Spies Use Tinder

Uploaded on 2016-11-22 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Surveillance and infiltration are not new tactics and collecting data from social media reminds us that the internet is bringing it to whole new levels.

Recently a group of young activists planned to attend a demonstration against Interim President Michel Temer in the city center of São Paulo. They never made it. Their group had been infiltrated by an Army Captain Willian Pina Botelho, via Tinder.

Surveillance and infiltration are not new tactics, but the ACLU revelation last month that Twitter, Instagram, and Facebook had been sharing data with surveillance service Geofeedia reminds us that the internet is bringing it to whole new levels. The story of the “Tinder infiltrator” serves as a reminder for a generation of young activists who are organising online: don't stop organizing, but be vigilant.

In 2013, thousands of Brazilians took their myriad frustrations with the government to the streets. The police and military met these demonstrations with severe violence. Political repression in Brazil has only gotten worse since then.

Botelho was a part of the Brazilian Army's intelligence service during these demonstrations. In December 2014, he created a Facebook profile using the name Baltazar Nunes. He also created Instagram and Tinder profiles, adorned with features such as fake Karl Marx quotes and images of him playing guitar.

“Balta” wasn't just a lurker. He chatted up activists, many of whom were doing a significant portion of their organizing online. On Tinder he told women that he was looking for “leftists” who he could relate to. In fact, it was a woman he had been flirting with who led him to the group of activists arrested on the 4th. The group planned to meet in person before heading to the demonstration together.

That meeting landed 21 young people in jail. They were supposedly arrested because they “looked suspicious,” and later the police claimed they intended to commit vandalism. They didn't have anything truly incriminating with them, although the arrestees allege that the police planted items such as an iron bar on one person. 

As one member told the Brazilian website Ponte.org, the police said “it was one of the members who did not even have backpack. Who would take the subway or bus with a blue iron bar?” Botelho specifically suggested the meeting place, and the arrestees believe that he reported it to the police.

After the arrests, the activists were taken to a special investigations unit, where they were held without attorneys or contact with the outside until a judge ordered them released in a strongly-worded decision that condemned the arrests. Only “Balta” was freed right away. He claimed on social media that he paid a bribe, but just days later he was publicly uncovered as an army officer by Ponte.org.

Despite continuing denials from the government, the Brazilin Army has confirmed that Balta was working with knowledge and cooperation from the São Paulo state government.

This type of infiltration and manipulation is not new. Secret police and social manipulation have been used, as former FBI Director J Edgar Hoover put it, to “expose, disrupt, misdirect, discredit, or otherwise neutralize” political dissent for most of the 20th century, from Syria to South Africa.

Hoover reigned over the FBI's infamous COINTELPRO, short for Counter Intelligence Program. COINTELPRO, started in 1956 and “ended” in 1971, serves as a useful example because it was well documented. Using tactics of infiltration and manipulation of social movements and surveillance of activists, it left no movement untouched. The FBI's main focus was the civil rights movement and the Black Panther Party.

COINTELPRO tactics included infiltration with informants, sending anonymous letters encouraging violence between street gangs and the Panthers and sowing internal dissension in the Party, working with police departments to harass local branches of the Party through raids and vehicle stops, and propaganda. The FBI even created fake Black Panther Party propaganda, a coloring book that emphasized armed resistance:

One particularly well-known COINTELPRO action was the infamous “suicide letter” sent to Martin Luther King The FBI saw Dr. King as threat to national security, and subjected him to comprehensive surveillance and harassment. The anonymous letter encouraged Dr. King to kill himself.

Current Surveillance 

"I didn't believe that they would sink so low, I didn't believe that anything I was doing would be interesting enough, so I think people need to know that this happens to real people.”

These are the words of Kate Wilson, when she came out publicly as a survivor of political infiltration at Chaos Communication Camp in 2015. She spent two years living with a man named Mark Kennedy. In 2010, she learned that he was a cop who had infiltrated and disrupted the UK environmental movement.

