getluky.net

Grant McCracken linked to Twenty-Eight Articles: Fundamentals of Company-Level Counterinsurgency by Dr. David Kilcullen, Lieutenant Colonel, Australian Army, discussing it in the context of applied ethnography. If you are able to abstract away the most obvious differences between insurgencies and online communities, there is a lot of wisdom in this document directly applicable to the role of community managers.

In a modern online community, while no sane P.R. person would acknowledge that their employees view some segments of a user base as enemies, that attitude does exist, despite the measured tone of external communication. There are direct competitors kept at arm’s length, griefers, trolls, spammers, and many other types of people who (whether consciously or not) act to undermine the stability or quality of an online population. It is a significant portion of the job of a community manager to deal with their everyday activities without causing harm to the community through their own actions. And in many cases, the goal of certain harmful subgroups is to provoke the community’s operators into harsh action which they can then convert into media coverage for their own viewpoints.

If you’re involved creating online communities, i’d highly recommend you go read this article, ignoring temporarily the real differences between our work and the operation of a counterinsurgency. If you can work with the analogy, much of this hard-earned knowledge can be applied in similar ways. For example:

12. Prepare for handover from Day One.
Believe it or not, you will not resolve the insurgency on your watch. Your tour will end, and your successors will need your corporate knowledge. Start handover folders, in every platoon and specialist squad, from day one— ideally, you would have inherited these from your predecessors, but if not you must start them. The folders should include lessons learned, details about the population, village and patrol reports, updated maps, photographs—anything that will help newcomers master the environment. [...] This is boring, tedious and essential.

Staff at online communities come and go, but rarely do I see the operational knowledge of community managers codified into forms that can be quickly picked up by new hires. Often, new community managers are thrust into a situation beyond their comprehension by an engineering staff who has become too busy to deal with user base issues. It’s a great concept to develop handover folders for future community managers, or even engineers switching over to deal with a problem while the main community folks might be away. In some websites set up for community success, there exist mountains of contextual information connected to users, data, and media, visible only to the employees, which perform this function of informing people about the context behind a situation while they consider solutions. An emphasis on problematic user groups, topics, and geographical regions would be a useful component of such documentation.

18. Remember the global audience.
One of the biggest differences between the counterinsurgencies our fathers fought and those we face today is the omnipresence of globalized media. [...] When the insurgents ambush your patrols or set off a car bomb, they do so not to destroy one more track, but because they want graphic images of a burning vehicle and dead bodies for the evening news. Beware the “scripted enemy”, who plays to a global audience and seeks to defeat you in the court of global public opinion.

This is a fantastic insight into the operations of hostile parties on large, established communities. In some cases, direct competitors provoke a company into hostile action, which they use to get attention for their own startups by claiming injustice. In other cases, it’s an attention- or pageview-seeking bloggers causing problems then writing digg-bait about being banned from your service. With the speed of global blogging, it’s essential to remember that all correspondence and actions taken during a ban may be posted online, resulting in your trial in the “court of global public opinion.” Bans in this case, are commonly not finished when the moderator clicks a button.

I could go on, but i’ll let the article speak for itself. Some of my favorite pieces are the discussions of understanding a population locally and deeply, and gaining its respect, if not its love. I love finding cross-disciplinary overlaps, and this is one of the best examples i’ve seen in a while.

Tech

Every few years, a malicious email nearly gets past my years of automatic defenses and skepticism about stuff I get in my inbox. Today, I was one click away from getting owned. I’ll write about it to make sure my readers don’t also fall for the scam.

I got an email in my inbox with the subject line “CNN.com Daily Top 10″. I’m a CNN reader, and I imagine so are a large proportion of Internet users. In the email, there are a bunch of broken images and links that look pretty normal as far as HTML email newsletters go, especially considering the couple of years behind the curve that CNN has typically been.

Email as it appeared in my inbox

The payload wasn’t in the email itself – the email contained links to “Top 10 stories” and “Top 10 videos”, and of course, your eyes skip past all the other stuff to the content, and if you just glance, these look mostly plausible, or at least resemble the schlock that makes up news entertainment these days. The kicker is that the top video is really disturbing – “US Beef Unsafe for Consumption”. If you’ve fallen for everything else so far (again, not a big stretch, there aren’t attachments or weird spam-like bits of language, and the style is on par for the subject), then you’ll click on the link.

This is what you see when you get there. The js pops up after load.

The link takes you to a CNN Video lookalike page with a flash widget which pops up a Flash upgrade request. Again, this is something your average Internet user is used to seeing and consenting to without thinking. If you hit Cancel (which I did, as I often find this annoying enough to give up and not bother watching the video content), then it puts you in a loop with another error message until you hit OK. Internet users are used to poorly written javascript doing this kind of thing, so they might consent as well just to break the loop.

Behaves kinda like an idiotic website bug, so you might ignore this too.

Once you hit OK, if you’re using FF it’ll prompt you to download a file called getflashupdate.exe, which looks pretty normal as well.

If you’re like me, you just got here because you’re annoyed and want to jump out of the seemingly benign javascript alert box loop. However, I finally noticed one (of many, to be sure) small clues that revealed the nature of the scam. The URL of the download surely wasn’t CNN’s. Once I hit cancel, the flash widget told me that I was using Flash Player 0.

Flash installers tend to screw up pretty often, so once again the scam tries to imitate known behavior.

Altogether, there were numerous cues that I could have observed at any time to figure out what was happening. For one, the From: email address was fake looking. The URL’s in the javascript alert boxes were also fake. The URL’s for every story in the mail were identical. I know that I’ve viewed Flash media before without trouble.

However, for all the cues that were available, the writer of this exploit put in an amount of effort into crafting an authentic-feeling damnit-I-have-to-upgrade-Flash-again experience for an average Internet user that nearly fooled me. If it hadn’t been for my tendency to give up on content rather than install yet another Flash upgrade, I might have been caught hook, line, and sinker.

The owner of the website appears to be Brazilian, and the content looks fairly authentic, so I suspect this is an owned webserver in Brazil being repurposed to distribute a rootkit.

The last time I got nabbed was by the “I Love You” virus, which just happened to come from the name of my favorite Aunt, so it was pretty unlucky for me. Sure, I should have known better, but i’m a human, and we’re all susceptible to these kinds of attacks. I guess every time the attackers advance in their approach, we become better in our defense. It’s just too bad that they’re the ones in the natural position to change where the battlefront lies.

Tech