How Seriously Should We Treat Disinformation Campaigns?
Information security professionals must understand the threat at hand in order to properly defend against it. DiResta said that part of that is noting what hasn’t been successful and allocating resources accordingly.
For example, DiResta detailed a social media operation that was executed by the Chinese government. The original post at the center of the operation had 23,000 retweets, which might indicate that the operation was a success. But she said that if you look more closely, the accounts tell a different story.
“Ninety-two percent of those accounts had less than 10 followers. That’s pretty terrible,” said DiResta. “The accounts tweeted about 350,000 times, and the average engagement per tweet was 0.81, so most of the tweets didn’t even have a single like, retweet or favorite.”
This doesn’t mean that China won’t eventually find a successful strategy, DiResta added.
“As we think about this as infosec professionals and information operations researchers, we expect China to improve,” she said. “We should study the content. We should work on identifying the kind of tactics, techniques and procedures that indicate that an operation is coming from China, but we have to remain clearheaded about how impactful the activity actually was.”
Russia’s disinformation program, on the other hand, is more effective. DiResta said that is due to the fact that Russia’s Internet Research Agency segments the U.S. population in its operations.
“What’s interesting about this is, as you look at the content, you see that it’s very identity-focused,” she said. “They have a particular political opinion that they hold as a kind of deeply held belief and the content is consistently reinforcing that identity, reinforcing that belief. When you share it, you’re sort of signaling membership in that group.”
MORE FROM BIZTECH: Learn how top CISOs see today's security landscape.
What Businesses Can Do to Combat Disinformation
While foreign governments use these attacks to political ends, businesses need to be on guard as well. Information obtained by hacking businesses can be used as ammunition in these campaigns.
“They take that collateral and then that, in turn, is transmitted to their own personas, their own agents of influence,” said DiResta. “They’re online fake personas who try to communicate it to journalists. It’s the model of distributing the Podesta emails. The Internet Research Agency picks up the content and begins to turn it into memes, driving news cycles domestically and facilitating sharing within American audiences.”
Reputational attacks on companies are just as easy to execute, and businesses with global lines that compete with other governments could find themselves under attack. As companies wade deeper into the waters of different social issues, DiResta said, they can find themselves caught up in social media discord.
“You can have amplification of those tensions and fraught conversations on social media, by additional outsiders who come to participate because they see it as a great way to erode social cohesion,” DiResta said. “Just because a lot of mentions of your brand are happening, it doesn’t necessarily mean that they’re authentic or inauthentic. This really kind of falls to the chief security officer at this point, to try to understand when these attacks are focused on corporations, how they should respond, how they should think about them.”
A coordinated effort is the best way to defend against these kinds of attacks, DiResta said.
“We need to increase communication between InfoSec professionals and information operations researchers with the goal of developing a better understanding of how social network manipulation intersects with network infiltration in service to predicting and mitigating these attacks.”