ISME Magazine -Issue 39 webview (1)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
How Fake is our news?<br />
Fake news and disinformation is not a new phenomenon, and it will no be going<br />
away anytime soon and indeed the continuing digitization and move to less<br />
traditional media sources is only likely to accelerate the issue further<br />
Hardly a day goes<br />
by without media<br />
and sometimes<br />
government claims<br />
that Russia has been utilising<br />
social media tools to spread<br />
fake news and misinformation<br />
to influence everything from<br />
elections, mining approvals and<br />
even Brexit.<br />
But Russia is just the tip of<br />
the iceberg for this issue<br />
with regular misinformation<br />
campaigns and attacks<br />
observed worldwide from<br />
activists, political and business<br />
rivalry, and even kids looking<br />
for kicks.<br />
But how hard is it to<br />
spread this sort of misinformation?<br />
Well it appears to be very easy<br />
indeed with easily available<br />
tools and services which actors<br />
can buy or rent as needed to<br />
get up and running quickly.<br />
The barrier to entry is very low<br />
indeed.<br />
This means that for example<br />
twitter accounts can suddenly<br />
come out of nowhere and<br />
attract tens of thousands of<br />
followers and retweets in a<br />
matter of hours associated<br />
with particular misinformation<br />
campaigns.<br />
For example, in October 2016<br />
an ideologically motivated<br />
hacktivist group called<br />
Anonymous Poland published<br />
documents it claimed it had<br />
stolen from a breach of the<br />
Bradley Foundation, a U.S.-<br />
charity. Over the ensuing<br />
week almost 15,000 nearly<br />
identical tweets posted by<br />
approximately 12,000 Twitter<br />
accounts, featuring links to<br />
tweets about the Anonymous<br />
Poland breach were identified.<br />
Disinformation campaigns can<br />
take many forms; however,<br />
they generally follow three<br />
distinct stages: 1) Creation, 2)<br />
Publication and 3) Circulation.<br />
For each stage, there are<br />
countless online tools,<br />
software and platforms to allow<br />
attackers to create credible<br />
and effective disinformation<br />
campaigns.<br />
In recent years, there has<br />
been a growth in toolkits<br />
and services designed to<br />
propagate the spread of<br />
misinformation – available<br />
for just 7$ – that are aimed<br />
specifically at causing financial<br />
and reputational damage for<br />
companies and governments<br />
There is a myriad of<br />
drivers that will affect how<br />
disinformation campaigns<br />
evolve in the upcoming years.<br />
Based on the drivers and<br />
assumptions shown below, it’s<br />
almost certain that disinformation<br />
will continue; the geopolitical<br />
situation shows no signs of easing,<br />
and there is plenty of sociocultural<br />
unease to exploit. While there will<br />
be continued efforts to remove<br />
suspicious content from social<br />
media sites, the low barriers to<br />
entry and innovation of threat<br />
actors will lead to an increase in<br />
disinformation. Moreover, this is<br />
not just a risk for political parties<br />
in 2018; disinformation affects<br />
businesses and individuals too.<br />
So how do we combat this<br />
sort of threat?<br />
There are some steps businesses<br />
can take to lessen the risk of<br />
disinformation impacting their<br />
businesses. These include:<br />
• Combat domain spoofing<br />
- organizations should proactively<br />
monitor for the registration of<br />
malicious domains and have a<br />
defined process of dealing with<br />
infringements when they occur.<br />
An agile and scalable takedown<br />
capability is critical for combating<br />
domain spoofing<br />
• Combat the ‘bots’ - monitor<br />
social media for brand mentions<br />
and seek to detect the ‘bots’<br />
though it’s not always immediately<br />
obvious, there are often clues<br />
such as looking at the age of the<br />
account, the content being posted,<br />
and the number of friends and<br />
followers<br />
• Monitor forums for<br />
information that could manipulate<br />
the share price - organizations<br />
should search for mentions of their<br />
brand or staff across forums, which<br />
could be instances of malicious<br />
actors spreading disinformation<br />
• Keep an eye on<br />
trending activity – monitor<br />
trending activity as it relates<br />
to an organization’s digital<br />
footprint and potentially<br />
identify disinformation activity<br />
Fake news and disinformation<br />
is not a new phenomenon,<br />
and it will not be going away<br />
anytime soon and indeed<br />
the continuing digitization<br />
and move to less traditional<br />
media sources is only likely to<br />
accelerate the issue further. The<br />
blurring between truth and fiction<br />
is often difficult to ascertain but<br />
businesses need to ensure they<br />
do all they can to monitor and<br />
protect their own reputations to<br />
ensure next time it is not them in<br />
the crosshairs of the attacker.<br />
Rick Holland is the Vice President of Strategy at Digital Shadows. Holland has more than<br />
14 years experience working in information security. Prior to joining Digital Shadows, he<br />
was a vice president and principal analyst at Forrester Research, providing strategic<br />
guidance on security architecture, operations, and data privacy. He also served as an<br />
intelligence analyst in the U.S. Army. He is currently the co-chair of the SANS Cyber<br />
Threat Intelligence Summit, and holds a B.S. in business administration with an MIS<br />
concentration from the University of Texas at Dallas.<br />
34 Intelligent SME December 2017<br />
Content<br />
35
Change language