//
you're reading...
BIG NEWS, Dating News, F FOR F, F FOR M, M FOR F, M FOR M

HOW THE FAKE “SHILL GIRLS” OF MATCH.COM, OK CUPID AND POF WORK

HOW THE FAKE “SHILL GIRLS” OF MATCH.COM, OK CUPID AND POF WORK

th(2)

HOW THE FAKE “SHILL GIRLS” OF MATCH.COM, OK CUPID AND POF WORK

You just joined one of the top 5 dating sites. You message some attractive ladies right near you. You get some responses. Alas, you don’t realize that those “hot ladies”, now messaging with you, are actually all a guy with a goatee, named Wu Lee, in the Philippines. Even though Wu Lee is a funky guy in a warehouse, he is also a “Shill Girl” on Match.com.

While you see lots of talk about these dating services, “not allowing fake profiles”, they are, in fact, the ones who hire the “shill Farms” to supply them with the fake date experiences.

They only use them for guys because women always get flooded with actual guys contacting them. Many of the pictures are from the ex-websites of dead Russian hookers.

The first red flags:

– Your date is out “of the area for a few weeks”, or longer, on a trip or some big project so that a real person doesn’t actually have to show up.

– They have some other excuse to not meet you for a few weeks. The psychology is that no guy will wait that long and move on to the next candidate. Alas, the next candidate , and the next, and the next, is, more often than not, that same guy Wu Lee. If you are savvy enough to track them in your calender and follow-up a few days after they are supposed to “return to town”, they will tell you that they just happened to have met someone on their trip.

– They won’t talk on the phone. While talking to a person on a dating site is very comforting, the Shill Farms have escalation Teams that route phone call requests to sex phone operators, with your local accent, who do double duty as fake phone dates and fake sex call takers. Even if you talk on the phone, it still is not guaranteed that you don’t have a shill.

– The shill starts asking you very specific detailed personal data about yourself. In real world dating, nobody asks that kind of stuff before their first date. You look at each other, decide if you both look OK and off you go to the movies or dinner that Saturday. The reason the shills want detailed data on you is that the Shill Farm bosses make money from both providing fake profiles AND harvesting your private data for data harvesting banks.

– They try to keep you on the site for as long as possible. The Shill Farmer has a third way of making money off of you. It is called “Spoofing”. The more volumes of people the dating site can show for their subscriptions and advertisers, the more money they can make.

– They won’t meet. For most people, the purpose of a dating site is to meet someone you can hug, squeeze, kiss and go do things with. It should seem odd to you, if your potential date won’t meet in person ASAP. If they were real, you would think they would want to see how both of you are, in-person, before wasting time.

Terms:

Shill- A person pretending to be someone else, or another gender, in order to suck you in to some scheme to get your money or your data. Also called a “Troll”.

Shill Farm – A large building, apartment complex, warehouse or other building where large numbers of shills are based

Shill Farmer – The owner of the Shill Farm. Often Russian mobsters, Asian gangs or Nigerian cartels

Dating Harvester – Match.com, Plenty of Fish, OK Cupid and similar automated conglomerate-owned dating services that are in the business for far different reasons than you might think

Trolling – Working the pretext to try to get the victim/target guy sucked into the scheme. Using different scenarios and talking scripts to get the target to loosen their guard.

Spoofing – creating fake user volume numbers in order to help dating sites trick advertisers into paying more/

 Your big dating site is not only fully aware of this, they pay them to do it!

THEGAURDIAN

Inside a Russian troll house.

FAKE DATES R-US

Former workers tell how hundreds of bloggers are paid to flood forums and social networks at home and abroad with anti-western and pro-Kremlin comments

55 Savushkina Street, St Petersburg, said to be the headquarters of Russia’s ‘troll army’
55 Savushkina Street, St Petersburg, said to be the headquarters of Russia’s ‘troll army’. Photograph: Shaun Walker for the Guardian
Just after 9pm each day, a long line of workers files out of 55 Savushkina Street, a modern four-storey office complex with a small sign outside that reads “Business centre”. Having spent 12 hours in the building, the workers are replaced by another large group, who will work through the night.The nondescript building has been identified as the headquarters of Russia’s “troll army”, where hundreds of paid bloggers work round the clock to flood Russian internet forums, social networks and the comments sections of western publications with remarks praising the president, Vladimir Putin, and raging at the depravity and injustice of the west.

The Guardian spoke to two former employees of the troll enterprise, one of whom was in a department running fake blogs on the social network LiveJournal, and one who was part of a team that spammed municipal chat forums around Russia with pro-Kremlin posts. Both said they were employed unofficially and paid cash-in-hand.

They painted a picture of a work environment that was humourless and draconian, with fines for being a few minutes late or not reaching the required number of posts each day. Trolls worked in rooms of about 20 people, each controlled by three editors, who would check posts and impose fines if they found the words had been cut and pasted, or were ideologically deviant.

The LiveJournal blogger, who spent two months working at the centre until mid-March, said she was paid 45,000 roubles (£520, $790) a month, to run a number of accounts on the site. There was no contract – the only document she signed was a non-disclosure form. She was ordered not to tell her friends about the job, nor to add any of them to the social media accounts she would run under pseudonyms.

“We had to write ‘ordinary posts’, about making cakes or music tracks we liked, but then every now and then throw in a political post about how the Kiev government is fascist, or that sort of thing,” she said.

Scrolling through one of the LiveJournal accounts she ran, the pattern is clear. There are posts about “Europe’s 20 most beautiful castles” and “signs that show you are dating the wrong girl”, interspersed with political posts about Ukraine or suggesting that the Russian opposition leader Alexei Navalny is corrupt.

Cartoon lampooning Barack Obama
In this attempt to lampoon Barack Obama, the speech balloons read as follows: Hmm, need to think of a password … I’m going to make it ‘my dick’ … Click OK … What? ‘Error: too short’?! Photograph: handout

Instructions for the political posts would come in “technical tasks” that the trolls received each morning, while the non-political posts had to be thought up personally.

“The scariest thing is when you talk to your friends and they are repeating the same things you saw in the technical tasks, and you realise that all this is having an effect,” the former worker said.

Marat, 40, worked in a different department, where employees went methodically through chat forums in various cities, leaving posts.

“First thing in the morning, we’d come in, turn on a proxy server to hide our real location, and then read the technical tasks we had been sent,” he said.

The trolls worked in teams of three. The first one would leave a complaint about some problem or other, or simply post a link, then the other two would wade in, using links to articles on Kremlin-friendly websites and “comedy” photographs lampooning western or Ukrainian leaders with abusive captions.

Marat shared six of his technical task sheets from his time in the office with the Guardian. Each of them has a news line, some information about it, and a “conclusion” that the commenters should reach. One is on Putin offering his condolences to President François Hollande after the Charlie Hebdo shootings in Paris.

“Vladimir Putin contacted the French leader immediately, despite the bad relations between Russia and the west,” reads the section explaining the conclusion the troll posts should reach. “The Russian leader has always stood against aggression and terrorism in general. Thanks to the president’s initiatives, the number of terrorist acts inside Russia has decreased dramatically.”

The other task sheets demand glowing reviews of the YotaPhone, a Russian-made smartphone, abuse and teasing for Jennifer Psaki, the former US state department spokeswoman, and three relate to Ukraine and the west’s plans there.

The desired conclusion of one reads: “The majority of experts agree that the US is deliberately trying to weaken Russia, and Ukraine is being used only as a way to achieve this goal. If the Ukrainian people had not panicked and backed a coup, the west would have found another way to pressure Russia. But our country is not going to go ahead with the US plans, and we will fight for our sovereignty on the international stage.”

To add colour to their posts, websites have been set up to aid the troll army. One features thousands of pasteable images, mainly of European leaders in humiliating photoshopped incidents or with captions pointing out their weakness and stupidity, or showing Putin making hilarious wisecracks and winning the day.

Many of them have obvious racist or homophobic overtones. Barack Obama eating a banana or depicted as a monkey, or the Ukrainian president, Petro Poroshenko, in drag, declaring: “We are preparing for European integration.” The trolls have to post the photographs together with information they can pull from a website marketed as a “patriotic Russian Wikipedia”, featuring ideologically acceptable versions of world events.

The entries for the Maidan revolution in Kiev explain that all the protesters were fed special tea laced with drugs, which is what caused the revolution.

Vladimir Putin, as he appears on a page from the 'patriotic Russian Wikipedia.'
Vladimir Putin, as he appears on a page from the ‘patriotic Russian Wikipedia.’ Photograph: Rukspert

The trolls were firmly instructed that there should never be anything bad written about the self-proclaimed Donetsk People’s Republic (DNR) or the Luhansk People’s Republic (LNR), and never anything good about the Ukrainian government.

“I would go home at the end of the day and see all the same news items on the television news. It was obvious that the decisions were coming from somewhere,” said Marat. Many people have accused Russian television of ramping up propaganda over the past 18 months in its coverage of Ukraine, so much so that the EU even put Dmitry Kiselev, an opinionated television host and director of a major news agency, on its sanctions list.

After two months of working in the troll agency, Marat began to feel he was losing his sanity, and decided he had to leave. From the snatched conversations over coffee, he noted that the office was split roughly 50/50 between people who genuinely believed in what they were doing, and those who thought it was stupid but wanted the money. Occasionally, he would notice people changing on the job.

“Of course, if every day you are feeding on hate, it eats away at your soul. You start really believing in it. You have to be strong to stay clean when you spend your whole day submerged in dirt,” he said.

The most prestigious job in the agency is to be an English-language troll, for which the pay is 65,000 roubles. Last year, the Guardian’s readers’ editor said he believed there was an “orchestrated pro-Kremlin campaign” on the newspaper’s comment boards.

