At a glance.
- ISIS, al Qaeda, and the arts of radicalization.
- CISA looks at the current state of election interference.
- Report: Democratic-aligned consultancy sustained unsuccessful Russian hacking attempt.
- K-Pop hacktivism?
- Georgia's Lugar Lab as target of hacking and subject of disinformation.
- A tragic illustration of the challenges of content moderation.
ISIS and the arts of radicalization.
ISIS hasn't abandoned its attempts to radicalize and recruit online. Researchers at the Institute of Strategic Dialogue (ISD) discovered a massive trove of ISIS propaganda and training materials hosted across a decentralized network, WIRED reports. The cache is a simple storage drive containing 4,000 folders with more than one-and-a-half terabytes of content, and it receives approximately 10,000 unique visitors per month. While much of the material could probably be found in other locations of the Internet, Mina al-Lami from BBC Monitoring told WIRED that "this cache stands out in terms of the size, the amount of the data stored on it, the range of the material and the fact that it's simply been resilient online."
The storage drive is set up using the open-source software Nextcloud, which WIRED says allows "users to synchronise files across a group in a way that avoids any centralised hosting or control." Mina al-Lami told the BBC, "The attraction for jihadists of these platforms is that the developers of these decentralised platforms have no way of acting against content that is stored on user-operated servers or content that's shared across a dispersed network of users."
ISIS rivals aren't to be neglected, either. While al Qaeda's operational reach has grown very short and its "brand" has lost much of the dark luster its terrorist successes had lent it, an essay in Foreign Affairs argues that the Islamist "franchise" is undergoing a "reboot" that, while still in its early stages, shows some signs of success. Military Times quotes a senior US special operations commander in Africa to the effect that al Qaeda's recruiting is enjoying some renewed success, and that the group can't be written off.
As US Army Cyber Command announces its intention to play a more direct role in influence operations from its new perch at Fort Gordon (see this account in C4ISRNet), it may be looking to the experience of Joint Task Force Ares for lessons learned. War on the Rocks has an account of how JTF Ares successfully pursued ISIS in cyberspace during Operation Glowing Symphony.
Election interference: a view from CISA.
US Cybersecurity and Infrastructure Security Agency Director Christopher Krebs sees no serious signs of attempts to hack, in the narrowly technical sense, US voting infrastructure. “The technical stuff on networks, we’re not seeing,” Director Krebs said yesterday during the Billington Cybersecurity Summit, adding, “It gives me a little bit of confidence.” Reuters observes that this would seem to qualify remarks made a few weeks ago by US National Security Advisor Robert O’Brien, who warned of the likelihood of Chinese attempts against election infrastructure.
CISA has been receiving reports from state and local election officials, and Director Krebs hasn’t seen anything alarming there, at least not in this respect. Disinformation is another matter—DHS and its CISA unit are seeing enough of that.
One possibility Krebs brought up this week involved the likelihood that election results might well take longer to tabulate than the swift results Americans have become accustomed to over the last few decades. “This is probably going to take a little bit longer to do the counting because of the increase in absentee ballots,” the Voice of America quoted him as saying. He made a plea for restraint and circumspection: “Have a little bit of patience. Democracy wasn't made overnight.” The Washington Post reports that CISA is indeed seeing Russian attempts to sow doubt and suspicion around voting by mail.
CISA also sponsored a webinar early this afternoon in which it outlined trends in disinformation. Among the more significant of these is the growing tendency of nation-states to outsource the conduct of disinformation campaigns to third parties, especially to public relations firms and other contractors with similar skill sets. This not only affords obfuscation and deniability, but it also gives the governments doing the hiring access to expertise they might well not have in-house.
And traditional snooping in the networks continues, too.
Collection is useful to intelligence generally, of course, but also for disinformation (where it can provide lies their bodyguard of truth) or for influence operations generally, where doxing can deliver the adversary some unwelcome transparency. Reuters this afternoon reported that Microsoft has notified SKDKnickerbocker, a campaign strategy and communications firm generally aligned with the Democratic Party, that Russian intelligence services were attempting to access its systems. Unnamed sources told Reuters the attempts were unsuccessful. It's not immediately clear what the attackers were after. The firm works for the Biden Presidential campaign, but it also numbers other prominent Democrats among its clients and staff. Moscow spokesman Dmitry Peskov said the story was a lot of “nonsense,” but then he would, wouldn't he?
