pages/txt/disinfo.txt (view raw)
1 10 September, 2019
2
3Disinformation demystified
4
5Misinformation, but deliberate
6
7 As with the disambiguation of any word, let's start with its etymology
8 and definiton. According to [1]Wikipedia, disinformation has been
9 borrowed from the Russian word -- dezinformatisya (dezinforma'ciya),
10 derived from the title of a KGB black propaganda department.
11
12 Disinformation is false information spread deliberately to deceive.
13
14 To fully understand disinformation, especially in the modern age, we
15 need to understand the key factors of any successful disinformation
16 operation:
17 * creating disinformation (what)
18 * the motivation behind the op, or its end goal (why)
19 * the medium used to disperse the falsified information (how)
20 * the actor (who)
21
22 At the end, we'll also look at how you can use disinformation
23 techniques to maintain OPSEC.
24
25 In order to break monotony, I will also be using the terms "information
26 operation", or the shortened forms -- "info op" & "disinfo".
27
28Creating disinformation
29
30 Crafting or creating disinformation is by no means a trivial task.
31 Often, the quality of any disinformation sample is a huge indicator of
32 the level of sophistication of the actor involved, i.e. is it a 12 year
33 old troll or a nation state?
34
35 Well crafted disinformation always has one primary characteristic --
36 "plausibility". The disinfo must sound reasonable. It must induce the
37 notion it's likely true. To achieve this, the target -- be it an
38 individual, a specific demographic or an entire nation -- must be well
39 researched. A deep understanding of the target's culture, history,
40 geography and psychology is required. It also needs circumstantial and
41 situational awareness, of the target.
42
43 There are many forms of disinformation. A few common ones are staged
44 videos / photographs, recontextualized videos / photographs, blog
45 posts, news articles & most recently -- deepfakes.
46
47 Here's a tweet from [2]the grugq, showing a case of recontextualized
48 imagery:
49
50 Disinformation.
51 The content of the photo is not fake. The reality of what it
52 captured is fake. The context it's placed in is fake. The picture
53 itself is 100% authentic. Everything, except the photo itself, is
54 fake.
55 Recontextualisation as threat vector. [3]pic.twitter.com/Pko3f0xkXC
56 — thaddeus e. grugq (@thegrugq) [4]June 23, 2019
57
58Motivations behind an information operation
59
60 I like to broadly categorize any info op as either proactive or
61 reactive. Proactively, disinformation is spread with the desire to
62 influence the target either before or during the occurence of an event.
63 This is especially observed during elections.^[5]1 In offensive
64 information operations, the target's psychological state can be
65 affected by spreading fear, uncertainty & doubt, or FUD for short.
66
67 Reactive disinformation is when the actor, usually a nation state in
68 this case, screws up and wants to cover their tracks. A fitting example
69 of this is the case of Malaysian Airlines Flight 17 (MH17), which was
70 shot down while flying over eastern Ukraine. This tragic incident has
71 been attributed to Russian-backed separatists.^[6]2 Russian media is
72 known to have desseminated a number of alternative & some even
73 conspiratorial theories^[7]3, in response. The number grew as the JIT's
74 (Dutch-lead Joint Investigation Team) investigations pointed towards
75 the separatists. The idea was to muddle the information space with
76 these theories, and as a result, potentially correct information takes
77 a credibility hit.
78
79 Another motive for an info op is to control the narrative. This is
80 often seen in use in totalitarian regimes; when the government decides
81 what the media portrays to the masses. The ongoing Hong Kong protests
82 is a good example.^[8]4 According to [9]NPR:
83
84 Official state media pin the blame for protests on the "black hand"
85 of foreign interference, namely from the United States, and what
86 they have called criminal Hong Kong thugs. A popular conspiracy
87 theory posits the CIA incited and funded the Hong Kong protesters,
88 who are demanding an end to an extradition bill with China and the
89 ability to elect their own leader. Fueling this theory, China Daily,
90 a state newspaper geared toward a younger, more cosmopolitan
91 audience, this week linked to a video purportedly showing Hong Kong
92 protesters using American-made grenade launchers to combat police.
93 ...
94
95Media used to disperse disinfo
96
97 As seen in the above example of totalitarian governments, national TV
98 and newspaper agencies play a key role in influence ops en masse. It
99 guarantees outreach due to the channel/paper's popularity.
