Practical Influence Operations, presentation at Sofwerx Dec 2018
•Télécharger en tant que PPTX, PDF•
0 j'aime•250 vues
Presentation on practical responses to misinformation as part of hybrid warfare, including the use of infosec frameworks to frame attacks and responses.
Recommandé
Contenu connexe
Similaire à Practical Influence Operations, presentation at Sofwerx Dec 2018
Similaire à Practical Influence Operations, presentation at Sofwerx Dec 2018 (20)
Plus de bodaceacat
Plus de bodaceacat (20)
Dernier
Dernier (20)
Practical Influence Operations, presentation at Sofwerx Dec 2018
- 1. Bodacea Light Industries, 2018 Practical Influence Operations Sara-Jayne “SJ” Terp December 2018 1
- 2. Bodacea Light Industries, 2018 Offense Where we are today 2
- 3. Bodacea Light Industries, 2018 Definitions 3
- 4. Bodacea Light Industries, 2018 Misinformation 4
- 5. Bodacea Light Industries, 2018 Social Engineering 5 ion of people into performing actions or divulging
- 6. Bodacea Light Industries, 2018 At Scale 6 Facebook group total_shares interactions Facebook.com/Blacktivists 103,767,792 6,182,835 Facebook.com/Txrebels 102,950,151 3,453,143 Facebook.Com/MuslimAmerica 71,355,895 2,128,875 Facebook.Com/Patriototus 51,139,860 4,438,745 Facebook.Com/Secured.Borders 5,600,136 1,592,771 Facebook.Com/Lgtbun 5,187,494 1,262,386
- 7. Bodacea Light Industries, 2018 Impact of misinformation 7
- 8. Bodacea Light Industries, 2018 Individuals: fake events 8
- 9. Bodacea Light Industries, 2018 Communities: diverted crisis efforts 9
- 10. Bodacea Light Industries, 2018 Nationstates: Qanon campaigns 10 “Action: continuous barrage of memes. All SM platforms Hashtags: #HRCvideo #releasethevideo #maga #QAnon Use top trending hashtags along with your posts. Share and retweet as much as possible”
- 11. Bodacea Light Industries, 2018 How big is this 11
- 12. Bodacea Light Industries, 2018 Targeting your brain 12
- 13. Bodacea Light Industries, 2018 Targeting groups 13
- 14. Bodacea Light Industries, 2018 Targeting all social sites 14
- 15. Bodacea Light Industries, 2018 Targeting everyone 15
- 16. Bodacea Light Industries, 2018 Actors, Motivations • State/nonstate actors • Entrepreneurs • Grassroots groups • Private influencers 16
- 17. Bodacea Light Industries, 2018 Defense “Isn’t it just like spam?” 17
- 18. Bodacea Light Industries, 2018 This isn’t too different to infosec 18
- 19. Bodacea Light Industries, 2018 Detect 19
- 20. Bodacea Light Industries, 2018 Sources 20
- 21. Bodacea Light Industries, 2018 Artefacts: Content 21 • Co-occurring hashtags • Correlated text • URLs • Stories
- 22. Bodacea Light Industries, 2018 Stories 22
- 23. Bodacea Light Industries, 2018 Artefacts: Context 23 • Known botnets/trolls • Previous rumours • friends/followers • retweets/likes • Metadata (e.g. DNS)
- 24. Bodacea Light Industries, 2018 Money 24
- 25. Bodacea Light Industries, 2018 Respond 25
- 26. Bodacea Light Industries, 2018 Individual: report trolls/botnets 26 “Twitter (reportedly) suspended over 70 million accounts” “Facebook created a human crisis team after algorithms failed it”
- 27. Bodacea Light Industries, 2018 Individual: report fraud 27
- 28. Bodacea Light Industries, 2018 Individual: block 28
- 29. Bodacea Light Industries, 2018 Platforms • Remove non-human traffic • Rate-limit / shadowban trolls • Remove pages from ad exchanges • Remove non-human traffic from ad exchanges 29
- 30. Bodacea Light Industries, 2018 Community: Engage 30
- 31. Bodacea Light Industries, 2018 Individual: Repair 31
- 32. Bodacea Light Industries, 2018 Community • Parody-based counter-campaigns (e.g. riffs on “Q”) • SEO-hack misinformation sites • Dogpile onto misinformation hashtags • Divert followers (typosquat trolls, spoof messaging etc) • Identify and engage with affected individuals • Educate, verify, bring into the light 32
- 33. Bodacea Light Industries, 2018 Adaptations The game is changing all the time 33
- 34. Bodacea Light Industries, 2018 Attacks are adapting all the time 34
- 35. Bodacea Light Industries, 2018 Offense: Potentials for Next • Algorithms + humans attack algorithms + humans • Shift from trolls to ‘nudging’ existing human communities (‘useful idiots’) • Subtle attacks, e.g. ’low-and-slows’, ‘pop-up’, etc • Massively multi-channel attacks • More commercial targets • A well-established part of hybrid warfare 35
- 36. Bodacea Light Industries, 2018 (Please) stop being passive 36
- 37. Bodacea Light Industries, 2018 Defence: Potential for next • Strategic and tactical collaboration • Trusted third-party sharing on fake news sites / botnets • Misinformation version of ATT&CK, SANS20 frameworks • Algorithms + humans counter algorithms + humans • Thinking the unthinkable • “Countermeasures and self-defense actions” 37
- 38. Bodacea Light Industries, 2018 My current work: Anti-Fraud 38
- 39. Bodacea Light Industries, 2018 My Hobby: Infrastructure 39
- 40. Bodacea Light Industries, 2018 Your part: don’t fight the last war 40
- 41. Bodacea Light Industries, 2018 Thank you SJ Terp @bodaceacat 41
Notes de l'éditeur
- You’ve already heard a lot today about misinformation. I’ll just add a little to that.
- Misinformation is deliberately false information. One example is the “fake news” sites above, containing misinformation that’s used to gain advertising money, with clickbait tweets that bring people to them. Some of these currently contain the typical aliens and healthcure material, but many are political and trading on strong emotions like fear and useful divisions in society. Image: screenshot of http://www.sawthis.one/ 2018-07-08
- “A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.” Source: wikipedia
- Online misinformation is huge. A few hundred trolls and thousands of bots can affect millions of people at a time. This is the scale that nationstate-run groups and pages, dedicated to creating division and confusion, typically work at. Here are some of the Russian-owned Facebook groups shown to Congress: these high volumes of shares and interactions might include a lot of botnet activity, but are still not insignificant.
- Misinformation is also moving from online to offline. Several times now, misinformation actors have sent invites to opposing groups to demonstrate at the same time in the same place. https://twitter.com/JuliaDavisNews/status/994704834577215495 https://twitter.com/donie/status/957246815056908288
- Misinformation is information that’s deliberately false (actually that’s disinformation, but “misinformation” as a term won). The smallest form of online misinformation is ‘joke’ viral content, for example in every disaster there’s someone who puts up an image of a shark in the street. Image: http://www.politifact.com/truth-o-meter/statements/2017/aug/28/blog-posting/there-are-no-sharks-swimming-streets-houston-or-an/ and pretty much any major US disaster
- And then, if you look, you can find organising pages for campaigns. Here are two Qanon “meme war organising page”. Qanon is a major group, but is just one of many. Note that this is from March/April, and has a specific date on it, targetting a specific event.
- Familiarity backfire effect Memory traces Emotions = stronger traces Here are some common brain vulnerabilities. My favourites are the familiarity backfire effect, where if you repeat a message with a negative in it, people remember the message without the negative, and that when people read, they take false information in as true before rejecting it - and in that fraction of a second, build other assertions off the false information, even if they *know* the original information is false.
- This is targetting groups. This is one of the congress adverts set
- This stuff is everywhere online: the expected places (FB, twitter, reddit, eventbrite, medium etc) but also comment streams, payment and event sites.
- Social media buys reach and scale. 100 good bots = long game; 10000 ba ones = short but effective You can also use other advertising techniques, and things like that familiarity backfire. Botnets are very useful for this, and very cheap, at about $150 for a difficult-to-find “aged” set, to a few dollars per thousand for Russian recent bots. Buy the bots, use any of the handy online guides to set them up messaging or retweeting etc, or use some simple pattern matching or AI to make them harder to find.
- One big weakness for attackers is that they have to tell you about themselves. They leave a lot of “artefacts” - ways to find them. botsentinal.com
- Here are some of them, including hashtags, URLs, adverts. A simple media search with twitter, tweetdeck etc will find a lot of these. On the right are the artifacts tracked as part of the Canadian elections.
- There’s also a lot of content in fact check sites(Snopes etc); if you have the resources, then it’s also possible to pay someone to go look at an area being discussed. Sometimes misinformation propagation is more subtle. These are a good place to look for that too.
- Here are some of them, including hashtags, URLs, adverts. A simple media search with twitter, tweetdeck etc will find a lot of these. On the right are the artifacts tracked as part of the Canadian elections.
- You *can* report to platforms. So far this has been pretty underwhelming, but if we did it at scale, it could be interesting. What would be good in an ideal system includes: Realtime botnet removal Realtime troll dampening Etc But that’s not where we are, so here’s some others.
- Two things: advertising works by putting adverts into slots on pages. We can track unlabelled political ads, we can see the fakenews pages and pages associated with them, and we can see botnets going to pages to drive up their ad revenue. For communities, you can report ads on fake pages to brands.
- And as an individual, there are still things you can do. One of these is to work with other people to block misinformation sources and channels. Many anti-harassment apps can be repurposed for this.
- My favourite communities are the Lithuanian elves. Formed as an anonymous online group. They fight back every day against Russian misinformation, using a combination of humour and facts. It seems to be working. Other cool things to do include overwhelming misinformation hashtags with other content, and hacking search terms to make disambiguation pages appear above misinformation sites. Another group that’s got some traction is VOST (Virtual Operation Support Team), a team that supports responders in disasters: VOST Panama also used humour and “fake stamps” to counter misinformation, and helped me run a deployment on this during Hurricane Irma (when people also reported misinformation to Fema and Buzzfeed).
- You can also help in rebuilding damaged communities: this is The Commons Project, that uses a combination of bots, humans and peace techniques for this.
- Image: SANS sliding scale of cyber security
- This is a mock-up of the Global Disinformation Index
- I’m leading a team working on writing a misinformation equivalent to the ATT&CK TTP framework.
- There are still a lot of bots out there, but tactics, techniques and procedures are changing rapidly: we’re starting to see an early-infosec-style split into script-kiddie style crude botnets and more carefully crafted responsive bots. image: https://medium.com/@MediaManipulation/tracking-disinformation-by-reading-metadata-320ece1ae79b