SlideShare une entreprise Scribd logo

Tooling Up for Cognitive Security

bodaceacat
bodaceacat

Presentation "Misinfosec: tooling up for cognitive security", given at Disclosure 2019

Technologie
1  sur  28
Télécharger pour lire hors ligne
Misinfosec: Tooling up for Cognitive Security SARA “SJ” TERP Disclosure, November 5th 2019 !1
MIS / DISINFORMATION deliberate promotion… of false, misleading or mis-attributed information focus on creation, propagation, consumption of misinformation online We are especially interested in misinformation designed to change beliefs in a large number of people !2
EVOLUTION OF INFORMATION 3
4 EVOLUTION OF INFORMATION
WESTPHALIAN SOVEREIGNTY Each nation has sovereignty over its own territory and domestic affairs Principal of non-interference in another country’s domestic affairs Each state is equal under international law 5
NATIONAL INSTRUMENTS OF INFLUENCE …and how to influence other nation-states. Diplomatic Informational Military Economic Resources available in pursuit of national objectives… 6
BUSINESS INSTRUMENTS OF INFLUENCE Business Deals & Strategic Partnerships PR and Advertising Mergers and Acquisitions R&D and Capital Investments 7 Resources available in pursuit of corporate objectives…
INFORMATION THREATS Democracy • Require common political knowledge • Who the rulers are • Legitimacy of the rulers • How government works • Draw on contested political knowledge to solve problems • Vulnerable to attacks on common political knowledge Autocracy • Actively suppress common political knowledge • Benefit from contested political knowledge • Vulnerable to attacks on the monopoly of common political knowledge 8
MOST CYBERSPACE OPERATIONS ARE BASED ON INFLUENCE Force an adversary to make a decision or take an action based on: • Information I hide • Information I give • Information I change • Information I deny/degrade • Information I destroy Enable my decisions based upon knowing yours “Operations to convey selected information and indicators to audiences to influence their emotions, motives, and objectives reasoning, and ultimately the behavior of governments, organizations, groups, and individuals” 9
THE NEED The only defense against the world is a thorough knowledge of it. - John Locke 10
COMBINING DIFFERENT VIEWS OF DISINFORMATION • Information security (Gordon, Grugq, Rogers) • Information operations / influence operations (Lin) • A form of conflict (Singer, Gerasimov) • [A social problem] • [News source pollution] !11
MISINFOSEC COMMUNITIES ● Industry ● Academia ● Media ● Community ● Government ● Infosec !12
COMPONENTWISE UNDERSTANDING AND RESPONSE • Lingua Franca across communities
 • Defend/countermove against reused techniques, identify gaps in attacks
 • Assess defence tools & techniques
 • Plan for large-scale adaptive threats (hello, Machine Learning!) !13
DOING IT AT SCALE • Computational power • Speed of analysis • Lack of framework • Systems theory and emergence of characteristics • Cognitive friction • Cognitive dissonance https://www.visualcapitalist.com/wp-content/uploads/2018/05/ internet-minute-share2.jpg 14
CONNECTING MISINFORMATION ‘LAYERS’ !15 Campaigns Incidents Narratives Artifacts attacker defender
WHAT WE BUILT All warfare is based on deception. - Sun Tzu All cyberspace operations are based on influence. - Pablo Breuer 16
STAGE-BASED MODELS ARE USEFUL RECON WEAPONIZE DELIVER EXPLOIT CONTROL EXECUTE MAINTAIN Persistence Privilege 
 Escalation Defense 
 Evasion Credential 
 Access Discovery Lateral
 Movement Execution Collection Exfiltration Command
 and Control !17
WE EXTENDED THE ATT&CK FRAMEWORK !18
POPULATING THE FRAMEWORK: HISTORICAL ANALYSIS • Campaigns • e.g. Internet Research Agency, 2016 US elections • Incidents • e.g. Columbia Chemicals • Failed attempts • e.g. Russia - France campaigns !19
HISTORICAL CATALOG: DATASHEET • Summary: Early Russian (IRA) “fake news” stories. Completely fabricated; very short lifespan. 
 • Actor: probably IRA (source: recordedfuture) 
 • Timeframe: Sept 11 2014 (1 day) 
 • Presumed goals: test deployment 
 • Artefacts: text messages, images, video 
 • Related attacks: These were all well-produced fake news stories, promoted on Twitter to influencers through a single dominant hashtag -- #BPoilspilltsunami, #shockingmurderinatlanta, 
 • Method: 1. Create messages. e.g. “A powerful explosion heard from miles away happened at a chemical plant in Centerville, Louisiana #ColumbianChemicals” 2. Post messages from fake twitter accounts; include handles of local and global influencers (journalists, media, politicians, e.g. @senjeffmerkley) 3. Amplify, by repeating messages on twitter via fake twitter accounts 
 • Result: limited traction 
 • Counters: None seen. Fake stories were debunked very quickly. !20
TECHNIQUES !21
FRAMEWORK (AMITT) !22
TACTIC STAGES (AND PHASES) Planning Strategic Planning Objective Planning Preparation Develop People Develop Networks Microtargeting Develop Content Channel Selection Execution Pump Priming Exposure Go Physical Persistence Evaluation Measure Effectiveness !23
STIX AMITT Misinformation STIX Description Level Infosec STIX Report communication to other responders Communication Report Campaign Longer attacks (Russia’s interference in the 2016 US elections is a “campaign”) Strategy Campaign Incident Shorter-duration attacks, often part of a campaign Strategy Intrusion Set Course of Action Response Strategy Course of Action Identity Actor (individual, group, organisation etc): creator, responder, target, useful idiot etc. Strategy Identity Threat actor Incident creator Strategy Threat Actor Attack pattern Technique used in incident (see framework for examples) TTP Attack pattern Narrative Malicious narrative (story, meme) TTP Malware Tool bot software, APIs, marketing tools TTP Tool Observed Data artefacts like messages, user accounts, etc Artefact Observed Data Indicator posting rates, follow rates etc Artefact Indicator Vulnerability Cognitive biases, community structural weakness etc Vulnerability Vulnerability !24
STIX GRAPHS (THANKS, STIG!) !25
INTELLIGENCE SHARING AND COORDINATION !26
NEXT: MITIGATIONS AND COUNTERS !27
NEXT NEXTS • Continue to grow the coalition of the willing • Support the Cognitive Security ISAO • Continue to build an alert structure (ISAC, US-CERT, Interpol, Industry, etc.) • Continue to refine TTPs and framework • More mitigations and counters • STIX-based data science • AMITT updates at misinfosec.org !28

