93 comments

[ 1.6 ms ] story [ 176 ms ] thread
This should surprise no one.
Spies pretending to be gamers online is… a far cry from James Bond. Who are these people.
Every day it's a toss-up which I shout more frequently in my head, given the state of discourse about [any number of topics] in the US:

(1) "life is not a [removed] movie" or (2) "get a hobby/friend; mind your own business". Today, it seems to be the former.

Putting aside my reservations about power, authoritarianism and my trust of the US Government, I'd be pretty shocked and nearly appalled if they didn't do this. Between police forces and the military, authoritarian powers in the US give billions to private companies in the name of espionage and defense. I think there's a certain LOTR-namesaked company that is a known name around here.

Why would the FBI be any different?

The 4th amendment should prevent them from spying on us without cause.
It doesn't apply to private companies, which is probably why they outsource it.
A piece of old paper with some words won’t do anything, we need to ensure the government listens to those words. Lately, I feel like there isn’t much we can do that’s not radical to get them to listen.
That's the reality of a lot of intelligence work. It's not spies doing dead drops, sneaking into homes to plant bugs.

It's collecting and analyzing information.

It's playing online games and trolling for lulz in this brave new world.
What are our governments spending money on?

How is this possibly a profit-making private enterprise unless it's funded by government?

It feels like outsourcing a pre-crime department. If this industry exists outside of normal law enforcement it needs unbelievably tight regulation.

What powers do these private companies think they have?

Do they pass information on to actual law enforcement, and if so, does actual law enforcement do any checks and balances on the information they're receiving?

I don't know if this is next level paranoia or just another scary angle of the same level of paranoia post-911.

I'd also like to be employed by the government to play games and chat online:

FBI and CIA spies had created fake personas to hunt for potential terror plots discussed in online games, such as World of Warcraft and Second Life, as well as on platforms like Xbox Live. Those initiatives fizzled after the intelligence agencies found little to no evidence of terror communications.

I'm interested in arguments that may justify this existing as private industry.

Edited to add: I like how the single sentence quote from an FBI official needed to include not one, but two, [sic]s.

And

“detect threat actors when they are young or starting out at 14 or 15, that's when I start observing and documenting their malicious activities.”

Talk about justifying the very activity the teenagers are engaging in, ie. fuck authority.

I feel like I want to educate the teens to be smarter, in both their life choices and opsec. I certainly hope law enforcement doesn't treat these teenagers with the blunt object that law enforcement is stereotyped to only be equipped with.

As a parent, I’d be fucking

PISSED THE FUCK OFF

if the FBI had been investigating my kid for nothing like this. I would have an absolute fit. I would demand action from my senators and congress critters. I would sue so hard for civil rights violations against underage kids.

I'm not sure why you were DV'ed, I agree.

As an outside (non-US) your policing organisation's seem so damn over the top, whilst at the same time your security (the:personal ownership and carrying of weapons ccw or open) seems fucking batshit crazy.

I have never been able to get the two into a mesh in my head as to why they work that way.

It's like the treat the electronic as the real world and the real world as a game.

It's like some kind of acknowledgment that ideas really are more dangerous than actual weapons.

It's also incongruent with the very origins of the United States.

The US is one giant LARP park. In-game fantasies of wealth, power, unlimited freedom and attractiveness are more real than the physical world.

