Results 1 to 5 of 5
  1. #1
    Forum Member Carbonfiberfoot's Avatar
    Join Date
    Feb 2009
    Location
    Georgia
    Posts
    3,988

    Electronic subversion software available from the Air Force

    https://www.fbo.gov/index?s=opportun...tabmode=list&=

    Persona Management Software.
    Solicitation Number: RTB220610
    Agency: Department of the Air Force
    Office: Air Mobility Command
    Location: 6th Contracting Squadron

    Solicitation Number:
    RTB220610
    Notice Type:
    Sources Sought
    Synopsis:
    Added: Jun 22, 2010 1:42 pm Modified: Jun 22, 2010 2:07 pmTrack Changes
    0001- Online Persona Management Service. 50 User Licenses, 10 Personas per user.
    Software will allow 10 personas per user, replete with background , history, supporting details, and cyber presences that are technically, culturally and geographacilly consistent. Individual applications will enable an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries. Personas must be able to appear to originate in nearly any part of the world and can interact through conventional online services and social media platforms. The service includes a user friendly application environment to maximize the user's situational awareness by displaying real-time local information.

    0002- Secure Virtual Private Network (VPN). 1 each
    VPN provides the ability for users to daily and automatically obtain randomly selected
    IP addresses through which they can access the internet. The daily rotation of
    the user s IP address prevents compromise during observation of likely or
    targeted web sites or services, while hiding the existence of the operation. In
    addition, may provide traffic mixing, blending the user s traffic with traffic from
    multitudes of users from outside the organization. This traffic blending provides
    excellent cover and powerful deniability. Anonymizer Enterprise Chameleon or equal


    0003- Static IP Address Management. 50 each
    Licence protects the identity of government agencies and enterprise
    organizations. Enables organizations to manage their persistent online personas
    by assigning static IP addresses to each persona. Individuals can perform
    static impersonations, which allow them to look like the same person over time.
    Also allows organizations that frequent same site/service often to easily switch IP
    addresses to look like ordinary users as opposed to one organization. Anonymizer IP Mapper License or equal


    0004- Virtual Private Servers, CONUS. 1 each
    Provides CONUS or OCONUS points of presence locations that are setup for
    each customer based on the geographic area of operations the customer is
    operating within and which allow a customer?s online persona(s) to appear to
    originate from. Ability to provide virtual private servers that are procured using
    commercial hosting centers around the world and which are established
    anonymously. Once procured, the geosite is incorporated into the network and
    integrated within the customers environment and ready for use by the customer.
    Unless specifically designated as shared, locations are dedicated for use by
    each customer and never shared among other customers. Anonymizer Annual Dedicated CONUS Light Geosite or equal


    0005- Virtual Private Servers, OCONUS. 8 Each
    Provides CONUS or OCONUS points of presence locations that are setup for
    each customer based on the geographic area of operations the customer is
    operating within and which allow a customer?s online persona(s) to appear to
    originate from. Ability to provide virtual private servers that are procured using
    commercial hosting centers around the world and which are established
    anonymously. Once procured, the geosite is incorporated into the network and
    integrated within the customers environment and ready for use by the customer.
    Unless specifically designated as shared, locations are dedicated for use by
    each customer and never shared among other customers. Anonymizer Annual Dedicated OCONUS Light Geosite or equal


    0006- Remote Access Secure Virtual Private Network. 1 each
    Secure Operating Environment provides a reliable and protected computing
    environment from which to stage and conduct operations. Every session uses a
    clean Virtual Machine (VM) image. The solution is accessed through sets of
    Virtual Private Network (VPN) devices located at each Customer facility. The
    fully-managed VDI (Virtual Desktop Infrastructure) is an environment that allows
    users remote access from their desktop into a VM. Upon session termination,
    the VM is deleted and any virus, worm, or malicious software that the user inadvertently downloaded is destroyed. Anonymizer Virtual Desktop Infrastructure (VDI) Solution or equal.

