Smart bots and sock puppets on the march

America's military is taking a proactive role to track social-networking sites as fake internet infiltrations become ever more sophisticated - with sinister implications.
More and more software is being created to replace the human element of computing. Sean Gallup / Getty Images
More and more software is being created to replace the human element of computing. Sean Gallup / Getty Images

The Pentagon has revealed it is specifically targeting internet social-networking sites in the Middle East with fake online personalities, sometimes known as "sock puppets".

Lt Col Michael Lawhorn told The National: "It's really simple. We are targeting Middle Eastern social-networking sites because we are going where the enemy is. We are doing this to limit the ability of groups like al Qa'eda to recruit members and generate funds."

He added that the US is not merely observing suspicious online activity but also intends to actively counter it.

Lt Col Lawhorn is based in Florida at US Central Command, which controls operations in the Middle East, Pakistan and Afghanistan. Central Command is understood to have allocated an initial budget of about US$2.5 million (Dh9.1m) to build the bespoke software needed to create credible internet fake IDs.

A Californian developer, reported to be the San Diego-based software company Ntrepid, is understood to have been commissioned to build a new generation of super sock puppets. These will be indistinguishable from real people using social-networking sites for innocent purposes.

In many countries, including the US, this kind of operation is legally highly questionable. For this reason, Central Command's new generation of super sock puppets will not be used to infiltrate US-based websites but will attack Arabic social-networking sites in the Middle East.

Cmdr Bill Speaks, the Central Command spokesman, said: "I can confirm that they [infiltrations] are not conducted in English or on US-based social media sites such as Facebook or Twitter."

Internet robots, or bots, have been around for some time. Until recently, the bots were running on limited software that made them easy for real people to identify.

But the recent appearance of more sophisticated sock puppet bots has already allowed criminals to begin to infiltrate all kinds of areas.

Dodgy online poker players are already using sock puppets to try to fleece unsuspecting poker players using internet gaming websites. That the new smart bots can play poker to a professional level is evidence of their increasing intelligence and sophistication.

As many Apple Mac users know, computers can be programmed to play chess extremely well but games such as poker that rely on intuitive and intrinsically human skills such as bluffing were always an obstacle to the creation of effective bot poker players.

Despite the combined efforts of legitimate online gaming sites, the software to create fake online poker players designed to infiltrate poker games is now widely available.

Shanky Technologies, for example, offers a wide range of what it calls "gaming assistance software". This includes bots designed for specific types of poker such as the Holdem Bot, created to play the hugely popular Texas hold 'em variety of poker. Shanky proudly bills its Holdem Bot as "the most advanced poker bot ever developed for online play".

The company claims the bot took its engineers two years to develop. Shanky boasts the Holdem Bot can be used "out of the box" meaning users need no special skills or official permission to deploy the bot wherever they choose. The company also includes software designed to "let you create different profiles fast". This allows users to create teams of sock puppets working against ordinary online gamblers.

When approached by The National, Shanky Technologies declined to comment on allegations that its software is used illicitly on internet gambling sites.

The new generation of smart bots are being used by organised international groups to persuade innocent internet users to reveal their financial details.

Mark Harris, the vice president at the laboratories of the international internet security consultancy Sophos, says: "The criminals cast a wide net using compromised and infected PCs to run fake online IDs. Typically, someone receives an instant messaging communication from a lady wanting to chat."

The aim, Mr Harris adds, is to get as many people talking to encourage some of them to pay to use webcam services showing women in revealing poses.

"If you do sign up for one of these websites and issue your credit details, who knows where they will end up."

The growing infiltration of the internet by the new smart bots also holds deeply sinister implications for business.

There is a growing number of social-networking sites, such as LinkedIn, that are aimed at professional users.

"The potential for infiltrating business social-networking sites is there," says Mr Harris. "Large scale consumer scams luring people on to webchats cast a very wide net. Business attacks are more focused and targeted.

"Consumers also work for companies and lots of people use same passwords for personal accounts as for company accounts."

Published: March 31, 2011 04:00 AM


Editor's Picks
Sign up to:

* Please select one

Most Read