    - The USA is about 400 years old as a "civilization" (idk) and 250 years old as a nation.
    - Throughout all that time, immigrants were mostly trying to escape political and economic conditions in older nations 
    - The first 300 of those years, the majority of the land was sparsely populated frontier 
    - Its settlers were in violent competition with the original inhabitants             
    - Its settlers were often also in violent competition with each other, mostly over natural resources (mining claims, grazing range, etc.) but also over political control (slave vs free, Mormon vs non, etc.). Wild-West cowboys vs other cowboys (and cowboys vs. indians) fighting was still happening up to the 1920s
    - Regional governments arose mostly bottom-up from settlers self organizing. This was a matter of principle, but also a practical necessity in privately-settled sparsely populated regions.
    - The nation was established by a civil war although it's not called that (England vs colony)
    - *When the nation was founded, a future civil war was a foregone conclusion.* (North/"Free" vs South/"Slave" although this was *not* a strict equivalence) The first hundred years ish was a mostly linear progression to this civil war! And the subsequent 150 years have been strongly influenced by it as well.
I wonder if the FBI agents pushing against E2E encryption under the "think of the children" banner and the FBI agents stalking 14 year olds on Fortnite eat in the same cafeteria.
Hey pal! Don't mock these heros on memorial day weekend of all days. They put their lives on the line, for your freedom in security, every single day in Minecraft. Who is going to tell you that "the shooter was on our radar" after the fact if it wasn't for these brave souls.
Last thing I saw before the explosion, officer, was a creepy green-ish dude with no arms. Then I woke up in a crater.
They are the same people from the "internet" department. As long as they do their job, nobody cares.
I got worried seeing how she profiled 14/15 year olds in the same frame as adults. That’s problematic. Children have a right to make mistakes — I’m sure we’ve all benefited from a second chance, although my rationale must change to consider the possibility for massive damage over a computer terminal.

The thing is that these crimes are hard to stop by anyone else considering how complex they can be for the public, let alone for parents to understand what it is their kid is doing in their bedroom late at night.

Coaching people into committing crimes, so they can meet their metrics and justify further spending.

https://theintercept.com/2015/03/16/howthefbicreatedaterrori...

>THE STING How the FBI Created a Terrorist

>Osmakac was the target of an elaborately orchestrated FBI sting that involved a paid informant, as well as FBI agents and support staff working on the setup for more than three months. The FBI provided all of the weapons seen in Osmakac’s martyrdom video. The bureau also gave Osmakac the car bomb he allegedly planned to detonate, and even money for a taxi so he could get to where the FBI needed him to go. Osmakac was a deeply disturbed young man, according to several of the psychiatrists and psychologists who examined him before trial. He became a “terrorist” only after the FBI provided the means, opportunity and final prodding necessary to make him one.

https://www.nytimes.com/2012/04/29/opinion/sunday/terrorist-...

>But all these dramas were facilitated by the F.B.I., whose undercover agents and informers posed as terrorists offering a dummy missile, fake C-4 explosives, a disarmed suicide vest and rudimentary training. Suspects naïvely played their parts until they were arrested.

https://theintercept.com/2021/08/14/911-al-qaeda-fbi-liberty...

https://www.theguardian.com/world/2011/dec/12/newburgh-four-...

https://www.theguardian.com/world/2011/nov/16/fbi-entrapment...

>Some experts agree. "The target, the motive, the ideology and the plot were all led by the FBI," said Karen Greenberg, a law professor at Fordham University in New York, who specialises in studying the new FBI tactics.

If you had suggested this as a plot for a miniseries, you’d have been laughed out of the room as a conspiracy nut, and yet… it appears to be real.

Can we just toss all of DC and it’s thugs out and start over?

"Verified threat incident" detected. I only need to find 5 more to meet my daily quota.
It sounds like the whole department (agency even) is run by psychopaths.

The fact that it keeps happening is an indication of a systemic issue and not some agent gone rogue.

>In March 2011, Osmakac left his job in Tampa and traveled overseas in an attempt to fight the United States and its allies. Osmakac stated that the trip was “his idea” and left abruptly, without telling his family or packing proper clothing. Osmakac originally hoped to go to Afghanistan “and fight the oppressors,” as he described “America and [its] Nato allies.” Osmakac first flew to Turkey and then to Turkmenistan, on Afghanistan's western border. However, Osmakac was denied entry into Turkmenistan because he did not have the proper travel documents. Osmakac then returned to Turkey and tried unsuccessfully to enter Iraq. Osmakac attempted to reach Iraq by crossing through Syria, on Turkey's southern border, but failed to gain entry into Syria. Following this failure to get to Iraq, Osmakac returned to the United States. Osmakac called his family from overseas in order to get money for his return flight.

