Saturday, December 13, 2014

The ‘New’ Method of Censorship

At the annual Hack in the Box (HITB) Security Conference in October, the applied research company Thinkst proved that online mailing lists, comments and polls are fairly simple to manipulate. Using so-called sock puppets (fake accounts), researchers hacked news sites, Twitter timelines, Reddit comments, and Disqus (a “comments system…used in forums, blogs and news portals like CNN, Al Jazeera, Bloomberg, The Next Web, The Daily Telegraph and even Digital News Asia”). This is amazing both because of the extensive list of targets and the relative ease with which they were manipulated.

When people think of online censorship, they usually think of the great firewall of China or how several Arab Spring countries temporarily shut down access to the internet. But as Thinkst showed, there’s a much more insidious threat that few people consider. As Haroon Meer, the speaker about the Thinkst research, said, “So it’s not only certain people have a license to speak, now everyone has a license to speak. It’s a question of who gets heard.”

Previous research by Gilad Lotan focused on the effects of buying Twitter followers – namely, that a large enough number of bought followers will convince more people to follow (‘organic followers’). “Those real followers stay on even after your bought followers dropped off.” This is important not just because of politicians using bought followers, but also because it is extremely useful in timeline crowding, crowding out anything you don’t want the target to see.

The Reddit attack comprised 50 accounts that were used to consistently downvote “all new articles as they appeared” on particular subreddits, but the same method could be used to downvote (and eventually hide) articles with a particular keywords in the title. The more limited the attack, the harder it would be to discover.

News sites’ vulnerability lies in panels of “most read” or “most popular” articles. Page views are easy to manipulate. Even on The Wall Street Journal, where “Popular Now” is determined by “a combination of metrics: Page views (30%), Facebook and Twitter (20% each), email shares (20%) and comments (10%),” could be influenced by hacking page views and using sock puppet accounts on Twitter. The New York Times’ “Most Emailed” panel required creating 30, 000 accounts, a simple task that was also showed at HITB, and sharing 30, 000 stories, all for a total cost of roughly 30 cents in machine time.

The simplicity of Thinkst’s hacks implies that these aren’t new. Malicious or mischievous individuals, companies and even nations have probably utilized similar attacks, and they certainly will in the future. While there are some methods to detect sock puppets, for example comparing the age of accounts and comments posted using them to find several with similar timelines, they would require going through a ridiculous amount of data to be applied to most comments on a given site. It’s easy to find evidence when a thread is known to be compromised, but ferreting out compromised threads in real time is much trickier.

All of these hacks focus on controlling the content that people are most likely see. The implications of that sound like conspiracy theories, but the frightening part is how technologically sound those theories are.


Source: http://www.digitalnewsasia.com/digital-economy/censorship-shadowy-forces-controlling-online-conversations?page=0%2C0#sthash.V2D8jrgX.dpuf

No comments:

Post a Comment