At a glance.
- Gangs, inspiration, and fraud.
- Ransomware adopts familiar amplification techniques from information operations.
- US off-year elections pass without noticeable disinformation.
Fraud, sure, maybe, but does it matter?
It's difficult to identify criminal groups. They shift, they're Protean, their name is Legion, and they're liars like their proverbial father. Take Groove, which appeared in online fora with some éclat on October 22nd, when a nominal spokesman called upon their “business brothers” for attacks against the real enemy, basically the United States. “Stop competing, unite and begin to destroy the US public sector,” the communiqué urged.
The spokesperson or spokespersons who go by the noms de hack “boriselcin” and “Orange,” now say it’s all a goof, a stunt to show up media stupidity and gullibility. Groove, security firm Flashpoint reports now says its call for attacks against the US was simply designed to embarrass Western media. What’s more, Groove adds, there’s no such thing as itself anyway. Groove, says its blog, is just a one-person operation, that the gang, as a gang, doesn’t really exist, and that the whole think was just an attempt to see “whether it was possible to manipulate the Western media through a ransomware blog.”
Sure, maybe. But in any case, cybercriminal gangs shift, fracture, combine, and rebrand themselves often. And, sham or no sham, the call to destroy the US public sector was howling that would be heard by various wolves, known, lone, or unknown, so the distinction Mr. Orange draws may be one without a difference. What's said in a criminal forum, particularly in the form of inspiration, may as well be taken at face value.
Security firm Intel 471 told the Washington Post: “While it’s possible that a single actor concocted Groove as a way to troll security researchers and the media, we believe it’s more likely that the actor's attempt to create their own ransomware group didn't work out as they had planned. It’s also important to remember that the true identity and nature of any Ransomware-as-a-Service gang is not always clear and the membership makeup or affiliates of these gangs can be fluid.”
Emsisoft’s judgment is even harsher. The anti-ransomware specialists told Post, “There’s no reason to believe that [ransomware hackers] are ever telling the truth about anything. The default assumption should be that they’re lying or at the very best simply telling the pieces of the story they wish to become public.”
And individuation of criminal and other inauthentic groups is inherently chancy until you can identify the natural persons behind the keyboards. It's not as if a gang establishes itself by incorporating in Delaware and selecting a board of directors.
Ransomware goes to information ops school.
Ransomware gangs continue to evolve their tactics. The Daily Beast reports that the Grief Gang has sought to ratchet up the pressure on the National Rifle Association, recently one of the gang's victims, by amplifying the threat of leaks with an army of Twitter bots created in August and September.
The bots have the usual hallmarks of inauthentic accounts. They appeared at about the same time, they neither follow anyone nor are they followed by anyone, and they’re focused on retweeting news about compromised NRA accounts. And, naturally, a large fraction of their posting is written in what the Beast calls “stilted” English, which we take to mean a dialect of Shadowbrokerese, that commonplace criminal lingua franca.
It’s a familiar information operator’s technique, and in this case it appears to be applied for criminal effect, although of course an unstated political motive might be present as well. Some of the troll bots are also tweeting about gun violence and the alt-right, which suggests a possible interest in general disruption. Still, it appears an effort to make the victim’s seat even warmer.
Election Day disinformation, and CISA's countermeasures.
With Election Day this week for more than thirty US states, Dark Reading reports that the Cybersecurity and Infrastructure Security Agency (CISA) is hosting an election situational awareness room as a way to foster collaboration between federal officials, state and local election administrators, private sector election partners, and political organizations. The hope is that, by opening up channels of communication, officials can better help voters to avoid mis-, dis-, and malinformation. In an official CISA email, the agency specified the following sources for reliable information:
- An election disinformation toolkit: created to support election officials with a suite of infographics designed to “pre-bunk” misinformation
- A rumor control website: clarifies which details are rumor and which are reality regarding election processes
- The Resilience Series: a series of CISA-created graphic novels drawing attention to the dangers of spreading misinformation on the web
The rumor control site is traditional in form and familiar in content. One wonders how persuasive it will prove for its audience. That audience is clearly not the hard-core conspiracists on either the left or the right, but seems instead to be the undecided voter who continues to repose considerable trust in official sources. Those well-informed of conspiracy theories will no more be convinced by this rumor control effort than a UFOlogist will buy the US Air Force's old Project Bluebook. In designing future rumor control efforts, some further consideration of the audience, and of the rhetoric of persuasion, might prove useful.