What Happens When You Pose as the Defense Secretary on Twitter?

On Tuesday morning, someone claiming to be former Deputy Secretary of Defense Ashton Carter went public with an important announcement on Twitter: he was “honoured and happy” [sic.] that President Obama had appointed him to the position of secretary of defense.

The tweet quickly earned hundreds of re-tweets and major media attention with MSNBC’s Andrea Mitchell asking for confirmation from the source, @AshtonCarterDef himself.

One problem: it was obviously fake. At 9:31 AM, a Twitter user named @AshtonCarterDef, used the British spelling for “honour” and factually misstated that the position is awarded by appointment, rather than through a nomination process (a fact that few caught).

President Obama phones me announcing his decision to appoint me as Defense Secretary. I'm honoured and happy.

— Ashton Carter (@ACarterDefense) December 2, 2014

Eventually, Italian journalist Tommasso Debenedetti revealed himself to be the creator of the account, which he described as a hoax.

Sorry, this account is a hoax created by the Italian journalist Tommasso Debenedetti.

— Ashton Carter (@ACarterDefense) December 2, 2014

None of that had any influence on Carter’s real selection for the job. But, thanks to Debenedetti’s timing, his fake tweet effectively became part of the news before major news outlets could confirm CNN’s real scoop – that Obama was done searching for Defense Secretary Chuck Hagel’s replacement.

Twitter hoaxes are a fact of digital life, but they can have serious consequences when they involve military personnel or leadership.

A similar incident on a slightly smaller scale occurred last week when Twitter account @MFlournoyOffic appeared suddenly, leading many to speculate that former Under Secretary of Defense Michèle Flournoy had become the leading contender for the job. Flournoy told Defense One that the account was not hers and she was asking Twitter to remove it. Later that day, Flournoy withdrew her name from consideration.

Minutes after Carter was making news, Chris Cullison, chief technical officer of ZeroFOX, went to his company’s platform and found four more fake Carter accounts that were using official Defense Department photos, posting messages that sounded like Carter, or that were otherwise making a halfway sincere attempt to appear as the new secretary. You can find them here and here on Facebook, here on Google Plus and here on Twitter where @realashcarter (a fake) is discussing a recent visit to Arlington. Much like @AshtonCarterDef, his followers include various news agencies.

ZeroFOX, a small company out of Baltimore, offers a variety of cloud-based analysis tools to spot among other things fake Twitter accounts purporting to be military personnel. The company has helped military organizations ferret out impostor officers. For instance, the company identified an individual who was claiming to be Commandant of Marine Corps Gen. Joseph Dunford who led coalition forces in Afghanistan. “We’ve seen fake General Dunford’s connecting with troops, connecting with their families…showing videos of troops on his YouTube account, not him, showing troops at checkpoints and zooming in on their names but with a message saying ‘Way to go marines,’” Cullison explained to Defense One at the Black Hat conference in Las Vegas in August. “We’ve seen General Dunfords on dating sites,” he said.

Fake Dunfords are an ongoing problem. Monitoring these profiles via manual searchers costs time and money, and is often ineffective. ZeroFOX is an automated solution serving corporate clients and some government outfits like the military (they don’t disclose how much they make.) But how does one train a software program to spot the signs of fakery that journalists like Andrea Mitchell missed, and do it across the entire Internet? How does one train the machine to do that not only for generals but for all service personnel, intelligence assets or even targets like Islamic State leader Abu Bakr al-Baghdadi?

The clues of Twitter and Facebook fakery aren’t necessarily easy to spot. Fake accounts can exist months on end in name only, in egg form, quietly building followers but not actually creating content. “You have these accounts living out there for years before they get activated or changed over before they become part of bot armies,” says Cullison.

The software considers such variables whether the person is posting real photos of themselves as opposed to easily obtainable official photos (via facial recognition). It considers the interconnections among the user’s followers in addition to those followers’ authenticity. “I can go out on Fiverr and buy 5,000 followers for $5,” Cullison points out.

Sometimes, it makes more sense to simply watch the fake in order to gather intelligence, rather than try to shut it down right away. Many of the fraudulent accounts are established through virtual private networks, which allow users to post from anywhere under the guise of posting from the location of the target. The clues as to the fake users’ actual location or identity can exist in speech patterns or photos, in the content itself as well as in the metadata.

Fake Twitter accounts aren’t dangerous, even those purporting to belong to generals. But people can be. Debenedetti has struck before and likely will likely avoid any serious penalty. Bogus accounts and message can also target specific people, not just the media, a phenomenon commonly called phishing. Cullison has seen these as well, also specifically aimed at military personnel “saying things like ‘Hey, I saw you at the USO. It was great meeting you.’”

Why does that matter? On Dec. 1, the FBI put out a warning to military personnel that the Islamic State was targeting service members and their families based on information obtained through social media. It’s a threat that the Defense Department must now take more and more seriously regardless of who is--or who is not--tweeting from the top.