Recommandé

Chapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplinesChapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplinesDoing What I Do
 
Information Warfare
Information WarfareInformation Warfare
Information Warfaredibyendupaul
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfareshifahirani
 
Chapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whomChapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whomDoing What I Do
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect usLuis Borges Gouveia
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
 
Information Warfare
Information WarfareInformation Warfare
Information WarfareDibyendu Paul
 
2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_secSara-Jayne Terp
 

Recommandé

Chapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplinesChapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplinesDoing What I Do
 
Information Warfare
Information WarfareInformation Warfare
Information Warfaredibyendupaul
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfareshifahirani
 
Chapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whomChapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whomDoing What I Do
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect usLuis Borges Gouveia
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
 
Information Warfare
Information WarfareInformation Warfare
Information WarfareDibyendu Paul
 
2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_secSara-Jayne Terp
 
Chapter 6 analysis
Chapter 6 analysisChapter 6 analysis
Chapter 6 analysisDoing What I Do
 
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGUNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGLillian Ekwosi-Egbulem
 
Socialmediapublicsavety
SocialmediapublicsavetySocialmediapublicsavety
SocialmediapublicsavetyFrank Smilda
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1Doing What I Do
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeleySara-Jayne Terp
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operationsClifford Stone
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
Risk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageRisk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageSara-Jayne Terp
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radarSaraJayneTerp
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umarylandSara-Jayne Terp
 
Kenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warMarioEliseo3
 
Counterintelligence
CounterintelligenceCounterintelligence
Counterintelligencekelsports
 
Terror And Technology
Terror And TechnologyTerror And Technology
Terror And Technologypradhansushil
 
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...Sara-Jayne Terp
 
Vol7no2 ball
Vol7no2 ballVol7no2 ball
Vol7no2 ballMarioEliseo3
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopoliticstnwac
 
2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformationSaraJayneTerp
 
About cyber war
About cyber warAbout cyber war
About cyber wareugenvaleriu
 
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE - ATT&CKcon
 
Targeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts areTargeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts arearchiejones4
 