    Contracting Office Address:
    2606 Brown Pelican Ave.
    MacDill AFB, Florida 33621-5000
    United States

    Place of Performance:
    Performance will be at MacDIll AFB, Kabul, Afghanistan and Baghdad, Iraq.
    MacDill AFB , Florida 33679
    United States

    Primary Point of Contact.:
    Russell Beasley,
    Contracting Officer
    russell.beasley-02@macdill.af.mil
    Phone: (813) 828-4729
    Fax: (813) 828-5111


    Someone in the Air Force may want to let Mr. Beasley know that this should probably not be posted publicly.

  2. #2
    It erat quando hic adveni Oddball-Six's Avatar
    Join Date
    Jan 2009
    Location
    39°59'06"N, 104°49'13"W
    Posts
    765
    You, sir, give idiots a bad name.

    This is a procurement contract with is REQUIRED to be posted publicly to solicit bids and provide information about what the bid is actually for. Federal law requires this kind of disclosure to allow for an appropriate, open, and reasonably transparent bid process.

    And... im surprised this isnt a program development deal rather than a bid. Ive seen this kind of system, hell I could write one given the time linking together FOSS and COTS offerings that already exist, but its almost all custom work doing the integration and implementing it. The problem is the relays being geared to social media and depending on how comprehensive they want the identity, that adds complexity for each new application or protocol you want supported while minimizing security attack surface of the overall system. The other problem is any kind of software at generating profiles is kind of a holy grail of social engineering. At the end of the day without going Watson type AI, you are left with some kind of remixed canned elements together with generated identity tokens from some kind of library.

    Anyone ever figures out what you are drawing against OR the library is too small and therein you invite compromise by the sophisticated attacker.

    That kind of identity generation, maintenance, and ownership is better provided as a service rather than a product once the OCONUS relays are in place preferably with a maintenance agreement to keep them refreshed for detailed inquiry by whomever the counter parties to these identities will be.

    And looking at the interested vendors list, there are only 2 or 3 firms on that list that even have a shadow of a chance of providing anything decent. The other folks interested would either be Sub-K to someone or are logistics firms mistakenly thinking this really is just a basic software identity overlay app --- which is not really what it is.
    Last edited by Oddball-Six; 02-17-2011 at 06:29 PM.
    -------------------------------
    You can't fix stupid, but you can arrest it. - LINY

    "Their house, their rules. And when they get robbed, they can call 911 and ask them to send a hippie to protect them." - ateamer

  3. #3
    Salty Dog
    Join Date
    Aug 2000
    Location
    California Central Coast
    Posts
    6,821
    It was also dated June 2010. If you have an agenda, at least keep it up to date.
    Government is not the solution to our problem; government is the problem. - Ronald Reagan

    I don't think It'll happen in the US because we don't trust our government. We are a country of skeptics, raised by skeptics, founded by skeptics. - Amaroq

  4. #4
    It erat quando hic adveni Oddball-Six's Avatar
    Join Date
    Jan 2009
    Location
    39°59'06"N, 104°49'13"W
    Posts
    765
    Deleted :d
    -------------------------------
    You can't fix stupid, but you can arrest it. - LINY

    "Their house, their rules. And when they get robbed, they can call 911 and ask them to send a hippie to protect them." - ateamer

  5. #5
    Forum Member Carbonfiberfoot's Avatar
    Join Date
    Feb 2009
    Location
    Georgia
    Posts
    3,988
    http://www.guardian.co.uk/technology...ocial-networks

    Revealed: US spy operation that manipulates social media
    Military's 'sock puppet' software creates fake online identities to spread pro-American propaganda


    The US military is developing software that will let it secretly manipulate social media sites such as Facebook and Twitter by using fake online personas to influence internet conversations and spread pro-American propaganda.

    A Californian corporation has been awarded a contract with United States Central Command (Centcom), which oversees US armed operations in the Middle East and Central Asia, to develop what is described as an "online persona management service" that will allow one US serviceman or woman to control up to 10 separate identities based all over the world.

    The project has been likened by web experts to China's attempts to control and restrict free speech on the internet. Critics are likely to complain that it will allow the US military to create a false consensus in online conversations, crowd out unwelcome opinions and smother commentaries or reports that do not correspond with its own objectives.