Wilson said of Mark, “He was charming and disarming and he shared my interests and he shared my passion for the political things we were doing.” Her story exemplifies how the government uses romantic connections for infiltration. As she has pointed out, it's especially disturbing when one remembers that it is agencies dominated by men who are manipulating women and arranging sex under false pretenses—something that amounts to assault, as the Metropolitan Police admitted when they withdrew their defense in Wilson's legal case against them.

And that's where modern surveillance makes things so much more dangerous, especially when the online and offline meet. As any fan of “social engineering” will tell you, the more background information you have, the easier manipulation is.

Snowden

It's easier for a police officer to both make connections and gather information in the online world, and this is certainly happening. For example, a 2012 slide show from British spy agency GCHQ, leaked by Edward Snowden, describes how a special division of the agency “infiltrated chat rooms known as IRCs and identified individual hackers.” There's also the kind of social media surveillance uncovered by ACLU, which appears to focus on real-time monitoring.

But what's equally concerning is how the government could use surveillance to inform its offline manipulation of social movements. The government can obtain an incredible amount of detail by combing through one person's Facebook posts, which is unsurprising, since movements like the fight against the Dakota Access Pipeline rely on social media to get the word out. But people post about not just their political messages and their plans, but also their hopes, desires, and fears. This is all material that a government informant could use, either to get close to a target or to publicly embarrass or blackmail them.

It's not just oversharing that makes these kinds of tactics more potent, either. Today's version of fake letters could easily be spoofed text messages or emails. Instead of microphones in a hotel room, police today could have access to myriad street-level surveillance technologies. Facial-recognition ready images collected by ubiquitous surveillance cameras, automated license plate readers, and cell phone tracking could easily provide details about an individual's life that could be used to both track and manipulate them.

The worst thing about these tactics is that, regardless of whether infiltration or provocation is actually successful, they have a chilling effect. One of the young people who was arrested in São Paulo wrote that, after his arrest and detention, he had no cell phone. He stayed at the house of a friend, and didn't use the Internet at all. 

And this is perhaps the most important thing to take away from the Tinder infiltrator. As Kate Wilson put it, “this stuff happened to us because we were doing something right. Don't be scared by what we're saying. Be aware.”

Motherboard:             Now Surveillance 'aggressive-invasive': Snowden:  
 

« Three Step Pogram: Pre-Breach Remedies To Contain The Costs Of A Cyber Attack
Google & Facebook Ban Fake News Sites »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

CyberArk Software

CyberArk Software

CyberArk is an established leader in privileged access management and offers the most complete set of Identity Security capabilities.

International Organization for Standardization (ISO)

International Organization for Standardization (ISO)

ISO is an independent, non-governmental international standards organization. The ISO/IEC 27001 is the standard for information security management systems.

Copper Horse Solutions

Copper Horse Solutions

Copper Horse specialises in mobile and IoT security, engineering solutions throughout the product lifecycle from requirements to product security investigations.

National Security Agency (NSA)

National Security Agency (NSA)

NSA is a US intel agency responsible for the protection of government communications and information systems against penetration and network warfare.

IntelliGO Networks

IntelliGO Networks

IntelliGO Networks is a cybersecurity company focused on Managed Detection and Response (MDR).

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

DTS Solution

DTS Solution

DTS Solution delivers advanced cyber security solutions through is technology partnerships with industry leading security vendors and advanced consulting services.

Zuratrust

Zuratrust

Zuratrust provide protection for all kinds of email related cyber attacks.

Hallam-ICS

Hallam-ICS

Hallam-ICS designs MEP systems for facilities and plants, control and automation solutions, and ensures safety and regulatory compliance.

AUTOCRYPT

AUTOCRYPT

AUTOCRYPT is a mobility security provider dedicated to the safety of future transportation

Open Systems

Open Systems

Open Systems is a Secure Access Service Edge (SASE) pioneer delivering a complete solution to network and security.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

AuditBoard

AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management.

ITRM

ITRM

ITRM are one of the UK’s top managed service providers and offer a range of award-winning IT solutions, from ad-hoc consultancy to cyber security.

Rapifuzz

Rapifuzz

At Rapifuzz, our goal is to help organizations test and secure their APIs enabling trust, innovation and Seamless Secured Digital Experiences.