2011-06-04 The Revenge of Aaron Barr? Firing the Social Engineering Cannon at Anon

Submitted by BeyondBorders.

The efforts of Aaron Barr of HB Gary to create a modern big brother surveillance state met with disaster when Anonymous retaliated against him. Many thought that after all the fury and sting by Anonymous, Aaron Barr might have learned a lesson.

Aaron Barr's blunders apparently didn’t discourage him or those who share his motives and willingness to engage in shady operations when it comes to Anonymous. In addition, a short while ago a hacker startup named Backtrace Security came forward with a plan to out some of the members of Anonymous. Andy Greenberg first broke the story in a Forbes article that quoted their mission statement, referring to them as doing “psychological operation/social engineering and deep investigative research”. Backtrace claimed to be former members of Anonymous. It appeared to be dissention in the ranks.

Whatever their motives, the methods appear somewhat similar to what HB Gary Federal's plans called for. Almost 3 month after the outing of Aaron Barr, things seemed to have been going according to his plan. LulzSec, a very effective hacker group has been very active lately with
disruption of Sony, recent hack attacks on PBS for the unfair coverage of WikiLeaks and the very recent outing of the FBI affiliated Infragard. They publicly entertained the idea that this psychological operation was being put into action.

On May 12 they tweeted:

We're starting to think that all trolls and social engineering attempts in existence are just @AaronBarr on different accounts. Seems legit.

Is the ghost of Aaron Barr getting revenge, firing the social engineering cannon at Anons? Around the time that LulzSec put up this tweet, some Anons and online activists who appeared to be targets started to wake up to these tactics. Events unfolding on social media sites like Facebook appeared to be more than a coincidence. There was coherence and observable patterns in the behavior of certain 'unknown Facebook friends'. Numerous accounts of this activity have come in from anonymous sources.

Some people experienced increased traffic of incoming friend requests and outgoing friends on Facebook; strangers acting friendly and once they had developed a connection, the new friend immediately de-friended or start to attack them verbally.

There are also reports of people who have recently had their computer hacked or were suspiciously infected with malware. Recently, some experienced a thread of spam chain-messages sent out on Facebook that had people whose names were on HB Gary’s list.

The mechanics and patterns that have been observed seem to match the plans outlined by Barr in the hacked HB Gary emails. Aaron Barr may have been stung by the Anonymous bees nest, yet it seems the plans he had outlined are being attempted, whether by him or by someone else.

After leaving Anonymous, Barret Brown launched a collaborative Wiki crowdsource operation named OpMetalGear to investigate Internet abuse by HB Gary and like-minded individuals. The site began to document the details of what was allegedly a rough manuscript of a book Barr was writing. It spelled out the science of psychological operations described as "Social Engineering". One chapter title read, [H1] Social Engineering Explained. It defined Social Engineering (SE) as,"the act of influencing someone’s behavior through manipulating their emotions or gaining and betraying their trust to gain access to their system”.

The word "social engineering" was first made widely known by Kevin Mitnic, one of the most famous social engineers. It is basically the idea that the most effective way to change someone's behavior is not through technology but through hacking the mind.

Here are some of these tactics excerpted from Barr’s draft:One essential method is psychological manipulation after first gaining some level of trust with the target.

The goal of an SE attack is to create a relationship, gain the target's trust and get them to take an action or provide some information that is a violation of their organization's policies or personal basic security practices.

In sum, it is when unknown persons with no apparent reason approach someone on Facebook or chat rooms and flatter their posts or interact in ways that strike what in them needs to be fed. Details of this personality building was spelled out in the email sent to Aaron Barr and a few others at HB Gary and was referred to as Persona Management.

This would then be combined with attacks, such as releasing a virus that physically harms a network or system.

Attackers can load a virus into a word doc, PDF, Power Point, picture or even a game. These infected files will open and run (i.e. someone can open the Power Point and go through the slides) at the same time, the virus infects the system.

Recently it seems there is an increase in trolls targeting certain people. Another proposed method is identity theft, called "Phishing".

This is where a mass email is sent to a large group of addresses (potentially millions). The email could try to lead the user to open an attachment or go to a web page, either of which would lead to the computer system being compromised (assuming the system in question was vulnerable).

There is an undeniable correlation between observed incidents on the cyber-ground and tactics outlined by Aaron Barr. Some who have recently experienced these types of attacks might wonder if they are the targets of the very psychological operations Barr described. It could be just at an early stage and things will likely progress.

The Internet is a powerful equalizing tool and any node is constantly vulnerable for targeted attack. This type of action in Cyberspace reflects an ongoing fight in today's society between the forces of authoritarian control and people who advocate free speech. This battle appears to be heating up on both sides and is far from over.

Gaining a better understanding of the science of this social engineering and the motivations behind it can give a map to maneuver through the dark rabbit hole. These psychological operations are presented as a sophisticated science and those promoting it are pretending to be experts in it. Yet, what is behind it is actually simple. It is all means to attract and distract and to sew fear and distrust.

The important thing is knowing thyself as much as knowing thy enemy; to be clear about one’s own intentions when entering into the rabbit hole. What is not made conscious as desires and fear will be susceptible to manipulation. The weapons of fear and distrust can only have effect if people allow them to have that power. The more one is emotionally involved, the more one reacts and interacts with trolls, the deeper one falls into the quagmire. If someone experiences these tactics being used on them, they might react impulsively, shutting down communication or getting paranoid. This way people allow themselves to act out of fear and unconsciously spread the virus of this social engineering.

What government and corporate firms like HB Gary may not know is that Anon’s immune system is stronger than any virus of fear, any artificially manufactured Malware of deceit set up by those with destructive ambitions.

Big brother is watching. But little brother is watching too and may not be as dumb or gullible as big brother thinks. In the age of social networking, with rapid and free sharing of information and open source social evolution, people can guard themselves and even turn illicit surveillance into counter-intelligence.

Perhaps the next months will be a real test of people’s ability to overcome fear and strive for genuine communication. Those intended victims of social engineering might actually be the ones to help determine what the Internet is really to become.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer