2019 11 terp_breuer_disclosure_master

bodaceacat
bodaceacat
Misinfosec: Tooling up for Cognitive Security SARA “SJ” TERP Disclosure, November 5th 2019 !1
MIS / DISINFORMATION deliberate promotion… of false, misleading or mis-attributed information focus on creation, propagation, consumption of misinformation online We are especially interested in misinformation designed to change beliefs in a large number of people !2
EVOLUTION OF INFORMATION 3
4 EVOLUTION OF INFORMATION
WESTPHALIAN SOVEREIGNTY Each nation has sovereignty over its own territory and domestic affairs Principal of non-interference in another country’s domestic affairs Each state is equal under international law 5
NATIONAL INSTRUMENTS OF INFLUENCE …and how to influence other nation-states. Diplomatic Informational Military Economic Resources available in pursuit of national objectives… 6
BUSINESS INSTRUMENTS OF INFLUENCE Business Deals & Strategic Partnerships PR and Advertising Mergers and Acquisitions R&D and Capital Investments 7 Resources available in pursuit of corporate objectives…
INFORMATION THREATS Democracy • Require common political knowledge • Who the rulers are • Legitimacy of the rulers • How government works • Draw on contested political knowledge to solve problems • Vulnerable to attacks on common political knowledge Autocracy • Actively suppress common political knowledge • Benefit from contested political knowledge • Vulnerable to attacks on the monopoly of common political knowledge 8
MOST CYBERSPACE OPERATIONS ARE BASED ON INFLUENCE Force an adversary to make a decision or take an action based on: • Information I hide • Information I give • Information I change • Information I deny/degrade • Information I destroy Enable my decisions based upon knowing yours “Operations to convey selected information and indicators to audiences to influence their emotions, motives, and objectives reasoning, and ultimately the behavior of governments, organizations, groups, and individuals” 9
THE NEED The only defense against the world is a thorough knowledge of it. - John Locke 10
COMBINING DIFFERENT VIEWS OF DISINFORMATION • Information security (Gordon, Grugq, Rogers) • Information operations / influence operations (Lin) • A form of conflict (Singer, Gerasimov) • [A social problem] • [News source pollution] !11
MISINFOSEC COMMUNITIES ● Industry ● Academia ● Media ● Community ● Government ● Infosec !12
COMPONENTWISE UNDERSTANDING AND RESPONSE • Lingua Franca across communities
 • Defend/countermove against reused techniques, identify gaps in attacks
 • Assess defence tools & techniques
 • Plan for large-scale adaptive threats (hello, Machine Learning!) !13
DOING IT AT SCALE • Computational power • Speed of analysis • Lack of framework • Systems theory and emergence of characteristics • Cognitive friction • Cognitive dissonance https://www.visualcapitalist.com/wp-content/uploads/2018/05/ internet-minute-share2.jpg 14
CONNECTING MISINFORMATION ‘LAYERS’ !15 Campaigns Incidents Narratives Artifacts attacker defender
WHAT WE BUILT All warfare is based on deception. - Sun Tzu All cyberspace operations are based on influence. - Pablo Breuer 16