100
101 Twitter is another, obvious example. Due to the ease of creating
102 accounts and the ability to generate activity programmatically via the
103 API, Twitter bots are the go-to choice today for info ops. Essentially,
104 an actor attempts to create "discussions" amongst "users" (read: bots),
105 to push their narrative(s). Twitter also provides analytics for every
106 tweet, enabling actors to get realtime insights into what sticks and
107 what doesn't. The use of Twitter was seen during the previously
108 discussed MH17 case, where Russia employed its troll factory -- the
109 [10]Internet Research Agency (IRA) to create discussions about
110 alternative theories.
111
112 In India, disinformation is often spread via YouTube, WhatsApp and
113 Facebook. Political parties actively invest in creating group chats to
114 spread political messages and memes. These parties have volunteers
115 whose sole job is to sit and forward messages. Apart from political
116 propaganda, WhatsApp finds itself as a medium of fake news. In most
117 cases, this is disinformation without a motive, or the motive is hard
118 to determine simply because the source is impossible to trace, lost in
119 forwards.^[11]5 This is a difficult problem to combat, especially given
120 the nature of the target audience.
121
122The actors behind disinfo campaigns
123
124 I doubt this requires further elaboration, but in short:
125 * nation states and their intelligence agencies
126 * governments, political parties
127 * other non/quasi-governmental groups
128 * trolls
129
130 This essentially sums up the what, why, how and who of disinformation.
131
132Personal OPSEC
133
134 This is a fun one. Now, it's common knowledge that STFU is the best
135 policy. But sometimes, this might not be possible, because afterall
136 inactivity leads to suspicion, and suspicion leads to scrutiny. Which
137 might lead to your OPSEC being compromised. So if you really have to,
138 you can feign activity using disinformation. For example, pick a place,
139 and throw in subtle details pertaining to the weather, local events or
140 regional politics of that place into your disinfo. Assuming this is
141 Twitter, you can tweet stuff like:
142 * "Ugh, when will this hot streak end?!"
143 * "Traffic wonky because of the Mardi Gras parade."
144 * "Woah, XYZ place is nice! Especially the fountains by ABC street."
145
146 Of course, if you're a nobody on Twitter (like me), this is a non-issue
147 for you.
148
149 And please, don't do this:
150
151 mcafee opsecfail
152
153Conclusion
154
155 The ability to influence someone's decisions/thought process in just
156 one tweet is scary. There is no simple way to combat disinformation.
157 Social media is hard to control. Just like anything else in cyber, this
158 too is an endless battle between social media corps and motivated
159 actors.
160
161 A huge shoutout to Bellingcat for their extensive research in this
162 field, and for helping folks see the truth in a post-truth world.
163 __________________________________________________________________
164
165 1. [12]This episode of CYBER talks about election influence ops
166 (features the grugq!).
167 2. The [13]Bellingcat Podcast's season one covers the MH17
168 investigation in detail.
169 3. [14]Wikipedia section on MH17 conspiracy theories
170 4. [15]Chinese newspaper spreading disinfo
171 5. Use an adblocker before clicking [16]this.
172
173References
174
175 1. https://en.wikipedia.org/wiki/Disinformation
176 2. https://twitter.com/thegrugq
177 3. https://t.co/Pko3f0xkXC
178 4. https://twitter.com/thegrugq/status/1142759819020890113?ref_src=twsrc%5Etfw
179 5. https://icyphox.sh/home/icy/leet/site/build/blog/disinfo/temp.html#fn:1
180 6. https://icyphox.sh/home/icy/leet/site/build/blog/disinfo/temp.html#fn:2
181 7. https://icyphox.sh/home/icy/leet/site/build/blog/disinfo/temp.html#fn:3
182 8. https://icyphox.sh/home/icy/leet/site/build/blog/disinfo/temp.html#fn:4
183 9. https://www.npr.org/2019/08/14/751039100/china-state-media-present-distorted-version-of-hong-kong-protests
184 10. https://en.wikipedia.org/wiki/Internet_Research_Agency
185 11. https://icyphox.sh/home/icy/leet/site/build/blog/disinfo/temp.html#fn:5
186 12. https://www.vice.com/en_us/article/ev3zmk/an-expert-explains-the-many-ways-our-elections-can-be-hacked
187 13. https://www.bellingcat.com/category/resources/podcasts/
188 14. https://en.wikipedia.org/wiki/Malaysia_Airlines_Flight_17#Conspiracy_theories
189 15. https://twitter.com/gdead/status/1171032265629032450
190 16. https://www.news18.com/news/tech/fake-whatsapp-message-of-child-kidnaps-causing-mob-violence-in-madhya-pradesh-2252015.html