The PR industry must condemn massive, automated sock-puppetry

Posted on February 21, 2011 1:37 pm by | Ethics | PR | Social Media

sock_puppetThe use of software to automate the deployment of armies of fake social media accounts is, to me, the most disturbing trend in the social space. It’s disturbing on its face but even moreso because public affairs organizations are among the most likely to supply these services. And few would be surprised to find PR practitioners behind such dubious efforts.

I don’t personally know a single public relations practitioner who would support such a tactic. But it’s a big industry that requires no licensing and is bound by few regulations. That makes it easy for those who are lazy, corrupt, unprofessional or just downright evil to make big money from clients looking for quick results without regard to the means by which they were achieved.

There’s nothing new about sockpuppets, the term used to define an identity used to bamboozle people online. These could be completely fake identities, although the term is also applied to real people who get paid to post disingenuous reviews and ratings of products and services.

But the new trend takes the concept to new depths.

I reported this morning on For Immediate Release about the first story to cross my feeds. This involves HB Gary Federal. As near as I can figure, HBGary Federal sells its the company’s products to the federal government while HB Gary sells to other clients (such as computer forensic investigators and computer emergency response teams).

HBGary Federal CEO Aaron Barr was bragged that his company was tracking down the real identities of members of the hacker group Anonymous. As the CEO of a computer security company, he probably felt he was doing so with impunity. Instead, Anonymous broke into HBGary’s network—even the phone system, according to some accounts. From the gold mine of data the hackers took, they have so far released only emails.

Fifty thousand of them.

Some of these emails contain the smoking gun for the abuse outlined above. In partular, the left-leaning Daily Kos reports that a Microsoft Word attachment to an email describes the “persona management” software that allows a small group to look like a much larger group; the small team can then automate certain activities so a single persona can look more like an uprising. Here’s an excerpt from the Word file:

Persona management entails not just the deconfliction of persona artifacts such as names, email addresses, landing pages, and associated content. It also requires providing the human actors technology that takes the decision process out of the loop when using a specific persona. For this purpose we custom developed either virtual machines or thumb drives for each persona. This allowed the human actor to open a virtual machine or thumb drive with an associated persona and have all the appropriate email accounts, associations, web pages, social media accounts, etc. pre-established and configured with visual cues to remind the actor which persona he/she is using so as not to accidentally cross-contaminate personas during use.

Barr goes on to explain that his company will establish a set of personas on a variety of sites that don’t require evidence that you’re a real person—Twitter, blogs, forums, Google Buzz and MySpace, for example. The accounts are maintained through RSS feeds, retweets and “linking together social media commenting between platforms.” Then, using these accounts, it’s a small step to creating Facebook and LinkedIn profiles; these services do restrict real people to only a single account. Barr also says the accounts would automatically be locked down and linked “to a selected number of previously created accounts, automatically pre-aging the real accounts.”

Another leaked Word document explains how all this would work:

Using the assigned social media accounts we can automate the posting of content that is relevant to the persona. In this case there are specific social media strategy website RSS feeds we can subscribe to and then repost content on twitter with the appropriate hashtags. In fact using hashtags and gaming some location-based check-in services we can make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise, as one example. There are a variety of social media tricks we can use to add a level of realness to all fictitious personas.

Re-reading that statement made me throw up a little in my mouth.

At the Daily Kos, the concern is that such practices will be employed by right-leaning institutions against “labor unions, progressive organizations,  journalists, and progressive bloggers.” As for me, I don’t care who uses it against whom. Manipulating consensus is wrong, unethical, unprofessional and the very antitheses of the transparency and responsibility that are at the heart of the changes sweeping business today.

And, of course, when it’s uncovered (and it will be uncovered), the blame will fall at the PR profession’s feet. As The Kos article so bluntly put it, “This is just one little company of assholes. I can’t believe there aren’t others doing this already. From oil companies, political campaigns, PR firms, you name it. Public opinion means big bucks. And let’s face it, what these guys are talking about is easy.”