STAGE-BASED MODELS ARE USEFUL RECON WEAPONIZE DELIVER EXPLOIT CONTROL EXECUTE MAINTAIN Persistence Privilege 
 Escalation Defense 
 Evasion Credential 
 Access Discovery Lateral
 Movement Execution Collection Exfiltration Command
 and Control !17
WE EXTENDED THE ATT&CK FRAMEWORK !18
POPULATING THE FRAMEWORK: HISTORICAL ANALYSIS • Campaigns • e.g. Internet Research Agency, 2016 US elections • Incidents • e.g. Columbia Chemicals • Failed attempts • e.g. Russia - France campaigns !19
HISTORICAL CATALOG: DATASHEET • Summary: Early Russian (IRA) “fake news” stories. Completely fabricated; very short lifespan. 
 • Actor: probably IRA (source: recordedfuture) 
 • Timeframe: Sept 11 2014 (1 day) 
 • Presumed goals: test deployment 
 • Artefacts: text messages, images, video 
 • Related attacks: These were all well-produced fake news stories, promoted on Twitter to influencers through a single dominant hashtag -- #BPoilspilltsunami, #shockingmurderinatlanta, 
 • Method: 1. Create messages. e.g. “A powerful explosion heard from miles away happened at a chemical plant in Centerville, Louisiana #ColumbianChemicals” 2. Post messages from fake twitter accounts; include handles of local and global influencers (journalists, media, politicians, e.g. @senjeffmerkley) 3. Amplify, by repeating messages on twitter via fake twitter accounts 
 • Result: limited traction 
 • Counters: None seen. Fake stories were debunked very quickly. !20
TECHNIQUES !21
FRAMEWORK (AMITT) !22
TACTIC STAGES (AND PHASES) Planning Strategic Planning Objective Planning Preparation Develop People Develop Networks Microtargeting Develop Content Channel Selection Execution Pump Priming Exposure Go Physical Persistence Evaluation Measure Effectiveness !23
STIX AMITT Misinformation STIX Description Level Infosec STIX Report communication to other responders Communication Report Campaign Longer attacks (Russia’s interference in the 2016 US elections is a “campaign”) Strategy Campaign Incident Shorter-duration attacks, often part of a campaign Strategy Intrusion Set Course of Action Response Strategy Course of Action Identity Actor (individual, group, organisation etc): creator, responder, target, useful idiot etc. Strategy Identity Threat actor Incident creator Strategy Threat Actor Attack pattern Technique used in incident (see framework for examples) TTP Attack pattern Narrative Malicious narrative (story, meme) TTP Malware Tool bot software, APIs, marketing tools TTP Tool Observed Data artefacts like messages, user accounts, etc Artefact Observed Data Indicator posting rates, follow rates etc Artefact Indicator Vulnerability Cognitive biases, community structural weakness etc Vulnerability Vulnerability !24
STIX GRAPHS (THANKS, STIG!) !25
INTELLIGENCE SHARING AND COORDINATION !26
NEXT: MITIGATIONS AND COUNTERS !27
NEXT NEXTS • Continue to grow the coalition of the willing • Support the Cognitive Security ISAO • Continue to build an alert structure (ISAC, US-CERT, Interpol, Industry, etc.) • Continue to refine TTPs and framework • More mitigations and counters • STIX-based data science • AMITT updates at misinfosec.org !28
1 sur 28

