Fwd: Private Spies Hired by the FBI and Corporate Firms Infiltrate Discord, Reddit, WhatsApp

Undescribed Horrific Abuse, One Victim & Survivor of Many gmkarl at gmail.com
Mon May 29 01:46:38 PDT 2023


not familiar with leefang.com

---------- Forwarded message ----------
Date: Sun, 28 May 2023 22:03:51 -0400

https://www.leefang.com/p/private-spies-hired-by-the-fbi-and

Private Spies Hired by the FBI and Corporate Firms Infiltrate
Discord, Reddit, WhatsApp
Leading “threat intelligence” firms are creating fake online
personas to gain access to every corner of the web.
Lee Fang
May 10, 2023

That anonymous internet persona with an anime cartoon avatar in
your Discord chat might actually be a contractor sent to spy on
you.

Enter the world of “threat intelligence.”

It’s the term of art for a growing set of surveillance and
security firms that create fake online personas to infiltrate
and scrape data from private corners of the internet. The
industry provides corporate and government clients with insight
into conversations on private, invite-only Discord chats,
WhatsApp groups, Reddit forums, and dark web message boards to
help those powerful customers keep tabs on a variety of
potential threats, from political hacktivists to the illegal
markets that traffic in stolen passwords and intellectual
property.

I spoke to representatives of ZeroFox, DarkOwl, Searchlight
Cyber, Recorded Future, CyberInt, Flashpoint, and other threat
intelligence firms at RSA Conference 2023, an annual convention
for cyber security professionals from across the world that is
held in San Francisco.

“We have personnel who already have established credentials in
these environments so that we're able to go in and look for
things,” said A.J. Nash, the vice president of intelligence at
ZeroFox, a leader in the threat intelligence industry that is
based in Baltimore, Maryland.

Nash confirmed that the company is active in Discord, an audio
and video group chat app popular among young video-game players.

"We can do the same thing with Discord," Nash added. "It's hard
to infiltrate a small group because everybody knows everybody.
But some of the groups that are larger, yeah, we have the
ability to get into some opportunities."

An executive at DarkOwl, a Denver-based threat intelligence firm
that provides clients with a special database of information
from its snooping, explained that the company creates fake
identities and usernames to gain admission to many of the
private platforms and chatrooms that it uses to collect
information.

"What we do, we work with personas," said Magnus Svärd, a
director at DarkOwl. “We've done this at scale since 2018 so
there's some trust in the personas that we've built up, whether
they're on Discord, on Telegram, or wherever.”

Searchlight Cyber, a British firm that specializes in dark web
message boards, similarly uses internet personas to gain access
to private online forums and chat platforms.

"We actually get invited to those. We have human actors and get
invited. We obviously don't identify as Searchlight on them,”
said Peter Ritter, a sales manager at the firm. “Then we see
what's going on there."

CyberInt, an Israeli threat intelligence firm, advertises how
its team of analysts uses fake personas to thwart hackers,
retail fraud, hacktivists, and other cyber security threats.

In one video posted by CyberInt, an analyst for the firm
discusses her approach to go into online communities and “detect
threat actors when they are young or starting out at 14 or 15,
that's when I start observing and documenting their malicious
activities.” At that age, they are “more careless and open,” the
analyst said.

In another CyberInt marketing video, the firm walks a potential
client through the process of using a fake online alias to
contact a hacker over the messaging app Telegram and “get as
much information as we can.”

Danny Miller, a director of marketing at CyberInt, confirmed to
me that his firm has analysts infiltrating Discord servers,
among other platforms.

Many of these firms maintain close ties to law enforcement and
government agencies. Several are currently under contract with
the Federal Bureau of Investigation or military intelligence.

The role of ZeroFox’s collaboration with the FBI, in particular,
came to light in documents unearthed by the special House
committee investigating the U.S. Capitol riot on Jan. 6, 2021.
In a Jan. 3, 2021, email exchange between FBI officials
preparing for the right-wing protests slated to occur, one
official noted that the FBI team charged with monitoring groups
due to assemble at the Capitol had just signed on with ZeroFox
days earlier.  The official said that the agency  was still
learning how to use the software to monitor social media posts
from political extremists headed for Washington on Jan. 6, 2021.