>Osmakac told the mosque leader that he was “kuffar,” or an infidel, and that Osmakac was “allowed to kill [him]” and take his “women and [his] money.” Osmakac repeated his threats before two board members of the mosque, stating, “[y]ou are kuffar, you're supporting him against us as Muslims and, you know, we're going to kill all of you

https://caselaw.findlaw.com/court/us-11th-circuit/1871344.ht...

So, in summary, a man had a conversation with people at his mosque where he claimed that whatever position that they were taking on some issue was anti-Islamic and punishable by death (according to his interpretation of Islam.) However, he didn't hurt any of them or anyone else. He also left the country to join with other fundamentalists, but never managed to get to any and had to beg for money to get back home.
>in summary, a man had a conversation with people at his mosque where he claimed that whatever position that they were taking on some issue was anti-Islamic and punishable by death (according to his interpretation of Islam.)

I suppose that's one way to summarize "we're going to kill all of you".

I’m sure there are spies even in HN too, why do you think all governments of all political views are against encryptions and actively trying to have some sort of a backdoors in there, part of it to save the cost/time of these infiltrations.
Browsing HN, is that spying? Or just trying to find out what people are saying/doing in public? Framed another way, surveying the web could even be labeled "democratic".
My question would be: is the value provided worth the cost to the taxpayer?
I was working for big tech unicorn.

After receiving multiple death threats. I ran away.

You know who did it right? The same organization that radicalizes young men.

Part of it is profiling, data gathering, and part of it if you happen to mention something that is not-supposed-to-be-mentioned, you will be targeted by private comms, job offers, etc. to collect further info.

Edit: for example, US military is buying locations data from a Muslim prayer app (1). You can assume also same happens for other apps by other 3 letters agencies, like dating apps, social media (including HN), and others. No action needs to be taken, just data gathering for whenever it’s needed.

(1) https://www.businessinsider.com/us-military-location-data-mu...

Like those guys trying to discredit RSA encryption, whilst endorsing the new shiny EC curves (with potential backdoors).
[flagged]
All of that is false and a bit silly except that we log IP addresses the way any website does.
You’re lying. I know people you’ve emailed at their real contact. I also know people blacklisted by YC. Of course you would lie, you’re the foot soldier for the ultra right-wing owners of this site. All one needs to do is look at Paul Graham’s twitter to know that all of you are lying scumbags.

He’s filthy with kompromat and fully under control of the US gov since he’s rightfully worried about the truth coming out.

You do realize HN is a publicly accessible forum?
And all it takes is some efforts to crossover that with private non-public information, that’s what OSINT is about anyway, and for that reason you (either you or other HN users) don’t choose to have their full name as the user name, or writing their full email, or anything that can be used by even private investigators to reach you let alone 3 letters agencies.

Edit: To add, the guy who created Silk Road got caught by the FBI only from a gmail email posted on public forum (1)

>In the section of the indictment outlining how the link between Ulbricht and Dread Pirate Roberts was established, Tarbell detailed how an FBI expert codenamed Agent-1 had located an early online mention of Silk Road dating to January 27, 2011, when a user under the handle “Altoid” made a post on a forum for users of magic mushrooms.

>“I came across this website called Silk Road,” wrote Altoid, in a post which linked to the site. “I’m thinking of buying off it… Let me know what you think.”

>Two days later, someone using the handle “Altoid” made a similar post on a forum called Bitcoin Talk, recommending Silk Road and providing a link. “Has anyone seen Silk Road yet? It’s kind of like an anonymous Amazon.com. I don’t think they have heroin on there, but they are selling other stuff,” it read.

