Aug 11 2020

Black Hat 2020: The Security Implications of Disinformation Campaigns

Stoking public discord is more than a political problem, and businesses should take note.

One of the emerging national security threats of the past several years is the prevalence of foreign disinformation campaigns. Such influence can have political implications, as well as deepening cultural divides and stirring overall unrest.

While this has been a known threat in the public space, businesses are at risk as well. At Black Hat USA 2020, Stanford Internet Observatory Research Manager Renee DiResta said that the vast opportunities of the internet and social media have left us with an avalanche of material at our fingertips, and some of it is ill-intentioned.

“We’ve eliminated the editorial gatekeepers, eliminated the cost barriers to entry, and so what we begin to have is algorithmic curation,” said DiResta. “Algorithms surface and recommend and rate content. They rank it and then they help amplify and disseminate it, so this becomes a tech-mediated process that ensures that information hits large numbers of people.”

“We have individual platforms, each with a large standing audience and precision targeting, and then algorithms that play a significant role in deciding what we see,” she added.

These algorithms, if not properly built to defend against these campaigns, can help these attacks spread widely.

How Seriously Should We Treat Disinformation Campaigns?

Information security professionals must understand the threat at hand in order to properly defend against it. DiResta said that part of that is noting what hasn’t been successful and allocating resources accordingly.

For example, DiResta detailed a social media operation that was executed by the Chinese government. The original post at the center of the operation had 23,000 retweets, which might indicate that the operation was a success. But she said that if you look more closely, the accounts tell a different story.

“Ninety-two percent of those accounts had less than 10 followers. That’s pretty terrible,” said DiResta. “The accounts tweeted about 350,000 times, and the average engagement per tweet was 0.81, so most of the tweets didn’t even have a single like, retweet or favorite.”

This doesn’t mean that China won’t eventually find a successful strategy, DiResta added.

“As we think about this as infosec professionals and information operations researchers, we expect China to improve,” she said. “We should study the content. We should work on identifying the kind of tactics, techniques and procedures that indicate that an operation is coming from China, but we have to remain clearheaded about how impactful the activity actually was.”

Russia’s disinformation program, on the other hand, is more effective. DiResta said that is due to the fact that Russia’s Internet Research Agency segments the U.S. population in its operations.

“What’s interesting about this is, as you look at the content, you see that it’s very identity-focused,” she said. “They have a particular political opinion that they hold as a kind of deeply held belief and the content is consistently reinforcing that identity, reinforcing that belief. When you share it, you’re sort of signaling membership in that group.”

MORE FROM BIZTECH: Learn how top CISOs see today's security landscape.

What Businesses Can Do to Combat Disinformation

While foreign governments use these attacks to political ends, businesses need to be on guard as well. Information obtained by hacking businesses can be used as ammunition in these campaigns.

“They take that collateral and then that, in turn, is transmitted to their own personas, their own agents of influence,” said DiResta. “They’re online fake personas who try to communicate it to journalists. It’s the model of distributing the Podesta emails. The Internet Research Agency picks up the content and begins to turn it into memes, driving news cycles domestically and facilitating sharing within American audiences.”

Reputational attacks on companies are just as easy to execute, and businesses with global lines that compete with other governments could find themselves under attack. As companies wade deeper into the waters of different social issues, DiResta said, they can find themselves caught up in social media discord.

“You can have amplification of those tensions and fraught conversations on social media, by additional outsiders who come to participate because they see it as a great way to erode social cohesion,” DiResta said. “Just because a lot of mentions of your brand are happening, it doesn’t necessarily mean that they’re authentic or inauthentic. This really kind of falls to the chief security officer at this point, to try to understand when these attacks are focused on corporations, how they should respond, how they should think about them.”

A coordinated effort is the best way to defend against these kinds of attacks, DiResta said.

“We need to increase communication between InfoSec professionals and information operations researchers with the goal of developing a better understanding of how social network manipulation intersects with network infiltration in service to predicting and mitigating these attacks.”

asiandelight/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.