Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem

Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem

An inside look at how nation-states use social media to influence, confuse and divide — and why cybersecurity researchers should be involved.

Social media used as a cudgel for nation-states to sway opinion is a cybersecurity threat CISOs can’t ignore — and need to understand better and mitigate against.

That’s the message from Renée DiResta, research manager at the Stanford Internet Observatory, who said she is seeing a steady growth and maturing of damaging social-media campaigns by nation-states. The use of social media to sway opinion, sow division and hurt reputations is now part of a threat-actor’s playbook, according DiResta. During a keynote address at Black Hat on Thursday entitled “Hacking Public Opinion,” she said threat actors are fine-tuning these attacks.

Click to register!

Her message to the Black Hat community is that these types of attacks can just as easily be delivered as “reputation attacks” against businesses as they can against elections.

“Where does this threat land in your org chart? It falls to the CISO,” she said. “This is a cybersecurity issue…we need to do more red-teaming around social and think of it as a system and how attacks can impact operations.”

She noted that recent reputation attacks leveraging a social-media playbook have included the agrochemical firm Monstanto Company, petroleum producers involved in fracking, and business and organizations that have taken strong stances on social issues. Too often, DiResta said, there is a lack of ownership of the problem inside companies.

In her talk, DiResta walked virtual attendees through what constitutes a modern social-media influence campaign. First there is the creation of thousands of fake-personae accounts. Then there’s the development of content, which is seeded to social platforms. Next, dubious news sites generate plausible — yet bogus — articles that amplify a core message. If successful, the viral nature of the “news” piques the interest of mass-media news sites. They take the bait and report on the viral “news” as fact.

“As people in the infosec community, you need to identify the kill chain here and understand how to stop these attacks,” she said.

She outlined how both China and Russian nation-state actors have created influence operations to fit what she calls the “the information environment” of the day. The goal is to distract, persuade, entrench and divide.

“The secret with social isn’t ad buys and fake personas. It’s people becoming the unwitting participants in these influence campaigns by spreading their messages for them,” she said.

She drew a sharp distinction between China and Russian state actors. To wit: She pointed out that efforts to sway public opinion on the Hong Kong riots and attempts by China to deflect blame for the spread of the coronavirus were a failure.

While the number of fake social-media accounts created by China state actors was staggering, campaigns lacked the emotional component needed to spark organic human-to-human sharing of memes, stories or opinions. Stanford Internet Observatory estimated that 92 percent of the hundreds of thousands of fake accounts tied to China-influence campaigns had less than 10 followers, she said.

Russia-linked APT Fancy Bear on the other hand has been extremely successful in leveraging social platforms via a sophisticated mix of tactics that include hacking, leaking sensitive information and infiltrating impassioned affinity groups.

black hat government hacks vulnerabilities web security china ciso coronavirus fake news fancy bear hong kong influence operations kill chain renée diresta russia social media viral content

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues

Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges.

Black Hat USA 2020 Preview: Election Security, COVID Disinformation and More

Threatpost editors break down the top themes, speakers and sessions to look out for this year at Black Hat 2020 – from election security to remote work and the pandemic.

Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem

With many in the public sphere warning about a potential compromise of the integrity of the Presidential Election, security researchers instead flag online resources and influence campaigns as the biggest problem areas.

Grindr's Bug Bounty Pledge Doesn't Translate to Security

At [email protected], Luta Security CEO Katie Moussouris stressed that bug bounty programs aren't a 'silver bullet' for security teams.

Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack

Attackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.