At a glance.
- Facebook's monthly report on coordinated inauthentic behavior is out.
- Naming and shaming as an influence operation.
- US warns adversaries against election disinformation.
- Coronavirus fake news and voter suppression.
- Criminal phishing also shapes the battlespace.
- Russo-American views of disinformation.
- A catphish gets a blue checkmark from Twitter.
Facebook's February report on coordinated inauthentic behavior lists takedowns.
The Coordinated Inauthentic Behavior Report (the "CIB," as Facebook calls it) is out, and summarizes February's activity as follows:
- "Total number of Facebook accounts removed: 467"
- "Total number of Instagram accounts removed: 1,245"
- "Total number of Pages removed: 248"
- "Total number of Groups removed: 49"
- "Ad spending: About $1.2 million"
India, Egypt, Russia, Iran, Myanmar, and Vietnam were the principal national offenders. The social network also continued enforcement actions against coordinated inauthenticity discovered earlier.
Naming and shaming, always an information operation in its own way.
Chinese security firm Qihoo 360 this week outlined an eleven-year campaign by the US Central Intelligence Agency to compromise targets in China, particularly in the civil aviation sector. The report, apart from some suggestions that incursions into civil aviation extended beyond China, is mostly warmed-over Vault 7 material from WikiLeaks. The report also makes much of the case of Joshua Schulte, currently standing trial in the US on Federal charges related to the Vault 7 leaks.
Qihoo 360 has certainly published interesting and useful warnings of cyber risk in the past, but as Forbes points out, this report depends heavily on material published earlier, with a heavy dose of speculation and not much in the way of detailed evidence for attribution. Thus it seems to be Beijing’s riposte for Washington’s recent naming-and-shaming of Chinese cyber operators. Assume, arguendo, that the CIA did everything Vault 7 suggests it did. Or if you'd prefer, assume that it's all a put-up job. Or that it's something in between. The point of Qihoo 360's attribution is that Beijing is answering Washington's ongoing practice of outing Chinese government espionage activity.
To return to the case of Mr. Schulte, the Washington Post reports that a jury in Manhattan is currently deliberating the verdict on his indictment for illegal gathering of national defense information, unauthorized computer access, theft of government property and making false statements. The defense’s closing arguments portrayed Mr. Schulte as a patriot and a whistleblower whom an embarrassed agency made the fall guy as it scrambled to undo the damage the Vault 7 leaks had done it. The prosecution argued that the former CIA employee was angry and vindictive, a disgruntled employee who wanted to damage the agency, knew what he was doing, and took steps to cover it up.
The jury’s out, although one juror was excused today, not for being a self-described "butt-lover" who ran a business making fashion accessories for the fourth point of contact (because that's hardly disqualifying), but rather for admitting, the New York Post explained, that she looked at a press report about the trial last week. The former juror says she's happy to have been excused, as all that sitting in the jury box is hard on the fundament, but she had some interesting observations about the mood of the jury. She said that Mr. Schulte had certainly been "a naughty boy," but that the jurors were divided in mood, and that she herself would have found reasonable doubt. Deliberations will continue with eleven jurors, as the presiding judge did not wish to delay the proceedings by recalling alternates at the last minute.
A side note on threat actor nomenclature. Some Chinese sources are calling the group behind the alleged CIA Vault 7 material “Rattlesnake.” That's not bad, although it could be improved. Still, better than Vault 7's own "Brutal Kangaroo."
US warns foreign adversaries against election interference.
The US Government issued a terse warning to foreign adversaries in advance of this week's Super Tuesday presidential primaries: "any effort to undermine our democratic processes will be met with sharp consequences." The Secretary of State, Attorney General, Secretary of Defense, Acting Secretary of Homeland Security, and the Acting Director of National Intelligence all signed the joint statement, as did the heads of the FBI, US Cyber Command and NSA, and CISA. They also stressed the citizen's role in rejecting disinformation: know where and when to vote, know what the issues are, and know what identification will be required at the polls. And they commended state and local election authorities to voters as the best source of reliable information.
Super Tuesday and coronavirus-themed voter suppression.