Make no mistake. If this gets more common, your honest, transparent communication efforts will be just as suspect as those of the actual bad actors. It threatens to undermine the credibility of every organization participating in the social space.

Lest you think that the companies engaged in these devious practices are shrewd enough to get away with it, consider that shortly after reporting the HB Gary story this morning, I came upon a post that reveals the U.S. Air Force is looking for just such capabilities. ccording to Erik Sherman, writing on his AB|Net Wired In blog, “The U.S. military is looking for software and services to manage upwards of 500 fake online personas designed to interact with social media, presumably including such sites as Facebook and Twitter.”

The request is part of an Air Force document currently available to anyone who wants to see it in the government’s contract database. Sherman’s interpretation of the service the Air Force seeks would be used to “create and control fictitious online identities, with up to 50 users controlling as many as 10 identities each. Each identity could use social media sites and other online services, giving the impression of an individual but really being a false face for the military.”

Sherman notes that HBGary Federal is one of the companies pursuing the Air Force contract.

The goal may well be to influence public opinion, but it runs completely counter to the approach taken by the Army, under the auspices of a year-old directive from Defense Secretary Gates, that calls for more authenticity and transparency through engagement in social channels, not a blatant gaming of the system. Seriously, doesn’t the Air Force have enough engaged personnel to be themselves in social channels while helping to tell the Air Force’s story? Getting caught in one of these schemes could cause irreperable damage; it would be years before most people trusted anything they heard about the Air Force.

(But then again, the Air Force is the branch of the U.S. military that ordered staff to not visit any site containing WikiLeaks documents, one of the stupidest orders in recent memory, since the spouses, children, friends and neighbors of those same personnel could peruse those same documents without any restricting at all.)

So far, the organizations that represent the public relations profession have been only moderately visible when it comes to situations like these. They point to their codes of ethics as evidence that they are, of course, opposed to such behavior.

But as these practices spin out of control, these organizations need to do more. I would like to see an industry-wide effort that condemns these practices and those who are behind them. That condemnation needs to be loud and repeated often.

If you belong to a PR association—IABC, PRSA, CPRS or any other, write them, tweet them, call them, hell, write a letter or send smoke signals. But let them know that you expect them to represent the profession based on the ethics that guide you in your work and to denounce these practices as unacceptable. I wouldn’t mind seeing memberships of organizations caught using these tactics revoked.

If we can’t get rid of the bottom-feeders who use these tools, the least we can do is marginalize them.



  • 1.Shel:

    Thanks for raising this issue. At a minimum, IABC, PRSA and CPRS should require its members to take an oath against this sort of activity. I would like to see legislation that bars its usage entirely, and most certainly prevents any governmental arm from using it. From astro-turf grassroots organizations to this pseudo-public opinion manipulation, the advent of turbo-charged tech is here and we have to take stand against it.

    Carmen | June 2011

  • 2.Bloody Fools! That "we won't get caught" thinking is so stupid & patently untrue. Any organization unwilling to decry such tactics risks being painted with the same brush.
    It is simply WRONG Folks!

    Clarence Jones | June 2011 | Meridian,MS

  • 3.Shel - Thank you for exposing this glaring issue within the public relations and public affairs professions, and also for making a call for a broader industry response.

    I can tell you from PRSA's perspective that issues such as this have been on our radar for quite some time, though this particular issue involving HB Gary Federal is obviously one that just now come to the forefront and is something we will closely examine. And as anyone who is familiar with PRSA's Code of Ethics knows, we absolutely condemn these types of deceptive activities, along with any form of deceptive communications and public relations. Above all else, public relations professionals should uphold the advancement of honest and transparent communications and serving the public’s best interest. Any form of deceptive industry practices goes against the basic tenets of our profession's ethical standards.