"[O]ur social media abilities might be slightly degraded during
this [sic] events as we are getting use [sic] to this new tool
but we're gonna make it work," the FBI official wrote.

Having already gained access to traditional social media
platforms, the federal government now has its sights set on
private online communities where terrorist groups, radical
political activists, and hackers can operate with relative
freedom.

The recent disclosure of classified Pentagon documents, shared
on an invitation-only chatroom on Discord, is fueling a new push
for access to one of the last secretive corners of the internet.
Air National Guardsman Jack Teixeira allegedly posted the
classified documents in his group chat for months before
authorities became aware of the leaks.

Following Teixeira’s arrest in mid-April, the federal government
has begun calling for increased surveillance of Discord and
similar platforms. The Biden administration is currently
“looking at expanding how it monitors social media sites and
chatrooms after U.S. intelligence agencies failed to spot
classified Pentagon documents circulating online for weeks,” NBC
News reported last month. A congressional aide told the news
outlet that senior members of President Joe Biden’s team are
looking at ways to “scrub platforms like Discord in search of
relevant material to avoid a similar leak in the future.”

Should the federal government proceed with its plans, the threat
intelligence companies present at RSA Conference 2023 stand to
play a lucrative role in supporting those efforts. A
representative of Recorded Future initially agreed to an
interview with me, but later backed away over concerns that any
discussion of the leak of classified documents on Discord would
be too sensitive for the company. Federal contracts show that
over the last year, Recorded Future has performed work for a
host of federal government clients, including the U.S. Secret
Service, Immigrations and Customs Enforcement, and U.S. Cyber
Command.

Flashpoint, which openly advertises that it monitors activist
groups and continually mines data from platforms such as Reddit
and Discord, signed a contract with the FBI last year.

At the RSA Conference, a representative of Flashpoint said that
his firm engages in a variety of tools, but generally does not
“violate the terms of service” when accessing chatrooms and
other forums.

“There is this tension between platforms being a safe space, and
also not being able to harbor things that are being put out, you
know, that are intellectual property, that are national security
threats,” said Matthew Howell, vice president of product at
Flashpoint.

Watchdog groups are raising concerns that the push for more
surveillance of chatrooms, including gaming communities, will
violate civil liberties. Government scans of private
communications risks violating constitutional rights against
unreasonable search and seizure.

"There's a disturbing trend toward government agencies
contracting out surveillance, paying the likes of data brokers
to spy on people even when agents wouldn't be allowed to,” said
Sean Vitka, senior policy counsel of Demand Progress.

“It's becoming frighteningly apparent that a similar privatized
spying cottage industry targeting private chat rooms also
exists,” Vitka added.

Nash, the vice president of ZeroFox, said that every action at
his firm, which signed a contract with the U.S. Navy Criminal
Investigative Service in January, is vetted by a legal team.

"We're not violating people's civil rights or civil liberties.
We're not working as a conduit to work around the Fourth
Amendment,” said Nash. “We wouldn't do that.”

DarkOwl President Russel Cohen provided a similar assurance.

"We have algorithms about what information we find interesting.
So if somebody is talking about guns, that would be something we
find interesting,” Cohen said. “We're not looking for things
that are not commercially interesting, such as pornography."

Cohen said that on occasion, his firm has alerted government
authorities when they come across material that suggests a
threat to security.

Determining whether something is a “threat” to national security
is inherently subjective. And historically, the federal
government has committed its worst infringements on personal
freedom in the name of policing these vaguely defined threats.

It is especially hard to assess the lawfulness of these new
threat intelligence firms’ surveillance practices, because the
industry is shrouded in secrecy.