Contenu connexe

Tendances

UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGUNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGLillian Ekwosi-Egbulem
 
Socialmediapublicsavety
SocialmediapublicsavetySocialmediapublicsavety
SocialmediapublicsavetyFrank Smilda
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1Doing What I Do
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeleySara-Jayne Terp
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operationsClifford Stone
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
Risk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageRisk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageSara-Jayne Terp
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radarSaraJayneTerp
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umarylandSara-Jayne Terp
 
Kenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warMarioEliseo3
 
Counterintelligence
CounterintelligenceCounterintelligence
Counterintelligencekelsports
 
Terror And Technology
Terror And TechnologyTerror And Technology
Terror And Technologypradhansushil
 
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...Sara-Jayne Terp
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopoliticstnwac
 
2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformationSaraJayneTerp
 

Tendances (20)

Chapter 6 analysis
Chapter 6 analysisChapter 6 analysis
Chapter 6 analysis
 
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGUNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
 
Socialmediapublicsavety
SocialmediapublicsavetySocialmediapublicsavety
Socialmediapublicsavety
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy
 
Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operations
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...
 
Risk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageRisk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of age
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radar
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
 
Kenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-war
 
Counterintelligence
CounterintelligenceCounterintelligence
Counterintelligence
 
Terror And Technology
Terror And TechnologyTerror And Technology
Terror And Technology
 
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
 
Vol7no2 ball
Vol7no2 ballVol7no2 ball
Vol7no2 ball
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
 
2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation
 
About cyber war
About cyber warAbout cyber war
About cyber war
 

Similaire à Tooling Up for Cognitive Security

MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE - ATT&CKcon
 
Targeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts areTargeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts arearchiejones4
 
Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other thingsSara-Jayne Terp
 
ASIS NYC InT Presentation
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT PresentationDaniel McGarvey
 
WG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdfWG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdfSaraJayneTerp
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
 
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Maurice Dawson
 
MASINT and Global War on Terror
MASINT and Global War on TerrorMASINT and Global War on Terror
MASINT and Global War on TerrorTpeisi Nesby
 
Disinformation post report-eng
Disinformation post report-engDisinformation post report-eng
Disinformation post report-engarchiejones4
 
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionTeam Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionStanford University
 
2.7 workshop-on-intelligence-Steele on future
2.7 workshop-on-intelligence-Steele on future2.7 workshop-on-intelligence-Steele on future
2.7 workshop-on-intelligence-Steele on futureRobert David Steele Vivas
 
The Social Takeover
The Social TakeoverThe Social Takeover
The Social TakeoverZeroFOX
 
Cracking the Code of Emerging Social Media Communications
Cracking the Code of Emerging Social Media CommunicationsCracking the Code of Emerging Social Media Communications
Cracking the Code of Emerging Social Media CommunicationsScott Rickard
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
William Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docxWilliam Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docxambersalomon88660
 

Similaire à Tooling Up for Cognitive Security (20)

MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
 
Targeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts areTargeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts are
 
Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other things
 
2013 workshop-on-intelligence
2013 workshop-on-intelligence2013 workshop-on-intelligence
2013 workshop-on-intelligence
 
ASIS NYC InT Presentation
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT Presentation
 
WG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdfWG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdf
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...
 
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
 
MASINT and Global War on Terror
MASINT and Global War on TerrorMASINT and Global War on Terror
MASINT and Global War on Terror
 
Disinformation post report-eng
Disinformation post report-engDisinformation post report-eng
Disinformation post report-eng
 
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionTeam Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
 
2.7 workshop-on-intelligence-Steele on future
2.7 workshop-on-intelligence-Steele on future2.7 workshop-on-intelligence-Steele on future
2.7 workshop-on-intelligence-Steele on future
 
Facebook
FacebookFacebook
Facebook
 
The Social Takeover
The Social TakeoverThe Social Takeover
The Social Takeover
 
2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosure
 
Cracking the Code of Emerging Social Media Communications
Cracking the Code of Emerging Social Media CommunicationsCracking the Code of Emerging Social Media Communications
Cracking the Code of Emerging Social Media Communications
 
E2112733
E2112733E2112733
E2112733
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
William Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docxWilliam Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docx
 