    To quickly address the call from Carmen in his comment that PRSA, IABC, CPRS and other industry organizations require their members to "take an oath against this sort of activity," PRSA does require that its members not engage in any type of deceptive practices, including astroturfing and automated sock-puppetry. Every PRSA member must sign the Society's Member Code of Ethics and pledge to core values, principles and practice guidelines, which, among several provisions, specifically states that public relations professionals and PRSA members NOT engage in deceptive practices, whether in traditional mediums or online. PRSA's Professional Standards Advisory PS-7: Engaging in the Use of Deceptive Practices While Representing Front Groups (, along with Professional Standards Advisory PS-8: Deceptive Online Practices and Misrepresentation of Organizations and Visuals (, both directly address issues of astroturfing, calling for members to NOT engage in any type of deceptive online practices that misrepresent an organization's or individual's identity or purpose for engagement.

    Clearly, this is an issue that will require continued monitoring and discussion. Thanks again for bringing broader attention to this issue. I'll follow up with more from PRSA as we explore further commentary.

    Keith Trivitt
    Associate Director of Public Relations
    Public Relations Society of America (PRSA)

    Keith Trivitt | June 2011 | New York, NY

  • 4.Hi Shel,

    Thanks for this important post highlighting these practices, not least because of the potential harm to the US Air Force in following such practices.

    John Cass | June 2011 | Greensboro, NC

  • 5.Agree with everything above. This is easy, has been going on for a while and many levels. And is sad.

    The Air Force however. I would hold judgement at first. The Defense Dept has been using similar techniques on all sorts of social platforms as research vehicles. They research, for instance, islamic militant organizations online with peer personas. I am not sure how much intelligence the Air Force partakes in, but I know they do some. Perhaps this is in that direction? Not sure.

    If it is indeed a recruitment play then it is very sad, and likely illegal.

    Perhaps we could nationalize these tools for the public good and drive down the sentiment for Justin Bieber's latest album?

    Jason Keath | June 2011 | New York, NY

  • 6.This is about trust and is creating a fertile field for anarchists. And it is one of the most vulnerable areas for social media. It's the type of thing that will make any company think twice about coming into or staying in the pool.

    Given the pool reference it's the same as the scene in Caddyshack I believe with the Baby Ruth bar.


    Albert Maruggi | June 2011 | St. Paul, MN

  • 7.I note with some level of pride that I had trouble even following what they were trying to do.

    Perhaps I read too much John LeCarre growing up, but there is one, and only one, case where I could see this as being a potentially legitimate (yet controversial) tool, and that is intelligence gathering. Fake personae are trade craft for spy agencies; this could well be the digital version. For example, many of our nation's intelligence agents operate under fictitious names. What is the first thing we do nowadays? Google someone. And what is weirdest is when such a search turns up nothing--what I'm trying to get at here is that military intelligence officers overseas could potentially be "outed" by *not* having any presence on social networks. Providing a military intelligence officer with his or her fake profile on a thumb drive could prevent inadvertent (and completely human) slips that would otherwise compromise their identity, putting their lives at risk.

    The problem, of course is that such tactics could be used for the swaying of public opinion motives outlined above.

    Please don't misunderstand my post--I am *not* defending such tactics. I'm simply pointing out that despite the nefarious appearance, there could be a legitimate, if controversial, reason for this from the government's perspective.

    Maybe I should write novels? :-)

    Jennifer Zingsheim | June 2011

  • 8.Jennifer's comment is intriguing, though if you were going to use these "tools," for such practices, is it a good idea to post an RFP.

    John Cass | June 2011 | Greensboro, NC

  • 9.Shel - Your post should be part of every PR course. It's scary how caviler some people are in putting this type of technology into play. I walked away, or ran away I should say, from a new biz opportunity where the company plaanned to include "automated sock puppets."

    Toby Bloomberg | June 2011 | United States

  • 10.@John--there's an update on the Daily Kos diary. It appears as though this technology is being solicited to be designed for use in Iraq and Afghanistan, lending a bit more credence to my speculated use. It also shows some responses from HB Gary staffers, who appear to be shocked (and none too pleased) that this appeared on an open site.

