Skip to main content

Cross-posted from my blog http://politeching.wordpress.com/

Social Engineering relates to the practice of deceiving people or manipulating public opinion through misrepresentation. The perpetrators usually pretend to be someone they are not. In terms of stealing your personal information, Social Engineers use all kinds of low tech tricks to get information out of you. Politically, Social Engineers use various ways to manipulate public opinion. With the wide use of social media nowadays, social engineering for political purposes has adopted new means to take advantage of this new medium. The new methods that can be used are illustrated below.

STEALING YOUR PERSONAL INFORMATION

A wide misconception of how to protect your privacy and personal information is that you need to protect your computer and saved data. However, Social Engineers do not need to hack into your account. Techniques used by Social Engineers are nothing new. Famous social engineers and former computer criminal Kevin Mitnick claim that it is easier to trick someone into giving a password than it is to spend the effort to hack a system.

Survey or Research Fraud– One technique used to make people reveal their personal information is by phone call saying they are conducting survey on behalf of your financial institution or as part of a research. Sometimes they will promise you a gift. Once the question starts rolling in, they could ask question like your birthday, address, income and employer. That information can then be used to apply for a credit card or apply for credit using your name.  Other low tech method would be a smooth talking con chatting with you on a bar to get some personal information out of you.

Social Networks – One instance of social engineering involves a simple google search of a victim’s e-mail address. It then gave the perpetrator lots of personal information such as phone numbers and address. Most user also have their personal information readily available on Facebook. A lot of uninformed Facebook users unsuspectingly shared their personal information with third-party app developer.

Phishing scam – this technique uses e-mail or instant messaging to fool people into providing personal information by making themselves appear legitimate. It is with this method that foreign hackers were able to hack into Government of Canada’s Finance Department and Treasury Board’s computer network.

Those are just a few of the examples. A good general rule of thumb is never give out your password or personal information that you normally use to authenticate your financial account.

MANIPULATING VOTERS

After the media’s excitement about Egypt’s “Facebook revolution”, I’ve warned against overhyping social media. It is just another tool that those who seek to manipulate information would adopt and use to its advantage before long.

Unauthorized Access

A malicious government don’t need to put much effort into social engineering. They can just access your census, passport information or personal information. They can then tailored their appeal to you based on your ethnicity and religion. Measures needs to be in place such that user id of any officials accessing personal private information is logged.

Canada’s government was mired in controversy when they mailed out Jewish Rosh Hashanah greeting cards in 2007 and 2008. On both occasions, some of the recipients expressed serious concerns.

"I was a little alarmed at the idea that the government might have some list of Canadian Jews, whether or not they're using that for benevolent or malevolent or cynical reasons," Mr. Terkel said. "It doesn't seem my religion should be the business of any federal government." - Jonathan Terkel (Reported by Canada.com)

The government claim they got their names from local community. But several recipients disputed that, expressing similar claim as Jonathan Terkel.
He says he subscribes to no Jewish publications and doesn't give to any specifically Jewish causes, so he isn't sure how the PMO got his name.

It is not clear where the government got the people’s religious information from and it might very well not be as I described above. However, a government that single out a specific group based on religion or ethnicity is just a bit unnerving.

Political Army of Internet Posters

A political party could try to influence public opinion by creating an illusion of popular opinion. This can be done by staffing their war room or campaign strategy central with armies of posters who populate internet forum and news sites comments section with their talking points. This employ the “Big Lie” technique where

If you tell a lie big enough and keep repeating it, people will eventually come to believe it.

Plus people are vulnerable to the bandwagon effect. Where they are more likely to adopt what they perceive as popular opinion. A desire to belong to what is popular and what is hip.

Social Media

Just as I was preparing to write about social engineering and how it could be a threat to democracy, when voters are manipulated through orchestrated misinformation, a developing story came out about the internet activist group called “Anonymous” and their war with security firm HBGary Inc.

HBGary Inc is a digital security firm with close ties to U.S. government officials from Air Force, CIA, FBI, etc. Anonymous reportedly used SQL injection vulnerability in HBGary’s system to attack them along with the use of social engineering technique. Anonymous gained access to the site and troves of HBGary's e-mails which have since been posted at Torrent's site.

Some e-mail revelation includes HBGary working with Bank of America and U.S. government to undermine Wikileaks, and helping U.S. Chamber of Commerce to campaign against Progressive Bloggers. They are also said to be working on a new rootkit for windows that will be undetectable. But the real revelation for me pertaining to social engineering is the fact that HBGary plan to develop a software for the U.S. government that would allow them to have control over a large numbers of virtual social media profile (i.e. fake personas). Such large amount of virtual profiles could be used to propagate fake opinion and false news.

Software will allow 10 personas per user, replete with background , history, supporting details, and cyber presences that are technically, culturally and geographacilly consistent. Individual applications will enable an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries. Personas must be able to appear to originate in nearly any part of the world and can interact through conventional online services and social media platforms. The service includes a user friendly application environment to maximize the user's situational awareness by displaying real-time local information.(TechDirt)

During the Egyptian’s revolution, Twitter played an important role in providing up to the second update from the grassroot level. Foiling attempts by Egyptian government to block out news and instigate violence to create excuse for crackdown. I thought at that time that future authoritarian regime could use Twitter to spread false information and put fake posters claiming to support the dictator. But then I thought with a popular uprising the scale of Egypt, the army of government posters would easily be outnumbered.

But that has changed with HBGary revelation. Their plan is to allow the capability for one person to control 10 personas. That way they don’t need to outnumber the real dissenters. They need 10 times less than the amount of real people. It is not inconceivable that the numbers could easily be increased to more than 10 per one controlling person. When such tool is used in a democratic election, it would lead to propagation of false information and undermine fair election.

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  I am absolutely paranoid about this. (0+ / 0-)

    RIFs, databases, social networks and POLs. The census in 2000 and 2010 really pissed me with their invasive questions. I answered as few questions as I could get away with relating to age sex and # of household members... Probably told them something about us by what we refused to answer. I wrote a long letter back explaining that I did not like the large amount of data being collected on every citizen. I also asked if that data was being sold or provided to data miners or corporations. I do not participate in social groups and I never participate in surveys. I get crap just because of my age now and toss it immediately.

    It reminds me of Netflix. You rate movies and TV shows and pretty soon all you get to see are ones they have determined you would like. They do this crap at AMazon too. It is creating a statisitcal model of you. But the funny thing is that there are plenty of books and media that they don't let me see. I have to struggle to get around their program. I answer badly or broadly or approve and disapprove at the same rate to stymie this crap.

    Fear is the Mind Killer

    by boophus on Mon Feb 21, 2011 at 11:36:46 PM PST

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site