2019 11 terp_breuer_disclosure_master

Télécharger pour lire hors ligne
Technologie

Presentation "Misinfosec: tooling up for cognitive security", given at Disclosure 2019

bodaceacat
bodaceacat

Recommandé

Chapter 5 collection and the collection disciplines par
Chapter 5 collection and the collection disciplinesChapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplinesDoing What I Do
2.8K vues51 diapositives
Information Warfare par
Information WarfareInformation Warfare
Information Warfaredibyendupaul
3.9K vues28 diapositives
Cyberwarfare par
CyberwarfareCyberwarfare
Cyberwarfareshifahirani
713 vues7 diapositives
Chapter 4 the intelligence process a macro look who does what for whom par
Chapter 4 the intelligence process a macro look who does what for whomChapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whomDoing What I Do
2.8K vues68 diapositives
The Information Warfare: how it can affect us par
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect usLuis Borges Gouveia
9.9K vues26 diapositives
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp... par
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
4K vues70 diapositives

Contenu connexe

Tendances

Chapter 6 analysis par
Chapter 6 analysisChapter 6 analysis
Chapter 6 analysisDoing What I Do
1K vues33 diapositives
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING par
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGUNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGLillian Ekwosi-Egbulem
1.2K vues7 diapositives
Socialmediapublicsavety par
SocialmediapublicsavetySocialmediapublicsavety
SocialmediapublicsavetyFrank Smilda
517 vues8 diapositives
Information warfare, assurance and security in the energy sectors par
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
2K vues35 diapositives
2019 11 terp_mansonbulletproof_master copy par
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
376 vues34 diapositives
Chapter 10 oversight and accountability 1 par
Chapter 10 oversight and accountability 1Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1Doing What I Do
1.4K vues46 diapositives

Tendances(20)

Chapter 6 analysis par Doing What I Do
Chapter 6 analysisChapter 6 analysis
Chapter 6 analysis
Doing What I Do1K vues
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING par Lillian Ekwosi-Egbulem
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGUNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
Lillian Ekwosi-Egbulem1.2K vues
Socialmediapublicsavety par Frank Smilda
SocialmediapublicsavetySocialmediapublicsavety
Socialmediapublicsavety
Frank Smilda517 vues
Information warfare, assurance and security in the energy sectors par Love Steven
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
Love Steven2K vues
2019 11 terp_mansonbulletproof_master copy par Sara-Jayne Terp
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy
Sara-Jayne Terp376 vues
Chapter 10 oversight and accountability 1 par Doing What I Do
Chapter 10 oversight and accountability 1Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1
Doing What I Do1.4K vues
2021-02-10_CogSecCollab_UBerkeley par Sara-Jayne Terp
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley
Sara-Jayne Terp70 vues
Information warfare and information operations par Clifford Stone
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operations
Clifford Stone3.1K vues
Distributed defense against disinformation: disinformation risk management an... par Sara-Jayne Terp
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...
Sara-Jayne Terp205 vues
Risk, SOCs, and mitigations: cognitive security is coming of age par Sara-Jayne Terp
Risk, SOCs, and mitigations: cognitive security is coming of ageRisk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of age
Sara-Jayne Terp124 vues
Sj terp emerging tech radar par SaraJayneTerp
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radar
SaraJayneTerp144 vues
2021-05-SJTerp-AMITT_disinfoSoc-umaryland par Sara-Jayne Terp
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
Sara-Jayne Terp210 vues
Kenneth geers-sun-tzu-and-cyber-war par MarioEliseo3
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-war
MarioEliseo31.9K vues
Counterintelligence par kelsports
CounterintelligenceCounterintelligence
Counterintelligence
kelsports11.5K vues
Terror And Technology par pradhansushil
Terror And TechnologyTerror And Technology
Terror And Technology
pradhansushil8.5K vues
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi... par Sara-Jayne Terp
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
Sara-Jayne Terp150 vues
Vol7no2 ball par MarioEliseo3
Vol7no2 ballVol7no2 ball
Vol7no2 ball
MarioEliseo37.8K vues
Cyberwar and Geopolitics par tnwac
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
tnwac161 vues
2021 12 nyu-the_business_of_disinformation par SaraJayneTerp
2021 12 nyu-the_business_of_disinformation2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation
SaraJayneTerp304 vues
About cyber war par eugenvaleriu
About cyber warAbout cyber war
About cyber war
eugenvaleriu2.3K vues

Similaire à 2019 11 terp_breuer_disclosure_master

MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat... par
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE - ATT&CKcon
1.2K vues28 diapositives
Targeted disinformation warfare how and why foreign efforts are par
Targeted disinformation warfare how and why foreign efforts areTargeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts arearchiejones4
26 vues37 diapositives
Cognitive security: all the other things par
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other thingsSara-Jayne Terp
180 vues53 diapositives
2013 workshop-on-intelligence par
2013 workshop-on-intelligence2013 workshop-on-intelligence
2013 workshop-on-intelligenceRobert David Steele Vivas
652 vues70 diapositives
ASIS NYC InT Presentation par
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT PresentationDaniel McGarvey
883 vues56 diapositives
WG-misinfosec report out to CredCo.pdf par
WG-misinfosec report out to CredCo.pdfWG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdfSaraJayneTerp
218 vues26 diapositives