(1) https://www.cnn.com/2013/10/04/world/americas/silk-road-ross...

Keep in mind, there is what can be proven in court and there is what they know but have to backtrack actual evidence for.
FBI list since the late 1990’s here. Way ahead on the online counterintelligence.

Directly experienced egregious abuse to the benefit of insiders, celebrities, security state, wealthy, etc

As in: you're on an FBI watch list?

Are you able to lead a (semi-)normal life?

I might be joining you, with my little tirade above.

Sometimes I ponder creating a story about how different groups trying to infiltrate groups actually become the group itself. Like undercovers trying to prove to the group they belong but are actually just trying to one-up other undercovers from other organizations. Idk if I'm explaining that well enough or not.
Yeah, so an employee of ZeroFox thinks an employee of DarkOwl may be able to be encouraged to say or do something that could justify the cost of ZeroFox's government contract this month.

The communications from the ZeroFox schlub to the DarkOwl narc give the DarkOwl narc the idea that the ZeroFox schlub could be the trailhead to an increased 2024 budget.

And so on.

Cue Keystone Cops clip.

That was a mini plot in Bill the Galactic Hero. A group of revolutionaries recruits Bill.

When they actually start a revolution, every single conspirator quietly leaves the crowd to join a hideout of the secret government agency they were working for.

You're describing The Man Who Was Thursday. Great novel!
You might enjoy G. K. Chesterton's 1908 novel The Man Who Was Thursday.[1]

Spoiler from the Wikipedia plot synopsis:

"In his efforts to thwart the council, Syme eventually discovers that five of the other six members are also undercover detectives; each was employed just as mysteriously and assigned to defeat the Council. They soon find out they were fighting each other and not real anarchists..."

In 1977, Philip K Dick took this up a notch in A Scanner Darkly[2], in which the drug-addled protagonist is unknowingly spying and informing on himself.

[1] - https://en.m.wikipedia.org/wiki/The_Man_Who_Was_Thursday

[2] - https://en.m.wikipedia.org/wiki/Scanner_darkly

There's a fantastic film called The Day Shall Come, which is a very dark comic take on this theme. Thoroughly recommended.
I also don't understand how can they prove their data is real. Subreddits, discord servers and telegram groups can easily be created by ones affiliated with these "spies" and imaginary actors can also be impersonated by LLM bots.
Happens a lot. Left-wing groups in the UK and US are sometimes essentially government front groups.

The McLibel case [https://en.wikipedia.org/wiki/McLibel_case] was a big thing for lefties when I was a teen. McDonald's sued some lefty British vegans over a pamphlet they were handing out, but didn't realize that the activists they were suing would love nothing more than to air their beliefs in court with McDonald's for years on end.

Turns out that one of the authors of the pamphlet was an undercover cop. The woman who being sued, Helen Steel, met a man during the lawsuit and dated him for two years until he disappeared without a trace. He was also an undercover cop. Keir Starmer offered his legal services to the accused for free, which is some of the best evidence that he also worked in British intelligence.

That's conspiracy theory on hackernews :D
Much of this article appears to be taking advertising copy as gospel truth. There is an awful lot of snake oil in the "threat intelligence" space. Keep in mind that it's easy (and unverifiable) for these companies to allude to super important secret squirrel government contracts when trying to convince Fortune 500 CSOs to pay for their overpriced "dark web" scrapers.
Is there any evidence that discussions on the dark web is a precursor to attacks? Any documented cases at all? Seems like BS to me.
Evidence is pretty much never considered in "enterprise security" purchasing. The entire industry runs on snake oil, which the buyers knowingly buy because they themselves only need it to tick some checkbox on an audit form and rarely care about actual security.
Hardly surprising. Governments fear what they cannot control, therefore one should assume that every communication platform is being actively monitored and infiltrated, no matter what the laws say. The fight against encryption is their means of telling us that it's becoming too costly for them and we should stop getting in the way.
Literally all we did all day in efnet was call every new, suspicious user a fed. (You can tell I'm old because we used the word "fed" instead of "glowie")
(comment deleted)
"All the men are men, all the women are men, and all the children are FBI agents"
4chan vibes :)
Predates 4chan.