As he spoke decent English, Marat was sent for a test in the English language department, where he was given the task of writing a one-page text in English about his political views. Not wanting to overdo it, he wrote that he was apolitical, and thought all politics were cynical. It was not good enough to pass.

Before he was told he had failed, however, other people in the room were told they had passed the preliminary test and were set to work composing comments on two English-language articles about Ukraine – one by the New York Times and another by CNN.

Lawyers in St Petersburg said it was extremely rare for such a big enterprise to be working entirely on the “black economy”, not paying any tax and not officially registering its employees. Leaked documents have linked the opaque company running the troll factory to structures close to the Kremlin, but there has been no hard evidence. As long ago as 2012 there were leaks suggesting Kremlin youth groups were funding online troll activities.

It is unclear whether the St Petersburg troll hub is the only one or whether there are many others, but what does seem clear is that the enterprise has grown enormously since it was discovered two years ago.

“When I got the job there in 2013 it was a small building, I was working in the basement, and it was clear they didn’t have enough space,” said Andrei Soshnikov, a St Petersburg journalist who infiltrated the company two years ago and has continued to cover it. He linked the move to a much bigger office with increased online activity around the Ukraine crisis, and said that while the trolling can seem farcical, it would be naive to write it off as ineffectual, especially in the domestic arena.

“People of my generation who grew up with the internet can perhaps spot the troll comments easily. But for the older generation, people who are used to television and are just getting online, they look at all these forums and networks, and it turns out that everyone else out there is even more radical than they are, than their neighbours are.”
WHERE DO FAKING DATING PROFILES COME FROM?:

By Doug Bock Clark – New Republic

Every morning, Kim Casipong strolls past barbed wire, six dogs, and a watchman in order to get to her job in a pink apartment building decorated with ornate stonework in Lapu-Lapu City. The building towers above the slums surrounding it—houses made of scrap wood with muddy goat pens in place of yards. She is a pretty, milk-skinned, 17-year-old girl who loves the movie Frozen and whose favorite pastime is singing karaoke. She is on her way to do her part in bringing down Facebook.

Casipong huffs to the third floor of the apartment building, opens a door decorated with a crucifix, and greets her co-workers. The curtains are drawn, and the artificial moonlight of computer screens illuminates the room. Eight workers sit in two rows, their tools arranged on their desks: a computer, a minaret of cell phone SIM cards, and an old cell phone. Tens of thousands of additional SIM cards are taped into bricks and stored under chairs, on top of computers, and in old instant noodle boxes around the room.

Richard Braggs, Casipong’s boss, sits at a desk positioned behind his employees, occasionally glancing up from his double monitor to survey their screens. Even in the gloom, he wears Ray-Ban sunglasses to shield his eyes from the glare of his computer. (“Richard Braggs” is the alias he uses for business purposes; he uses a number of pseudonyms for various online activities.)

Casipong inserts earbuds, queues up dance music—Paramore and Avicii—and checks her client’s instructions. Their specifications are often quite pointed. A São Paulo gym might request 75 female Brazilian fitness fanatics, or a Castro-district bar might want 1,000 gay men living in San Francisco. Her current order is the most common: Facebook profiles of beautiful American women between the ages of 20 and 30. Once they’ve received the accounts, the client will probably use them to sell Facebook likes to customers looking for an illicit social media boost.

Most of the accounts Casipong creates are sold to these digital middlemen—“click farms” as they have come to be known. Just as fast as Silicon Valley conjures something valuable from digital ephemera, click farms seek ways to create counterfeits. Google “buy Facebook likes” and you’ll see how easy it is to purchase black-market influence on the Internet: 1,000 Facebook likes for $29.99; 1,000 Twitter followers for $12; or any other type of fake social media credential, from YouTube views to Pinterest followers to SoundCloud plays. Social media is now the engine of the Internet, but that engine is running on some pretty suspect fuel.

Casipong plays her role in hijacking the currencies of social media—Facebook likes, Twitter followers—by performing the same routine over and over again. She starts by entering the client’s specifications into the website Fake Name Generator, which returns a sociologically realistic identity: Ashley Nivens, 21, from Nashville, Tennessee, now a student at New York University who works part time at American Apparel. (“Ashley Nivens” is a composite based on Casipong’s standard procedures, not the name of an actual person or account.) She then creates an email account. The email address forms the foundation of Ashley Nivens’s Facebook account, which is fleshed out with a profile picture from a photo library that Braggs’s workers have compiled by scraping dating sites. The whole time, a proxy server makes it seem as though she is accessing the Internet from Manhattan, and software disables the cookies that Facebook uses to track suspicious activity.

Next, she inserts a SIM card into a Nokia cell phone, a pre-touch-screen antique that’s been used so much the digits on its keypad have worn away. Once the phone is live, she types its number into Nivens’s Facebook profile and waits for a verification code to arrive via text message. She enters the code into Facebook and—voilà!—Ashley Nivens is, according to Facebook’s security algorithms, a real person. The whole process takes about three minutes.

Casipong sometimes wonders what happens to profiles like these once she turns them over to the clients. In fact, her whole job seems strange to her and the purpose of all these accounts somewhat mysterious. Still, she forgets this for long stretches of time: She’s young, she can do an almost perfect karaoke rendition of Mariah Carey’s “We Belong Together,” and she dreams of finishing college at the University of Cebu City after she’s saved enough money from working for Braggs. Once she earns a degree in Web design, she’ll join the Philippine diaspora and find a job in Australia, New Zealand, or the United States. And during weekends, maybe she can lead a life similar to Nivens’s.

When Casipong stands up a little after 6 p.m., a nightshift worker is waiting to take her chair.

Once, if you wanted to make money scamming people on the Internet, you used email. For two years, Braggs made his living spamming half a billion email addresses, hawking blueprints for a mythical perpetual energy machine or e-books that explained the secret to winning the lottery. Filipinos even invented a term for this kind of work, “onlining,” and, for about a decade, email spamming was a semi-honorable career path in Cebu City, the metropolitan area that encompasses Lapu-Lapu City and is one of the foremost business-outsource processing centers in the world. (Ring JPMorgan Chase or Microsoft customer support, and there’s a good chance you’ll be connected to a Filipino in Cebu City whose excellent English is part of the legacy of the American colonization of the Philippines.) Successful “onliners” became the nouveau riche of Cebu City. A notorious set of six brothers formed a spamming cooperative and built a row of mansions amid the slums. They threw all-night parties with roving guitarists serenading scores of guests, while they drank beer and devoured lechón, Philippine whole-roasted pig.

But between 2010 and 2012, teams of Internet security researchers and law enforcement officials dismantled several spambot networks across the world. These efforts, combined with the improved defenses of email hosts, effectively disabled many onliners in Cebu City. They had to look for new ways to make money.

Social media’s takeover of the Internet has been swift and dramatic. From 2005 to 2012, the percentage of Internet-using, American adults on a social media platform mushroomed from 8 to 70 percent. In 2005, Facebook had 5.5 million users; at the end of 2014, Facebook claimed 1.39 billion active monthly users—about one for every five people in the world and a little less than half of all people with Internet access.

In 2009, Facebook introduced the “like” button, which quickly became a way for people to celebrate an engagement or the birth of a baby, but also for brands to get people to endorse their products. Companies loved social media for the ostensible humanity it lent them; and sales leads that came through social media, studies showed, had a much higher chance of converting into actual purchases. Google and Bing’s algorithms take social media into account, so large followings could also improve a company’s position in search-engine rankings, where appearing even one slot higher can mean significant additional revenue. Researchers have also found that having lots of followers attracts even more followers, continually amplifying a company’s or individual’s reach. And while the impact of traditional advertising is difficult to quantify, social media counters are much more transparent.

Celebrities—and more minor personalities, like bloggers trying to get endorsement deals—have increasingly found their value measured in Facebook fans and Twitter followers, the payments they receive proportionate to their social media clout. Khloé Kardashian reportedly earns around $13,000 every time she tweets things like, “Want to know how Old Navy makes your butt look scary good?” to her 13.6 million followers. Politicians desire large followings for obvious reasons. Even ordinary people have discovered perks to having an extensive social media presence. Some employers, for instance, now require social media savvy for jobs in marketing, PR, or tech. All these logical incentives aside, the imperatives are not always rational. A growing body of research has begun to unpack the envy and insecurity that social media can generate—the pernicious sense that your friends are gaining Twitter followers much faster than you.

To help companies, celebrities, and everyday people boost their social media standing, onliners set up Internet stores—“click farms”—where customers can buy social media influence. Click farms can be found across the globe, but are most commonly based in the developing world. They exist in India, Indonesia, Bangladesh, and the Philippines, and may also exist in Eastern Europe, Mexico, and Iraq. A small number of click farms employ manual labor, a dozen or so people who manipulate Facebook accounts individually to create the likes that they sell. But most click farms are run by smaller teams that manage software to give digital life to accounts like Ashley Nivens. What Braggs runs is actually referred to as an “account farm”—he makes the accounts and software that click farms use.

In terms of their professionalism, click farms range widely. Some maintain promotional newsletters, subscription packages, and 24/7 customer service. One of the more polished, We Sell Likes, was founded by a former Silicon Valley SEO professional. Others are much less formal: a freelancer sitting in front of his computer all day and selling the services of hundreds of social media accounts through websites like SEO Clerks. Last November, The New York Times reported that teenagers were licensing Twitter click-farm software to supplement their allowances.

Richard’s account farm feels more like a startup than a developing-world sweatshop.