Similaire à 2019 11 terp_breuer_disclosure_master(20)

MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat... par MITRE - ATT&CKcon
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE - ATT&CKcon1.2K vues
Targeted disinformation warfare how and why foreign efforts are par archiejones4
Targeted disinformation warfare how and why foreign efforts areTargeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts are
archiejones426 vues
Cognitive security: all the other things par Sara-Jayne Terp
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other things
Sara-Jayne Terp180 vues
2013 workshop-on-intelligence par Robert David Steele Vivas
2013 workshop-on-intelligence2013 workshop-on-intelligence
2013 workshop-on-intelligence
Robert David Steele Vivas652 vues
ASIS NYC InT Presentation par Daniel McGarvey
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT Presentation
Daniel McGarvey883 vues
WG-misinfosec report out to CredCo.pdf par SaraJayneTerp
WG-misinfosec report out to CredCo.pdfWG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdf
SaraJayneTerp218 vues
Hunting for cyber threats targeting weapon systems par Fidelis Cybersecurity
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
Fidelis Cybersecurity337 vues
disinformation risk management: leveraging cyber security best practices to s... par Sara-Jayne Terp
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...
Sara-Jayne Terp313 vues
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information... par Maurice Dawson
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Maurice Dawson241 vues
MASINT and Global War on Terror par Tpeisi Nesby
MASINT and Global War on TerrorMASINT and Global War on Terror
MASINT and Global War on Terror
Tpeisi Nesby825 vues
Disinformation post report-eng par archiejones4
Disinformation post report-engDisinformation post report-eng
Disinformation post report-eng
archiejones4195 vues
Team Disinformation - 2022 Technology, Innovation & Great Power Competition par Stanford University
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionTeam Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
Stanford University2.2K vues
2.7 workshop-on-intelligence-Steele on future par Robert David Steele Vivas
2.7 workshop-on-intelligence-Steele on future2.7 workshop-on-intelligence-Steele on future
2.7 workshop-on-intelligence-Steele on future
Robert David Steele Vivas1.2K vues
Facebook par BabelNews
FacebookFacebook
Facebook
BabelNews217 vues
The Social Takeover par ZeroFOX
The Social TakeoverThe Social Takeover
The Social Takeover
ZeroFOX486 vues
2020 09-01 disclosure par Sara-Jayne Terp
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosure
Sara-Jayne Terp216 vues
Cracking the Code of Emerging Social Media Communications par Scott Rickard
Cracking the Code of Emerging Social Media CommunicationsCracking the Code of Emerging Social Media Communications
Cracking the Code of Emerging Social Media Communications
Scott Rickard874 vues
E2112733 par ajmrdjournals
E2112733E2112733
E2112733
ajmrdjournals9 vues
Francesca Bosco, Le nuove sfide della cyber security par Andrea Rossetti
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
Andrea Rossetti1.8K vues
William Strong1. Explain what is meant by the collaborations bet.docx par ambersalomon88660
William Strong1. Explain what is meant by the collaborations bet.docxWilliam Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docx
ambersalomon886603 vues

Plus de bodaceacat

CansecWest2019: Infosec Frameworks for Misinformation par
CansecWest2019: Infosec Frameworks for MisinformationCansecWest2019: Infosec Frameworks for Misinformation
CansecWest2019: Infosec Frameworks for Misinformationbodaceacat
89 vues68 diapositives
Terp breuer misinfosecframeworks_cansecwest2019 par
Terp breuer misinfosecframeworks_cansecwest2019Terp breuer misinfosecframeworks_cansecwest2019
Terp breuer misinfosecframeworks_cansecwest2019bodaceacat
157 vues68 diapositives
Misinfosec frameworks Cansecwest 2019 par
Misinfosec frameworks Cansecwest 2019Misinfosec frameworks Cansecwest 2019
Misinfosec frameworks Cansecwest 2019bodaceacat
207 vues68 diapositives
Sjterp ds_of_misinfo_feb_2019 par
Sjterp ds_of_misinfo_feb_2019Sjterp ds_of_misinfo_feb_2019
Sjterp ds_of_misinfo_feb_2019bodaceacat
145 vues72 diapositives
Practical Influence Operations, presentation at Sofwerx Dec 2018 par
Practical Influence Operations, presentation at Sofwerx Dec 2018Practical Influence Operations, presentation at Sofwerx Dec 2018
Practical Influence Operations, presentation at Sofwerx Dec 2018bodaceacat
241 vues41 diapositives
Session 10 handling bigger data par
Session 10 handling bigger dataSession 10 handling bigger data
Session 10 handling bigger databodaceacat
253 vues38 diapositives

Plus de bodaceacat(20)

CansecWest2019: Infosec Frameworks for Misinformation par bodaceacat
CansecWest2019: Infosec Frameworks for MisinformationCansecWest2019: Infosec Frameworks for Misinformation
CansecWest2019: Infosec Frameworks for Misinformation
bodaceacat89 vues
Terp breuer misinfosecframeworks_cansecwest2019 par bodaceacat
Terp breuer misinfosecframeworks_cansecwest2019Terp breuer misinfosecframeworks_cansecwest2019
Terp breuer misinfosecframeworks_cansecwest2019
bodaceacat157 vues
Misinfosec frameworks Cansecwest 2019 par bodaceacat
Misinfosec frameworks Cansecwest 2019Misinfosec frameworks Cansecwest 2019
Misinfosec frameworks Cansecwest 2019
bodaceacat207 vues
Sjterp ds_of_misinfo_feb_2019 par bodaceacat
Sjterp ds_of_misinfo_feb_2019Sjterp ds_of_misinfo_feb_2019
Sjterp ds_of_misinfo_feb_2019
bodaceacat145 vues
Practical Influence Operations, presentation at Sofwerx Dec 2018 par bodaceacat
Practical Influence Operations, presentation at Sofwerx Dec 2018Practical Influence Operations, presentation at Sofwerx Dec 2018
Practical Influence Operations, presentation at Sofwerx Dec 2018
bodaceacat241 vues
Session 10 handling bigger data par bodaceacat
Session 10 handling bigger dataSession 10 handling bigger data
Session 10 handling bigger data
bodaceacat253 vues
Session 09 learning relationships.pptx par bodaceacat
Session 09 learning relationships.pptxSession 09 learning relationships.pptx
Session 09 learning relationships.pptx
bodaceacat345 vues
Session 08 geospatial data par bodaceacat
Session 08 geospatial dataSession 08 geospatial data
Session 08 geospatial data
bodaceacat309 vues
Session 07 text data.pptx par bodaceacat
Session 07 text data.pptxSession 07 text data.pptx
Session 07 text data.pptx
bodaceacat536 vues
Session 06 machine learning.pptx par bodaceacat
Session 06 machine learning.pptxSession 06 machine learning.pptx
Session 06 machine learning.pptx
bodaceacat1K vues
Session 05 cleaning and exploring par bodaceacat
Session 05 cleaning and exploringSession 05 cleaning and exploring
Session 05 cleaning and exploring
bodaceacat313 vues
Session 04 communicating results par bodaceacat
Session 04 communicating resultsSession 04 communicating results
Session 04 communicating results
bodaceacat223 vues
Session 03 acquiring data par bodaceacat
Session 03 acquiring dataSession 03 acquiring data
Session 03 acquiring data
bodaceacat284 vues
Session 02 python basics par bodaceacat
Session 02 python basicsSession 02 python basics
Session 02 python basics
bodaceacat622 vues
Session 01 designing and scoping a data science project par bodaceacat
Session 01 designing and scoping a data science projectSession 01 designing and scoping a data science project
Session 01 designing and scoping a data science project
bodaceacat562 vues
Gp technologybuilds july2011 par bodaceacat
Gp technologybuilds july2011Gp technologybuilds july2011
Gp technologybuilds july2011
bodaceacat444 vues
Gp technologybuilds july2011 par bodaceacat
Gp technologybuilds july2011Gp technologybuilds july2011
Gp technologybuilds july2011
bodaceacat486 vues
Ardrone represent par bodaceacat
Ardrone representArdrone represent
Ardrone represent
bodaceacat333 vues
Global pulse app connection manager par bodaceacat
Global pulse app connection managerGlobal pulse app connection manager
Global pulse app connection manager
bodaceacat288 vues
Un Pulse Camp - Humanitarian Innovation par bodaceacat
Un Pulse Camp - Humanitarian InnovationUn Pulse Camp - Humanitarian Innovation
Un Pulse Camp - Humanitarian Innovation
bodaceacat340 vues

