Enemies at the Gate: The New Fake News

by James Scott, Co-Founder and Sr. Fellow, Institute for Critical Infrastructure Technology (ICIT), Center for Cyber Influence Operations Studies (CCIOS)

The Institute for Critical Infrastructure Technology (ICIT) is a non-partisan, non-profit 501c3 intent on facilitating meaningful dialogue amongst key stakeholders in government and public and private organizations as well as educating the public on Information Security topics. Last year, ICIT launched the Center for Cyber Influence Operation Studies (CCIOS) to address the emergence of Information Warfare, Influence Operations, and psychological operations attacks against the public and essential members of critical infrastructure organizations. Due to a surge in online adversarial efforts to harness digital tabloids against entities dedicating to opposing the influence operations of foreign threat actors and special interest groups, ICIT will be releasing a series of blog posts focused on drawing public awareness to adversarial efforts to steer public perceptions, jeopardize national security, and control the public narrative.

Asymmetric Digital Warfare Continues to Evolve

Digital threat actors ranging from unsophisticated script kiddies to sophisticated advanced persistent threat (APT) groups continuously evolve in order to maintain their relentless onslaught of attack campaigns against vulnerable targets and exploitable systems. Adversaries and victims alike that fail to adapt to the constraints and variables of the dynamic threat landscape rapidly succumb to irrelevancy.  Offensive and defensive cybersecurity, like many fields, are defined by an innovator-imitator-emulator paradigm. Resourced threat actors discover zero-day vulnerabilities, develop custom malware, and pilot novel attack vectors. Less capable attackers monitor CVE disclosures and vendor reports and then exploit disclosed vulnerabilities. Wannabe threats purchase point-and-click malicious applications or contract the actual attack to cyber-mercenaries. Eventually, the technological curve surpasses the in-vogue malware. Sophisticated actors develop new tools, techniques, and procedures while lower level attackers modify and adapt the secondhand code into numerous derivatives. Meanwhile, individuals, organizations, government entities, and other targets similarly operate. Innovative vendors develop bleeding-edge applications, advisory bodies propagate nascent models, and security organizations disseminate critical information via whitepapers, blogs, advisories, and other avenues. Since malicious threat actors actively monitor mitigation strategies and vulnerability disclosures, potential targets only have a limited window to mitigate vulnerabilities, patch systems, or adopt new security layers. The asymmetric race against adversaries is not ideal, but it is the only realistic model. Attackers are more numerous, more agile, and less stationary than their targets. Silver bullet solutions do not exist. The conflict can only be disrupted through the dissemination of profound, digestible, and actionable information, the introduction of jarring behavioral corrections, and the cultivation of innovative solutions from reliable vendors.  ICIT, government entities, other think tanks, and security vendors publicly release threat information to disarm adversaries and to raise potential victim awareness. The unavoidable consequence is that stagnant organizations remain vulnerable when low-level attackers adopt methodologies and tools previously outside their capabilities. However, the troubling evolution in the dynamic threat landscape is that online attackers at every level have begun manipulating information and the public. Only ICIT and a few other organizations are actively researching and combating information warfare, influence operations, and psychological attack campaigns. As a result, the majority of the public remain psychologically stagnant and vulnerable to adversarial influence. Worse, a rampant plague of digital tabloids and upstart online talking heads have decided to capitalize on the public’s fear and vulnerability. These entities may prove even more damaging than the attackers’ propaganda and disinformation because their combination of superfluous entertainment reputations, widespread click-bait networks, and bot-inflated faux-viral audience size empowers them to bypass the public’s caution and insinuate themselves as “trusted” authorities on information warfare and influence operations.

Information Warfare has Normalized Across All Digital Vectors

Hacking used to focus on the targeted exploitation of critical vulnerabilities in sensitive systems by sophisticated APTs to exfiltrate treasure troves of valuable PII, PHI, and IP. The paradigm and threat landscape have shifted. Attackers have begun weaponizing memes across digital vectors in order to digitize influence operations, information warfare, and psychological campaigns by leveraging spiral dynamics, cognitive biases, socionics, logical fallacies, and memetic design across social media and other online vectors. Now, sophisticated and unsophisticated adversaries vie for control over the public narrative because the perception of the narrative is erroneously equated to the discernment of reality. The battle for cyberspace has evolved beyond a conflict for control over and access to digital assets. It is now a war over the confidentiality, availability, and integrity of information, control of the narrative, and dictation of the widespread perception of reality. In the past ICIT publicly released critical infrastructure centric advisory reports and was subsequently targeted by APTs and unsophisticated threat actors attempting and failing to inflict technical and reputational harm in retaliation for the exposure of their nefarious activities and methodologies. Other security firms have suffered similar attacks. Over the past year, sophisticated adversaries have evolved to include influence operations in their standardized attack layers.

