Cloud

6/27/2018
02:30 PM
Mike Convertino
Mike Convertino
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Russia, Facebook & Cybersecurity: Combating Weaponized FUD in the Social Media Age

It's up to everyone -- users, security pros, government -- to be critical about the online information we encounter.

In the weeks since indictments were handed down from the ongoing investigation into Russia's influence over the 2016 United States election, much has come to light. A picture has emerged of a massive global effort to create division and sow conflict — not necessarily to elect one person or another.

The primary point was fear, uncertainty, and doubt (FUD), and the powerful consequences of those emotions on the human psyche. It was an effort to destroy confidence in the country's democratic institutions, to break people's trust in the election system, and, by extension, the legitimacy of our democracy.

The system of bots continues to exploit other hot-button issues, such as the gun debate, not to sway the issue one way or the other but to fuel tension and mistrust.

This struggle for the mind to exercise control has been going on since time immemorial, but today's tools are different. The attackers have brought their world here — on a giant scale that can only be accomplished by a government.

The same techniques could be used to short a stock, spark a consumer boycott, or affect some as yet unforeseen challenge to a company's survival. As such, this is an issue all security professionals need to be thinking — and doing something — about.

From Timelines to Algorithms
It's known that Facebook was a primary vehicle for these efforts; much of the reason for that ties back to a shift in strategy the company made over the past few years, primarily for ad revenue.

Facebook's feed formerly was organized as a chronological timeline of posts from users' own connections. But as the platform grew, the company started to provide a more curated newsfeed to increase the stickiness of content. Facebook began allowing users to subscribe to feeds, and then suggested and highlighted certain content to individuals based on sentiment they expressed, as determined by algorithms.  

At first, this wasn't problematic because trolls had trouble getting through. Fact-checking efforts disallowed much of the marginal content trolls produced — and actual human checkers were screening it. But after complaints from several groups whose content was being blocked, the company dialed down its fact-checking efforts and allowed content to be posted virtually unfiltered, creating a toxic environment that enabled unprecedented access and communication from one nation to another and directly to the populace.

We know now that the online influence efforts exploiting social media were not just online but also on the ground, with people organizing protests in the real world while trolls and bots posted, replied, and stoked sentiment on various social media platforms.

The US Government's Outdated Paradigm
As this situation escalated, it didn't entirely catch the US government off guard. The press has shown that the intelligence community (IC) knew fairly early. So why didn't the IC do more? The roadblocks were part philosophical and part legal. To the US government, businesses are responsible for their own cyber defense. Protecting companies is not part of the government's remit online, outside of critical infrastructure like power plants and water supplies.

Here we have an information resource that half the country is plugged into, but our laws are designed such that the government doesn't protect that resource directly. Congress and our government's infrastructure are set up to protect citizens from physical harm through the military and law enforcement.

But this a new horizon, and governments in the US and all over the world are struggling to respond. Many people are beginning to wonder if and how this needs to change. Even Facebook CEO Mark Zuckerberg admitted recently that he's "not sure we shouldn't be regulated." Maybe social media is critical infrastructure after all.

New Technologies, New Responsibilities
What can companies and organizations do? There will be new technologies involved, and, as usual, the defenders are far behind in developing them. There are also some shifts in both philosophy and technique that can help companies adapt to this new world. 

Although the larger effect of this issue is to sway public sentiment in the physical realm, a big part of the problem still lies in social media bots in cyberspace — software processes automatically running on a network with the purpose of engaging and inputting on those networks to drive behaviors or perceptions determined by their programmers.

This, of course, is familiar territory for security orgs. Detecting a bot by posting speeds and other indicators is common in the industry. But what the organization decides to do after detection is up for debate. Right now, we just stop it, but it may be worthwhile for security pros to stymie the bots with error codes or other means to spend more time understanding what the bots are up to, where they come from, and who controls them.

Advances in technologies like artificial intelligence and natural language processing will bring the next level of defense against information warfare. Being able to detect whether the same person is behind dozens of personas or posts will require a level of data and correlation that today is available only to the world's top intelligence agencies. But we know the industry is working on it. Clearly, Facebook has the most data to work with right now, but this would also be a natural extension to the security industry's intelligence or reputation services.

Ultimately, these are human threats, and humans need to evolve along with them. Where security professionals have tended to gather intelligence about our own applications, our own networks, PCs, and logs, it's imperative in this new world that they look beyond their own four walls to see what is happening elsewhere.

CISOs need to be cognizant of how events transpiring in the physical world could bring their organization under the crosshairs. Similarly, the role of government should evolve its idea of defense to extend more fully into the digital realm.

In this environment, users are more important than ever. It's up to everyone to be critical about the information they encounter, no matter where it comes from. Look for corroboration. Find actual facts from trusted sources. Don't believe everything you're told.

In the age of weaponized FUD, it's up to all of us to become security pros.  

Related Content:

Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.

 

Mike Convertino has nearly 30 years of experience in providing enterprise-level information security, cloud-grade information systems solutions, and advanced cyber capability development. His professional experience spans security leadership and product development at a wide ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
6/27/2018 | 11:02:30 PM
FB
Unfortunately, the other huge fallout from this, I think, is that FB has found itself compelled to rely less on algorithms and more on outright spying and snooping on people.
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
7 Ways to Keep DNS Safe
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14337
PUBLISHED: 2018-07-17
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.
CVE-2018-14329
PUBLISHED: 2018-07-17
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.
CVE-2018-14331
PUBLISHED: 2018-07-17
An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.
CVE-2018-14333
PUBLISHED: 2018-07-17
TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has ...
CVE-2018-14334
PUBLISHED: 2018-07-17
manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766.