Plus de bodaceacat

CansecWest2019: Infosec Frameworks for Misinformation
CansecWest2019: Infosec Frameworks for MisinformationCansecWest2019: Infosec Frameworks for Misinformation
CansecWest2019: Infosec Frameworks for Misinformationbodaceacat
 
Terp breuer misinfosecframeworks_cansecwest2019
Terp breuer misinfosecframeworks_cansecwest2019Terp breuer misinfosecframeworks_cansecwest2019
Terp breuer misinfosecframeworks_cansecwest2019bodaceacat
 
Misinfosec frameworks Cansecwest 2019
Misinfosec frameworks Cansecwest 2019Misinfosec frameworks Cansecwest 2019
Misinfosec frameworks Cansecwest 2019bodaceacat
 
Sjterp ds_of_misinfo_feb_2019
Sjterp ds_of_misinfo_feb_2019Sjterp ds_of_misinfo_feb_2019
Sjterp ds_of_misinfo_feb_2019bodaceacat
 
Practical Influence Operations, presentation at Sofwerx Dec 2018
Practical Influence Operations, presentation at Sofwerx Dec 2018Practical Influence Operations, presentation at Sofwerx Dec 2018
Practical Influence Operations, presentation at Sofwerx Dec 2018bodaceacat
 
Session 10 handling bigger data
Session 10 handling bigger dataSession 10 handling bigger data
Session 10 handling bigger databodaceacat
 
Session 09 learning relationships.pptx
Session 09 learning relationships.pptxSession 09 learning relationships.pptx
Session 09 learning relationships.pptxbodaceacat
 
Session 08 geospatial data
Session 08 geospatial dataSession 08 geospatial data
Session 08 geospatial databodaceacat
 
Session 07 text data.pptx
Session 07 text data.pptxSession 07 text data.pptx
Session 07 text data.pptxbodaceacat
 
Session 06 machine learning.pptx
Session 06 machine learning.pptxSession 06 machine learning.pptx
Session 06 machine learning.pptxbodaceacat
 
Session 05 cleaning and exploring
Session 05 cleaning and exploringSession 05 cleaning and exploring
Session 05 cleaning and exploringbodaceacat
 
Session 04 communicating results
Session 04 communicating resultsSession 04 communicating results
Session 04 communicating resultsbodaceacat
 
Session 03 acquiring data
Session 03 acquiring dataSession 03 acquiring data
Session 03 acquiring databodaceacat
 
Session 02 python basics
Session 02 python basicsSession 02 python basics
Session 02 python basicsbodaceacat
 
Session 01 designing and scoping a data science project
Session 01 designing and scoping a data science projectSession 01 designing and scoping a data science project
Session 01 designing and scoping a data science projectbodaceacat
 
Gp technologybuilds july2011
Gp technologybuilds july2011Gp technologybuilds july2011
Gp technologybuilds july2011bodaceacat
 
Gp technologybuilds july2011
Gp technologybuilds july2011Gp technologybuilds july2011
Gp technologybuilds july2011bodaceacat
 
Ardrone represent
Ardrone representArdrone represent
Ardrone representbodaceacat
 
Global pulse app connection manager
Global pulse app connection managerGlobal pulse app connection manager
Global pulse app connection managerbodaceacat
 
Un Pulse Camp - Humanitarian Innovation
Un Pulse Camp - Humanitarian InnovationUn Pulse Camp - Humanitarian Innovation
Un Pulse Camp - Humanitarian Innovationbodaceacat
 

Plus de bodaceacat (20)

CansecWest2019: Infosec Frameworks for Misinformation
CansecWest2019: Infosec Frameworks for MisinformationCansecWest2019: Infosec Frameworks for Misinformation
CansecWest2019: Infosec Frameworks for Misinformation
 
Terp breuer misinfosecframeworks_cansecwest2019
Terp breuer misinfosecframeworks_cansecwest2019Terp breuer misinfosecframeworks_cansecwest2019
Terp breuer misinfosecframeworks_cansecwest2019
 
Misinfosec frameworks Cansecwest 2019
Misinfosec frameworks Cansecwest 2019Misinfosec frameworks Cansecwest 2019
Misinfosec frameworks Cansecwest 2019
 
Sjterp ds_of_misinfo_feb_2019
Sjterp ds_of_misinfo_feb_2019Sjterp ds_of_misinfo_feb_2019
Sjterp ds_of_misinfo_feb_2019
 