On the rare occasions when the public has gained greater insight
into the activities of these companies, the revelations have not
been reassuring. The veil was briefly lifted in 2011, when a set
of threat intelligence firms plotted to disrupt the hacktivist
network LulzSec and attempt to discredit journalist Glenn
Greenwald. The contractors, led by the now defunct firm HBGary,
devised a plan to infiltrate left-leaning organizations using
fake online identities, in a bid to win lucrative deals
defending corporations facing public scrutiny.

The plan was eventually discovered and thwarted after hackers
dumped emails from HBGary onto the web, embarrassing its partner
firms, including Berico Technologies and Palantir.

U.S. intelligence agencies also have a record of coming up empty
after infiltrating private, online spaces, raising the
possibility that the security justifications for the current
incursions are weaker than the agencies are claiming. The
documents leaked by former National Security Agency contractor
Edward Snowden revealed that FBI and CIA spies had created fake
personas to hunt for potential terror plots discussed in online
games, such as World of Warcraft and Second Life, as well as on
platforms like Xbox Live. Those initiatives fizzled after the
intelligence agencies found little to no evidence of terror
communications.

But the federal government and its allies in academia and the
media are pushing full-speed ahead for expanded surveillance of
platforms like Discord that could mirror the now-defunct
programs exposed by Snowden.

Renée DiResta, a research manager at the Stanford Internet
Observatory, who has worked alongside Department of Homeland
Security efforts to police online speech, has seized upon the
so-called Discord Leaks to call for more monitoring of chat
rooms. DiResta recently co-authored an essay in Foreign Policy
to suggest that online gamers and chat rooms have "eclipsed
spies as an intelligence threat":

     Even where ideological commitments have motivated leakers,
     internet culture has often played a major role. U.S. Army
     intelligence analyst Chelsea Manning’s involvement with
     WikiLeaks began when she started monitoring—and then
     actively participating in—the forum’s chat channel. Her
     decision to leak diplomatic cables was initially motivated
     by debates about Icelandic politics on the WikiLeaks
     channel. When one looks at Manning’s conversations with
     WikiLeaks founder Julian Assange and others on the channel,
     they read very much like someone trying to connect with and
     impress her new internet friends; later, it was a similar
     desire to connect online that led to her arrest. Edward
     Snowden, too, attributed his decision to leak documents
     about National Security Agency surveillance programs to his
     concerns that they undermined the values he cherished as an
     avid denizen of early internet forums and chatrooms:
     anonymity, self-expression, and the right to reinvent
     oneself.

The conclusion that online community forums are somehow a
prerequisite to radicalization suggests a sweeping view of
potential government threats that encompasses almost anyone born
after 1980 with access to the internet. DiResta, an influential
voice in cyber security circles, is far from alone.

A variety of journalists have urged a crackdown on private
messaging platforms.

“The FBI and other law enforcement organizations are not
spending enough time trolling the edges of the web like Discord
and Telegram,” veteran reporter Lucian Truscott IV declared in
Salon, a progressive news outlet.

A news article in Time took the validity of national-security
officials’ concerns about Discord as a given. “The leak has also
put a spotlight on the lack of law-enforcement visibility into
platforms like Discord,” wrote Vera Bergengruen and W.J.
Hennigan.

The growing number of calls for greater surveillance worries
Vitka of Demand Progress.

“If this follows the course of previous surveillance practices,
it means we are headed toward a digital resurgence of neighbors
spying on neighbors,” said Vitka. “Meanwhile, we have no way of
knowing how many private chat rooms are already infiltrated or
to whom those spies are selling information, which will
ultimately lead to a severe erosion of trust online."


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#1822): https://groups.io/g/tiactivism/message/1822
Mute This Topic: https://groups.io/mt/99192852/6048544
Group Owner: tiactivism+owner at groups.io
Unsubscribe: https://groups.io/g/tiactivism/leave/12323543/6048544/1587734859/xyzzy
[gmkarl at gmail.com]
-=-=-=-=-=-=-=-=-=-=-=-


More information about the cypherpunks mailing list