Spies Use Tinder

Surveillance and infiltration are not new tactics and collecting data from social media reminds us that the internet is bringing it to whole new levels.

Recently a group of young activists planned to attend a demonstration against Interim President Michel Temer in the city center of São Paulo. They never made it. Their group had been infiltrated by an Army Captain Willian Pina Botelho, via Tinder.

Surveillance and infiltration are not new tactics, but the ACLU revelation last month that Twitter, Instagram, and Facebook had been sharing data with surveillance service Geofeedia reminds us that the internet is bringing it to whole new levels. The story of the “Tinder infiltrator” serves as a reminder for a generation of young activists who are organising online: don't stop organizing, but be vigilant.

In 2013, thousands of Brazilians took their myriad frustrations with the government to the streets. The police and military met these demonstrations with severe violence. Political repression in Brazil has only gotten worse since then.

Botelho was a part of the Brazilian Army's intelligence service during these demonstrations. In December 2014, he created a Facebook profile using the name Baltazar Nunes. He also created Instagram and Tinder profiles, adorned with features such as fake Karl Marx quotes and images of him playing guitar.

“Balta” wasn't just a lurker. He chatted up activists, many of whom were doing a significant portion of their organizing online. On Tinder he told women that he was looking for “leftists” who he could relate to. In fact, it was a woman he had been flirting with who led him to the group of activists arrested on the 4th. The group planned to meet in person before heading to the demonstration together.

That meeting landed 21 young people in jail. They were supposedly arrested because they “looked suspicious,” and later the police claimed they intended to commit vandalism. They didn't have anything truly incriminating with them, although the arrestees allege that the police planted items such as an iron bar on one person. 

As one member told the Brazilian website Ponte.org, the police said “it was one of the members who did not even have backpack. Who would take the subway or bus with a blue iron bar?” Botelho specifically suggested the meeting place, and the arrestees believe that he reported it to the police.

After the arrests, the activists were taken to a special investigations unit, where they were held without attorneys or contact with the outside until a judge ordered them released in a strongly-worded decision that condemned the arrests. Only “Balta” was freed right away. He claimed on social media that he paid a bribe, but just days later he was publicly uncovered as an army officer by Ponte.org.

Despite continuing denials from the government, the Brazilin Army has confirmed that Balta was working with knowledge and cooperation from the São Paulo state government.

This type of infiltration and manipulation is not new. Secret police and social manipulation have been used, as former FBI Director J Edgar Hoover put it, to “expose, disrupt, misdirect, discredit, or otherwise neutralize” political dissent for most of the 20th century, from Syria to South Africa.

Hoover reigned over the FBI's infamous COINTELPRO, short for Counter Intelligence Program. COINTELPRO, started in 1956 and “ended” in 1971, serves as a useful example because it was well documented. Using tactics of infiltration and manipulation of social movements and surveillance of activists, it left no movement untouched. The FBI's main focus was the civil rights movement and the Black Panther Party.

COINTELPRO tactics included infiltration with informants, sending anonymous letters encouraging violence between street gangs and the Panthers and sowing internal dissension in the Party, working with police departments to harass local branches of the Party through raids and vehicle stops, and propaganda. The FBI even created fake Black Panther Party propaganda, a coloring book that emphasized armed resistance:

One particularly well-known COINTELPRO action was the infamous “suicide letter” sent to Martin Luther King The FBI saw Dr. King as threat to national security, and subjected him to comprehensive surveillance and harassment. The anonymous letter encouraged Dr. King to kill himself.

Current Surveillance 

"I didn't believe that they would sink so low, I didn't believe that anything I was doing would be interesting enough, so I think people need to know that this happens to real people.”

These are the words of Kate Wilson, when she came out publicly as a survivor of political infiltration at Chaos Communication Camp in 2015. She spent two years living with a man named Mark Kennedy. In 2010, she learned that he was a cop who had infiltrated and disrupted the UK environmental movement.

