Is the Patriot Movement Helping With Its Own Demise on Facebook?
by Kit Lange
People in the patriot movement spend a lot of time talking about their patriot activities on social media. I’ve covered why this is a bad idea over and over, and will continue to do so. In the midst of the meme-sharing, ranting and planning various activities, however, there’s something else going on every day: Social engineering.
Social engineering is defined as “an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.” For people in the movement, that breaks down to “an attack that tricks you into giving up critical information.” There is almost no easier way to trick patriots into giving up information than Facebook. It’s a tactic used by federal agents and assets, but in many cases they don’t even need to engage in social engineering because patriots are doing it to themselves and each other without even realizing it—and with the best of intentions. In these cases, someone merely needs to swing by and collect the information left out for them to find by careless people. While I won’t use names of individual people or groups, I’ll paste some actual comments from real-life examples. If you recognize one of these comments as your own, then I encourage you to take the energy you want to spend trashing me, and use it to think about what I’m saying. Let’s get started.
How It Works: The Commander or Member of Random Patriot Group posts a roll call thread, and asks members who are active to post a comment, and calls for each of the other members to report in by codename. Members respond with that codename or callsign in their comments. The commander goes on to announce that he wants people to think about a face to face meeting with the following:
We all need to get together real soon. Hell boy. Ogre, reaper,widow maker, pharaoh, sasquatch, loonatic, watchtower. You all down for a get together?
What just happened? What can be linked together? In the 20 comments on that particular thread, ten of the members of that group are now identified by name and matched to their callsign/codename. From there it’s a simple exercise to go to their pages and start collecting more information about their schedules, personalities, and more—all of which can be used for further engineering attempts.
Another party in another thread asks for people to comment with “name and zone.” People respond—130 comments worth—with names, locations, and positions. Some of them give extra information, such as what they’re trained in. Within the thread, some post a comment saying their location is “classified,” and are promptly chastised by the leadership for not following the directive. Perhaps the most disturbing part is when the leadership denigrates those who choose not to comment as being “inactive” or “not dedicated.” Anyone can simply take the state map, thoughtfully provided by the leadership so members can figure out what zone they belong to, and start making notes. How many people are in each zone? Where are the leadership of that group located? What is the group’s response capability to a specific area in the state?
Many argue that, “We only do that in our closed/private FB groups.” Two things you need to be aware of: 1) If it’s on Facebook in any capacity, it is NOT private. 2) If your vetting process for allowing members into your closed and “private” groups is checking out their Facebook page, you are failing.
How It Works: Someone in Random Facebook Group posted a thread like the following: “We’ve got an FTX this weekend and here are the coordinates. Who’s in?” The problem is that people love to talk about what they’re doing, because within the movement people feel the need to justify themselves as “real patriots” by openly discussing their activities–because if you’re not doing things where everyone can see, you must not be doing them at all. It sounds almost ridiculous but that’s often the mindset. In this article we’re only concerned with the second type of comment: the one where they outline in detail their patriot activities for the weekend, in which they either announce their plan to go to the FTX, or they defend why they are not going. Here are a few of the comments:
I’m going out to _______ to test my new ______ rifle. If anyone wants to come, the GPS coordinates of the pit are ________.
I’m getting together with [five tagged friends] to do patriot sh*t.
I’m working on my preps. I have almost a whole year of food now!
In this case, the original thread was posted by a prominent member of a group, who most of them know personally. However, it could have just as easily been posted by an asset or someone looking to collect information. No matter who posted it, now the information is there for anyone to pick up and use. And what information did we glean just from these comments? Keep in mind that all of these comments had real names attached, with profiles behind them chock full of more information to use.
Surveys and Advice Threads
How It Works: Someone posted a thread asking about what method of communication patriots choose to use with each other. People fell all over themselves answering. They talked about exactly what they use: Wickr, Signal, Telegram, whatever. Some of them put up their various usernames and encouraged people to contact them. What just happened here? What was openly laid out for all to see, on an open FB thread? One of the most powerful ways to get people to give you information is to simply ask them for advice, such as “What do you suggest?”
Think about what you could glean with the following threads in various types of groups:
Medical – “I’m trying to set up a unit level medical kit. What do I need? What do you suggest?”
Tactical – “What firearms are the best for keeping in my vehicle? How much ammo should I have? How often should we train? What should we be focusing on?”
Communications – “I’m trying to get my group set up on solid comms. What should we be using?”
Security – “What vetting process do you guys use?”
Support – “We’re trying to set up safehouses and supply caches so we’re looking for ways to get started. Can anyone help point us in the right direction?”
What do all of these threads have in common? How would people respond? Is it a logical conclusion to think that people would respond with what they and their groups are doing, out of a desire to share information in a helpful way? What are the odds that the people who answer can be cross-checked against the information you received in other threads to pinpoint who a unit or group’s area focal is and how prepared/trained/supplied he is? How many people would put that information out on the thread? How many would take it to Facebook messages in an effort to be “secret?”
Here’s the thing. Most groups have not even sat down to consider what their critical information is, who is trying to get it, and what the effects of them getting it are. The amount of information that can be gleaned just from the three types of fishing expeditions above is staggering, and those are just three of the myriad of tactics available to a skilled social engineer. Put together with basic profiling techniques, statement analysis, OSINT research, and a little bit of cross-referencing, and you can flesh out an incredible picture of any given group, including:
- Group hierarchies and identification of leadership.
- Exploitable weaknesses and points of failure both on a group and individual level.
- Tactical capabilities and training locations and schedule
- Medical capabilities and level of personnel training
- Ability to respond to a given threat
- Member mindset.
- Communications savvy and capability
- Vetting procedures and security protocols
- Cohesiveness of the group
- Future plans for activities and training
- Level of gear and supplies
- SHTF fallback positions
The list goes on and on. The sad thing is, this doesn’t even take into account the posts that people make on their own pages; selfies at various locations (“Here’s me and my team at our last training!”), videos (anyone with a camera phone has become a talking head without regard for the greater message), and much more. 99% of these threads are started by what are probably very well-meaning, solid folks. The problem is that intent does not matter when the results are the same. Ask yourself: How can the above information be leveraged? Is it critical for you to keep that under wraps?
Information is power, as the saying goes. So why does the movement give away that power so easily? Assets and federal agents don’t even need to put traps out there; the movement makes its own traps and people walk right in. The amount of information (and disinformation) on Facebook alone during Malheur was mind-blowing. In an effort to be “part of it,” people claimed to be privy to secret information, posted dissertations of their viewpoints, and engaged in enough infighting to turn social media into a battleground all its own—which, by the way, is its own kind of negative propaganda.
We need to control the message; more importantly, we need to control the information flow. Stop laying traps and springing them yourselves. Stop using Facebook as a networking tool. Stop giving away your own critical information so easily. Learn from the movement’s past mistakes; blind allegiance to any and all ‘leaders’ regardless of failed tactics or bad planning is stupid and dangerous. We all make mistakes; we should be trying a lot harder, however, not to.