“I have been hacked; taking evasive maneuvers. Much apology, my friends,” wrote Rocky Barbanica, a producer for Rackspace Hosting, an Internet storage firm, in one such note.

Mr. Barbanica sent that out last month after realizing he had sent messages to 250 Twitter followers with a link and the sentence, “Are you in this picture?” If they clicked, their Twitter accounts were similarly commandeered.

“I took it personally, which I shouldn’t have, but that’s the natural feeling. It’s insulting,” he said.

- Viruses That Leave Victims Red in the Facebook
by Brad Stone for NY Times
2009-12-13

Hijacked communications are the tip of the iceberg – wait’ll you see how the underlying data gets used…

America’s spy agencies want to read your blog posts, keep track of your Twitter updates — even check out your book reviews on Amazon.

In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ”open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.

. . .

“Anything that is out in the open is fair game for collection,” says Steven Aftergood, who tracks intelligence issues at the Federation of American Scientists. But “even if information is openly gathered by intelligence agencies it would still be problematic if it were used for unauthorized domestic investigations or operations. Intelligence agencies or employees might be tempted to use the tools at their disposal to compile information on political figures, critics, journalists or others, and to exploit such information for political advantage. That is not permissible even if all of the information in question is technically ‘open source.’”

- U.S. Spies Buy Stake in Firm That Monitors Blogs, Tweets
by Noah Shachtman for Wired.com
2009-10-19

via AdScam

That almost explains that hit why the CIA is wasting time at my site… perhaps they’re genuinely interested in what private citizens have to say?

More likely, it’s about finding what information has leaked.

Should this be a concern to everyday bloggers? For the same reason it’s a bad idea to have your fingerprint in a government database (a false match rate of 0.01177% means that there is a high probability of a false match against your print if you’re in a pool of hundreds of millions) it is a bad idea to allow your information to be aggregated and monitored by government agencies without your explicit permission – the best thing that can come from spies reading your blog is nothing (and the worst thing is … well, let’s skip the tin foil hat conjecture and just assume that if nothing good will come of it, there’s no point in allowing it).

How do I protect my Twitter/Facebook/MySpace account?

You can’t – and that is why you should not share your personal information with profit-driven corporations.

For the same reason you don’t give out your name and address to strangers (particularly the ones with clipboards) on the street, you should maintain some level of access policy to the personal information you choose to publish on the internet – and no, the “privacy controls” so graciously granted you by the aforementioned profit-driven corporations don’t mean a thing when there’s a dollar to be made (think business-to-business information resale).

How do I protect my information on sites I control?

I have a solution in mind, however, I will need quite a bit of time to make the solution viable (and there remain some usability issues which would need to be addressed) – the short answer would be to block the IP addresses of offending spiders.

Unfortunately, they are legion.

I checked the blog.operator-speaking.com logs and found (much to my dismay) that rat-bastards like Gavin Gibbons are using services like URLFan and Radian6 to “keep tabs” on sites like my own: (and possibly yours, no?)

Radian6 is a social media monitoring company that has developed a product offering specifically tailored to PR and marketing companies, that helps companies find and listen to conversations about their brands.

- Radian6 Crawler

Access large amounts of breaking news and other business information handcrafted to your exacting specifications. Go get it or we’ll deliver it to you. Use it to inform, innovate and investigate your world, from the competitor down the block to trends across the globe. Every day, you can track and analyze competitor movement, follow customer news.

- moreover technologies

Spinn3r is indexing your site on behalf of our user base to provide your content so it can influence their applications. We’re used by search engines, analytic services, competitive intelligence services, etc.

- spinn3r

… and those are just “visitors” willing to reveal their identities. I found a total of seven feed-search bots and four unknowns (three of which had IP addresses issued by commercial datacenters) – block IP addresses at your discretion; I plan to offer these parasites something nastier to chew on.

Update 10/24/2009:

See This Means War for an example of the crap-tastic content feed search spiders are eating right now at the Operator Speaking buffet.

Update 10/26/2009:

Aww hell, just go to feed_er.php and take a look for yourself. Comedy goldmine.

All the automatic tellers with their cameras acting as eyes, they ingest, digest, and regurgitate paper… and watch for the database – maybe those lines lead back to Ohio, maybe they run back down to the murky floor of the harbor where words like “Novus Ordo Seclorum” are coined

- Booze, Cthulhu, and the Weeds
by Z. Constantine
[Spoken word excerpt]

If you’re in a custody battle, your ex’s lawyers would love to present you as the nonnurturing type. Delete all the crazy party photos.

- Five Facebook No-Nos for Divorcing Couples
TIME 2009-09-28

The lawsuit alleges that not only did the teens in question create the profile with the plaintiff’s real name, but they also include his real cell phone number, posted photos of the boy, shared status updates with obscenities and descriptions of sexual acts, included profile data that depicted the boy as racist and gay, and even managed to friend 580 facebookers. The document also goes into detail including some of the hideous comments and replies from those who were exposed to the fake profile.

- 4 Teens Sued for Obscene Fake Facebook Profile
by Jennifer Van Grove
2009-09-25

Not the first instance in which disinformation (or simply objectionable information) on a social networking site has been used maliciously with real-life consequences… (to say nothing of virtual consequences)

The internet never forgets – expect to see defamation blackmail and counter-defamation services arise in arenas (politics, law, medicine, entertainement) which feature high publicity or a strong reliance on individual character as a selling point.

It’s just business, after all.

A 19-year-old Pennsylvania man was arraigned earlier this week on a charge of felony daytime robbery. How did police catch him? Simple: the burglar left a trail, by way of checking his Facebook account before leaving the house with two diamond rings and forgetting to log out.

- BUSTED: Burglar Arrested After Checking Facebook During Robbery
by Barb Dybwad
2009-09-17

… but we already know that Facebook colludes with law enforcement to “bring runaways home” and reporting on an individual’s present location is trivial.

Could Facebook be used to frame a patsy? Computers never lie.

Now that there’s DateCheck (by Intelius), an iPhone app launched at DEMO for instant social web and background checks, situations like the one we painted above could become quite common place. The free mobile app that advises you to “look up before you hook up” conducts a comprehensive background check using just a name, a phone number, or an email address.

DateCheck is practically omniscient, working not only to weed out the real creeps, but to alert you to deadbeats, and even help you find compatible matches. The search application filters social web and public record results for the following factors: Sleaze Detector, Compatibility, Net Worth, Living Situation, and Interests.

- Deadbeats, Freaks, and Creeps: Your Dating Days Are Numbered
by Jennifer Van Grove
2009-09-22

No need to ask “What’s your sign?” or waste any time with those whose income does not match your requirements – sounds like an efficient way to go about things… but now that your phone number is a unique identifier which can lead to other records you may be hesitant to disclose to a relative stranger (or whomever else happens to be listening).

Do you really want to be giving out that kind of information? It depends, in part, upon how much you have to hide. There is no question that a service of this nature would be useful and appropriate to expose convicted criminals, however, one must call into question the appropriateness of conditioning consumers to the use of (and exposure to) systems which actively intrude into others’ financial information and supposedly-private affairs.

Hey, it’s me – Big Brother – remember me from the other night?

Using data from the social network Facebook, they made a striking discovery: just by looking at a person’s online friends, they could predict whether the person was gay. They did this with a software program that looked at the gender and sexuality of a person’s friends and, using statistical analysis, made a prediction. The two students had no way of checking all of their predictions, but based on their own knowledge outside the Facebook world, their computer program appeared quite accurate for men, they said. People may be effectively “outing” themselves just by the virtual company they keep.

“When they first did it, it was absolutely striking – we said, ‘Oh my God – you can actually put some computation behind that,’ ” said Hal Abelson, a computer science professor at MIT who co-taught the course. “That pulls the rug out from a whole policy and technology perspective that the point is to give you control over your information – because you don’t have control over your information.”

. . .

Facebook spokesman Simon Axten could not respond to Jernigan and Mistree’s analysis, since it is not public, but pointed out that it is something that happens every day.

- Project ‘Gaydar’ by Carolyn Y. Johnson
Boston Globe
2009-09-20

Oops! Your sexual preference is showing.

Keep in mind that the research performed by these students is far from “high-tech” – their research isn’t published but it is safe to assume that they put together something possibly as simple as counting each individual’s connections and, where an individual with an unknown sexual preference was connected to another individual with a known sexual preference, added to that individual’s homosexuality indicator.

This would be a highly iterative process, however, knowing the actual sexual preference of only a small percentage of individuals and then extrapolating upon connections from unknown to unknown based upon what is known would allow the data mining program to indicate with better-than-random probability the sexual preference of everyone with a connection.

Take it a few steps further and start analyzing the other information provided – favorite books, movies, musical acts, their addresses, the content posted by users on eachothers’ profile pages, content posted in online journals, the content of sites linked from each user’s profile, even their names… you can build a statistically-probable representation of an individual down to his or her ideology.

So, who wants to be first up against the wall?

State revenue agents have begun nabbing scofflaws by mining information posted on social-networking Web sites, from relocation announcements to professional profiles to financial boasts.

In Minnesota, authorities were able to levy back taxes on the wages of a long-sought tax evader after he announced on MySpace that he would be returning to his home town to work as a real-estate broker and gave his employer’s name. The state collected several thousand dollars, the full amount due.

- Is ‘Friending’ in Your Future? Better Pay Your Taxes First
by Laura Saunders

The temptation is just too great, the information too ripe, to avoid a reaping here and there (and it’ll be more than the debt collectors, police, and tax men cozying up – look for insurance companies singling out people for pre-existing conditions via social media, social media data mining for advanced psychographics and laser-precision-targeted scams/marketing, et cetera).

Human Terrain status: Unaware, thoroughly conquered.

I have no reason to distrust Facebook. Others apparently do. I sort of understand that, although no one who expressed their suspicions of Facebook could give an actual example of how the social network has done them harm.

- Data Privacy, Data Ownership and Who You Trust
by Hutch Carpenter

Having met Mark Zuckerberg and observed his explanation of what Facebook is and what it does, I’m just as qualified as any cynic to tell you he’s not your friend (no moreso than Tom, no moreso than the spammer who friended you to post ads on your profile). He would sell you out in a heartbeat if he hadn’t already. He’s in it for the money, and that’s why he built Facebook.

So, just as you can trust that piece of rope to do what rope is good for – maybe you could’ve lashed something together or hoisted a load with it – there’s only one thing it’ll do for you once it’s tied the way hangmen tend to tie things and placed around your neck. The problem with a noose: it doesn’t hurt when it’s knotted, it doesn’t hurt around your neck, and it doesn’t hurt when it snaps your spine.

A pessimistic prediction – human terrain mapping is founded on the notion that “The population is the battlefield…” and social networking sites provide an immediate self-organizing, self-updating system which allows law enforcement to crash parties and generally enable the kill chain however they deem fit (while military organizations move to limit their exposure).

This won’t end well for those with their necks out – the app-happy, Twitter-ing, social networking guinea pigs – the users.

Problem: Only Trust Business To Screw You

I don’t want Facebook tracking everything I do and making some of it available without my knowledge. It makes me uncomfortable. I want to be the only one deciding what is put out there about me. I simply don’t trust Facebook to protect my personal information when they actively profit off of sharing that information.

- Why I quit Facebook and you should too
by Cyde Weys

Solution: An Open, Distributed Network

Distributed Open Source Social Networking

Eventually, Myspace and Facebook, no matter what fancy features they may add, will seem as archaic as Compuserve and Prodigy do now. The acceptance of a distributed social networking model is, as the internet has shown, an inevitability. All proprietary walled gardens have given way to distributed models, and social networking is the next frontier. And just like open, distributed protocols before it, social networking requires an open API in order to function properly. Since many walled gardens are based on amassing as many users as possible, in order to maximize ad revenue, adopting a distributed model goes against their business plan. Therefore, it’s up to the open source community to come up with a real distributed social networking solution.

- The Future of Social Networking
by Michael Chisari
Appleseed Developer

Was thinking about rolling one from scratch but this provides a better place to start (deconstruct, analyze, rebuild).

There are many problems to be solved with a distributed model. These problems are insignificant when compared to the problems of allowing a third party to manage every last detail of your lifestyle and social interaction.

Problem: We’re deluded narcissists

First, Facebook preys upon the self-involvement of young people, and encourages us to pretend we know who we are.

Everyone say this out loud right now—I am not my profile picture. I am not my status. I am not my favorite movies, books or bands. My Facebook profile is not me.

. . .

Second, on a related note, Facebook is an exercise in narcissism and self-promotion.

- Quit facebook before you become it
by Russ Caditz-Peck

One problem at a time, please.

Military organizations consider social networking sites’ core features (and persistent vulnerabilities) to be an unacceptable risk:

“These internet sites in general are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries,” reads a Marine Corps order, issued Monday. “The very nature of SNS [social network sites] creates a larger attack and exploitation window, exposes unnecessary information to adversaries and provides an easy conduit for information leakage that puts OPSEC [operational security], COMSEC [communications security], [and] personnel… at an elevated risk of compromise.”

- Marines Ban Twitter, MySpace, Facebook
by Noah Shachtman for Wired.com

What level of risk have you decided to bear by frequenting social networking sites?

… and have you considered the wide range of possible reprecussions?

Another addendum to the 7/13/2009 Civilian Information Networks as Weapons and Intelligence post – Don’t blow your cover like the head of the British MI6…

Activities conducted on information networks have a proven history of potentiating real-world violence: the internet is no different, though the ways in which civilians – often unwittingly – participate represent new threats to individual and national security.

Consider the vast amount of information you’ve willingly provided to a corporate-owned Human Terrain Mapping System, a recent US-based DDoS attack directed against Iranian government, and the likelihood that the less technologically-savvy are donating their resources to a criminal’s botnet.

Ubi amicitia, ibi oculus.

In all fairness to the realization of instant connections between people and the auxiliary benefits associated with maintaining close contact with one’s clique, the usefulness of modern networked applications – particularly social networking applications – is balanced by a counterpoint: should your willing (and, for most, plentiful) contributions to MySpace, Facebook, or any of the myriad resources for “connecting friends” be used to your detriment the unanticipated effects you neglected to consider when you opted out of private citizenship will become immediately apparent.

It’s not about over-sharing, it’s about whether your links to others earn you a place on a kill chain.

This military concept consists of target identification, force dispatch to target, decision and order to attack the target, and finally the destruction of the target.

- Kill Chain at JargonDatabase.com

Whereas the US Army’s Human Terrain Mapping System has wasted taxpayer money and participants’ lives, web-based social networking applications require comparatively little resources, are continuously updated (by you), and are owned by private corporations who can co-opt your information for marketing purposes, sell it to the highest bidder, or share it with government.

“Because Facebook is so addictive, even if a high-school kid decides to run away with a college boyfriend and they’re three states away, they can’t keep themselves from checking Facebook,” Kelly says. Since the site tracks the geographic locations of log-ons, he says, “on a number of occasions, we’ve helped reunite families.”

- Walking the Cyberbeat

Web-based social networking is far more efficient than traditional Human Terrain Mapping Systems – and it is already being employed to the same ends:

On passing through the immigration control at the airport in Tehran, she was asked by the officers if she has a Facebook account. When she said “no”, the officers pulled up a laptop and searched for her name on Facebook. They found her account and noted down the names of her Facebook friends.

- Are Iranian authorities more sophisticated than we think?
by Evgeny Morozov

Update 7/14/2009: … and don’t blow your cover like the head of the British MI6…

In dubiis non est agendum.

If you had the opportunity to influence events in another country – a place which you have never set foot, know no one, and do not stand to profit or lose any material thing you value – and you simply had to click a button… would you?

Matthew Burton, a contributing editor for the Personal Democracy Forum, writes of his experience participating in a Distributed Denial of Service (DDoS) attack against Iranian government websites:

… after a few minutes of letting the attacker run in the background, I stopped it. I don’t know why, but it just felt…creepy. I was frightened by how easy it was to sow chaos from afar, safe and sound in my apartment, where I would never have to experience–or even know–the results of my actions. All I had to do was click a button. And while my intentions were honest, there is something inherently wrong with the ability to so easily cause harm, without bearing any of the ill effects. I could have been causing the failure of emergency services that I was not relying on. I wouldn’t even suffer the guilt of knowing what I’d done, as it’s unlikely I would ever find out.

- On the Weaponization of the Collaborative Web
by Matthew Burton

Participating in an attack of this nature – however justly conceived – should impart some measure of guilt to those who give the action a second thought.

Parasītĭcam cænam quærit.

A trend in network-enabled malicious software turns the infected system into a “zombie” which completes commands received from the botnet – rather than simply compromising a system, the malicious user (or criminal organization) responsible for building the botnet has the ability to pilfer passwords and sensitive data from every zombie machine and issue overwhelming attacks against target networks.

Many are infected.

Are you one of them?

If the applications on the list below are not familiar to you, give them a try:

• A-Squared Anti-Malware for Windows
• AVG Anti-Virus for Windows
• Rootkit Hunter for Linux and Macintosh

Let the purge[s] begin.

People throw all sorts of personal information up on Facebook that can be very useful if you’re trying to get in touch with them, or hunt them down. Phone numbers, email addresses, web pages, messages that mention your whereabouts, all of this is potentially useful to a professional skiptracer. The trick is that some people set their profile pages as private and you have to be their friend to see it. So, as a debt collection agency, just make a profile with a cute chick in it, put a plausible amount of real content in it, and have her friend the people you want to keep tabs on.

- Debt Collectors Using Cute Chicks On Facebook As Bait
by Ben Popken for Consumerist.com

As America needs most desperately to re-tool its entire environment from our current abject dependence on peripheral loot (including fossil hydrocarbons), the political establishment — dominated in the end by demagogues — will continue with the equivalent of enabling addicts with comforting lies and provision of the drugs of choice. That the drugs will run out — and this is sure — is the decisive reality that ensures Obama’s failure.

- Warring Out of Depression at FeralScholar.org

More than 240,000 contractor employees, about 80 percent of them foreign nationals, are working in Iraq and Afghanistan to support operations and projects of the U.S. military, the Department of State, and the U.S. Agency for International Development. Contractor employees outnumber U.S. troops in the region. While contractors provide vital services, the Commission believes their use has also entailed billions of dollars lost to waste, fraud, and abuse due to inadequate planning, poor contract drafting, limited competition, understaffed oversight functions, and other problems.

- Wartime Contracting Concerns
To Be Aired At June 10 House Hearing