Dernier

Evolving the Network Automation Journey from Python to Platforms par
Evolving the Network Automation Journey from Python to PlatformsEvolving the Network Automation Journey from Python to Platforms
Evolving the Network Automation Journey from Python to PlatformsNetwork Automation Forum
13 vues21 diapositives
Future of AR - Facebook Presentation par
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentationssuserb54b561
14 vues27 diapositives
6g - REPORT.pdf par
6g - REPORT.pdf6g - REPORT.pdf
6g - REPORT.pdfLiveplex
10 vues23 diapositives
Microsoft Power Platform.pptx par
Microsoft Power Platform.pptxMicrosoft Power Platform.pptx
Microsoft Power Platform.pptxUni Systems S.M.S.A.
53 vues38 diapositives
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... par
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...Bernd Ruecker
37 vues69 diapositives
Case Study Copenhagen Energy and Business Central.pdf par
Case Study Copenhagen Energy and Business Central.pdfCase Study Copenhagen Energy and Business Central.pdf
Case Study Copenhagen Energy and Business Central.pdfAitana
16 vues3 diapositives

Dernier(20)

Evolving the Network Automation Journey from Python to Platforms par Network Automation Forum
Evolving the Network Automation Journey from Python to PlatformsEvolving the Network Automation Journey from Python to Platforms
Evolving the Network Automation Journey from Python to Platforms
Network Automation Forum13 vues
Future of AR - Facebook Presentation par ssuserb54b561
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
ssuserb54b56114 vues
6g - REPORT.pdf par Liveplex
6g - REPORT.pdf6g - REPORT.pdf
6g - REPORT.pdf
Liveplex10 vues
Microsoft Power Platform.pptx par Uni Systems S.M.S.A.
Microsoft Power Platform.pptxMicrosoft Power Platform.pptx
Microsoft Power Platform.pptx
Uni Systems S.M.S.A.53 vues
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... par Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker37 vues
Case Study Copenhagen Energy and Business Central.pdf par Aitana
Case Study Copenhagen Energy and Business Central.pdfCase Study Copenhagen Energy and Business Central.pdf
Case Study Copenhagen Energy and Business Central.pdf
Aitana16 vues
Powerful Google developer tools for immediate impact! (2023-24) par wesley chun
Powerful Google developer tools for immediate impact! (2023-24)Powerful Google developer tools for immediate impact! (2023-24)
Powerful Google developer tools for immediate impact! (2023-24)
wesley chun10 vues
Design Driven Network Assurance par Network Automation Forum
Design Driven Network AssuranceDesign Driven Network Assurance
Design Driven Network Assurance
Network Automation Forum15 vues
Ransomware is Knocking your Door_Final.pdf par Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp55 vues
Info Session November 2023.pdf par AleksandraKoprivica4
Info Session November 2023.pdfInfo Session November 2023.pdf
Info Session November 2023.pdf
AleksandraKoprivica412 vues
MVP and prioritization.pdf par rahuldharwal141
MVP and prioritization.pdfMVP and prioritization.pdf
MVP and prioritization.pdf
rahuldharwal14131 vues
Vertical User Stories par Moisés Armani Ramírez
Vertical User StoriesVertical User Stories
Vertical User Stories
Moisés Armani Ramírez14 vues
SUPPLIER SOURCING.pptx par angelicacueva6
SUPPLIER SOURCING.pptxSUPPLIER SOURCING.pptx
SUPPLIER SOURCING.pptx
angelicacueva615 vues
Kyo - Functional Scala 2023.pdf par Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil368 vues
Five Things You SHOULD Know About Postman par Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
Postman33 vues
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive par Network Automation Forum
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Network Automation Forum31 vues
Special_edition_innovator_2023.pdf par WillDavies22
Special_edition_innovator_2023.pdfSpecial_edition_innovator_2023.pdf
Special_edition_innovator_2023.pdf
WillDavies2217 vues
Uni Systems for Power Platform.pptx par Uni Systems S.M.S.A.
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptx
Uni Systems S.M.S.A.56 vues
virtual reality.pptx par G036GaikwadSnehal
virtual reality.pptxvirtual reality.pptx
virtual reality.pptx
G036GaikwadSnehal11 vues
Mini-Track: AI and ML in Network Operations Applications par Network Automation Forum
Mini-Track: AI and ML in Network Operations ApplicationsMini-Track: AI and ML in Network Operations Applications
Mini-Track: AI and ML in Network Operations Applications
Network Automation Forum10 vues