But the stakes are much larger than pocket money. Researchers estimate that the market for fake Twitter followers was worth between $40 million and $360 million in 2013, and that the market for Facebook spam was worth $87 million to $390 million. Italian Internet security researcher Andrea Stroppa has suggested that the market for fake Facebook likes could exceed even that. International corporations like Pepsi, Coca-Cola, Mercedes-Benz, and Louis Vuitton have all been accused of employing click farms, and celebrities such as 50 Cent, Paris Hilton, and LeAnn Rimes, have been implicated in buying fake followers. During his 2012 presidential campaign, Mitt Romney gained more than 100,000 Twitter followers in a single weekend, despite averaging only 4,000 new followers a day previously. (His campaign denied having bought any fakes.) One Indonesian click farmer told me that he had funneled two million Facebook likes to a candidate in his nation’s hotly contested July 2014 presidential election.

Two of the most crucial rules of Facebook’s terms of service are: “You will not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission,” and “You will not create more than one personal account.” The law of one person, one account is meant to guarantee that Facebook is the most real place on the Internet: The roughly six billion likes the company processes every day are supposed to be a quantification of homo sapien emotion. Other social media platforms, like Twitter, allow for more than one account per user, but, ultimately, the medium is predicated on the idea that its digital world is an accurate extension of the physical world.

Click farms jeopardize the existential foundation of social media: the idea that the interactions on it are between real people. Just as importantly, they undermine the assumption that advertisers can use the medium to efficiently reach real people who will shell out real money. More than $16 billion was spent worldwide on social media advertising in 2014; this money is the primary revenue for social media companies. If social media is no longer made up of people, what is it?

It was never Braggs’s intention to make a career of “onlining.” He dreamed of becoming a pilot and even went to flight school. (He still recalls the Leonardo da Vinci quote: “Once you have tasted flight, you will forever walk the earth with your eyes turned skyward, for there you have been, and there you will always long to return.”) Financial problems forced him to give up on his plan when he was in his early thirties, and, for nearly a decade, he survived on menial jobs: running a coffee stall at the bazaar, working construction, and chauffeuring tourists. One day, when he was driving a group of Koreans to a brothel—the destination for most of his customers—they offered him a turn with the high-class prostitute they were planning to employ. Braggs began searching for a way out.

Braggs got into onlining in 2011 after a friend who had struck it rich spamming gave him the software to start his own operation. When Braggs’s email spam business failed in 2012, he opened his own click farm, manually forging thousands of Facebook accounts and selling likes from them, incrementally hiring workers as his business grew. When he realized that he could make more money by supplying click farms with the products they needed—i.e., profiles and software to animate those profiles—he reorganized his business.

By July 2013, he was making phone verified accounts—or PVAs—full time. He hired 17 employees, including Casipong, and established round-the-clock shifts so his farm never went dark. Casipong guesses that she makes over 100 Facebook PVAs a day. Other employees average more than 150. Braggs sells PVAs for 70 cents; “premium” PVAs—accounts that are fleshed out with more than bare-bones biographical details—can be bought for $1.50.

Since his business began, Braggs has expanded into Yahoo, Gmail, and Twitter PVAs, and his customers have used the fake accounts in all sorts of scams: On the dating site Tinder, for example, Braggs said he believes seductive women solicited male users for pay-to-access porn sites. His biggest order, he told me, was for Chinese hackers trying to fleece the digital payment exchange Stellar; he hired every freelance worker he could find, but he was still only able to fulfill a small portion of it.

In many ways, Braggs’s account farm operates similarly to the outsourcing and industrial businesses that Cebu City is famous for. He relies on the infrastructure that carries the call center and technical support data to Cebu City from around the globe in order to pipe his forged profiles to his clients. He even benefits from cheap local resources—though instead of exploiting the Philippines’ old-growth rainforest timber, he processes SIM cards dropped off by men on motorcycles, paying a few cents for a card that would sell for $5 to $10 in the United States. Workers willing to do repetitive manual labor are not in short supply, either.

But Braggs’s account farm feels more like a startup than a developing-world sweatshop. Most of his employees are young IT university graduates infused with the excitement of beating the system. There is an office puppy named Hacker, and Braggs pays for a cook to prepare lunch for the employees every day. Casipong earns about $215 a month, significantly more than the minimum wage for a domestic helper, which is as low as $34 a month. Braggs pays his nightshift workers extra, and some of his employees reportedly choose to become nocturnal for the additional wages.

Click farms jeopardize the existential foundation of social media: the idea that the interactions on it are between real people.

The Philippines has the highest rate of unemployment in the Association of Southeast Asian Nations. Casipong is aware of the alternative employment options: Cebu City is the “cybersex capital of the Philippines,” and illegal firework factories in the slums announce their presence every few weeks with a bang. Braggs’s employees seem genuinely happy; their main complaint was laggy Internet that disrupted the music they streamed while working. Many spoke of Braggs as a Horatio Alger–style role model.?In the fictionalized biography Braggs maintains on the website of his account farm, he calls himself the Robin Hood of Facebook marketing, and this contrarian idealism extends to his general attitude about life. His hero is the tribal chieftain Lapu-Lapu—the namesake of his city—famous for slaying the Portuguese explorer Ferdinand Magellan, who, in the name of capitalism and colonialism, was the first man to circumnavigate the globe. He has no desire to stay up all night answering questions about credit cards and Windows glitches for people on the other side of the world. Why shouldn’t he feel proud of providing decent salaries to 17 workers, or paying for the school fees of his girlfriend’s younger sister or the local kids’ basketball jerseys? He’s a self-made man, trained on YouTube tutorials and in chat rooms; to this day, he types hunt-and-peck style, never having learned QWERTY.

What he and click-farm managers are doing is not illegal in the Philippines. Facebook’s terms of service are not international law. In the United States, the Federal Trade Commission and attorneys general from several states have legislated against fake reviews—false endorsements on Amazon, for example. But no formal ruling has been passed down on inauthentic likes. “Click farming raises serious consumer protection questions,” said Ian Ayres, a specialist in contract law and a professor at Yale’s law and business schools. “To participate as a buyer or a seller in the traditional click-farming market seems a clear wrong.” But the actual law is less explicit. And Braggs has his own business ethics: He’s not hacking anyone’s bank account, only offering a service that people are clamoring to pay for and providing for himself, his family, and his countrymen.

For years, Facebook encouraged brands to use social media as a free way to connect with fans. Companies would post content, and Facebook would show it to a large percentage of the people who had liked those companies, free of charge: This was the so-called organic reach of a post. But, over the last few years, with a noticeably precipitous drop in late 2013, Facebook has steadily decreased the organic reach of posts; now, when a company posts something, it only reaches about 6 percent of the profiles that have already liked that company, and Facebook plans to decrease that reach further. This has meant that companies struggle to access most of the fans they have accumulated unless they pay Facebook to advertise. But as Facebook becomes more of a paid billboard, click-farm bots can disrupt the efforts of companies that advertise with Facebook—and, sometimes, even render them pointless.

Here’s how this can happen. Second Floor Music, an independent, Manhattan-based jazz publishing company that represents critically acclaimed but lesser-known composers, was the kind of small business built on its history and reputation: Five Grammy certificates hung on the walls, and jazz legends and up-and-comers dropped by the studio to rehearse. It was not, however, exactly forward-leaning when it came to social media marketing. But it was also ideally positioned to take advantage of Facebook’s advertising services: Its products targeted a niche audience that was often hard to reach, but which Facebook, with its vast trove of personal data, could easily access.

So in September 2013, Second Floor Music launched a Facebook advertising campaign for the Facebook page of Jazz Lead Sheets, a Second Floor Music website that allowed customers to download sheet music and song recordings. Because more than one-third of Jazz Lead Sheets’ business came from international clients, Second Floor Music asked Facebook to put ads in front of people from around the world, and paid Facebook a few cents each time one of them “liked” the page for Jazz Lead Sheets.

A young jazz singer employed by Second Floor Music named Rachel Nash Bronstein ended up overseeing the Facebook campaign. At first, Bronstein was exhilarated by how fast the Facebook page gained fans, hundreds within weeks. But then she began to notice that the fan activity—liking posts, commenting, etc.—on the page had plummeted. When Bronstein examined the profiles, her heart sank. Many of them hailed from Iraq. A lot of the profiles didn’t display any English. None of them evidenced any interest in jazz.

It’s impossible to pinpoint how these profiles ended up fans of Jazz Lead Sheets. (Facebook is fiercely secretive about how its internal algorithms work.) But when Bronstein paid Facebook to place her advertisement, Facebook may have put the ads in front of accounts that had already liked thousands of pages, figuring that those accounts were more likely to click on the ad. And those accounts were likely run by click farms. (The average American user only likes 70 pages.) Because many fake accounts are programmed to disguise their mercenary activities by liking lots of pages (not just their client’s), these bots were primed to like the Jazz Lead Sheets page. And because click-farm accounts often are programmed to move in coordination, so that they are easier to control, having one bot like a page could have caused others to follow, setting off a cascade of fake likes.

These fake likes weren’t just an empty number. Whenever Second Floor Music posted content, Facebook’s algorithms placed it on the newsfeeds of a small, random sample of fans—the people who had liked Second Floor Music—and measured how many “engaged” with the content. High levels of engagement meant that the content was deemed interesting and redistributed to more fans for free—the main goal of most businesses that use social media is to reach this tipping point where content spreads virally. But the fake fans never engaged, depressing each post’s score and leaving it dead on arrival. The social media boost Bronstein had paid for never happened. Even worse, she now had thousands of fake fans who made it nearly impossible to reach her real fans. Bronstein struggled to get help from Facebook, reaching out repeatedly through help forums, but, in the end, she scrapped the original page and started again from scratch. Second Floor Music had effectively paid to ruin one of its flagship Facebook pages.

Across Facebook, well-intentioned companies and organizations have found themselves in this predicament. Small businesses ranging from Bay Area startups to Toronto magazine publishers have reported similar problems, and Internet forums and blogs are rife with related tales. Corporations with professional teams managing their Facebook pages and large advertising budgets seem to treat this kind of artificial appreciation as the price of doing business. But the side effects of click farms are a real threat to small businesses with slimmer margins for error and without the know-how to effectively target their ads. (It’s worth noting that small businesses are the focus of a Facebook marketing push that has involved nationwide outreach and efforts to streamline the company’s advertising platform. Since Second Floor Music’s first campaign, Facebook has made more tools available for advertisers to direct and monitor their ads. A year later, Bronstein ran another campaign that worked much better than the first.)

From January 2013 to February 2014, a global team of researchers from the Max Planck Institute for Software Systems, Microsoft’s and AT&T’s research labs, as well as Boston and Northeastern Universities, conducted an experiment designed to determine just how often advertising campaigns resulted in likes from fake profiles. The researchers ran ten Facebook advertising campaigns, and when they analyzed the likes resulting from those campaigns, they found that 1,867 of the 2,767 likes—or about 67 percent—appeared to be illegitimate. After being informed of these suspicions, Facebook corroborated much of the team’s work by erasing 1,730 of the likes. Sympathetic researchers from a study run by the online marketing website Search Engine Journal have suggested that targeted Facebook advertisements can yield suspicious likes at a rate above 50 percent. In the fall of 2014, Professor Emiliano De Cristofaro of the University College of London presented research which found that even a page explicitly labeled as fake gained followers—the vast majority presumably bots.

The bot buildup can even affect companies that aren’t advertising with Facebook, but are just passively hoping their pages gain real fans. In 2014, Harvard University’s Facebook fans were most engaged in Dhaka, Bangladesh. (They stated that they did not pay for likes.) A 2012 article in The New York Times suggested that as much as 70 percent of President Obama’s 19 million Twitter followers were fake. (His campaign denied buying followers.) Less prominent pages from across the world—from those belonging to the English metal band Red Seas Fire to international bloggers—have been spontaneously overwhelmed by bots that are attempting to mask their illicit activity by glomming on to real social media profiles.

How to Build a Facebook Bot

(It’s easy!)

Pick a name: Fake Name Generator is great for this. One click will get you a full identity: From name, to age, to job—it can even provide a blood type.

Create an email account: If you want a bulletproof bot, make a phone-verified Gmail account using the same SIM cards you are using to verify your fake Facebook account.

Make sure your stealth software is on: Your proxy server should show that you’re working from someplace innocuous. Don’t forget to disable the cookies that might snag you.

Create a profile: Using the details from Fake Name Generator, flesh out your Facebook account. Dating websites are a great place to steal photos.

Phone verify the account: Install a SIM card into a cell phone and type the phone number into Facebook’s phone-verification feature. Wait for Facebook to text you a verification code. Enter the code.

Add some frills to the profile: Everything from favorite movies to photo albums, which you can just copy from other profiles. A bot looks a lot more authentic if it has friends, so make sure to send a few requests. If you’re working for a big account farm, you can probably friend some real people who are in on the scam.

Control your bot with the software: Once you’ve made thousands of bots, you’re not going to want to manually manipulate them. Purchase a program to automate your bots to act real.

Watch out for the social media police: Facebook is hunting you, so be careful. Newly made bots are subject to extra scrutiny, so let your bot marinate for a few weeks. Don’t go overboard on liking too many things. You’ll probably want to maintain a lot of accounts, so they can work in shifts. Whenever you’re paid to like one thing, like a few other random things to create a smokescreen of activity.

And if you are caught: Don’t sweat it! Facebook is more likely to temporarily disable the like function of the account than delete it. But if the heat’s getting to be too much, just delete the account and reuse the phone number to make a new one. Your business won’t miss a beat.

This February, Facebook stated that about 7 percent of its then 1.39 billion accounts were fake or duplicate, and that up to 28 million were “undesirable”—used for activities like spamming. In August 2014, Twitter disclosed in filings with the Securities and Exchange Commission that 23 million—or 8.5 percent—of its 270 million accounts were automated.

Almost since their inception, social media companies have tried to limit this kind of digital-influence inflation. YouTube periodically examines videos with suspicious numbers of views. In December 2014, in what was called the “Instagram Rapture,” the platform cleaned up a number of accounts; Justin Bieber lost 15 percent of his followers. Facebook is constantly refining its defenses; the verification processes that take up so much of Casipong’s time are part of that effort. In some countries, Facebook has even requested pictures of government IDs from suspicious accounts. (They’ve mostly avoided this tactic in the United States, where it has triggered a backlash.) As a Facebook spokesperson said in a statement last August: “We have a real incentive to aggressively go after this activity because people want authentic connections on Facebook, and businesses use our platform to deliver real business results. Inauthentic interactions run counter to these goals, so we are constantly working to detect fraudulent activity and shut it down.” In April, the spokesperson continued: “Fraudulent activity has always been a tiny fraction of overall activity on our service, but recently we have developed new pattern recognition technologies that have mostly halted the major exchanges of fake like activity.”

At the same time, however, it is in the interest of Facebook and other platforms to downplay the severity of the problem. Twitter has recognized that more than 8 percent of its accounts are automated, but it says not all of these are malicious—i.e, run by click farms or used for spam—suggesting that many are used for legitimate purposes, like tweeting the scores of sports games. The company has reported that 5 percent of its accounts are malicious, but researchers have suggested the actual figure is at least double that.

These estimates are contentious because in 2014, more than 90 percent of Facebook’s $12.5 billion in revenue and about 90 percent of Twitter’s $1.4 billion in revenue came from advertising. If researchers are correct that advertising on social media leads to a high percentage of fake likes and fans and followers, the entire business model could be called into question by advertisers. What incentive do companies have to buy ads that target digital ghosts? As Internet security researcher Stroppa said, “The worth of Twitter is based on their active and total numbers of accounts. If they ban fake profiles, then they will lose an important percentage of their user base.” Brands have begun to report dissatisfaction with Facebook marketing, wrote Nate Elliott, a vice president for the technology and market research company Forrester Research, in an email. “If fake profiles are a widespread problem, then it may turn out Facebook’s value to marketers is even lower than we thought.”

Facebook, Twitter, and other platforms claim to successfully police their populations, but evidence suggests otherwise. The Max Planck team found that more than 90 percent of accounts they flagged as “black market” were not eliminated after four months, even though Facebook had erased many of the fake likes that these accounts had created. De Cristofaro found that Facebook caught less than 1 percent of the fake profiles he investigated. The number was even lower for high-quality accounts: For the month that he monitored 621 active profiles from a high-end click farm, only one was canceled. When I looked through the accounts managed by Braggs’s account farm and several other click farms, time-stamps revealed that the majority had been lurking on the network for several years. Many had even attracted real friends, either through automation or because their profile pictures had intrigued actual people; attractive women created by Braggs’s account farm often get approached with explicit overtures. (Unless clients specify other identities for PVAs, Braggs instructs his workers to make sexy women.)

And just as onliners quickly shifted when email spam was no longer viable, click farms have wiggled away from efforts to rein them in. To my eye, Braggs’s “premium” PVAs are almost impossible to differentiate from the real deal. (Casipong fills the photo albums of her premium PVAs with pictures that remind her of one of her favorite blogs, Humans of New York, and adds quotes like “hakuna matata,” which she has no idea comes from The Lion King.) Experts believe that without computer-aided analysis, this extra camouflage makes it almost impossible to finger any click farmer’s couture bot.

If Facebook comes to suspect that Ashley Nivens is not, in fact, a real person, and suspends her account, Braggs will have Casipong unearth the appropriate SIM card from the tens of thousands of cards organized and stacked around Braggs’s shop, insert it into a phone, and answer Facebook’s text message: Yes, she is a human. “Basically,” Braggs said when we met last September, “there’s nothing Facebook can do to stop me.” Facebook has shut down his personal account, but Braggs laughs it off: “Why would I need one Facebook account when I’ve got thousands?” The main limiting factor for his business is a somewhat unpredictable supply of SIM cards.

Workers in Richard Braggs’s account farm.

Last September, Braggs drove out of Lapu-Lapu City to one of the new luxury subdivisions springing up amid the wetlands and mangrove forests. He had purchased a house there and construction was underway. The streets were lined with boxy, concrete, two-story houses fronted by grass lawns—a Philippine version of the American dream, but with half the square footage of their Western counterparts and with roving goats nibbling their shrubbery. It is here that the ex-pats who run the nearby factories live.

The house was Braggs’s reward for working weekends and never taking a vacation. He had been so busy that two months had passed since he had visited, and he had to argue with the guards to be let into the gated community. The lawn outside Braggs’s house was chest-high, with saplings rising above the brush. His girlfriend—the first worker at his click farm—followed behind as Braggs pushed through the young jungle. This was the woman he would marry. This was where his children would be raised. This was where he would move his account farm once the electricity was turned on. The exterior of the house was finished, but the interior was bare. He stopped at the front door of his new home and he patted his pocket, worried that he had forgotten the key.

It seems impossible that Facebook, with its army of elite coders and multibillion-dollar war chest, won’t eventually crush Braggs. The company knows his real name. It barrages his inboxes with cease-and-desist orders. But he’s hopeful. “Every system is made by humans,” Braggs told me, “so there is always a way to beat it.”

BIG NEWS: MATCH.COM RECEIVES WORST RATING FOR PRIVACY ABUSES, DATA HARVESTING AND FAKE PROFILES:

MATCH.COM/OKCUPID/POF DATING SITE ISSUES:

— Using Fake Profiles To Sucker Subscribers and create “ClickBait”.
— Using Dead Russian Hookers For Profile Pictures.
— Mood manipulating users in order to trick them into doing things.
— Giving spy agencies open access to all users actions, texts and emails.
— Selling user data to data-mining companies.
— Stealing photos of models to create fake profiles.
— Hiring armies of off-shore contractors to write fake profiles all day
— Police running photos through crime computers to find hot girls addresses
— Selling user information to marketing companies.
— Selling user information to political parties.
— Exploiting fragile users emotions in order to trick them into buying things.
— Acting as a front for Prostitutes and Escorts.
— Reading users emails and texts for fun.
— Swapping users personal pictures in staff clubs.
— Selling users profiles to other dating services without their permission.
— And many other unethical and criminal actions…
— All users of these services are encouraged to join CLASS ACTION LAWSUITS so that they can be financially compensated for online abuse and manipulation.