Practical Influence Operations, presentation at Sofwerx Dec 2018
Practical Influence Operations, presentation at Sofwerx Dec 2018Practical Influence Operations, presentation at Sofwerx Dec 2018
Practical Influence Operations, presentation at Sofwerx Dec 2018
 
Session 10 handling bigger data
Session 10 handling bigger dataSession 10 handling bigger data
Session 10 handling bigger data
 
Session 09 learning relationships.pptx
Session 09 learning relationships.pptxSession 09 learning relationships.pptx
Session 09 learning relationships.pptx
 
Session 08 geospatial data
Session 08 geospatial dataSession 08 geospatial data
Session 08 geospatial data
 
Session 07 text data.pptx
Session 07 text data.pptxSession 07 text data.pptx
Session 07 text data.pptx
 
Session 06 machine learning.pptx
Session 06 machine learning.pptxSession 06 machine learning.pptx
Session 06 machine learning.pptx
 
Session 05 cleaning and exploring
Session 05 cleaning and exploringSession 05 cleaning and exploring
Session 05 cleaning and exploring
 
Session 04 communicating results
Session 04 communicating resultsSession 04 communicating results
Session 04 communicating results
 
Session 03 acquiring data
Session 03 acquiring dataSession 03 acquiring data
Session 03 acquiring data
 
Session 02 python basics
Session 02 python basicsSession 02 python basics
Session 02 python basics
 
Session 01 designing and scoping a data science project
Session 01 designing and scoping a data science projectSession 01 designing and scoping a data science project
Session 01 designing and scoping a data science project
 
Gp technologybuilds july2011
Gp technologybuilds july2011Gp technologybuilds july2011
Gp technologybuilds july2011
 
Gp technologybuilds july2011
Gp technologybuilds july2011Gp technologybuilds july2011
Gp technologybuilds july2011
 
Ardrone represent
Ardrone representArdrone represent
Ardrone represent
 
Global pulse app connection manager
Global pulse app connection managerGlobal pulse app connection manager
Global pulse app connection manager
 
Un Pulse Camp - Humanitarian Innovation
Un Pulse Camp - Humanitarian InnovationUn Pulse Camp - Humanitarian Innovation
Un Pulse Camp - Humanitarian Innovation
 

Dernier

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Dernier (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Tooling Up for Cognitive Security