2019 11 terp_breuer_disclosure_master

  • 1. Misinfosec: Tooling up for Cognitive Security SARA “SJ” TERP Disclosure, November 5th 2019 !1
  • 2. MIS / DISINFORMATION deliberate promotion… of false, misleading or mis-attributed information focus on creation, propagation, consumption of misinformation online We are especially interested in misinformation designed to change beliefs in a large number of people !2
  • 5. WESTPHALIAN SOVEREIGNTY Each nation has sovereignty over its own territory and domestic affairs Principal of non-interference in another country’s domestic affairs Each state is equal under international law 5
  • 6. NATIONAL INSTRUMENTS OF INFLUENCE …and how to influence other nation-states. Diplomatic Informational Military Economic Resources available in pursuit of national objectives… 6
  • 7. BUSINESS INSTRUMENTS OF INFLUENCE Business Deals & Strategic Partnerships PR and Advertising Mergers and Acquisitions R&D and Capital Investments 7 Resources available in pursuit of corporate objectives…
  • 8. INFORMATION THREATS Democracy • Require common political knowledge • Who the rulers are • Legitimacy of the rulers • How government works • Draw on contested political knowledge to solve problems • Vulnerable to attacks on common political knowledge Autocracy • Actively suppress common political knowledge • Benefit from contested political knowledge • Vulnerable to attacks on the monopoly of common political knowledge 8
  • 9. MOST CYBERSPACE OPERATIONS ARE BASED ON INFLUENCE Force an adversary to make a decision or take an action based on: • Information I hide • Information I give • Information I change • Information I deny/degrade • Information I destroy Enable my decisions based upon knowing yours “Operations to convey selected information and indicators to audiences to influence their emotions, motives, and objectives reasoning, and ultimately the behavior of governments, organizations, groups, and individuals” 9
  • 10. THE NEED The only defense against the world is a thorough knowledge of it. - John Locke 10
  • 11. COMBINING DIFFERENT VIEWS OF DISINFORMATION • Information security (Gordon, Grugq, Rogers) • Information operations / influence operations (Lin) • A form of conflict (Singer, Gerasimov) • [A social problem] • [News source pollution] !11
  • 12. MISINFOSEC COMMUNITIES ● Industry ● Academia ● Media ● Community ● Government ● Infosec !12
  • 13. COMPONENTWISE UNDERSTANDING AND RESPONSE • Lingua Franca across communities
 • Defend/countermove against reused techniques, identify gaps in attacks
 • Assess defence tools & techniques
 • Plan for large-scale adaptive threats (hello, Machine Learning!) !13
  • 14. DOING IT AT SCALE • Computational power • Speed of analysis • Lack of framework • Systems theory and emergence of characteristics • Cognitive friction • Cognitive dissonance https://www.visualcapitalist.com/wp-content/uploads/2018/05/ internet-minute-share2.jpg 14
  • 16. WHAT WE BUILT All warfare is based on deception. - Sun Tzu All cyberspace operations are based on influence. - Pablo Breuer 16