Web Security 101 for The Average Person:

How to protect yourself on the internet.

The most average, boring, “uninteresting” consumers are the ones that are the most targeted, the most “mood-manipulated”, the most hacked and the most data-harvested!

Every single thing you write in an email or text, or click on, will, eventually be psychologically analyzed by governments, lawsuit adversaries, foreign interests, hackers and marketing companies in order to learn what you really think and how you think. They can ALL get ahold of all of that material going back at least ten years. Nothing is ever deleted off of a hard drive. Everything can be recovered using modern physics.

Here are a variety of recent news articles, from across the web, on how to take car of your personal web security:

——————————————-

Basic Rules of Safety To Survive the Internet!

1. Never log in to anything without using a disposable email address. Never sign in to anything without using a disposable email address. Only use Apps and sites that do not use a login and keep you anonymous. Do not let the internet know that you are using the internet or you will instantly be targeted. EVERY government network has already been broken into at least a dozen times. Every retail network has been broken into nearly a hundred times. Otherwise: “Over 42 different countries spy agencies, thousands of hackers and thousands of marketing manipulation services will be all over you and your ID, money and life will get stolen”

2. Never send unencrypted email. Always use GPG, or other encryption, and change your password weekly.

3. Never backup or save files on “the cloud”. When you put files out on the web on other services you quadruple the ease with which your files can be broken into and stolen. It is like leaving all of your notebook computers on the curb every night.

4. Don’t buy any hardware unless it is open-source certified, globally, to be “back-door free”. Many companies built spy door gates into their hardware but now all of the hackers have the keys to those doors. If you have un-certified servers, routers, wifi, etc. then the gates of hell are wide-open to any hacker these days.

5. Never buy anything online with an account that has more than $200.00 in it. Have one account only for buying things online and never connect it to any other account and never put more than $200.00 in it. Expect your accounts to be hacked and your money to be stolen.

6. Always remember you are 3 CLICKS FROM DISASTER any time you are connected to a network. These days, ANYBODY can take everything of yours off of ANY electronic device with just 3 clicks of most modern hacking software. BE CAREFUL!

7. Always use fake ID, Disinformation and a false name if you must log-in to a service like NETFLIX or other subscription service. You will be tracked, tagged and process manipulated if you don’t.

8. Never post your picture online or you will be processed with imaging comparison software by third parties. Dating sites sell your image but hundreds of others run image comparison software on every image on the internet and abuse them for marketing too.

9. Never keep ANY files on your computer! Use an “air gap” where you never connect drives with actual documents to the live internet. Keep your Outlook .pst files, your photos, your documents, your movies and EVERYTHING you create, on an external encrypted hard drive. NEVER connect that hard drive to your computer unless your internet connection is physically unplugged and your wireless connection is removed or turned off in a way that you can check that it is turned off. If your mobile device is “always connected”, ANY kid can take EVERYTHING off of it, with just two mouse-clicks, any time they want to. It IS OK to keep fake files on your computer to keep hackers on a wild-goose chase.

10. Tape over any camera on any device you own. ANY kid can secretly turn your camera on and watch you taking a shower, getting undressed, cheating on your partner, having  sex or writing your secrets, with just two mouse-clicks, any time they want to.

11. Don’t use the CONTACTS and CALENDER in OUTLOOK, ICAL or on your device. ANY kid can now download all of your contacts off of your phone and computer and watch them as well. A business competitor can download all of your calender appointments and bug your business meetings or get your business meetings cancelled. An ex lover and see who your new lover is and mess with that. Foreign countries can EASILY steal your technology Otherwise: “Over 42 different countries spy agencies, thousands of hackers and thousands of marketing manipulation services will be all over you and your ID, money and life will get stolen”

12. ALWAYS, ALWAYS pull the battery out of your device when you are not immediately using it. ANY kid can now download all of your contacts off of your phone and computer and watch them as well. A business competitor can download all of your calender appointments and bug your business meetings or get your business meetings cancelled. An ex lover and see who your new lover is and mess with that. Foreign countries can EASILY steal your technology. You device may appear to be turned off, you may have even seen it “turn off” but it is still on and pretending to be off.

———————————-

Inside the shadowy world of data brokers

From CIO Magazine. From: http://www.cio.com

By Matt Kapko

Most consumers would not recognize the names of the large data brokers that constantly collect detailed information on their finances, health and other personal information. It’s safe to say most people probably have no idea this is happening at all. Those who are aware should be shocked by the extent to which their online and offline behaviors are being sifted through for profit. Call it panning for gold in the digital age.

The World Wide Web has always been a vehicle for advertising, but as the Internet permeates every facet of society from our apps to our appliances its role is expanding in kind. While surfing the Web or updating social apps on our smartphones, we blindly share valuable information about ourselves often without considering the ramifications – or, in some cases, even knowing we are sharing it. Despite these growing privacy concerns, without advertising the Internet would deliver very few of the experiences many of us enjoy today. Companies need to be profitable to survive, and for most that path to revenue is advertising. While companies like Facebook and Google capture most of their data through consumer-facing products and services they offer for free, outside firms are collecting and organizing virtually all activity elsewhere.

As 2013 came to a close, Sen. Jay Rockefeller (D-W.Va.) issued a scathing report about the role and unchecked power of data brokers. Following a year-long investigation by the Senate commerce committee into the collection, use and sale of consumer data for marketing purposes, he called these companies and their practices “the dark underside of American life.”

“Your smartphones are basically mini tracking devices that supply the kind of information that really talks about who you are on a day-to-day basis.” –Federal Trade Commissioner Julie Brill

“In 2012, the data broker industry generated $150 billion in revenue. That’s twice the size of the entire intelligence budget of the United States government — all generated by the effort to detail and sell information about our private lives,” Rockefeller adds.

Privacy concerns have ebbed and flowed with the rise of the Internet for decades now, but the backlash against data collection has grown more recently as consumers wake up to the reality that their personal information is being bought and sold as a commodity. Former NSA contractor Edward Snowden’s revelations about the wide and almost unfathomable reach of the federal government’s surveillance apparatus has only stoked these flames of discontent.

Recent reports from the likes of CBS’ news magazine “60 Minutes” are shining fresh light on data brokers as well. During that featured report, Federal Trade Commissioner Julie Brill says “your smartphones are basically mini tracking devices” that supply “the kind of information that really talks about who you are on a day-to-day basis.”

That data may include information like when someone comes home or leaves, the places or establishments they frequent and when and where they swipe their credit cards to make purchases.

“I think most people have no idea that it’s being collected and sold and that it’s personally identifiable about them, and that the information is basically a profile of them,” Brill says. “Consumers don’t know who the data brokers are. They don’t know the names of these companies.”

By flying under the radar, data brokers have largely been able to keep consumers at bay. The sheer volume of them, which easily number in the thousands, confuses consumers and matters of privacy all the more.
“When you’re collecting across billions of data points, regardless of its accuracy, there’s going to be groups of individuals behaving the same way.”

The largest of these companies — Acxiom, Datalogix, Epsilon and Experian — are bridging together data from the online and offline worlds and selling it to the likes of Facebook, Twitter and others to enhance their respective ad products. The general approach is to group and categorize consumers for marketers’ online ad targeting efforts. Programmatic ads are then sold and targeted based on these profiles, which the industry insists are anonymous and not personally identifiable.

Regulators and legislators across the political spectrum are making it a top priority to investigate these data brokers and enact laws that could curtail their way of business. But as more troubling details about the operation and seemingly unrestricted reach of these data brokers come to the surface, it’s unclear what can or will be done to rein in their most damning practices.

Daniel Kaufman, deputy director for the FTC’s Bureau of Consumer Protection, says the agency is currently studying nine data brokers. “They collect an enormous amount of data and they are not consumer-facing,” he said at last week’s GigaOm Structure Data conference in New York City.

“How are they getting their data? How do they make sure it’s accurate? Who are they sharing it with?” Kaufman says. The FTC takes law-enforcement actions, and it doesn’t create regulations. However, he adds that “the commission has been supportive of legislation that would support or improve the transparency of data brokers.”

The how, when and where of data collection may be perceived by many as nefarious, but the real debate begins over why. “Quite simply, in the digital age, data-driven marketing has become the fuel on which America’s free market engine runs,” the Digital Marketing Association wrote to members of Congress in 2012. That generally sums up the view of almost marketer today, and the sentiment is even more on point and agreed upon in the world of real-time marketing on social media.

“It’s become an essential part of the marketing mix,” says Adam Kleinberg, CEO of Traction, an advertising and interactive agency in San Francisco. Data brokers are “becoming increasingly important because the way digital media is being purchased is moving toward the robots. Programmatic advertising and programmatic media buying is using tools that automate the process,” he says. “You enhance the targeting efficiency by leveraging that data. It’s just gotten to the point in the past few years where 30 to 40 percent of media is purchased that way.”

These profiles are directional and optimized behaviorally, Kleinberg says. The cookies that follow us around the Internet are being used to index us based on behaviors such as what we search, visit, click on or buy. “If you actually saw your data you’d think ‘wow, these people don’t know me at all,’” he says.

“The power of the data in certain circumstances is in the massive quantity and patterning that is possible. When you’re collecting across billions of data points, regardless of its accuracy, there’s going to be groups of individuals behaving the same way,” Kleinberg adds.

“There is sensitive data that is collected and sold on you… What’s new is this big data that is being collected and cross referenced with those things,” he says. “The reality is that most of this big data is simply being used anonymously to better target you with an ad.”

While he freely admits “the ability to look at that individual data is a little scary,” he adds that “anyone who’s buying digital media today is buying data.”

From that the debate usually pivots around the promise of self-regulation versus the need for legal protections and regulations. Industry groups like the Internet Advertising Bureau and the Network Advertising Initiative have already developed standards and best practices which member companies must adhere to, but it appears unlikely that will remain their exclusive responsibility. Regulatory agencies and elected officials aren’t subscribing to simple notion that the ends justify the means. Legislation could be on the horizon as they aim for a middle ground.

Sharing the view of the industry at large, Kleinberg says he thinks the responsibility should come from within because regulators don’t have a deep understanding. “I think that the industry organizations are actually taking it very seriously and putting together standards that accommodate reasonable privacy restrictions like allowing people to opt out,” he says.

“I think consumers care less than we think in the moment. They care in the abstract sense,” Kleinberg says. “I can’t tell you of an example where data has been abused.”

To embolden the case for self-regulation, the industry needs to do more to explain what data means, Kleinberg adds. “The terms data and big data get lumped together as this big sinister beast and a lot of it is not innocuous … it’s anonymized by obscurity,” he says. “We should not rush to judge all of it without understanding that nuance.”

——————————————–

How your enemies, competitors and corporate thieves can have you attacked and robbed on “data-mining” services?

Every time you touch a keyboard, you hand your opposition the tools of your own destruction!

There are a group of BIG DATA Data Mining, privacy harvesting companies that can: find your kids for any stalker, kill off any chance you have of ever getting a job, destroy your credit, destroy your chances of getting a home, anticipate what you might do tomorrow, make you buy things you would not have otherwise bought, tell spammers and junk phone callers where and when to find you, tell everyone what your political affiliations are, and millions of other things that you never thought you were actually showing to the internet.

They grab every mouse move, hand twitch, the direction of your mouse travel, every word, password, page and link that you engage in. They know how long you looked at something, when you back-spaced, how many stories about sex you looked at and in what order. Are you a politician? This is the way your opponents wipe you out in elections.

OR… do YOU have an opinion that conflicts with certain politicians? BANG! Push a button and you are TOAST via a “data burn”! You saw what happened to Micheal on the “BURN NOTICE” tv series, Right?

If someone does not like you, they can get input data to these services that will wipe you out and there is nothing you can do; there is no way to know if they data really came from you, an attacker or a mistake. When you fill out that apartment credit application, you just handed these guys a knife to stab you in the heart with.

What are you going to do about it?

Make it a FELONY for ANY data mining operation to NOT let you see EVERY single bit of data they have on you and correct OR DELETE IT!?

How Spy Agencies Destroy Members of The Public That Politicians Put Hits On!

Did you piss off a corrupt Senator, The President’s press secretary or the head of a federal agency by speaking out or reporting corruption?

Then you get a “hit job”

Got some dating site profiles? Suddenly very pretty girls will contact you, on your dating sites, but they will harrass, disparage and harangue you in an attempt to give you low self-esteem and demoralize you so you don’t feel motivated. Those girls aren’t actually girls, though, they are intelligence interns in a warehouse in Virginia. Those OK CUPID, Plenty of Fish and Match.com hotties may just be some nerd named Norman with a neck beard and six computer screens outside of DC.

Have you heard of the term: “Honey Trap” websearch that term and then try searching the term: “Snowden Honey Trap”. Read about that. The hot girls they send to manipulate you are hot coed undergrads from Stanford and Yale, with a hankering for the spy business.

Did you just get fired after your boss got a phone call from a helpful party who wanted to “share some important information about you..” That was a slander job by those boys in Virginia.

Are you suddenly finding it hard to get an interview? Is it strange that recruiters and interviewers suddenly stop talking to you after the first contact? Those potential hirers have databases, that you can’t see, and your enemies have put code phrases in your employment profile that makes you un-hireable.

Did your company get a bad review on Yelp or Google? Did it suddenly get frozen into the top position on every Google search. Yes, the CIA-Funded Google does have the power to destroy your life on-command.

All that surveillance for “Your protection” …it’s being used to monitor your actions and figure out how to put roadblocks in front of you, as punishment for pissing of that Senator.

It is called a “Q Request Filing”. Q Requests are not even supposed to exist, but they do. Q Request processors are experts in psychological warfare, mood manipulation, brand damage, character assassination and personal attacks.

So, how do you counter-measure such political and business attacks?

– Hire private investigators to track down the attackers.
– Sue them in Civil court, the U.S. Court of Claims and small claims court
– Engage in massive press outreach to expose the attackers
– Expose the funding sources and investments of the attackers
– File complaints with every relevant regulatory and law enforcement agencu and make sure the media tracks the status of those complaint investigations

———————————————————-

We live in a whole new world!

How many tens of millions of dollars have you spent on your personal web security?

What’s that, you didn’t spend tens of millions of dollars on your personal web security?

Sony Pictures did, Target did, Home Depot did, JP Morgan did, The White House did, PF Chiang did.. and they all got hacked!

What do we learn from this? You are more at risk than you realize!

There are a few problems that have caused all this:

First there are the “backdoors”. Spy agencies had companies like Cisco, Intel, Juniper and others, put hardware and software backdoors in all of their network equipment so that spies, and law enforcement, can get inside any network if there are “bad-guys” on it. The hackers got ahold of the keys to many of those backdoors. In many cases, they only need to get past one door to be inside your whole network. The problem is, many of the backdoors are in the hardware of the devices and those devices are distributed all over the Earth. None of these companies want to shoulder the cost of pulling out and upgrading all of those devices. Many users believe the companies should be liable for any break-ins via their backdoors. There is a big legal discussion around all of that.

Next we have bad IT. If you, or your network provider, are using funky, simple, passwords; then the hackers are auto-testing all of the ports and will eventually get in via computerized trial-and-error. They will just point $35.00 worth of software, that they downloaded off some Russian site, at your IP address and let it run for a few weeks until it gets in and texts them that they can now scrounge through your life. Some of these hackers are just bored teenagers in Thailand, the Ukraine or other impoverished areas where they can’t find work. They have plenty of time on their hands. Other’s are state agencies with $100M budgets and orders to “get as much as they can find” from the competing nations.

Third we have non-distributed networks. Networks are just too big. There are wide open football sized file repositories that should only be ping-pong table sized.

Fourth we have a glut of Silicon Valley companies who made their business model revolve around harvesting and manipulating your activities and personal information. Not only do they make billions doing this, they also get paid by federal and third party marketing groups to do it. They have every incentive to do it and no incentive to not do it.

“Internet security” means keeping your assets from getting stolen or abused. What are your “assets”?

They are:

Your money

Your credit

Your identity

Your privacy

Your intentions (ie: what you might do online and how to trick you into doing specific things)

Your activity history

Your time

Your brand

All of these things have monetary value. They are worth money to someone. Other’s can make money off of these things that you own.

You may not be an evil bad guy with dark intentions, but to marketing companies, you are going to get tracked, monitored and manipulated just as much, if not more. The thought that you “have nothing to hide” is the biggest falsity on the internet. You have everything to hide from the hackers and harvesters.

All of these companies, (most you probably never heard of), are panning for digital gold in your private records: White Pages: Address.com; Google; Spokeo; Marketo; Been Verified; Facebook; Peek You; Intellius; ZabaSearch; US Search; inBloom; Salesforce.com; IBM Data Services; People Finders; TWITTER; Veromi; US People Search; Private Eye; Public Records Now; Addresses.com; People Smart; Advanced Background Checks; People Lookup; TalentShield; BeenVerified; GIS BackGround Checks; CVCertify; Conair; Social Intelligence; Dun And Bradstreet; EquiFax; Infortal; Kroll Backgrounds; Onesource; Checkpeople. Most consumers would not recognize the names of the large data brokers that constantly collect detailed information on their finances, medical, legal, sexual and other personal information. It’s safe to say most people probably have no idea this is happening at all. Those who are aware should be shocked by the extent to which their online and offline behaviors are being sifted through for profit. Axciom openly stated that they sell your information to government agencies. They got in trouble for selling your sexual, drinking, STD, abuse and mental issues to third parties.

In 2013 Sen. Jay Rockefeller (D-W.Va.) issued a scathing report about the role and unchecked power of data brokers. Said Federal Trade Commissioner Julie Brill: “Your smartphones are basically mini tracking devices that supply the kind of information that really talks about who you are on a day-to-day basis.”

There are a group of Data Mining, privacy harvesting companies that can: find your kids for any stalker, kill off any chance you have of ever getting a job, destroy your credit, destroy your chances of getting a home, anticipate what you might do tomorrow, make you buy things you would not have otherwise bought, tell spammers and junk phone callers where and when to find you, tell everyone what your political affiliations are, and millions of other things that you never thought you were actually showing to the internet.

They grab every mouse move, hand twitch, the direction of your mouse travel, every word, password, page and link that you engage in. They know how long you looked at something, when you back-spaced, how many stories about sex you looked at and in what order.

OR… do YOU have an opinion that conflicts with certain politicians? BANG! Push a button and you are TOAST via a “data burn”! You saw what happened to the character Michael on the “BURN NOTICE” TV series, Right?

If someone does not like you, they can get input data to these services that will wipe you out and there is nothing you can do; there is no way to know if they data really came from you, an attacker or a mistake. When you fill out that apartment

So you wonder: “hmmm, If all network devices are now hacked! How can I have a NETWORK-FREE LIFE!

Touching any device connected to a network is the same as asking the Russian mob to “keep an eye on your stuff while you run to the store”:

You might as well leave your unlocked safe deposit box at the curb of your nearest ghetto.

Do you ever take off your clothes? That camera on your cell phone, tablet, PC or appliance is recording you in secret. All those nude photos of all of the starlets that are online from “The Fappening”…you could be next…

Hundreds of millions of consumers are having their personal data hacked from most big retailers.

The White House, NASA, The CIA and all those other sites you thought were super secure.. nope..not so much: Hacked!

The Snowden, Assange and Manning leaks, along with the CIA Torture report, show, more than anything else, that all nation states lie to each other and they have played a one-ups-man-ship game of you-hack-me-I’ll-hack you, that now every single network has been broken into hundreds of times.

CBS news revealed that the U.S. and Israel built the STUXNET virus to take out Iran’s nukes but Iran got ahold of it, and has passed derivatives of it to every anti-U.S. group.

Now nation-state-class regenerative virus attacks are running daily against U.S. corporations with complex viruses that self-mutate like the T3 Terminator in the famous sci-fi film franchise.

Want to see all of Hollywood’s secret movie contracts and all of the movie star’s social security numbers? Say hello to “Sony-Pocalypse”! The Koreans appear to have gutted all of the personal records and private communications of the whole studio system. Now we know that Sony’s own staff think that Adam Sandler is a Dick!

The USB connector, on all USB devices, has high odds of having a hacking virus built into the USB connection itself.

The sad thing is that there are hundreds of ways to solve the problem but those ways involve making networks hacker-proof and the spy agencies won’t allow that.

A large group of public organizations and consumer companies, who have brought hardware and software forward that is actually hacker proof, have been attacked for doing so.

Even famous companies: Apple and Google were just attacked by the FBI for adding a slightly stronger encryption to their phones.

Think you are a boring, non-attractive target? Think again! Ever take your clothes off? ..have sex? ..Buy stuff? Got a credit card?

Technology can absolutely fix the problem. Technologists are being blockaded from fixing the problem because of certain person’s over-whelming need for “control”. Where will it end?

How can you survive as a company, agency or individual in the mean-time? Since the “mean-time” could last for the next 20 years, at the “pace-of-politics”, you need to be ready to make a big commitment:

To be truly NETWORK FREE:

– You cannot own anything with a built-in hard drive. Boot any device from an external drive and try to never connect the drive when the device is on a network. Have a USB nub to put things on when you need to email or go online. Disconnect the main external hard-drive when you must go online. Use the external operating system on a USB drive called: TAILS from the people who brought you TOR.

– Consider having a tablet that is only for surfing the web. Set up ALL accounts on it with the universal login that all web users default to: John Doe. 1 Main Street, Anytown, USA, 91111. Never take any download off of it and never connect it to your home network or any other device.

– Buy old typewriters, paper file cabinets and 1990’s flip phones. Use pre-hack technology. The Russian’s have now switched to this.

– Don’t write anything on a social network.

Companies now realize that sending their design plans, CAD, campaign plans and electronic layouts by email, or FTP, is the same as handing them directly to Chinese and Korean copycat factories. Hackers can get into anything on-line with two mouse clicks, these days. Your personal assets are just as valuable to the hackers.

YAHOO

Stay safe. Be Aware. Once you adopt security techniques they will, eventually, become second nature.

——————————————-

When a technology company hires “opposition researchers” to spy on you, this is what they do to “build an interdiction file on you”:

– Acquisition and tracking of your Comcast, Netflix, Hulu and related media uses for the last 10 years.

– Acquisition and tracking of your PG&E bills and usage curves for the last 10 years.

– Live feed observation from all cameras on your mobile devices, computers, smart devices and nearby surveillance cameras, even though those devices appear to be turned off.

– Acquisition and tracking of every keystroke on your devices via a delayed buffer file that remotely sends itself to surveillance servers when you believe your devices are turned off.

– Acquisition and tracking of all of your Paypal, credit card, debit card, club card and service card transactions for the last 10 years.

– “Stingray” device deployment in your neighborhood to spoof all of your wireless devices and create a archived database of all phone calls, text messages, voicemails and web search URLS.

– Routing your computer to spoofed URLS for Facebook, LinkedIn, Twitter and other sites that appear to be authentic but are actually monitoring sites.

– Acquisition, tracking and archiving of all third party business surveillance camera feeds on your daily routes of travel and any off-route deviations you may take.

– Identification and file creation for all investors, family members and associated partners who may have stock holdings or revenue access to your companies.

– Acquisition and tracking of all of your bank accounts, trust funds, shell corporations and any professional financial services people identified in the international databases for the last 20 years.

– Acquisition and tracking of the RFID circuits in your car and the radio system in your car.

– Wifi and Laser inteferomtry observance of speech surface vibrations and air space disruptions, which, essentially, mean that they can see inside buildings and hear speech without bugging anything by listening to the vibrations of nearby windows, ceramics, plastics or other objects.

– Computerized cross matrix comparison of all IRS and State tax filings compared with all revenue streams from the last 15 years.

– Computerized Cross matrix studies on you and your psychological state via the surveillance databases of Palantir, LucidWorks, Epic, PINWALE, XKeyScore, Stormwatch and others.

– Use of nearby Zone satellite array transponders for signal-specific targeting of your activities.

——————-

How an adversary will conduct a surveillance operation on you and how to trip them up:

#1 How you get targeted for surveillance:

– By being a human that owns, or is near, any device that can connect to a network

– By having any police record

– By having any tax record

– By making any public statement in social media, that is a political opinion

– By owning a business

– By doing anything that causes three or more people to regulary pay attention to you

– By shopping on line

– By using email

– By having a website or socal media page

– By being in a lawsuit

– By writing a complaint letter

– By signing a petition

#2. When you engage in any of these actions you are assigned a surveillance code. The more you do any of these things, above, the deeper your surveillance becomes

#4. Who surveils you:

– Your government
– Foreign governments
– Local police
– State police
– Federal intelligence agencies
– Democrat opposition researchers
– Republican opposition researchers
– Marketing companies
– Business competitors
– Lovers
– Ex-lovers
– Family members
– Your children
– Hackers
– Foreign organized crime groups
– Neighbors
– Bored teenage gangs
– Lobby groups
– Think tanks
– Political psychologists
– Consumer electronics companies
– Silicon Valley data harvesters
– the CIA
– the NSA
– the DIA
– the FBI
– NEST
– Senators
– the White House press office
– Gawker Media
– the Verge
– Unit 52 of the Chinese surveillance group
– Google
– Linked-in
– Amazon.com
– Experion
– or by “information services” who sell your data to the parties above

#5. Why do they target you:

– to acquire political advantage
– to manipulate political advantage
– to damage political efforts
– to trick you into buying things
– to determine if you might be causing trouble
– to determine if you might be about to cause trouble
– to sell your data assets without your knowledge
– to determine your voting intentions
– to manipulate your voting intentions
– to see if you are a threat to government
– to see if you are a financial threat to a competitor
– to determine the best ways to damage your effort if you are a threat to a competitor
– to get secret information in order to write news stories
– to put misleading information in front of you in order to steer you away from competing with something
– to find out who you are talking to in order to manipulate your contacts
– to trick you by putting manipulated information in front of you with missing pieces and watching how you fill in the missing parts, there-by exposing your thinking
– to trick you into thinking many other people are doing a certain thing and that  you should “follow the crowd”
– to put certain words, or short phrases in front of you that candidates then repeat on tv so that you become programmed to accept those phrases
– to identify a city, or region, which might be about to unite under a common complaint, or goal
– to disinform
– to capture location, use and input data about you from your mobile device apps
– to secretly update the spyware already on your system
– to look at other spies that are spying on you and spy on them
– too turn off, or destroy, your device, remotely, iff you “cause trouble”
– to identify if you are exhbiting too much independent thinking and deepen your surveillance if you are
————
Deep dive into QUANTUM INSERT

Deep dive into QUANTUM INSERT

What is a QUANTUM INSERT attack on you?

QUANTUMINSERT is described as a ‘HTML Redirection’ attack by injecting malicious content into a specific TCP session. A session is selected for injection based on ‘selectors’[3], such as a persistent tracking cookie that identifies a user for a longer period of time.

The injection is done by observing HTTP requests by means of eavesdropping on network traffic. When an interesting target is observed, another device, the shooter, is tipped to send a spoofed TCP packet. In order to craft and spoof this packet into the existing session, information about this session has to be known by the shooter.

All the information required by the shooter is available in the TCP packet containing the HTTP request:
•Source & Destination IP address
•Source & Destination port
•Sequence & Acknowledge numbers

For the attack to succeed the packet injected by the shooter has to arrive at the target before the ‘real’ response of the webserver. By exploiting this speed difference or race condition, one can impersonate the webserver.

A video was posted online by The Intercept that shows the inner workings of QUANTUMHAND, which uses QUANTUMINSERT against targets visiting Facebook: https://vimeo.com/88822483.

Any nation state, or skilled hacker, could perform QUANTUM attacks as long as the traffic passes through their country or they possess other capabilities to get the required TCP session data.

QUANTUMINSERT could be used for lateral movement within internal networks.

Detection is possible by looking for duplicate TCP packets but with different payload and other anomalies in TCP streams.

The usage of HTTPS in combination with HSTS can reduce the effectiveness of QI. Also using a content delivery network (CDN) that offers low latency can make it very difficult for the QI packet to win the race with the real server.

Who is able to perform these attacks

Anyone who can passively or actively monitor a network and send spoofed packets can perform QUANTUM-like attacks. The NSA is allegedly able to perform this attack on a large scale on the internet and with a high success rate, which of course not everyone can simply do. This is because it requires the capability to listen in on potentially high volumes of internet traffic, which requires substantial resources and a fast infrastructure. This means that internet service providers (ISP) can potentially also perform these attacks.

A nation state could perform QUANTUM-like attacks when traffic passes through their country. An example of this is the recent research on China’s Great Cannon[4] by CitizenLab that confirms this.

What are QUANTUM INSERTS used for

QUANTUM attacks are possible against various protocols and for different purposes. For both offensive and defensive capabilities as the following table shows:

QUANTUMINSERT:  A man-on-the-side attack. Brief hijack of connection to redirect target to exploit server.
QUANTUMBOT:  Capable of hijacking idle IRC bots and hijacking c2 communication from bots.
QUANTUMBISQUIT: Enhances QIs effectiveness against proxies and other hard to reach targets
QUANTUMDNS: DNS injection/redirection of A records. Targets single hosts or chaching name servers
QUANTUMHAND: Exploits the computers of Facebook users
QUANTUMSKY: Denies access to a webpage by injecting/spoofing RST packets.
QUANTUMCOPPER: File download/upload disruption and corruption.

Source: https://firstlook.org/theintercept/document/2014/03/12/one-way-quantum/

All of these programs attempt to race the response packet to the target before the response of the real server arrives.

NSA has QUANTUMINSERT capabilities since 2005. The first QUANTUM tool was QUANTUMSKY, realised in 2004. The most recent development, according to the slides was done in October of 2010.

Man-on-the-Side vs Man-in-the-Middle

The QUANTUM attacks described in the Snowden leaks are all man-on-the-side (MOTS) attacks, while China’s Great Cannon attack uses man-in-the-middle (MITM) capabilities. There is been some misinformation on the matter in write-ups. The difference between the two can be observed by looking at the network traffic of the attacks[4]. The Great Firewall of China (not to be confused with The Great Cannon), injects additional TCP reset (RST) packets, and the original real responses can be observed after these RST packets, but real responses can be observed after these RST packets. This is a sign of a MOTS attack, rather than a MITM attack. The network traffic related to the Great Cannon showed only modified packets and no original responses. In other words: the original packets were replaced. This is a sign of a MITM attack, rather than a MOTS attack. The CitizenLab report describes this in great detail.

Monitor and shooter locations

The attack can be done against remote networks on the internet, but also inside internal networks for lateral movement purposes. The closer the monitor and shooters are to the target, the higher the success rate.

Similar attacks

There has been work on injecting packet into TCP sessions. Some tools that perform a similar attack to QUANTUMINSERT are:
•The attack performed by Kevin Mitnick back in 1994 used the same principles as QUANTUMINSERT, though he predicted TCP sequence numbers rather than observing them[5].
•Hunt, a tool released in 1999 was able to spoof and hijack connections.
•TCP Session Hijacking by Cheese, an article released in 2009, describes the technique accompanied by source code showing how to do it[6].
•AirPwn[7], a framework for 802.11 (wireless) packet injection.

How we performed a QUANTUMINSERT attack

We used three virtual machines (VM) to simulate the monitor, client and shooter, as described in the leaked slides. In this controlled environment it was relatively easy to outrace the server response and inject a HTTP response into the TCP session of the web browser.

The monitoring VM received a copy of all the client traffic and was configured to search for a specific pattern in the HTTP request. When a matching packet was found, the monitor service would notify the shooter about the current IPs, ports, sequence and ACK numbers of the session. The shooter would then send a spoofed TCP packet containing the right values for the session and a not so malicious HTTP response to prove the insert was successful.

The monitor is a simple Python script that can read Tcpdump or Tshark output for the required sequence numbers, ACK numbers, IP addresses, TCP ports and optionally HTTP cookie values. The shooter is also written in Python using Scapy for crafting and sending the spoofed packets. We then tested this code over the internet in a controlled environment. One of the harder parts was finding a service provider that permitted source IP spoofing close to our office.

Detection of QUANTUM INSERT attacks

Among the leaked NSA documents was a slide from the Communications Security Establishment Canada describing how to detect QUANTUMINSERT attacks:

Detect QUANTUMINSERT CSEC
Source: https://www.eff.org/files/2015/01/23/20150117-speigel-csec_document_about_the_recognition_of_trojans_and_other_network_based_anomaly_.pdf

To clarify the above, the first content carrying packet is the first packet containing data received by the client from the server. If there are two packets received with the same sequence numbers but have a different payload, it is a possible QI attack.

Theoretically an insert can be done anywhere in the TCP session, for example in long lived HTTP/1.1 sessions. A redirect could also be performed that would have less than 10% difference with the real payload. For example by doing the QI on a similar domain name on a HTTP 302 redirect.

It is even possible to start ‘shooting’ before the client sends the HTTP request, resulting in a faster response than the real HTTP response. However, by doing so you will lose the ability to identify and target specific users. According to the leaked slides, NSA targeted clients with QUANTUMINSERT using selectors such as HTTP cookies.

So in practice we have to look for duplicate HTTP response packets with significant differences in their content.

In order to detect this using an IDS one would need to observe the network traffic between client and the internet.

Payload inconsistency

A client will receive duplicate TCP packets with the same sequence number but with a different payload. The first TCP packet will be the “inserted” one while the second is from the real server, but will be ignored by the client. Of course it could also be the other way around; if the QI failed because it lost the race with the real server response.

quantum_insert_wireshark
Example of duplicate sequence and ack numbers, but with different payload sizes.

Checking the first content carrying packet is probably the easiest way to detect a QI, but offers no guarantees, as an inject can be present later in the TCP session. Checking only the first content carry packet reduces the amount of false positives.

A retransmission with a different payload size will sometimes look like a QUANTUMINSERT, this can happen when a retransmission is cut short, for example during TCP window size changes.

TTL anomalies

The injected packets also show a difference in their Time To Live[9] (TTL) values. Because the QI packets are usually inserted closer to the target client, the TTL is relatively higher than that of the real responses, because they come from further away. While the initial TTL can be modified, it is difficult to exactly predict the correct TTL value.

Slight variations in TTL values are not unusual, due to route changes on the internet.

Other anomalies

Other anomalies can be seen if the spoofed packets are not carefully crafted. For example, the TCP Timestamp value is usually set if it was also set in the TCP SYN packet. However this could vary between operating systems.

Other values such as the Differentiated Services Code Point (DSCP) in the IP header can also be observed for anomalies.

Detection using IDS

We created a number of packet captures (pcaps) when performing the Quantum Insert attack, which can be found here: https://github.com/fox-it/quantuminsert/tree/master/pcaps

This helped us with developing detection for a number of Intrusion Detection Systems and we hope others find these pcaps useful for further analysis and research.

While we have released Snort signatures in the past, we realised that this was not going to be enough to detect Quantum Insert. The Fox-IT Security Research Team successfully made detection for Quantum Insert and released this proof of concept code into the public domain on our GitHub: https://github.com/fox-it/quantuminsert/tree/master/detection

Snort

We made custom patches to the Snort Stream pre-processor to be able to detect possible Quantum Inserts. We found this to be the most efficient way rather than creating our own pre-processor. When a possible QI is detected it will trigger an event and also try to log the payload of the other TCP packet that was inconsistent as extra data.

See the README.md for more technical details: https://github.com/fox-it/quantuminsert/tree/master/detection/snort

We hope these patches will eventually find its way upstream.

Bro

We made a Bro policy to check for inconsistencies in the first content carrying packet. Keeping track of multiple packets would be better, if this could be done in the core functionality of Bro. We attempted to use the rexmit_inconsistency event, but this did not seem to work. Others have also reported this on the mailing lists[10], however it never got much attention. It should be feasible to improve Bro so that it can also keep track of older TCP segments, in order to detect QI like attacks. There’s even an official Bro ticket for this: BIT-1314[11].

See the README.md for additional technical details:https://github.com/fox-it/quantuminsert/tree/master/detection/bro

Suricata

We asked the lead developer of Suricata, Victor Julien, if he could verify Suricata’s coverage for QI by supplying him a pcap. Victor explained that Suricata has an event called ‘stream-event:reassembly_overlap_different_data’ that can be alerted on when triggered using a default signature. We received an additional signature that detects HTTP 302 responses in possible QI payloads.

https://github.com/fox-it/quantuminsert/tree/master/detection/suricata

Evasion

Note that these detection methods are possibly not evasion proof, one could also easily spoof a FIN packet after the QI packet to close the session. This would stop tracking the TCP segments in most IDS systems. Later packets in this stream will not be matched with previous packets.

Other possibilities is to try to create a partial overlap of data, thus avoiding detection of duplicate sequence numbers.

Other work

The following blog post[12] describes how to perform QI containing Proof of Concept code to perform the attack: https://github.com/stealth/QI

HoneyBadger[13], is a comprehensive TCP stream analysis tool for detecting and recording TCP attacks written by David Stainton can most likely also detect this attack.

While writing this article a DoS attack on GitHub was going on and a analysis was posted by NETRESEC[8], we did not see duplicate packets in the screenshots that could indicate a QUANTUM (man on the side) attack. However, the difference in TTL values was noticeable.

The detection for this attack has been included in our Cyber Threat Management platform.

Additional sites where you can conduct your own research:

http://www.aclu.org

http://www.propublica.org

Advertisements

About Public Wiki Authors

A Union Of Public Readers, Writers and Public-Interest Organizations Dedicated to Free Speech and Constitutional Rights

Discussion

Comments are closed.

YOUR INTERNET DATING AND NEWS GUIDE

Find Like-Minded Partners By Finding Things In The News That Interest Both Of You
=======================

This is a free public wiki blog.
This wiki uses a common sign-up handle for anonymity and personal security.
Anyone may use this site under "Fair Use", Freedom-of-speech and creative commons rights.

Enter your email address to follow this blog and receive notifications of new posts by email.

RSS News Updates

TOP READER SUBMITTED POSTS:

Topics