Wilson said of Mark, “He was charming and disarming and he shared my interests and he shared my passion for the political things we were doing.” Her story exemplifies how the government uses romantic connections for infiltration. As she has pointed out, it's especially disturbing when one remembers that it is agencies dominated by men who are manipulating women and arranging sex under false pretenses—something that amounts to assault, as the Metropolitan Police admitted when they withdrew their defense in Wilson's legal case against them.

And that's where modern surveillance makes things so much more dangerous, especially when the online and offline meet. As any fan of “social engineering” will tell you, the more background information you have, the easier manipulation is.

Snowden

It's easier for a police officer to both make connections and gather information in the online world, and this is certainly happening. For example, a 2012 slide show from British spy agency GCHQ, leaked by Edward Snowden, describes how a special division of the agency “infiltrated chat rooms known as IRCs and identified individual hackers.” There's also the kind of social media surveillance uncovered by ACLU, which appears to focus on real-time monitoring.

But what's equally concerning is how the government could use surveillance to inform its offline manipulation of social movements. The government can obtain an incredible amount of detail by combing through one person's Facebook posts, which is unsurprising, since movements like the fight against the Dakota Access Pipeline rely on social media to get the word out. But people post about not just their political messages and their plans, but also their hopes, desires, and fears. This is all material that a government informant could use, either to get close to a target or to publicly embarrass or blackmail them.

It's not just oversharing that makes these kinds of tactics more potent, either. Today's version of fake letters could easily be spoofed text messages or emails. Instead of microphones in a hotel room, police today could have access to myriad street-level surveillance technologies. Facial-recognition ready images collected by ubiquitous surveillance cameras, automated license plate readers, and cell phone tracking could easily provide details about an individual's life that could be used to both track and manipulate them.

The worst thing about these tactics is that, regardless of whether infiltration or provocation is actually successful, they have a chilling effect. One of the young people who was arrested in São Paulo wrote that, after his arrest and detention, he had no cell phone. He stayed at the house of a friend, and didn't use the Internet at all. 

And this is perhaps the most important thing to take away from the Tinder infiltrator. As Kate Wilson put it, “this stuff happened to us because we were doing something right. Don't be scared by what we're saying. Be aware.”

Motherboard:             Now Surveillance 'aggressive-invasive': Snowden:  
 

« Three Step Pogram: Pre-Breach Remedies To Contain The Costs Of A Cyber Attack
Google & Facebook Ban Fake News Sites »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Indium Software

Indium Software

Indium Software is an Independent Software Testing Company offering software testing services (including security testing) and offshore Quality Assurance solutions.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

Dionach

Dionach

Dionach are a certified information security specialists who provide Penetration Testing, IT Security Auditing and Information Security Consultancy.

OpenText

OpenText

OpenText is a leader in Enterprise Information Management software and a portfolio of related solutions for Information Governance, Compliance, Information Security and Privacy.

Serverless Computing

Serverless Computing

Serverless Computing London will help architects, developers and CIOs decide on the best path to a more efficient, scalable and secure computing future.

Pentagon Group

Pentagon Group

Pentagon Group is a provider of security services in high-risk environments, remote areas and emerging markets in support of land-based, aviation, maritime and cyber operations.

ENLIGHTENi

ENLIGHTENi

ENLIGHTENi are the platform to develop next-gen talent in Technology, Risk, and Cybersecurity. Our mission is to develop next-gen talent through challenge-based learning and team collaboration.

DataEndure

DataEndure

DataEndure helps companies build digital resilience so that their critical information assets are protected and available to the right people, at the right time.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Obrela Security Industries

Obrela Security Industries

Obrela Security manage cyber exposure, risks and compliance. We identify, predict and prevent cyber threats in real time. As a service, personalised, on demand.

Apura Cybersecurity Intelligence

Apura Cybersecurity Intelligence

Apura is a Brazilian company that develops advanced products and provides specialized services in information security and cyber defense.

Flare Systems

Flare Systems

Flare proactively detects and remediates exposure across the clear & dark web, providing organizations with the equivalent of an automated cyber reconnaissance team.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

Nukke

Nukke

Nukke offers advanced cybersecurity software and tailored solutions for your business.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.