On Super Tuesday in the US fourteen states held their Democratic presidential primary. The Washington Post, noting the ways in which occasions for influence operations are topical and closely tied to current events and popular sentiment, observes that several experts, including Government officials, are expecting coronavirus to serve as fodder for attempts to suppress turnout.
There’s been a great deal of misinformation about the Covid-19 strain of coronavirus gurgling about on the Internet. Most of that has involved the flacking of patently bogus cures, dodgy supplements and pharmaceuticals, and, of course the sort of survivalist paraphernalia disasters tend to churn to the surface of the popular imagination.
But Super Tuesday affords an opportunity to use public fear in the service of influence operations. Such attempts could be either foreign or domestic, especially since the South Carolina results, with the first strong showing by former Vice President Biden, have caused the Democratic race to tighten. Consider--someone desires for political reasons to suppress turnout, either globally or in certain districts. It wouldn’t be difficult to spread a rumor to the effect that going to the local polling place is bound to expose you to a disease that you don’t understand very well, but that seems very scary. Or suppose a campaign tanks where it was expected to run strongly. How difficult would it be to ascribe failure at the polls to a rival’s conspiracy to scare people away with coronavirus worries. And, of course, if you’re a state operator (and of course we’re looking at you, Russia) any confusion or mistrust is, from your point of view, just gravy.
Phishbait is also chum for disinformation campaigns.
Criminals, as we've seen, continue to use coronavirus stories as phishbait in attacks on businesses, the Wall Street Journal writes, citing research by Proofpoint. Sometimes the approach is straightforward phishing, as it is in cases of a bogus email purporting to originate with the World Health Organization. At other times it can involve business email compromise, as in cases that show phony invoices for large purchases of face masks from medical supply companies.
It’s an international problem, first observed in Japan, but it's spread worldwide far faster than the physical virus itself. The European Union has used its Rapid Alert System, an approach to controlling disinformation by information-sharing and coordinated messaging, to respond to widely distributed fake news about COVID-19, Euractiv reports. Much of that activity is criminal, but the distinction between crime and state-directed propaganda matters less during periods of public concern than it might at other times.
According to Reuters even Russian President Putin is taking note, and blaming foreign rumor-mongers and similar assorted no-goodniks. Russia’s Internet authority Roskomnadzor has been blocking bogus stories on Vkontakte and Facebook.
RT offers a bemused take on US suspicion of Russian influence operations.
RT is sniffing that accusations of “Russian collusion” go back to the Cold War. And so how about those nutty Yankees, eh? An uncultured and hysterical lot--just look at the kinds of TV shows they watch. Not a pretty side, drug moi [drook moy]. And indeed RT, an official Kremlin news source, by the way, offers a nice review of the ways in which US Presidents have been at various times accused of being Russian tools.
But collusion is probably something of a red herring, as they used to say back in the Cold War. Attempts at influence have been much more the thing, as RT ought to know better than anybody else. And those do indeed go back to the Cold War and beyond.
One pre-Cold War bit of disinformation--it dates to the middle of the Second World War--has resurfaced. The old Soviet denial that its security organs murdered twenty-two-thousand Polish officers, intelligentsia, and clergy in Poland's Katyn Forest during 1940, is once more in circulation. Russia's Duma took small steps in the direction of acknowledging the massacre in 2010, Radio Free Europe | Radio Liberty reports, but for some time now the "Katyn Lie" has gained renewed force, mostly in social media.
Andrew Walz, American. Sort of. Not a real American, but a catphish-American.
In election news, there’s a candidate for Congress in Rhode Island, Andrew Walz, who’s running as a "proven business leader" and a "passionate advocate for students." His campaign tagline is, "Let's make change in Washington together.” So definitely a guy to watch.
Only, actually, that will be hard, because Mr. Walz is a catphish, the creation of an anonymous high school student in upstate New York. That is, Mr. Walz doesn’t actually exist. But real or not, Mr. Walz got himself a coveted blue checkmark from Twitter, CNN reports.
The high school student who created Andrew Walz did so over his school’s winter break because he was “bored.” We hope that the unnamed student moves Andrew Walz onto some dating sites--we think Andrew Walz and Robin Sage could make beautiful music together. But the blue checkmark shows how relatively porous the fences against fake news remain.