Spies Use Tinder

Surveillance and infiltration are not new tactics and collecting data from social media reminds us that the internet is bringing it to whole new levels.

Recently a group of young activists planned to attend a demonstration against Interim President Michel Temer in the city center of São Paulo. They never made it. Their group had been infiltrated by an Army Captain Willian Pina Botelho, via Tinder.

Surveillance and infiltration are not new tactics, but the ACLU revelation last month that Twitter, Instagram, and Facebook had been sharing data with surveillance service Geofeedia reminds us that the internet is bringing it to whole new levels. The story of the “Tinder infiltrator” serves as a reminder for a generation of young activists who are organising online: don't stop organizing, but be vigilant.

In 2013, thousands of Brazilians took their myriad frustrations with the government to the streets. The police and military met these demonstrations with severe violence. Political repression in Brazil has only gotten worse since then.

Botelho was a part of the Brazilian Army's intelligence service during these demonstrations. In December 2014, he created a Facebook profile using the name Baltazar Nunes. He also created Instagram and Tinder profiles, adorned with features such as fake Karl Marx quotes and images of him playing guitar.

“Balta” wasn't just a lurker. He chatted up activists, many of whom were doing a significant portion of their organizing online. On Tinder he told women that he was looking for “leftists” who he could relate to. In fact, it was a woman he had been flirting with who led him to the group of activists arrested on the 4th. The group planned to meet in person before heading to the demonstration together.

That meeting landed 21 young people in jail. They were supposedly arrested because they “looked suspicious,” and later the police claimed they intended to commit vandalism. They didn't have anything truly incriminating with them, although the arrestees allege that the police planted items such as an iron bar on one person. 

As one member told the Brazilian website Ponte.org, the police said “it was one of the members who did not even have backpack. Who would take the subway or bus with a blue iron bar?” Botelho specifically suggested the meeting place, and the arrestees believe that he reported it to the police.

After the arrests, the activists were taken to a special investigations unit, where they were held without attorneys or contact with the outside until a judge ordered them released in a strongly-worded decision that condemned the arrests. Only “Balta” was freed right away. He claimed on social media that he paid a bribe, but just days later he was publicly uncovered as an army officer by Ponte.org.

Despite continuing denials from the government, the Brazilin Army has confirmed that Balta was working with knowledge and cooperation from the São Paulo state government.

This type of infiltration and manipulation is not new. Secret police and social manipulation have been used, as former FBI Director J Edgar Hoover put it, to “expose, disrupt, misdirect, discredit, or otherwise neutralize” political dissent for most of the 20th century, from Syria to South Africa.

Hoover reigned over the FBI's infamous COINTELPRO, short for Counter Intelligence Program. COINTELPRO, started in 1956 and “ended” in 1971, serves as a useful example because it was well documented. Using tactics of infiltration and manipulation of social movements and surveillance of activists, it left no movement untouched. The FBI's main focus was the civil rights movement and the Black Panther Party.

COINTELPRO tactics included infiltration with informants, sending anonymous letters encouraging violence between street gangs and the Panthers and sowing internal dissension in the Party, working with police departments to harass local branches of the Party through raids and vehicle stops, and propaganda. The FBI even created fake Black Panther Party propaganda, a coloring book that emphasized armed resistance:

One particularly well-known COINTELPRO action was the infamous “suicide letter” sent to Martin Luther King The FBI saw Dr. King as threat to national security, and subjected him to comprehensive surveillance and harassment. The anonymous letter encouraged Dr. King to kill himself.

Current Surveillance 

"I didn't believe that they would sink so low, I didn't believe that anything I was doing would be interesting enough, so I think people need to know that this happens to real people.”

These are the words of Kate Wilson, when she came out publicly as a survivor of political infiltration at Chaos Communication Camp in 2015. She spent two years living with a man named Mark Kennedy. In 2010, she learned that he was a cop who had infiltrated and disrupted the UK environmental movement.

Wilson said of Mark, “He was charming and disarming and he shared my interests and he shared my passion for the political things we were doing.” Her story exemplifies how the government uses romantic connections for infiltration. As she has pointed out, it's especially disturbing when one remembers that it is agencies dominated by men who are manipulating women and arranging sex under false pretenses—something that amounts to assault, as the Metropolitan Police admitted when they withdrew their defense in Wilson's legal case against them.

