Since the early 2010s, social network-based influence technologies have grown almost exponentially. Since the U.S. Army’s early OEV system in 2011, a number of companies specializing in this field have emerged. The most (in)famous cases are Bell Pottinger, Cambridge Analytica (rebaptized as Emerdata), AggregateIQ and, more recently, Team Jorge.
We have considered the use-case of sockpuppet master activities, which consists in creating hundreds or even thousands of avatars, in organizing them into communities and implementing influence operations. On-purpose software is used to automate these operations (e.g. Ripon software, AIMS) and organizes these avatar populations into communities.
Their intended aim and features are to organize targeted and directed influence communication along the following scheme:
sockpuppet master —> sock puppet population/avatars (community) —> larger community (influence target).
Instead of using social network communities to perform influence operations (which is contrary to our values) we consider a totally different use-case: dynamic mass covert communications.
The goal of our technology and framework is to use these community management techniques (social networks) to communicate/disseminate relatively large volumes (up to a few hundreds of Mb) of multi-level encrypted information to a limited number of actors. To a certain extent, this can be compared to some sort of Dark Post-type function, with a number of much more powerful potentialities.
The aim is to extend the above diagram as follows:
- sockpuppet master —> community —> larger community (equivalent to a steganographic cover medium).
- The current social network graph state encodes a ciphertext C of size N
- Actor i extracts C with a social network API and deciphers the plaintext Mi of size N intended for him using the key Ki
The core principle is to dynamically encode a single encrypted content, based on communities of avatars that can be permanently reconfigured (and hence to send new message each time).
This unique encrypted content is then decrypted by each actor in a different way, depending on the Ki key he holds (multi-level communication). Each actor must retrieve the structure of the associated graph to extract the file (gefx file in our implementation), then he extracts the encrypted file and, finally, deciphers the content of the file intended for him. The power of this approach lies in the following features:
- A large volume of encrypted data (up to a few hundreds Mb of encrypted data) can be communicated with a demonstrably high level of security (detection, extraction, cryptanalysis). There is no communication to intercept at all, just actors who grab data on a given network. In this way, all steganography techniques (to which our technique is similar, except for the nature of the cover-media) are largely surpassed.
- As community reconfiguration can be extremely rapid, these communications can be replayed frequently and regularly.
Contrary to the starting use-case under consideration (sockpuppet master activity for influence), these techniques can be used more widely for
classic and legitimate secure communications throughout the world. Accessing a given social network is just enough. As the desire to control encryption
grows every day, its free use is increasingly under threat. This calls for high-performance resources (throughput, security) offering both COMSEC and TRANSEC.