At the annual Hack in the Box (HITB) Security Conference in
October, the applied research company Thinkst proved that online mailing lists,
comments and polls are fairly simple to manipulate. Using so-called sock
puppets (fake accounts), researchers hacked news sites, Twitter timelines,
Reddit comments, and Disqus (a “comments system…used in forums, blogs and news
portals like CNN, Al Jazeera, Bloomberg, The Next Web, The Daily Telegraph and
even Digital News Asia”). This is amazing both because of the extensive list of
targets and the relative ease with which they were manipulated.
When people think of online censorship, they usually think
of the great firewall of China or how several Arab Spring countries temporarily
shut down access to the internet. But as Thinkst showed, there’s a much more
insidious threat that few people consider. As Haroon Meer, the speaker about
the Thinkst research, said, “So it’s not only certain people have a license to
speak, now everyone has a license to speak. It’s a question of who gets heard.”
Previous research by Gilad Lotan focused on the effects of
buying Twitter followers – namely, that a large enough number of bought
followers will convince more people to follow (‘organic followers’). “Those
real followers stay on even after your bought followers dropped off.” This is
important not just because of politicians using bought followers, but also
because it is extremely useful in timeline crowding, crowding out anything you
don’t want the target to see.
The Reddit attack comprised 50 accounts that were used to consistently
downvote “all new articles as they appeared” on particular subreddits, but the
same method could be used to downvote (and eventually hide) articles with a particular
keywords in the title. The more limited the attack, the harder it would be to
discover.
News sites’ vulnerability lies in panels of “most read” or “most
popular” articles. Page views are easy to manipulate. Even on The Wall Street
Journal, where “Popular Now” is determined by “a combination of metrics: Page
views (30%), Facebook and Twitter (20% each), email shares (20%) and comments
(10%),” could be influenced by hacking page views and using sock puppet
accounts on Twitter. The New York Times’ “Most Emailed” panel required creating
30, 000 accounts, a simple task that was also showed at HITB, and sharing 30,
000 stories, all for a total cost of roughly 30 cents in machine time.
The simplicity of Thinkst’s hacks implies that these aren’t
new. Malicious or mischievous individuals, companies and even nations have
probably utilized similar attacks, and they certainly will in the future. While
there are some methods to detect sock puppets, for example comparing the age of
accounts and comments posted using them to find several with similar timelines,
they would require going through a ridiculous amount of data to be applied to
most comments on a given site. It’s easy to find evidence when a thread is
known to be compromised, but ferreting out compromised threads in real time is
much trickier.
All of these hacks focus on controlling the content that
people are most likely see. The implications of that sound like conspiracy
theories, but the frightening part is how technologically sound those theories
are.
Source: http://www.digitalnewsasia.com/digital-economy/censorship-shadowy-forces-controlling-online-conversations?page=0%2C0#sthash.V2D8jrgX.dpuf
No comments:
Post a Comment