    *Off to write my spy novel now...* ;-)

    Jennifer Zingsheim | June 2011

  • 11.Shel--

    Thanks for drawing attention to this important issue. In this new era of fast-moving and ever-changing technology, it is incumbent on each person in the field of professional business communications to avoid the pitfalls of the “fast and easy” opportunity to push a message.

    IABC’s Code of Ethics ( for Professional Communicators is based on three different yet interrelated principles of professional communication. These principles are essential for professional communication to follow as a means to communicate in a manner that is legal, ethical and in good taste.

    Practices such as “sock puppets” violate these principles and devalue the integrity of the tens of thousands of professional communicators who foster the free flow of essential information in accord with the public interest.

    ~Julie Freeman, ABC, APR, IABC President and Wilma Mathews, ABC, Chair of the IABC Ethics Committee

    Julie Freeman | June 2011 | San Francisco, CA

  • 12.Great post Shel. Puts the problem for the real PR professionals out there.

    Sock puppets are no new thing. They just get more complex as the technology progresses.

    Lucretia Pruitt | June 2011

  • 13.Wow. I'm not surprised. This is not only a PR issue but it's an SEO issue as well...Once the software becomes readily available on a wider scale, social search will become completely useless. You know it's sad too because you know it's coming too. At the end of the day some people don't give a shit.

    Marc Meyer | June 2011 | Naples, Florida

  • 14.made me throw up a little in my mouth? Can we please stop using this phrase?

    Bob | June 2011 |

  • 15.@Bob, it's the first time I've actually used that expression because it's the first time it reflects very closely what I actually felt. I probably won't use it again.

    Shel Holtz | June 2011 | Concord, CA

  • 16.Given the services that HBGary provides to the US Government, and the fact the USAF has no PsyOps capability, isn't it more likely the US Air Force were seeking tools to allow the detection of fake personae in Social Media rather than seeking to use them.

    While I applaud the point you are trying to make (that such tactics should not be used) using a spurious single source rumour(from someone with a big grudge to carry against HBGary) to make it is unprofessional in evry comms field - bad journalism, bad PR, bad blogging!

    Oh, and for the record I am British and have nothing to do with the US Air Force or HBGary

    Peter Clarke | June 2011 | GBR

  • 17.@Peter, thanks for your comment. A few thoughts in response:

    First, I was referencing something another blogger wrote, not doing original reporting. Second, in my research, I never read anything that suggested these tools can be used to detect sock puppets, only to create them. Third, if it serves only as an example of an organization seeking to use these tools, it works for me.

    You may be interested, though, in John Cass' post. John got in touch with someone at the Air Force and found that "The software supports classified social media activities outside the US intended to counter violent extremist ideology and enemy propaganda." That may sound fine, but once it's discovered and reported by our enemies, it will be virtually impossible to engage in authentic social channels, since nothing we say will be trusted. It's better to get supporters to conduct authentic engagement. And not all that hard, really.

    John's post is here:

    Also, are you suggesting I have a grudge against HBGary? I'd never heard of them before I came upon the report about them and certainly have no ax to grind with them (beyond their behavior with this particular application).

    Shel Holtz | June 2011 | Concord, CA

  • 18.First, very refreshing to see both IABC and PRSA leaders listening and commenting on this issue. Kudos, Julie and Keith.

    Second, I can see the argument Jason and Jennifer are making on how the Air Force might be using these personas strategically. But overall, I "can't believe there aren't others doing this already" or there won't be really soon.

    Third, I think this post sums up one of the reasons we as communicators need to continue highlighting what we see as standard, obvious practices in our presentations and results reporting to clients. We don't talk enough about the things we do right -- e.g. teach clients the right way to engage authentically online -- and therefore, stories like this one are the ones people keep talking about.

    Lastly, Shel, doesn't bother me at all if you write "made me throw up in my mouth a little." I had a similar reaction :).

    Justin Goldsborough | June 2011 | Kansas City

Comment Form
What is the four-letter acronym for the International Association of Business Communicators?

« Back