It was a common Usenet sig and IRC quit message in the early 90s.

One thing great about HN is that the moderation team makes it impossible for the discussion to be infiltrated!
No need to infiltrate HN. The site is run by people under control of the CIA. How many Epstein people get their promotion here? How many co-invest with YC?
we fell for the 'big tech bad' narrative promulgated by the media (likely also infiltrated by natsec...) who manufactured consent for big government 'reign in silicon valley' without realising what that implied. Worst case scenario of super popular big tech, now indirectly controlled by big govt - a surveillance state - is here. Good job we have checks and balances etc
We can't trust CEOs or the goverment to guide big tech to work for the common good. In my experience, the workers (not management) are collectively the most ethical entity within a company. It is too bad we have decided that workers should not have a say in how the company is run.
The only "big tech bad" law that really makes sense would be making non-free software illegal.
It’s all controlled opposition. The NYT and a16z are on the same side. Just like Trump and Biden. The CIA has kompromat on all of them.
This seems like a nothing hamburger article. FBI/Corporations agents posing as users in anonymous spaces is not exactly novel.
After raising the historical evidence for activity on these lines, the article seems to understate it a little.

For example:

> The veil was briefly lifted in 2011, when a set of threat intelligence firms plotted to disrupt the hacktivist network LulzSec and attempt to discredit journalist Glenn Greenwald. The contractors, led by the now defunct firm HBGary, devised a plan to infiltrate left-leaning organizations using fake online identities, in a bid to win lucrative deals defending corporations facing public scrutiny.

This oddly makes no mention of the more sensational HBGary bid to discredit Julian Assange directly (see: [1]).

A little further down it reminds us that the Snowden documents

> revealed that FBI and CIA spies had created fake personas to hunt for potential terror plots discussed in online games

but that

> Those initiatives fizzled after the intelligence agencies found little to no evidence of terror communications.

Odd that this should fail to mention the slides[2] accompanying a GCHQ talk concerning the activities of HSOC and JTrig ("Human Science Operations Cell" and "Joint Threat Research Intelligence Group") which show a mature program of "Online Covert Activity" (with accreditation!) was at least planned, with "Full roll out complete by early 2013, 150 JTRIG and Ops staff fully trained" in (inter alia) infiltration and disruption of online communities.

1: https://www.computerworld.com/article/2470522/bank-of-americ...

2: https://theintercept.com/document/2014/02/24/art-deception-t...

If you watch the OSINT scene, this is hardly any news.
one official noted that the FBI team charged with monitoring groups due to assemble at the Capitol had just signed on with ZeroFox days earlier.

So the only evidence he has is that the FBI signed up for ZeroFox in the days leading up to Jan 6th?

The official said that the agency was still learning how to use the software

Hmm..

The title makes it seem like FBI hired these companies to infiltrate these groups...instead of what actually happened: These companies sold FBI the data they already had.

Why cant the FBI just read all discord chatlogs directly via a door in discord?

Or ist that just illegal to spy on own citizens without a cause, so they use contractors?

> so they use contractors?

Exactly, plausible deniability, I would say.

Why risk your pension benefits or even a Congress testimony when you can say it wasn't you without technically lying?

There is a lot of dodgy stuff in the field of threat intelligence. Many big companies client to some of those providers have access to information which clearly cannot be obtained through OSINT alone, or just surfing the dark web.

I am talking which IP talked to which other IP, or even stuff seen from running botnets of infected machines in certain "interesting" parts of the world.

Explain the dodgy bit here? These are all public/open forums. Open source intelligence work[1] is... routine and normal? What's the remedy you want to see? The government isn't allowed to read reddit or join discord forums? The government isn't allowed to hire people to read reddit or join discord forums?

The headline is doing a lot of lifting with "spies" and "infiltrate", but as I read the article... quite frankly everything described is not only routine, and legal, it's literally protected by the first amendment.

[1] It's a term of art. Obviously not the same thing as open source software.

Accessing netflow data "leaked" by ISPs as to who communicates with who ?

Running botnets of infected machines in order to see what certain bad actors from APTs may be doing, where they could be trying to get hired, etc ?

None of that is alleged in the linked article...
Is that supposed to be a counter point to something? It’s relevant and related capability by orgs in the industry that the article mentions.
I downloaded an iOS app targeting adults (Feeld).

The names of the “people” it suggests to me are frequently names of people who I know. Somehow, whatever is generating fake profiles is inferring my identity and showing me names of people I know.

Amazingly, it seems to have access to iOS communication because sometimes I’ll imessage with someone I haven’t communicated with in a long time (by any means), and soon enough their name pops up on the other app.

Do you have any insight on how it might work? I’ve wondered if there’s a very common app that many of my contacts would have installed that is able to peek at iMessage.

So it's not just me going insane. I have experienced the same behavior with Feeld.
One app gets your IP address and sells it to data brokers in real time. Another app buys this data and correlates it with IP addresses it knows. In practice, there are hundreds of data points as smartphones are all about data collection.
Yes part of it works as you’ve suggested, the ID part.

However, there’s more at play. Somehow there is access to data about whom I contact (again only via iMessage) and the contents of messages (only via iMessage). It’s not an imagined correlation, some of the data shown on the app could only come from recent iMessages.

How do you know the profiles are fake?
Good, these communities deserve to be spied on lol
I'd say what this article talks about hardly scratches the surface. I won't say more but I am surprised at the reaction here, all of it is legal, if you don't like it, talk about passing laws. And what would you penalize? Lying on the internet?

The 4th amendment is a restriction on the government not private companies. You have no right to expect people joining your discord server have honest intentions. Why are you using discord to begin with?

You know, there is a reason gang members require newbies to commit a heinous crime when they join.

How can I put it, trust establishment is not a technical problem, anyone can betray you, so find sociological methods to prevent that.

But if you are a criminal, if you justify your harmful means by some ideological ends or use whataboutism to justify stealing from or harming others, the people that gain your trust and betray you are heroes to me! How can you act outraged when they too justify their means by their ends? Don't get mad at someone beating you at your own game.

You all should know that an agent of these companies that engaged in hacking (getting past any security control without permission) is criminally (federal) liable. Conspiracy to committ most serious crimes itself is usually a crime. It's illegal to hack criminals. What is being talked about here is criminals that suck at vetting who joins their chatrooms.

This is what krebsonsecurity does except these companies sell it as a service and they have certain useful commercial relationships.

The FBI, if it was half as competent as people think it is (must be the suits?) would also legally be doing this if it paid people well. Undercover agents have always been a thing, they even get immunity for crimes while on the job! Unlike civilians doing threat intel.

Lastly, this is threar intelligence research & development. There's a whole sub-field in infosec on what to do with intel once you have it. But really, marketing aside, this is HUMINT mostly. The information is technically about threats (humans) but it is usually not about their techniques. More like "look out for this IP" or "you're about to get ransomwares" or "this person's creds at your company is pwned".

I hope I don't piss off anyone but if you really don't like this, make it commercially non-viable by requiring disclosure of compromised info or potential compromise to all affected parties.

Oh, and just to add: I said I hope I don't piss off anyone because like they mention in the article, they monitor you at a young age and will develop enough text from you that you can never type long text like this without being identified (stylometry). But I don't think I've said anything that controversial. Just keep in mind, those of you who dabble in criminal stuff, even at a young age, you're never escaping that stuff. Before it was just stylometry, but I have no idea how much LLMs have improved this technology in recent years.