a proxy in San Fran. Fortunately there are copious free proxy lists out there, check out www.xroxy.com for example. Selenium also makes configuring the browsers proxy relatively simple. Also, it’s worth noting that this step could be relaxed to the point of just shoving all personas over a TOR connection.
This is the part where things start getting tricky. Now that we have the Persona object and various service connectors, you need a logical way to generate a large pool of these persona objects. Perhaps even using Selenium to scour sites for names to use, or just feed it a long list of names, perhaps names correlated to the region of the persona.
Now that we have generated a large set of personas from a specific region, it’s time to use them to counter fake consent or dissent being generated by, evidently, our Air Force. The easiest way to do this is create a large pool of comments or status updates you’re wanting the personas to ‘espouse’. Then send them off to the various service connectors and let them have at it. Remember to program in logic to spread out posts so that it’s not obviously a spam bot.
Another idea would be to identify keywords that are being used in the ‘manufactured’ consent, and then have your personas seek out those comments and reply with (anti-)propaganda message. The operator may spend a lot of time answering CAPTCHA’s however.
It’s truly a shame that we even have to think of implementing such a system, but if our own government or anyone else is seeking to use it against us or anyone else, we’d be wise to counter such actions as best we can.