In response to the emerging threat, ICIT launched the Center for Cyber Influence Operation Studies (CCIOS) and raised public awareness through the publication of the book Information Warfare:  The Meme is the Embryo of the Narrative Illusion. Some critics argued that the manual could be leveraged in the development of budding attackers; however, publication of the information was essential to galvanize the cyber-hygiene, information security, and psychological memetic defenses necessary to combat nation-state sponsored and other adversary’s weaponization of memes, fake news, and disinformation across all social media and online vectors. For instance, sophisticated attackers weaponize machine learning and artificial intelligence when they deploy bots on Twitter, Facebook, YouTube, and other platforms. Bots are fake social media accounts that are programmed to automatically ‘like’ or retweet a particular message. Bots are used by fake news publishers to inflate the popularity of their articles and imply an illusion of a viral following. This makes it more likely for people to discover the article or site. Less adept actors attempt to replicate the campaigns without employing machine learning or artificial intelligence to algorithmically train the bots, with significantly reduced success. Resourced Russian and Chinese collectives attempt to spread misinformation and discord through the incitement of personal attacks and defamation campaigns designed to undermine anyone who resists their efforts. For example, a typical modus operandi is to disseminate false information online on locations where the data is known to either be prioritized according to search engine optimization (SEO) algorithms or on sites where dragnet surveillance data aggregators are known to farm for information. In some instances, data belonging to multiple similarly named individuals are conflated. In other cases, the data is altogether fabricated. The goal is to demonize and isolate the target so that complications in the target’s personal and professional life disrupt their opposition to the adversarial narrative. Falsely attributed data lurks in the shadows of the victim’s life, sabotaging background checks, impacting their credit, discrediting their work, etc. If the victim does not relent or if they have a public reputation, then the attack continues in escalating layers. Bots might be used to comment on sites that cover their work. Fake Twitter accounts might follow their moniker or hashtags in an attempt to undermine their credibility. “Anonymous accusers” might recount falsified narratives on social media and digital message boards. In Trickle-Down Influence attacks, a false narrative might be spread from an adversary-affiliated parent company through intermediaries to a subsidiary media company to an unsuspecting journalist.

Misleading Online Tabloids and Faux-Experts Threaten National Security

While experts are beginning to devise inoculation strategies to combat the influence operations of sophistication of nation states and well-funded special interest groups, novice “journalists” and faux-specialists are compromising the psychological defenses vast audiences through the cultivated illusions of expertise tailored to mislead readers and capitalize on their curiosity, fear, political ideologies, personal proclivities, etc. These threat actors make influence ops, fake news, and similar topics their defining mantra throughout their enterprise, despite a severe deficiency in understanding the nuances of the subject matter. Reputable journalists from peer-reviewed publications are attempting to cover Information Security, Influence Operations, and Information Warfare; however, online yellow journals lure readers away from meaningful research and reputable sources through the weaponization of click-bait title, tantalizing quizzes, fetching scroll-overs, and redirects from social media. When the manipulation of cognitive biases, logical fallacies, and other psychological vectors does not work, the columnists attempt to discredit the reputable sources and their personnel in an attempt to disrupt their traffic and siphon their audience.

Even in absence of underhanded tactics, uninformed authors remain a threat to national security when they inaccurately report on information warfare and influence operations. Reporters who do not fully grasp the holistic threat landscape lend credence to the false narrative and popularize it amongst their audiences. Niche jargon loses its meaning when it becomes normalized in public discussions and conflated with inaccurate conceptions of nuanced notions. Consider how the term “fake news” has shifted drastically and repeatedly in less than a year. Meanwhile, the impact on the public is compounded and amplified as attackers leverage popular online personalities as pawns. Bot accounts draw additional traffic and attention to the disinformation campaign. Meanwhile, faux-experts intent on propping up their illusory pedigrees supply vitriol against the target and inaccurate commentary on the subject. As a result, organizations, individuals, and the public are not prepared to defend against information warfare, and the organizations capable of catalyzing the necessary Information Security renaissance are unable to elicit the necessary responses from vital stakeholders. Multi-layer information warfare campaigns are dangerous to America and democratic institutions.

Online “Rags” Diminish the Integrity of Reputable Outlets

Clickbait fear-mongers are akin to digital ambulance chasers with regard to cybersecurity and influence operations. Their goal is to capture the audience attention before a more reputable outlet and to mislead the captivated public while they profit from their ransomed attention. In a best case scenario, their only impact is to lure the attention of the public away from reputable sources; however, due to their opportunistic motives and their disregard of the needs of the public, pseudo-reporters often undermine and threaten national security. In their columns and opinion pieces, they misappropriate jargon and evangelize their bastardization to the public until meaningful conversations are rendered impossible due to a deterioration of the necessary specific terminology. Further, over publication of inaccurate information desensitizes the audience to sensitive topics during the normalization process. As a result, the public loses caution or attention for topics ranging from foreign influence operations to fake news.

Outlets that sponsor disreputable clickbait artists are not usually known for their accuracy or reliability. These yellow journals are typically more infamous than popular. Users may recognize the site, but they rarely trust the content as anything more than entertainment, at a conscious level. These sites tend to operate for-profit and either curate content according to the agenda of their online advertisers or subject users and their information to the wills of digital special interests. The disrepute of the outlet becomes even more problematic when one of their “useful idiot” columnists inevitably plagiarizes parts from or the entirety of a work from a more legitimate source. Readers associate the disrepute of the outlet with the integrity of the content and as a result, in the public perception, a serious topic may become cast as a hoax, exaggeration, etc. across every online publication.

CCIOS and ICIT are Dedicated to Combating Information Warfare

The Center for Cyber Influence Operations Studies is an advisory under the umbrella of the Institute for Critical Infrastructure Technology (ICIT) is a non-partisan, non-profit 501c3 whose sole purpose is to raise awareness of Information Security topics and to incite a cybersecurity and cyber-hygiene renaissance in America’s critical infrastructure sectors through the facilitation of meaningful discussions featuring vital stakeholders and through the publication of meaningful, actionable, and objective research. ICIT does not promote a political or ideological agenda, and it does not sell any applications, security solutions, or vendor products. Every research publication under the ICIT brand is made freely available to the public. Through CCIOS, ICIT exposes dragnet surveillance apparatuses, dismantles adversary information warfare networks, and raises public awareness of disinformation and psychological manipulation across all digital and technological vectors. To combat the emerging threat of information warfare via digital tabloids, ICIT will publish a series of blog posts over the next few weeks that are designed to draw attention to the dangers of inaccurate coverage of information warfare topics, the adversarial weaponization of “digital rag” media entities as unsuspecting pawns, and the risks that layered influence operations pose to the public and critical infrastructure.

Leave a Reply