all repos — site @ 9e40e53ac1c7eb1fd9abf61ed210f07c21a30340

source for my site, found at icyphox.sh

build/blog/disinfo/index.html (view raw)

  1<!DOCTYPE html>
  2<html lang=en>
  3<link rel="stylesheet" href="/static/style.css" type="text/css">
  4<link rel="stylesheet" href="/static/syntax.css" type="text/css">
  5<link rel="shortcut icon" type="images/x-icon" href="/static/favicon.ico">
  6<meta name="description" content="Misinformation, but deliberate">
  7<meta name="viewport" content="initial-scale=1">
  8<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  9<meta content="#021012" name="theme-color">
 10<meta name="HandheldFriendly" content="true">
 11<meta name="twitter:card" content="summary_large_image">
 12<meta name="twitter:site" content="@icyphox">
 13<meta name="twitter:title" content="Disinformation demystified">
 14<meta name="twitter:description" content="Misinformation, but deliberate">
 15<meta name="twitter:image" content="/static/icyphox.png">
 16<meta property="og:title" content="Disinformation demystified">
 17<meta property="og:type" content="website">
 18<meta property="og:description" content="Misinformation, but deliberate">
 19<meta property="og:url" content="https://icyphox.sh">
 20<meta property="og:image" content="/static/icyphox.png">
 21<html>
 22  <title>
 23    Disinformation demystified
 24  </title>
 25<div class="container-text">
 26  <header class="header">
 27    
 28        <a href="/">home</a>
 29        <a href="/blog">blog</a>
 30        <a href="/reading">reading</a>
 31        <a href="https://twitter.com/icyphox">twitter</a>
 32        <a href="/about">about</a>
 33
 34  </header>
 35<body> 
 36   <div class="content">
 37    <div align="left">
 38      <code>2019-09-10</code>
 39      <h1>Disinformation demystified</h1>
 40      <h2>Misinformation, but deliberate</h2>
 41      <p>As with the disambiguation of any word, let&#8217;s start with its etymology and definiton.
 42According to <a href="https://en.wikipedia.org/wiki/Disinformation">Wikipedia</a>,
 43<em>disinformation</em> has been borrowed from the Russian word &#8212; <em>dezinformatisya</em> (дезинформа́ция),
 44derived from the title of a KGB black propaganda department.</p>
 45
 46<blockquote>
 47  <p>Disinformation is false information spread deliberately to deceive.</p>
 48</blockquote>
 49
 50<p>To fully understand disinformation, especially in the modern age, we need to understand the
 51key factors of any successful disinformation operation:</p>
 52
 53<ul>
 54<li>creating disinformation (what)</li>
 55<li>the motivation behind the op, or its end goal (why)</li>
 56<li>the medium used to disperse the falsified information (how)</li>
 57<li>the actor (who)</li>
 58</ul>
 59
 60<p>At the end, we&#8217;ll also look at how you can use disinformation techniques to maintain OPSEC.</p>
 61
 62<p>In order to break monotony, I will also be using the terms &#8220;information operation&#8221;, or the shortened
 63forms &#8211; &#8220;info op&#8221; &amp; &#8220;disinfo&#8221;.</p>
 64
 65<h3 id="creating-disinformation">Creating disinformation</h3>
 66
 67<p>Crafting or creating disinformation is by no means a trivial task. Often, the quality
 68of any disinformation sample is a huge indicator of the level of sophistication of the
 69actor involved, i.e. is it a 12 year old troll or a nation state?</p>
 70
 71<p>Well crafted disinformation always has one primary characteristic &#8212; &#8220;plausibility&#8221;.
 72The disinfo must sound reasonable. It must induce the notion it&#8217;s <em>likely</em> true. 
 73To achieve this, the target &#8212; be it an individual, a specific demographic or an entire
 74nation &#8212; must be well researched. A deep understanding of the target&#8217;s culture, history,
 75geography and psychology is required. It also needs circumstantial and situational awareness,
 76of the target.</p>
 77
 78<p>There are many forms of disinformation. A few common ones are staged videos / photographs, 
 79recontextualized videos / photographs, blog posts, news articles &amp; most recently &#8212; deepfakes.</p>
 80
 81<p>Here&#8217;s a tweet from <a href="https://twitter.com/thegrugq">the grugq</a>, showing a case of recontextualized
 82imagery:</p>
 83
 84<blockquote class="twitter-tweet" data-dnt="true" data-theme="dark" data-link-color="#00ffff">
 85<p lang="en" dir="ltr">Disinformation.
 86<br><br>
 87The content of the photo is not fake. The reality of what it captured is fake. The context it’s placed in is fake. The picture itself is 100% authentic. Everything, except the photo itself, is fake.
 88<br><br>Recontextualisation as threat vector. 
 89<a href="https://t.co/Pko3f0xkXC">pic.twitter.com/Pko3f0xkXC</a>
 90</p>&mdash; thaddeus e. grugq (@thegrugq) 
 91<a href="https://twitter.com/thegrugq/status/1142759819020890113?ref_src=twsrc%5Etfw">June 23, 2019</a>
 92</blockquote>
 93
 94<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script> 
 95
 96<h3 id="motivations-behind-an-information-operation">Motivations behind an information operation</h3>
 97
 98<p>I like to broadly categorize any info op as either proactive or reactive. 
 99Proactively, disinformation is spread with the desire to influence the target
100either before or during the occurence of an event. This is especially observed
101during elections.<sup class="footnote-ref" id="fnref-1"><a href="#fn-1">1</a></sup>
102In offensive information operations, the target&#8217;s psychological state can be affected by
103spreading <strong>fear, uncertainty &amp; doubt</strong>, or FUD for short.</p>
104
105<p>Reactive disinformation is when the actor, usually a nation state in this case,
106screws up and wants to cover their tracks. A fitting example of this is the case
107of Malaysian Airlines Flight 17 (MH17), which was shot down while flying over 
108eastern Ukraine. This tragic incident has been attributed to Russian-backed 
109separatists.<sup class="footnote-ref" id="fnref-2"><a href="#fn-2">2</a></sup> 
110Russian media is known to have desseminated a number of alternative &amp; some even
111conspiratorial theories<sup class="footnote-ref" id="fnref-3"><a href="#fn-3">3</a></sup>, in response. The number grew as the JIT&#8217;s (Dutch-lead Joint
112Investigation Team) investigations pointed towards the separatists. 
113The idea was to <strong>muddle the information</strong> space with these theories, and as a result,
114potentially correct information takes a credibility hit.</p>
115
116<p>Another motive for an info op is to <strong>control the narrative</strong>. This is often seen in use
117in totalitarian regimes; when the government decides what the media portrays to the
118masses. The ongoing Hong Kong protests is a good example.<sup class="footnote-ref" id="fnref-4"><a href="#fn-4">4</a></sup> According to <a href="https://www.npr.org/2019/08/14/751039100/china-state-media-present-distorted-version-of-hong-kong-protests">NPR</a>:</p>
119
120<blockquote>
121  <p>Official state media pin the blame for protests on the &#8220;black hand&#8221; of foreign interference, 
122  namely from the United States, and what they have called criminal Hong Kong thugs.
123  A popular conspiracy theory posits the CIA incited and funded the Hong Kong protesters, 
124  who are demanding an end to an extradition bill with China and the ability to elect their own leader.
125  Fueling this theory, China Daily, a state newspaper geared toward a younger, more cosmopolitan audience, 
126  this week linked to a video purportedly showing Hong Kong protesters using American-made grenade launchers to combat police.
127  &#8230;</p>
128</blockquote>
129
130<h3 id="media-used-to-disperse-disinfo">Media used to disperse disinfo</h3>
131
132<p>As seen in the above example of totalitarian governments, national TV and newspaper agencies
133play a key role in influence ops en masse. It guarantees outreach due to the channel/paper&#8217;s
134popularity.</p>
135
136<p>Twitter is another, obvious example. Due to the ease of creating accounts and the ability to
137generate activity programmatically via the API, Twitter bots are the go-to choice today for 
138info ops. Essentially, an actor attempts to create &#8220;discussions&#8221; amongst &#8220;users&#8221; (read: bots),
139to push their narrative(s). Twitter also provides analytics for every tweet, enabling actors to
140get realtime insights into what sticks and what doesn&#8217;t.
141The use of Twitter was seen during the previously discussed MH17 case, where Russia employed its troll
142factory &#8212; the <a href="https://en.wikipedia.org/wiki/Internet_Research_Agency">Internet Research Agency</a> (IRA)
143to create discussions about alternative theories.</p>
144
145<p>In India, disinformation is often spread via YouTube, WhatsApp and Facebook. Political parties
146actively invest in creating group chats to spread political messages and memes. These parties
147have volunteers whose sole job is to sit and forward messages.
