Thanks to Andrea Zapparoli Manzoni for suggesting the original concept of Consumerization of Warfare and this update.
In a previous post we defined “Consumerization of Warfare” the growing use of consumer technologies such as Social Networks and Mobile for Military purposes (such as propaganda or espionage).
The most obvious examples of this trend are represented, on a global scale, by the influence (also recognized by President Obama) that social media had for the Wind of Changes blowing from Maghreb to the Middle East. In this contest they were used for different purposes: for witnessing the real extent of the events (which was a key factor in fostering the Allied intervention in Libya), for virally spreading propaganda and psyops information, and, last but not least, in a strict military context, as a further evidence to “strong authenticate” coordinates for Nato Missile Attacks in Libya.
But this approach is not limited to social media. Mobile devices are the natural companions of social media, so U.S. Army, U.S. Marines, and National Security Agency are just evaluating the use of COTS (Commercial Off-The-Shelf) products for military purposes and is evaluating several different commercially available smartphones and tablets, properly hardened and secured.
In particular, despite privacy and reputation issues, social media have proven to be a powerful device for spreading information. Consider for example a single event: Osama Bin Laden’s death. Tweets dealing with this event averaged 3440 TPS from 10:45 to 12:30pm ET on May 2 2011, reaching a peak of 5106 TPS around 11:00pm ET.
Such a formidable weapon must be fully exploited for defensive and offensive purposes, consequently the newcomer in this warfare is none other than the Pentagon, which is asking scientists to figure out how to detect and counter propaganda on social media networks in the aftermath of Arab uprisings driven by Twitter and Facebook. The US military’s high-tech research arm, the Defense Advanced Research Projects Agency (DARPA), has put out a request for experts to look at “a new science of social networks” that would attempt to get ahead of the curve of events unfolding on new media.
The program’s goal is:
To track “purposeful or deceptive messaging and misinformation” in social networks and to pursue “counter messaging of detected adversary influence operations,”
according to DARPA’s request for proposals issued on July 14.
The idea to build fake personas to manipulate the social arena is not completely new (and one of the players involved was just the well known HBGary Federal), but this time the scope is pretty much wider, aiming to change the course of events by massive (counter)information campaigns (think for instance to video and images coming from Libya which were crucial to foster the Allied Intervention).
I am not sure Zuckerberg & Co. will be very happy that their creatures are considered, against their will, a battlefield from The Pentagon…
Update August 9: Anonplus defaced once again by Syrian Hackers!
There is no peace for AnonPlus the alternative Social Network established by the Infamous Hacking Group. Only a couple of days after the defacement made by a Turkish Hacking Group, Anonplus, the alternative Social Network established by Anonymous after their account was banned from Google+ has been defaced again by a couple of Syrian Hackers (Th3 Pr0 & SaQeR Syria) in name of the Syrian Electronic Army:
A group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria, and this distortion is carried out by many Facebook pages that deliberately work to spread hatred and sectarian intolerance between the peoples of Syria to fuel the uprising.
In this moment, Surfing to Anonplus, returns the following page:
Clearly the numerous Anonymous hactivism campaings nare attracting the unwelcome attentions not only by police squads of all five continents, but also from rival hacking grouops divided by ideological barriers.
As a matter of fact, at the beginning of July, Anonymous performed some DDoS attacks against Syrian Embassies all around the world as part of their Operation Syria. A similar action, Operation Turkey was declared at the beginning of June, which probably explain the above quoted previous defacement, which occurred at the AnonPlus Social Network on July the 22nd.
The Anonymous Tide is changing the world of hacking and hactivism: at the beginning of 2011, hactivism was included among the Top Security Concerns for 2011 from the leading security vendors. Afer seven months, it looks like that (actually easy) prediction was correct. Not only many would-be hackers have been enrolled (perhaps in a reckless and superficial manner) in hactivism campaigns (and often get stuck in the mesh of justice as it never happened in the last years, see for instance the FBI raids), but, most of all, the cyberspace is really becoming the fifth domain of war, used not only for propaganda, but also to carry on bombastic attacks with social, political, and military scopes.
Moreover, it looks like this is a further consequence of what I defined Consumerization of Warfare, that is the growing use of Consumer Technologies such as Social Networks for Military and Political Operations: the “declaration of war” of the Syrian Group starts from a Facebook page built up to stop the use of Facebook from their adversaries as a mean of communication with the Syrians inside and outside Syria “to spread their destructive ideas” (quoted litterally).
In this context a sentence is particularly meaningful:
So let’s fight them using their weapon
Probably at the beginning the Syrian group wanted to use the so called “their (same) weapon” exclusively against internal enemies. Once realized the latter were not the only to use the social weapons against their cause (Hacking groups, even if not motivated by hactivism make extensive use of Social Media to spread their Word), decided to expand the scope of their campaign, including anonymous among their targets.
Now it’s up to the Anonymous to place their move on the Cyberwar chessboard.
- AnonPlus, Anonymous’s social network, is hacked (nakedsecurity.sophos.com)
With great satisfaction yesterday I took advantage of a promotion so I updated the nav app on my Android device to the new premium version. Albeit I was very satisfied with the previous version, I could not resist, as usual, to a newer release: moreover the opportunity to save a dozen hard-earned euros was too tempting, so I gave a virtual credit card swipe and got the deal. Among the new features, I immediately noticed the so called “Social Navigation” (nowadays you may add the term social to anything), that is the possibility to share on Facebook or Twitter details about the journey.
My sixth sense and half told me not to enable the automatic share of journey details for a simple reason: what if a burglar should intercept my status update or my journey tweets, and consequently knew that I am leaving my home (maybe for several days)? The answer is pretty much simple… And it is exactly the reason why I am not used to post on Social Media details of my journeys, wether they are related to business or holiday.
Unfortunately it looks like many people do not think so and have the bad habit to post their holiday plans on Facebook or, worse, to publish in real times pictures shot too many miles far from home. Translated to real world, this behavior is like leaving an advert on the door to a burglar telling him there is nobody home.
This is an opportunity too tempting for “social burglars”, who have become familiar with these beahviors and also take advantage of weak default privacy settings, or also of the viral spread of information proper of social media, for probing profiles, looking for unprotected apartments to burgle.
From a social perspective, this is only the last field in which real life and virtual (social) life dangerously overlap, showing that the same threats may be equally applied to both areas. Luckily the same countermeasures may be applied as well, ans this is the reason why a UK Chelmsford-based security firm, Precreate Solutions for a small fee, provides its customers with “virtual updates” while they are away. The service, by mean of pre-approved messages, status updates and tweets scheduled while the customer is away, aims to show a real and virtual presence at home, discouraging potential criminals from taking malicious actions.
Of course holidaymakers should avoid to post their pictures or status updates while they are in holiday, moreover they also should be able to forge credible pre-cooked messages (what if they should update their status with a post telling “I am watching the football match” in July while there is no match, while contemporary posting pictures at the beach?
Thinking well this is not so different, in theory, from the old world approach where holidaymakers asked their neighbors to monitor their homes, to water the plants, and possibly to show signs of presence (switching on the lights for instance when not made through automated switches)… Moreover the bridge from real world to virtual world could become even more concrete, since Company director Gary Jackson claimed that
It’s getting to the point now when insurance firms are going charge higher premiums for social media users.
Maybe a marketing statement if it is true that the Association of British Insurers said it had never heard of insurers asking customers who use social networks to pay more, (and said it would not be practical to do so); a spokesman, however, warned people to think twice about advertising that they were away.
A further thought for this Social Media Day, a further example of the growing revolution of Social Media and their impact on everyday life, a further example of their privacy and security concerns, most of all if they are used, as often happens, with imprudence and shallowness, a behavior which might lead to serious aftermaths also in real world.
- This security firm offers to update your Facebook status whilst you’re away (theinformativereport.com)
Just a couple of months ago, in writing the first post about Mobile Warfare (which should have later become Consumerization of Warfare) I expressed some considerations about the growing need for illiberal government to prevent the use of mobile devices as preferred media for the rioters to capture live images of the events, and to spread the information all around the Globe by mean of Social Networks.
Cutting off the Internet has been the first clumsy countermeasure applied by Egypt and Syria, but it is really unlikely that this kind of massive preventive block will be applied again by other countries because of the huge dependence of Internet, which characterizes our epoch, and consequently, as a collateral damage, would stop other vital activities.
As a consequence, I hypothesized that possible future countermeasures will aim to make unusable directly the source of information (read mobile devices), and the media for sharing them (read social networks), relying upon a new generation of Cyber-warfare among which:
A massive Denial of Service for mobile devices through massive exploit of vulnerabilities (more and more common and pervasive on this kind of devices), through massive mobile malware deployment or also by mean of massive execution of mobile malware (as, for instance, Google did in order to remotely swipe the DroidDream malware). Honestly speaking I consider the latter option the less likely since I can easily imagine that no manufacturer will provide cooperation on this (but this does not prevent the fact that a single country could consider to leverage this channel).
No manufacturer will provide cooperation on this? Maybe… Too many times reality surpasses imagination, and when it comes to reality that surpasses the imagination, then surely it comes from Apple. This time, unfortunately, not in the sense that we’re used to (admiring products years ahead of the competition, which previously did not exist not even in our imagination), but in the sense that a patent recently filled by Apple could implicitly provide cooperation for illiberal governments to prevent smartphones to take live images of protests.
It looks like that Apple is Apple is developing software that will sense when a smartphone user is trying to record a live event, and then switch off the device’s camera (only the camera, the other functions will not be affected) by mean of infrared sensors directly installed on the device. The real reason is probably the need to prevent concertgoers to post footage of events on YouTube or other similar sites (at the expense of the organizers which sometimes sell sell their own recordings of the events), which could potentially allow Apple to negotiate better conditions with labels when dealing for placing music on sale on iTunes (and could also potentially provide another source of revenue by charging people to film live events).
But besides commercial considerations, there is another important aspect (a collateral damage I would say). The events of recent months have shown us that the concerts were not the only places where the phones have been used to capture live images. In North Africa and Middle East they have been used to document repression and illiberality. But what would have happened if this technology had really been developed? Probably it would have limited the effect of the winds of change in Tunisia, Egypt, Syria and Libya, since Mobile Devices (and their cameras) played (and are playing) an important role to witness the real entity of the events.
Imagine if Apple’s device had been available to the Mubarak regime earlier this year, and Egyptian security forces had deployed it around Tahrir Square to disable cameras just before they sent in their thugs to disperse the crowd.
Would the global outcry that helped drive Mubarak from office have occurred if a blackout of protest videos had prevented us from viewing the crackdown?
This is more than speculation. since thousands of cellphone cameras in the Middle East and North Africa have been used to document human rights abuses and to share them with millions via social media. I went in Libya approximately a month before the beginning of the revolution and I was astonished by the number of iPhones noticed over there.
This is more than speculation also because the role of mobile technologies for the above mentioned events has been recognized also by Mr. Obama during his speech on Middle East.
As correctly stated, Smartphones like the iPhone and Droid are becoming extensions of ourselves. They are not simply tools to connect with friends and family, but a means to document the world around us, engage in political issues and organize with others. They literally put the power of the media in our own hands.
Apple’s proposed technology would take that power away, that is the reason why the community is moving in order to urge Steve Jobs to pull the plug on this technology.
- Consumerization of Warfare (paulsparrows.wordpress.com)
- Mobile Warfare (paulsparrows.wordpress.com)
- Now Apple wants to block iPhone users from filming live events with their smartphone (dailymail.co.uk)
- Is Apple Launching a Pre-emptive Strike Against Free Speech? (huffingtonpost.com)
- Apple’s bizarre patent (openmobile.posterous.com)
As predicted a couple of months ago, NATO admitted to use Twitter in Libya for receiving information from rebels pertaining coordinates and movement s of the loyalist troops of Colonel Gaddafi.
Thanks to the famous six degrees of separation and the viral propagation model, Twitter ensures a rapid spread of information, but since it is far from a reliable medium, in the specific circumstance NATO indicated to “authenticate” the tweets of war by mean of more traditional media such as satellite images. This allowed, before taking any military action with missiles, to verify the consistency of the information received.
Whether we are aware or not, this is the dawning of a new age in warfare and, especially for the role played by new technologies (Mobile and Social Networks). An era brilliantly summarized by the term “Consumerization of Warfare” coined by Andrea Zapparoli Manzoni, which emphasizes the role of new consumer technologies (Social Network and Mobile) in a new war format (actually I coined the term Mobile Warfare, but unfortunately I have to admit that this term does not expresses the concept with the same completeness).
The issue is considerably more complicated than a simple tweet or a Facebook status update (a method that, although unconfirmed, is said to have been used by the Syrian Government to distribute DdoS software to its supporters for attacking adversary sites), and hides the (usual and well known) Social Network security issues, which are projected in a military dimension extending them in a much larger and dangerous scale both for senders and recipients of the tweets.
The main security concern relies in reputation, a bless and a curse for Social Networks. As already mentioned, in the specific circumstance the tweets of war were checked with “traditional” methods (anyway this is already an advantage since it is easier to check the veracity of a received information, rather than probing satellite images search for enemy outposts), but, generally speaking in absence of verification means, there is no guarantee concerning the truthfulness of a tweet, which, for instance might have been modified or manipulated up to the point of reversing the original content.
Moreover, the distribution channel is not what one would define “a reliable channel” and the chronic lack of privacy (which on one hand ensures a rapid spread of the tweets and/or status updates to a wider audience as possible) makes the tweets easily interceptable by the adversary, which is then able to implement adequate countermeasures, before the recipient has the time to act (on the other hand is rather easy to create a fake profile for following the tweets or status updates of the enemies ). Probably, in order to create some sort of encrypted channel between the peers, would be more effective to establish a priori a code and not to be too explicit in the indications (such as those found here), but from a theoretical point of view nothing prevents a conceptual step forward for thinking about encrypted and authenticated tweets (shifting the problem to the key exchange, but that’s another story). Without flying too much with imagination, all this delineates a real war strategy through Social Networks that the Armies of the (very near) future will have to seriously take into consideration.
And that is what is already happening: The U.S. Army already has special corps (a kind of Corps of Network and Security Engineers) dedicated to maintain the Internet connectivity in war zones by mean of, for instance, drones equipped with special antennas to provide 3G or Wi-Fi connectivity: recent events in middle east have shown that social network is an excellent medium for PsyOps operations as well as information exchange. As a further confirmation, few days ago, a scoop from NYT unleashed the project funded by the Obama Administration, for a portable “Internet in a Suitcase” and independent mobile networks, to ensure connectivity in war zones and/or backing dissidents to overtake censorship or Internet filters.
But while we are assisting to a growing use of “consumer ” technologies in war zones (up to the intention by the U.S. Army to use Android equipped devices on the battlefield), we are increasingly getting used to coarse countermeasures deployed by illiberal governments as well. Those countermeasures aim to stop internal protests and movements and span from completely shutting down of the Internet up to filtering social networks. As a consequence we may not exclude “a priori” that in the near future the countermeasures could become more sophisticated: cyber-attacks targeting social networks or tweet spoofing are two possible realistic countermeasures up to “(Mobile) Malware of State” specifically designed to alter or prevent communications from traditional or mobile endpoints . Fantasy? Maybe, even if Social Network has nothing to prove in terms of impact, after some countries preferred to completely shut the Internet, real lifeblood of every nation, in order to stop the spread of unwelcome information made with tweets and status updates (every individual may become a war reporter with a simple mobile device).
Maybe one day (near) the EULA of Social Networks will be modified to disallow the use of social media platforms for actions of virtual guerrilla or Cyberwarfare: certainly Consumerization of Warfare carries on, amplified, all the concerns of consumerization of Information Technology, that we are reporting for two years now, and that are just beginning to show all their malicious effects for security in the enterprise. This might definitely be a huge concern (think to a military devices with a 0-day vulnerability exploitable by the enemy) and for sure it is not a good omen considering that more and more federal agencies are winking to consumer technologies as well.
If you are interested to more information about Consumerization of Warfare (was Mobile Warfare), besides the link in the post:
Tweets Of Democracy: The Obama Speech In Middle East and the role of New Technologies;
Mobile Warfare In Libya Comes True: Hacking and Hijacking of Libyana Mobile Operator in Libya.
According to a NYT article, this is exactly what the Obama Administration is doing, leading a global effort to deploy a “shadow” Internet and an independent mobile phone network that dissidents can use against repressive governments that seek to silence them by censoring or shutting down telecommunications networks (as happened in Egypt and Syria).
More in detail the above mentioned effort include secretive projects to create independent cellphone networks inside foreign countries, as well as an “Internet in a suitcase” prototype, financed with a $2 million State Department grant, which could be secreted across a border and quickly set up to allow wireless communication over a wide area with a link to the global Internet. In a sort of 21st century version of Radio Free Europe relying on a version of “mesh network” technology, which can transform devices like cellphones or personal computers to create an invisible wireless web without a centralized hub
If one puts together the pieces of the puzzles of the last events, one clearly realizes that the ingredients were already on the pot and now are being mixed in the right dosage for a recipe of freedom.
On the other hand the importance of the Internet Connectivity (in terms of presence or absence) in War Zones is unquestionable. And this is brilliantly shown from the fact that we are getting more and more familiar with the shutting down of Internet connectivity as a clumsy attempt carried out by some governments for preventing the spreading of unwelcome information and the consequent use of Social Networks for propaganda, PsyOps or real War Operations. Of course I already talked about special groups of US Army, which I dubbed “Corps of (Networks and Security) Engineers” dedicated to maintain Internet connectivity in war zones by mean of 3G or Wi-Fi drones. It looks like I was only partially right since the reality seems much closer to a spy novel featuring special agents equipped with Internet suitcases rather than soulless drones equipped with antennas.
Same speech for mobile technologies: United States officials said, the State Department and Pentagon have spent at least $50 million to create an independent cellphone network in Afghanistan using towers on protected military bases inside the country in order to offset the Taliban’s ability to shut down the official Afghan services. More recently, a similar action was performed in Libya, with the hijacking of the Libyana Mobile Operator Network to be used by rebels groups to communicate between them. Clearly these were not episodic cases but the first examples of a real mobile warfare strategy aimed to maintain mobile connectivity (videos shot with mobile phones are a point in common of all the protests in Maghreb and Middle East) without clumsy actions such as the smuggling of Satellite Phones in Syria.
In light of these facts, Mr. Obama’s speech on the Middle East on May, the 19th assumes a new meaning and a deeper analysis shows that some prodromes of this strategy were already announced, even if in a hidden form:
Cell phones and social networks allow young people to connect and organize like never before. A new generation has emerged. And their voices tell us that change cannot be denied…
In fact, real reform will not come at the ballot box alone. Through our efforts we must support those basic rights to speak your mind and access information. We will support open access to the Internet.
Open support to Internet… Even if closed inside a suitcase…
- Shadow Internet: Secret U.S. Effort Reportedly Aims To Help Dissidents (huffingtonpost.com)
Do you remember my Tweets of War? That is the post in which I hypothesized that the rebels in Libya could use social networks to provide the coordinates of loyalists to the Allied troops in order to identify targets to bomb? Well, it looks like that a couple of months ago I was a good prophet, since the tweets of war were effectively real.
As a matter of fact today Wired confirmed that NATO used Twitter as the newest bombing tool (the information was originally reported by AFP)
Twitter and Facebook are among a wide range of media and other sources NATO’s intelligence officers monitor around-the-clock to identify potential targets in the air war against Kadhafi’s troops, the officials said.
“We will take information from every source we can,” said British Wing Commander Mike Bracken, the Libya operation’s military spokesman. “We get information from open sources on the Internet, we get Twitter.”
What follows is a Tweet of War from the original article collected a couple of months ago, indicating possible coordinates in the city of Misrata:
Of course, reputation is the main security concern, so that an anonymous official stressed that any information is checked against other more reliable sources such as satellite imagery and other traditional intelligence gathering before any jets are deployed.
With no doubt this evidence shows the real power and the primary role played in modern wars of what I called Mobile Warfare, that is the use of mobile technologies and social networks to turn the tide of a conflict.
Thanks to David for identifying the tweets and suggesting me the article from Wired.
- 885,917 hits since November 2010
Follow me on TwitterMy Tweets
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 2014 Cyber Attacks Timeline Master Index
- A (Graphical) World of Botnets and Cyber Attacks
- 1-15 August 2014 Cyber Attacks Timeline
- 2013 Cyber Attacks Statistics
- 2013 Cyber Attacks Timeline Master Index
- 2013 Cyber Attacks Statistics (Summary)
- 2012 Cyber Attacks Statistics
- Next Generation Firewalls and Web Applications Firewall Q&A
- July 2014 Cyber Attacks Statistics