Posts Tagged ‘hackers’

Rise of the Trolls

December 15, 2019

The title of this post is identical to the title of a chapter in Messing with the Enemy, an excellent book, by Clint Watts. Watts writes that Andrew Weisburd was a natural social media savant. He could examine an online persona, spot it as friend or foe, and trace its connections to a host of bad act,ors online. In the 2000s, as a hobby, Weisburd began tracking al-Qaeda online from his couch. He identified and outed terrorists lurking on the internet so well that al-Qaeda fanatics mailed a white powder package to his house along with this death threat: “To the jewish asshole Aaron [sic] Weisburd, This is our donation to you. Either you close the website called Internet Haganah by next week or you will [be] beheaded. No anthrax was found and the website continued as usual.

Weisburd connected some of the trolls to a recent internet nemesis: The Syrian Electronic Army (SEA). The SEA presented itself as a new hybrid threat of the online world, embodying the spirit of more popular activist collectives such as Anonymous and LulzSec, but clearly in the bag for President Assad and the Syrian regime. Thus, the SEA effectively became the first nation-state cyber proxy force on the internet. Since 2011 the SEA had undertaken a string of targets by taking aim at many mainstream media outlets that were revealing the horrors of the Syrian civil war.

Effective troll armies consist of three types of accounts: hecklers, honeypots, and hackers. Hecklers lead the propaganda army, winning audiences through their derisive banter and content-fueled feeds. Hecklers identify and drive wedge issues into their target audiences by talking up online allies and arming them with their preferred news consisting of both true and false information, loaded with opinion, that confirms audience member beliefs. Hecklers also target social media adversaries and focus the angst of their cultivated supporters against opposing messages and their messages. For example, in the case of Syria anyone pointing out President Assad’s human rights violations might immediately be called a terrorist sympathizer and subjected to endless 140-character and taunts.

When hecklers alone can’t stop the challenges of the opposition, honeypots sweep in to compromise adversaries. In the traditional espionage sense, honeypots are attractive women who seduce men into compromising sexual situations. Females remain the predominant form on Twitter, but they can also assume the persona of an allied political partisan. Among the SEA, attractive females—or what appear to be women—performed the traditional mission befriending men in the target audience or sidling up to adversary accounts hoping to compromise personas or publicly embarrass them. “Can you follow me so I can DM you something important?” might be the siren song of one of these e-ladies. Lady honeypots in 2014 were seeking follower relationships with men, which would lead to privileged insights, but often contained a malware payload allowing them to gain entry to a target’s computer.

Behind the scenes, but still observable in the SEA social media storm, were hacker accounts. Examination of their follower and following relationships showed that they were highly networked with honeypot accounts, likely controlling the conversation between the loverly lady personas and their unwitting accounts. The message that honeypots delivered to unsuspecting men opened doorways to their phones and computers, causing them to give up their personal emails, corporate communications, and, in some cases, their contact lists allowing for malicious spam distribution.

In 2013 and 2014, honeypots and the hackers behind them waged a highly successful campaign across a swath of companies and Western personalities. Corporate America suffered as unwitting employees clicked onto malicious links and, in turn, coughed up access to private databases of subscribers and workers.