Fake Profiles Used for Spying, Cyberstalking, Crowdturfing, Site-fluffing
by Sue Basko
Fake profiles have long been used for things such as spying on ex-friends and voting for a favorite band. Now fake profiles have stepped up to doing real work for real pay for the masters who control them.
A recent paper by researchers out of University of California Santa Barbara describes astroturfing as such: “Astroturfing refers to information dissemination campaigns that are sponsored by an organization, but are obfuscated so as to appear like spontaneous, decentralized “grassroots” movements. Astroturfing campaigns often involve spreading legally grey, or even illegal, content, such as defamatory rumors, false advertising, or suspect political messages. Although astroturfing predates the Internet, the ability to quickly mobilize large groups via crowd-sourcing systems has drastically increased the power of astroturfing.” The UCSB group coined the word crowdturfing for when a crowd of fake profiles is used to start rumors, give positive or negative reviews or comments, or to gather real people as followers for a point of view.
The HBGary Federal group was reportedly using fake profiles to discredit people who opposed a Republican business organization. In turn, Anonymous hacktivists cracked open the list of subscribers to HBGary publications.
Fake profiles have been rampant online with the Occupy movement, where so much organizing has taken place on facebook. There were many fake profiles that were obvious, at least obvious to me, as agents provocateurs, probably government agents exhorting violence, to see if they could catch any in agreement. Generally, people just ignored these, because Occupy was and is about nonviolent protest.
It became confusing to sort out who was who because there were also the usual armchair anarchist trolls, some who come complete with their own small army of fake profile friends who agree with every word they say. A lot of this was obvious, because the friends would only appear at the same time and place as the main troll.
The law enforcement agents post the same types of hooks over and over. They post that there are no limits to the First Amendment and no permits needed. They outright propose specific violent actions. Most people have learned to ignore them and not even reply. The law enforcement agents simply move on to other pages and post trying to locate sympathizers there.
Then there are the fake profiles that put in friend requests on facebook. The fake profile friends come to spy on your facebook page. According to reports, Aaron Barr at HBGary was busy making pretty girl fake profiles. At one point during the height of the Occupy camps, a bunch of pretty girl profiles invaded. One activist man shouted on his facebook in all caps: ALL THE PRETTY GIRLS ARE FAKE PROFILES! It was true. Men were readily confirming them as friends. Others were accepting the pretty girls because they were already “friends” with people they knew. I got a few of these requests, but rejected them. I think the male equivalent is the profile that is some version of the Anonymous mask. Of course, a lot of these are real people, but it is also a convenient fake profile.
Site-Fluffing is yet another use of fake profiles. That’s when a new site creates fake profiles to make it look as though the site is popular. I wrote a review of a site that looks good, but is very bad news. I was contacted by a person who credibly claims to have made up to 500 fake profiles per day for the site. That’s fraud on any would-be investors or purchasers. It’s also fraud on would-be users or users of the site. A lot of those profiles were obvious fakes.
The U.S. government is obviously using fake profiles. A man named Sean Kerrigan has posted a 2010 listing off FedBizOpps.gov that you have to read to believe. The government has procured software that creates and manages realistic fake personas, “replete with background, history, supporting details, and cyber presences that are technically, culturally and geographically consistent.”:
0001- Online Persona Management Service. 50 User Licenses, 10 Personas per
Software will allow 10 personas per user, replete with background , history,
supporting details, and cyber presences that are technically, culturally and
geographically consistent. Individual applications will enable an operator to
exercise a number of different online persons from the same workstation and
without fear of being discovered by sophisticated adversaries. Personas must be
able to appear to originate in nearly any part of the world and can interact through
conventional online services and social media platforms. The service includes a
user friendly application environment to maximize the user's situational
awareness by displaying real-time local information.
Then to make those personas seem real, they need an IP address for each persona. “Individuals can perform static impersonations, which allow them to look like the same person over time. Also allows organizations that frequent same site/service often to easily switch IP addresses to look like ordinary users..”:
0003- Static IP Address Management. 50 each
License protects the identity of government agencies and enterprise
organizations. Enables organizations to manage their persistent online personas
by assigning static IP addresses to each persona. Individuals can perform
static impersonations, which allow them to look like the same person over time.
Also allows organizations that frequent same site/service often to easily switch IP
addresses to look like ordinary users as opposed to one organization.
Economizer IP Mapped License or equal
Then they need new IP addresses each day for “excellent cover and powerful deniability”:
0002- Secure Virtual Private Network (VPN). 1 each
VPN provides the ability for users to daily and automatically obtain randomly
IP addresses through which they can access the internet. The daily rotation of
the user s IP address prevents compromise during observation of likely or
targeted web sites or services, while hiding the existence of the operation. In
addition, may provide traffic mixing, blending the user s traffic with traffic from
multitudes of users from outside the organization. This traffic blending provides
excellent cover and powerful deniability. Economizer Enterprise Chameleon or
You can also view this at: