Are your social media “friends” really friends? – the new media conundrum

SMILE Conference speaker Peter Berghammer is a military and aerospace veteran with particular grounding in security issues. He is a regular speaker on the security circuit having spoke at conferences such as DefCon and HackerHalted (EC Council) – dealing with tactics employed by hackers and activists to influence public opinion. In 2006 he was named a Fellow at Stanford’s Law Group: The Center for Internet and Society; researching topics related to DarkNets. He currently is with the firm PC/W in the role of Senior Strategist.

By now all of us in the security arena are familiar with the power and scope that social media has opened up on the world stage. The ability to almost instantaneously Tweet about literally earth shattering events is evidenced by the TV news channels picking up immediate reactions to things such the earthquakes in Haiti or Chile as “hard” news. Facebook, Twitpic and YouTube bring added dimension to events through pictures and on-scene video further solidifying the impact.

Lesser known but more noteworthy events in the security community revolve around countries such as Estonia and Iran – events in which a form of almost global activism take on a life of their own. These countries experienced first hand what social media is capable of, the power of unified communications across disparate demographics, the ability to organize crowds and give voice to a cause.

What is interesting in the case of Estonia is that the usage of social media as a part of a political activist’s toolbox led to significant social upheaval and multi-level hacking attacks against government websites and ultimately, the shutdown of the country’s banking system. A fairly sobering post-event analysis indicated coordinated, out-of-country efforts as the initial cause, with an ensuing “piling on” of social media efforts meant to coordinate and direct efforts. If you are unfamiliar with theses events there are a number of online resources available that make for quite a gripping story.

The Iranian situation is still one in diagnostic flux – in other words, the events are ongoing and a number of researchers come down squarely in one of two camps: the events of the Iranian “discontent” stem from coordinated attempts by outside forces, using social media, to sow discontent and drive coordinate popular resistance; while the other camp sees more of an homegrown and in-country style “revolt” using social media to coordinate and grow dissent. There is significant evidence supporting some portions of both theories as to cause and direction; however on both sides researchers agree that social media was and is essential to the formation of discontent and the continuation of popular demonstrations.

What is relevant from the perspective of those in Law Enforcement is that, although on an international level, the proof-of-concept of significant social dislocation being driven by social media is now a well accepted doctrine. Also, from the perspective of Law Enforcement the availability of automation tools geared toward social media, and the low cost in terms of money and manpower to make use of them, gives local and regional organizers a means and method to work on agendas that sometimes might be at cross-purposes to well intentioned community outreach efforts.

If we are tempted by the implication that those who might oppose community outreach efforts are engaging in illicit behavior – beware, that implication is incorrect. In fact, community opposition can be reflective of healthy discourse.

What is to be explored is the many ways available by those with less than noble aspirations in which social media can be used to derail legitimate outreach efforts, curtail rational debate on issues, and in some cases organize, instigate and direct actions of protestors…or worse.

Both tools and tactics play a role whereby small groups of individuals can be made to look like well funded, well coordinated and deeply passionate communities opposed to particular policies and practices – when in fact it may be a group of two or three individuals. The tactics of becoming a “friend” or “follower” are but simple variations of old techniques known to Law Enforcement for decades, but in the rush to embrace new media initiatives sometimes the old-fashioned, old-media rules are forgotten about who really is on your side and who isn’t.

However, tools such as Twitter account creation automation, IP anonymization, browser ID obfuscation, combined with old fashioned techniques right out of a community organizer’s handbook can cause a department significant headaches and on occasion lead to expensive litigation.

Some Law Enforcement groups across the country have already experienced well coordinated social media “attacks”. The responses to date have ranged from an immediate cessation of social media initiatives, through an extremely well considered and effective social media campaign that ultimately overcame the challenge.

Finding the proper balance between social media initiatives, “vetting” your community of friends and followers and understanding the many tools and techniques available (and still under development) is what this talk will explore. There are numerous Law Enforcement agencies nationwide that do an exemplary job with new media initiatives but unfortunately (from a researcher’s perspective) too few examples of real world stress-testing in times of crisis. Conversely, there are numerous public activist initiatives that also are exemplary and deserve praise.

Ferreting out malicious intent, learning tips and tricks of the “social media bad guys” and learning to deal effectively with responses to attacks is what will be covered in my SMILE presentation, “The Other Side of the Coin: Understanding Social Media Attacks and How to Respond to Them”