And that's where modern surveillance makes things so much more dangerous, especially when the online and offline meet. As any fan of “social engineering” will tell you, the more background information you have, the easier manipulation is.

Snowden

It's easier for a police officer to both make connections and gather information in the online world, and this is certainly happening. For example, a 2012 slide show from British spy agency GCHQ, leaked by Edward Snowden, describes how a special division of the agency “infiltrated chat rooms known as IRCs and identified individual hackers.” There's also the kind of social media surveillance uncovered by ACLU, which appears to focus on real-time monitoring.

But what's equally concerning is how the government could use surveillance to inform its offline manipulation of social movements. The government can obtain an incredible amount of detail by combing through one person's Facebook posts, which is unsurprising, since movements like the fight against the Dakota Access Pipeline rely on social media to get the word out. But people post about not just their political messages and their plans, but also their hopes, desires, and fears. This is all material that a government informant could use, either to get close to a target or to publicly embarrass or blackmail them.

It's not just oversharing that makes these kinds of tactics more potent, either. Today's version of fake letters could easily be spoofed text messages or emails. Instead of microphones in a hotel room, police today could have access to myriad street-level surveillance technologies. Facial-recognition ready images collected by ubiquitous surveillance cameras, automated license plate readers, and cell phone tracking could easily provide details about an individual's life that could be used to both track and manipulate them.

The worst thing about these tactics is that, regardless of whether infiltration or provocation is actually successful, they have a chilling effect. One of the young people who was arrested in São Paulo wrote that, after his arrest and detention, he had no cell phone. He stayed at the house of a friend, and didn't use the Internet at all. 

And this is perhaps the most important thing to take away from the Tinder infiltrator. As Kate Wilson put it, “this stuff happened to us because we were doing something right. Don't be scared by what we're saying. Be aware.”

Motherboard:             Now Surveillance 'aggressive-invasive': Snowden:  
 

« Three Step Pogram: Pre-Breach Remedies To Contain The Costs Of A Cyber Attack
Google & Facebook Ban Fake News Sites »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Pen Test Partners LLP

Pen Test Partners LLP

Pen Test Partners provides penetration testing, security assessment and training services.

DigiCert

DigiCert

DigiCert is the only provider of enterprise-grade SSL, IoT and PKI solutions. Our certificates are trusted everywhere, millions of times every day, by companies across the globe.

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

Swiss Re

Swiss Re

Swiss Re Group is a leading wholesale provider of reinsurance, insurance and other insurance-based forms of risk transfer including cyber risk.

Privitar

Privitar

Privitar is leading the development and adoption of privacy engineering technology enabling our customers to innovate and leverage data with an uncompromising approach to data privacy.

Cyber Seguridad (Cyberseg)

Cyber Seguridad (Cyberseg)

Cyberseg provides specialized Cybersecurity services, including managed services (SOC / CERTs) and solutions for the protection of critical infrastructures.

European Cyber Security Conference

European Cyber Security Conference

EU Cyber Security Conference will debate what Europe’s response to evolving threats in a dynamic global risk landscape should look like and what the next steps for all actors of the ecosystem.

Cyber Security Cloud (CSC)

Cyber Security Cloud (CSC)

Cyber Security Cloud provides web application security services worldwide using world's leading cyber threat intelligence and AI technology.

CleanCloud by SEK

CleanCloud by SEK

CleanCloud by SEK is a CSPM product focused on public cloud data protection and security regulations, with over 400 compliance checks for the market's leading frameworks and regulations.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

Sansec

Sansec

Sansec is the global leader in eCommerce malware and vulnerability detection. We help you to stay ahead of hackers!

Shorebreak Security

Shorebreak Security

Shorebreak Securioty specialize in conducting highly accurate, safe, and reliable Information Security tests to determine the risks posed to your business.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

VulnCheck

VulnCheck

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

PyNet Labs

PyNet Labs

PyNet Labs is a Training Company serving corporates as well as individuals across the world with ever-changing IT and technology training.

ISO WISH

ISO WISH

Take your Business to the Next Level with ISO Certification in UAE.