  • 17. STAGE-BASED MODELS ARE USEFUL RECON WEAPONIZE DELIVER EXPLOIT CONTROL EXECUTE MAINTAIN Persistence Privilege 
 Escalation Defense 
 Evasion Credential 
 Access Discovery Lateral
 Movement Execution Collection Exfiltration Command
 and Control !17
  • 18. WE EXTENDED THE ATT&CK FRAMEWORK !18
  • 19. POPULATING THE FRAMEWORK: HISTORICAL ANALYSIS • Campaigns • e.g. Internet Research Agency, 2016 US elections • Incidents • e.g. Columbia Chemicals • Failed attempts • e.g. Russia - France campaigns !19
  • 20. HISTORICAL CATALOG: DATASHEET • Summary: Early Russian (IRA) “fake news” stories. Completely fabricated; very short lifespan. 
 • Actor: probably IRA (source: recordedfuture) 
 • Timeframe: Sept 11 2014 (1 day) 
 • Presumed goals: test deployment 
 • Artefacts: text messages, images, video 
 • Related attacks: These were all well-produced fake news stories, promoted on Twitter to influencers through a single dominant hashtag -- #BPoilspilltsunami, #shockingmurderinatlanta, 
 • Method: 1. Create messages. e.g. “A powerful explosion heard from miles away happened at a chemical plant in Centerville, Louisiana #ColumbianChemicals” 2. Post messages from fake twitter accounts; include handles of local and global influencers (journalists, media, politicians, e.g. @senjeffmerkley) 3. Amplify, by repeating messages on twitter via fake twitter accounts 
 • Result: limited traction 
 • Counters: None seen. Fake stories were debunked very quickly. !20
  • 23. TACTIC STAGES (AND PHASES) Planning Strategic Planning Objective Planning Preparation Develop People Develop Networks Microtargeting Develop Content Channel Selection Execution Pump Priming Exposure Go Physical Persistence Evaluation Measure Effectiveness !23
  • 24. STIX AMITT Misinformation STIX Description Level Infosec STIX Report communication to other responders Communication Report Campaign Longer attacks (Russia’s interference in the 2016 US elections is a “campaign”) Strategy Campaign Incident Shorter-duration attacks, often part of a campaign Strategy Intrusion Set Course of Action Response Strategy Course of Action Identity Actor (individual, group, organisation etc): creator, responder, target, useful idiot etc. Strategy Identity Threat actor Incident creator Strategy Threat Actor Attack pattern Technique used in incident (see framework for examples) TTP Attack pattern Narrative Malicious narrative (story, meme) TTP Malware Tool bot software, APIs, marketing tools TTP Tool Observed Data artefacts like messages, user accounts, etc Artefact Observed Data Indicator posting rates, follow rates etc Artefact Indicator Vulnerability Cognitive biases, community structural weakness etc Vulnerability Vulnerability !24
  • 25. STIX GRAPHS (THANKS, STIG!) !25
  • 26. INTELLIGENCE SHARING AND COORDINATION !26
  • 27. NEXT: MITIGATIONS AND COUNTERS !27
  • 28. NEXT NEXTS • Continue to grow the coalition of the willing • Support the Cognitive Security ISAO • Continue to build an alert structure (ISAC, US-CERT, Interpol, Industry, etc.) • Continue to refine TTPs and framework • More mitigations and counters • STIX-based data science • AMITT updates at misinfosec.org !28