  • 1. Misinfosec: Tooling up for Cognitive Security SARA “SJ” TERP Disclosure, November 5th 2019 !1
  • 2. MIS / DISINFORMATION deliberate promotion… of false, misleading or mis-attributed information focus on creation, propagation, consumption of misinformation online We are especially interested in misinformation designed to change beliefs in a large number of people !2
  • 5. WESTPHALIAN SOVEREIGNTY Each nation has sovereignty over its own territory and domestic affairs Principal of non-interference in another country’s domestic affairs Each state is equal under international law 5
  • 6. NATIONAL INSTRUMENTS OF INFLUENCE …and how to influence other nation-states. Diplomatic Informational Military Economic Resources available in pursuit of national objectives… 6
  • 7. BUSINESS INSTRUMENTS OF INFLUENCE Business Deals & Strategic Partnerships PR and Advertising Mergers and Acquisitions R&D and Capital Investments 7 Resources available in pursuit of corporate objectives…
  • 8. INFORMATION THREATS Democracy • Require common political knowledge • Who the rulers are • Legitimacy of the rulers • How government works • Draw on contested political knowledge to solve problems • Vulnerable to attacks on common political knowledge Autocracy • Actively suppress common political knowledge • Benefit from contested political knowledge • Vulnerable to attacks on the monopoly of common political knowledge 8
  • 9. MOST CYBERSPACE OPERATIONS ARE BASED ON INFLUENCE Force an adversary to make a decision or take an action based on: • Information I hide • Information I give • Information I change • Information I deny/degrade • Information I destroy Enable my decisions based upon knowing yours “Operations to convey selected information and indicators to audiences to influence their emotions, motives, and objectives reasoning, and ultimately the behavior of governments, organizations, groups, and individuals” 9
  • 10. THE NEED The only defense against the world is a thorough knowledge of it. - John Locke 10
  • 11. COMBINING DIFFERENT VIEWS OF DISINFORMATION • Information security (Gordon, Grugq, Rogers) • Information operations / influence operations (Lin) • A form of conflict (Singer, Gerasimov) • [A social problem] • [News source pollution] !11
  • 12. MISINFOSEC COMMUNITIES ● Industry ● Academia ● Media ● Community ● Government ● Infosec !12
  • 13. COMPONENTWISE UNDERSTANDING AND RESPONSE • Lingua Franca across communities
 • Defend/countermove against reused techniques, identify gaps in attacks
 • Assess defence tools & techniques
 • Plan for large-scale adaptive threats (hello, Machine Learning!) !13
  • 14. DOING IT AT SCALE • Computational power • Speed of analysis • Lack of framework • Systems theory and emergence of characteristics • Cognitive friction • Cognitive dissonance https://www.visualcapitalist.com/wp-content/uploads/2018/05/ internet-minute-share2.jpg 14
  • 16. WHAT WE BUILT All warfare is based on deception. - Sun Tzu All cyberspace operations are based on influence. - Pablo Breuer 16
  • 17. STAGE-BASED MODELS ARE USEFUL RECON WEAPONIZE DELIVER EXPLOIT CONTROL EXECUTE MAINTAIN Persistence Privilege 
 Escalation Defense 
 Evasion Credential 
 Access Discovery Lateral
 Movement Execution Collection Exfiltration Command
 and Control !17
  • 18. WE EXTENDED THE ATT&CK FRAMEWORK !18
  • 19. POPULATING THE FRAMEWORK: HISTORICAL ANALYSIS • Campaigns • e.g. Internet Research Agency, 2016 US elections • Incidents • e.g. Columbia Chemicals • Failed attempts • e.g. Russia - France campaigns !19
  • 20. HISTORICAL CATALOG: DATASHEET • Summary: Early Russian (IRA) “fake news” stories. Completely fabricated; very short lifespan. 
 • Actor: probably IRA (source: recordedfuture) 
 • Timeframe: Sept 11 2014 (1 day) 
 • Presumed goals: test deployment 
 • Artefacts: text messages, images, video 
 • Related attacks: These were all well-produced fake news stories, promoted on Twitter to influencers through a single dominant hashtag -- #BPoilspilltsunami, #shockingmurderinatlanta, 
 • Method: 1. Create messages. e.g. “A powerful explosion heard from miles away happened at a chemical plant in Centerville, Louisiana #ColumbianChemicals” 2. Post messages from fake twitter accounts; include handles of local and global influencers (journalists, media, politicians, e.g. @senjeffmerkley) 3. Amplify, by repeating messages on twitter via fake twitter accounts 
 • Result: limited traction 
 • Counters: None seen. Fake stories were debunked very quickly. !20
  • 23. TACTIC STAGES (AND PHASES) Planning Strategic Planning Objective Planning Preparation Develop People Develop Networks Microtargeting Develop Content Channel Selection Execution Pump Priming Exposure Go Physical Persistence Evaluation Measure Effectiveness !23
  • 24. STIX AMITT Misinformation STIX Description Level Infosec STIX Report communication to other responders Communication Report Campaign Longer attacks (Russia’s interference in the 2016 US elections is a “campaign”) Strategy Campaign Incident Shorter-duration attacks, often part of a campaign Strategy Intrusion Set Course of Action Response Strategy Course of Action Identity Actor (individual, group, organisation etc): creator, responder, target, useful idiot etc. Strategy Identity Threat actor Incident creator Strategy Threat Actor Attack pattern Technique used in incident (see framework for examples) TTP Attack pattern Narrative Malicious narrative (story, meme) TTP Malware Tool bot software, APIs, marketing tools TTP Tool Observed Data artefacts like messages, user accounts, etc Artefact Observed Data Indicator posting rates, follow rates etc Artefact Indicator Vulnerability Cognitive biases, community structural weakness etc Vulnerability Vulnerability !24
  • 25. STIX GRAPHS (THANKS, STIG!) !25
  • 26. INTELLIGENCE SHARING AND COORDINATION !26
  • 27. NEXT: MITIGATIONS AND COUNTERS !27
  • 28. NEXT NEXTS • Continue to grow the coalition of the willing • Support the Cognitive Security ISAO • Continue to build an alert structure (ISAC, US-CERT, Interpol, Industry, etc.) • Continue to refine TTPs and framework • More mitigations and counters • STIX-based data science • AMITT updates at misinfosec.org !28