An inside look at how nation-states use social media to influence, confuse and divide — and why cybersecurity researchers should be involved.
Social media used as a cudgel for nation-states to sway opinion is a cybersecurity threat CISOs can’t ignore — and need to understand better and mitigate against.
That’s the message from Renée DiResta, research manager at the Stanford Internet Observatory, who said she is seeing a steady growth and maturing of damaging social-media campaigns by nation-states. The use of social media to sway opinion, sow division and hurt reputations is now part of a threat-actor’s playbook, according DiResta. During a keynote address at Black Hat on Thursday entitled “Hacking Public Opinion,” she said threat actors are fine-tuning these attacks.
Click to register!
Her message to the Black Hat community is that these types of attacks can just as easily be delivered as “reputation attacks” against businesses as they can against elections.
“Where does this threat land in your org chart? It falls to the CISO,” she said. “This is a cybersecurity issue…we need to do more red-teaming around social and think of it as a system and how attacks can impact operations.”
She noted that recent reputation attacks leveraging a social-media playbook have included the agrochemical firm Monstanto Company, petroleum producers involved in fracking, and business and organizations that have taken strong stances on social issues. Too often, DiResta said, there is a lack of ownership of the problem inside companies.
In her talk, DiResta walked virtual attendees through what constitutes a modern social-media influence campaign. First there is the creation of thousands of fake-personae accounts. Then there’s the development of content, which is seeded to social platforms. Next, dubious news sites generate plausible — yet bogus — articles that amplify a core message. If successful, the viral nature of the “news” piques the interest of mass-media news sites. They take the bait and report on the viral “news” as fact.
“As people in the infosec community, you need to identify the kill chain here and understand how to stop these attacks,” she said.
She outlined how both China and Russian nation-state actors have created influence operations to fit what she calls the “the information environment” of the day. The goal is to distract, persuade, entrench and divide.
“The secret with social isn’t ad buys and fake personas. It’s people becoming the unwitting participants in these influence campaigns by spreading their messages for them,” she said.
She drew a sharp distinction between China and Russian state actors. To wit: She pointed out that efforts to sway public opinion on the Hong Kong riots and attempts by China to deflect blame for the spread of the coronavirus were a failure.
While the number of fake social-media accounts created by China state actors was staggering, campaigns lacked the emotional component needed to spark organic human-to-human sharing of memes, stories or opinions. Stanford Internet Observatory estimated that 92 percent of the hundreds of thousands of fake accounts tied to China-influence campaigns had less than 10 followers, she said.
Russia-linked APT Fancy Bear on the other hand has been extremely successful in leveraging social platforms via a sophisticated mix of tactics that include hacking, leaking sensitive information and infiltrating impassioned affinity groups.
Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges.
Threatpost editors break down the top themes, speakers and sessions to look out for this year at Black Hat 2020 – from election security to remote work and the pandemic.
With many in the public sphere warning about a potential compromise of the integrity of the Presidential Election, security researchers instead flag online resources and influence campaigns as the biggest problem areas.
At [email protected], Luta Security CEO Katie Moussouris stressed that bug bounty programs aren't a 'silver bullet' for security teams.
Attackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.