Some comment we've received applauds Microsoft's work, and sees it as evidence for optimism about the role vendors can play in security. Roger Grimes, Data Driven Defense Evangelist at KnowBe4, wrote in an email:
"This is a great example of how sophisticated and proactive today’s vendors are. In this case, Microsoft proactively detected the attacks, identified the threats, and notified the potential victim companies so they could be more aware and prepare. Microsoft and other vendors, like Google, have been doing this for many years. A decade ago, this would have been something solely in the realm of a three-letter agency that noticed, likely accidentally while investigating some other victim, and got involved in. Today, it’s independent vendors who have the tools and telemetry to proactively warn their customers, big and small. It’s really great and one of the few computer security success examples we should be celebrating. It’s one for the good guys!"
K-pop as a mass movement, undirected but moving together.
Anonymous, the anarcho-syndicalist hacktivist collective that's largely faded from the scene, and that always over-promised and under-delivered, may have a more effective successor movement: K-Pop stans, devoted followers of one or more K-Pop bands. This phenomenon appears to be a large and loose aggregation, more collection than collective, of K-Pop hotheads. The K-Pop stans have apparently undertaken spontaneous hacktivism a few times during the past few months of lockdown and disquiet.
Forbes points with alarm to what it calls a 100-million-strong crowd of hackers and hacktivists, the BTS ARMY. BTS is a popular K-Pop boy band, “BTS” standing at least sometimes for “burn the stage," as we remember from the TV and YouTube commercials, and ARMY supposedly representing an acronym for Adorable Representative M.C for Youth. BTS’s hit “Dynamite” continues at the top of the Hot One Hundred, but whether this represents a serious movement or simply another reason to wish for middle schools everywhere to reopen as soon as possible is unclear. Still, arguably better than rickrolling. How consequential a collective influencer the K-Pop stans will prove to be remains unknown, but the herd is worth watching for signs of imminent stampede.
The Lugar Lab as target and occasion for conspiracy mongering.
Georgian authorities haven’t said so, but the country has long been the subject of Moscow’s attentions. The Lugar Laboratory (named after former US Senator Richard Lugar) represents a joint attempt by the governments of the United States and Georgia to provide safe and even positive uses for the talents of Soviet-era biowar researchers, a significant number of whom had worked in Georgia. Its origins lie essentially in that non-proliferation effort. Work on the Lab, which falls under Georgia’s National Center for Disease Control and Public Health, began after a 2004 agreement between Washington and Tbilisi. Constructed with the support of US-funding, the Lugar Lab became fully operational in 2013.
Any American cooperation with a former Soviet Republic, indeed with any former Warsaw Pact country, amounts to a burr under Russian saddles, and so it’s not surprising that the Lugar Lab should have done so. With Moscow disposed to read the worst intentions in anything Washington does, that’s understandable. Less understandable, and even less forgivable, are the Russian disinformation campaigns that have imputed a Georgian-American conspiracy to deliberately spread infectious diseases. In any case, the Lugar Lab is the sort of organization that would quickly draw the attention of Russian intelligence services.
But do remember: it’s worth noting that in any cyberattack in the Near Abroad, Russian intelligence services amount to the usual suspects, and that Georgia’s government hasn’t yet called them out.
Content moderation: a case of apparent suicide on TikTok.
TikTok since Sunday has been working with mixed success, the Verge reports, to remove a video that apparently shows a man committing suicide with a gun. The case is a very sad one (and we urge anyone suffering from thoughts of suicide to talk to someone, and seek help) and it shows the difficulty that platforms can have in excluding content that they and everyone else finds harmful and out-of-bounds. No responsible person, and probably not even the staunchest First Amendment absolutist, would want to preserve and disseminate images of self-murder, and even those who thoughtlessly gave the video its circulation appeared to celebrate it.
What's the harm? At least two come to mind, immediately. First, there's the amplification of the survivors' grief at a time when they're in need of comfort. Second, the phenomenon of copycat suicides, especially among the young, is an old and terrible story. Goethe's Sorrows of Young Werther was inspiring imitation as long ago as 1774.