148Apart from political propaganda, WhatsApp finds itself as a medium of fake news. In most cases,
149this is disinformation without a motive, or the motive is hard to determine simply because
150the source is impossible to trace, lost in forwards.<sup class="footnote-ref" id="fnref-5"><a href="#fn-5">5</a></sup>
151This is a difficult problem to combat, especially given the nature of the target audience.</p>
152
153<h3 id="the-actors-behind-disinfo-campaigns">The actors behind disinfo campaigns</h3>
154
155<p>I doubt this requires further elaboration, but in short:</p>
156
157<ul>
158<li>nation states and their intelligence agencies</li>
159<li>governments, political parties</li>
160<li>other non/quasi-governmental groups</li>
161<li>trolls</li>
162</ul>
163
164<p>This essentially sums up the what, why, how and who of disinformation. </p>
165
166<h3 id="personal-opsec">Personal OPSEC</h3>
167
168<p>This is a fun one. Now, it&#8217;s common knowledge that
169<strong>STFU is the best policy</strong>. But sometimes, this might not be possible, because
170afterall inactivity leads to suspicion, and suspicion leads to scrutiny. Which might
171lead to your OPSEC being compromised.
172So if you really have to, you can feign activity using disinformation. For example,
173pick a place, and throw in subtle details pertaining to the weather, local events
174or regional politics of that place into your disinfo. Assuming this is Twitter, you can
175tweet stuff like:</p>
176
177<ul>
178<li>&#8220;Ugh, when will this hot streak end?!&#8221;</li>
179<li>&#8220;Traffic wonky because of the Mardi Gras parade.&#8221;</li>
180<li>&#8220;Woah, XYZ place is nice! Especially the fountains by ABC street.&#8221;</li>
181</ul>
182
183<p>Of course, if you&#8217;re a nobody on Twitter (like me), this is a non-issue for you.</p>
184
185<p>And please, don&#8217;t do this:</p>
186
187<p><img src="/static/img/mcafeetweet.png" alt="mcafee opsecfail" /></p>
188
189<h3 id="conclusion">Conclusion</h3>
190
191<p>The ability to influence someone&#8217;s decisions/thought process in just one tweet is 
192scary. There is no simple way to combat disinformation. Social media is hard to control.
193Just like anything else in cyber, this too is an endless battle between social media corps
194and motivated actors.</p>
195
196<p>A huge shoutout to Bellingcat for their extensive research in this field, and for helping
197folks see the truth in a post-truth world.</p>
198
199<div class="footnotes">
200<hr />
201<ol>
202<li id="fn-1">
203<p><a href="https://www.vice.com/en_us/article/ev3zmk/an-expert-explains-the-many-ways-our-elections-can-be-hacked">This</a> episode of CYBER talks about election influence ops (features the grugq!).&#160;<a href="#fnref-1" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">&#8617;</a></p>
204</li>
205
206<li id="fn-2">
207<p>The <a href="https://www.bellingcat.com/category/resources/podcasts/">Bellingcat Podcast</a>&#8217;s season one covers the MH17 investigation in detail.&#160;<a href="#fnref-2" class="footnoteBackLink" title="Jump back to footnote 2 in the text.">&#8617;</a></p>
208</li>
209
210<li id="fn-3">
211<p><a href="https://en.wikipedia.org/wiki/Malaysia_Airlines_Flight_17#Conspiracy_theories">Wikipedia section on MH17 conspiracy theories</a>&#160;<a href="#fnref-3" class="footnoteBackLink" title="Jump back to footnote 3 in the text.">&#8617;</a></p>
212</li>
213
214<li id="fn-4">
215<p><a href="https://twitter.com/gdead/status/1171032265629032450">Chinese newspaper spreading disinfo</a>&#160;<a href="#fnref-4" class="footnoteBackLink" title="Jump back to footnote 4 in the text.">&#8617;</a></p>
216</li>
217
218<li id="fn-5">
219<p>Use an adblocker before clicking <a href="https://www.news18.com/news/tech/fake-whatsapp-message-of-child-kidnaps-causing-mob-violence-in-madhya-pradesh-2252015.html">this</a>.&#160;<a href="#fnref-5" class="footnoteBackLink" title="Jump back to footnote 5 in the text.">&#8617;</a></p>
220</li>
221</ol>
222</div>
223 
224    </div>
225    <hr />
226    <p class="muted">Questions or comments? Open an issue at <a href="https://github.com/icyphox/site">this repo</a>, or send a plain-text email to <a href="mailto:x@icyphox.sh">x@icyphox.sh</a>.</p>
227    <footer>
228      <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/">
229        <img class="footimgs" src="/static/cc.svg">
230        </a>
231        <a href="https://webring.xxiivv.com/#random" target="_blank">
232        <img class="footimgs" alt="xxiivv webring" src="/static/webring.svg">
233        </a>
234        
235    </footer>
236  </body>
237  </div>
238 </html>