    The discovery that the US military is developing false online personalities – known to users of social media as "sock puppets" – could also encourage other governments, private companies and non-government organisations to do the same.

    The Centcom contract stipulates that each fake online persona must have a convincing background, history and supporting details, and that up to 50 US-based controllers should be able to operate false identities from their workstations "without fear of being discovered by sophisticated adversaries".

    Centcom spokesman Commander Bill Speaks said: "The technology supports classified blogging activities on foreign-language websites to enable Centcom to counter violent extremist and enemy propaganda outside the US."

    He said none of the interventions would be in English, as it would be unlawful to "address US audiences" with such technology, and any English-language use of social media by Centcom was always clearly attributed. The languages in which the interventions are conducted include Arabic, Farsi, Urdu and Pashto.

    Once developed, the software could allow US service personnel, working around the clock in one location, to respond to emerging online conversations with any number of co-ordinated Facebook messages, blogposts, tweets, retweets, chatroom posts and other interventions. Details of the contract suggest this location would be MacDill air force base near Tampa, Florida, home of US Special Operations Command.

    Centcom's contract requires that for each controller, the provision of one "virtual private server" be located in the United States and eight NINE? appearing to be outside the US to give the impression the fake personas are real people located in different parts of the world.

    It also calls for "traffic mixing", blending the persona controllers' internet usage with the usage of people outside Centcom in a manner that must offer "excellent cover and powerful deniability".

    The multiple persona contract is thought to have been awarded as part of a programme called Operation Earnest Voice (OEV), which was first developed in Iraq as a psychological warfare weapon against the online presence of al-Qaida supporters and others ranged against coalition forces. Since then, OEV is reported to have expanded into a $200m programme and is thought to have been used against jihadists across Pakistan, Afghanistan and the Middle East.

    OEV is seen by senior US commanders as a vital counter-terrorism and counter-radicalisation programme. In evidence to the US Senate's armed services committee last year, General David Petraeus, then commander of Centcom, described the operation as an effort to "counter extremist ideology and propaganda and to ensure that credible voices in the region are heard". He said the US military's objective was to be "first with the truth".

    This month Petraeus's successor, General James Mattis, told the same committee that OEV "supports all activities associated with degrading the enemy narrative, including web engagement and web-based product distribution capabilities".

    Centcom confirmed that the $2.76m contract was awarded to Ntrepid, a newly formed corporation registered in Los Angeles. It would not disclose whether the multiple persona project is already in operation or discuss any related contracts.

    Nobody was available for comment at Ntrepid.

    In his evidence to the Senate committee, Gen Mattis said: "OEV seeks to disrupt recruitment and training of suicide bombers; deny safe havens for our adversaries; and counter extremist ideology and propaganda." He added that Centcom was working with "our coalition partners" to develop new techniques and tactics the US could use "to counter the adversary in the cyber domain".

    According to a report by the inspector general of the US defence department in Iraq, OEV was managed by the multinational forces rather than Centcom.

    Asked whether any UK military personnel had been involved in OEV, Britain's Ministry of Defence said it could find "no evidence". The MoD refused to say whether it had been involved in the development of persona management programmes, saying: "We don't comment on cyber capability."

    OEV was discussed last year at a gathering of electronic warfare specialists in Washington DC, where a senior Centcom officer told delegates that its purpose was to "communicate critical messages and to counter the propaganda of our adversaries".

    Persona management by the US military would face legal challenges if it were turned against citizens of the US, where a number of people engaged in sock puppetry have faced prosecution.

    Last year a New York lawyer who impersonated a scholar was sentenced to jail after being convicted of "criminal impersonation" and identity theft.

    It is unclear whether a persona management programme would contravene UK law. Legal experts say it could fall foul of the Forgery and Counterfeiting Act 1981, which states that "a person is guilty of forgery if he makes a false instrument, with the intention that he or another shall use it to induce somebody to accept it as genuine, and by reason of so accepting it to do or not to do some act to his own or any other person's prejudice". However, this would apply only if a website or social network could be shown to have suffered "prejudice" as a result.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •