Misinformation campaigns thrive on inequality of knowledge, which bad actors use to drive a wedge between communities.

Marc Rogers & Sara-Jayne Terp, Executive Director of Cybersecurity, Okta/Founder at Bodacea Light Industries LLC

May 20, 2021

4 Min Read

When the entire world demands immediate access to a rare and finite resource, you always find criminals operating in the margins. This dynamic is particularly true with the COVID-19 vaccine. Vaccine threats are not limited to financial or national interests — one type of risk that's often overlooked in the larger vaccine security conversation is misinformation.

We can expect some of vaccine information threats to come from anti-maskers who believe COVID doesn't exist or that vaccines infringe on their freedom.

Some people will also leverage the vaccine for political attacks. For example, they might falsely claim a batch of vaccines has spoiled, denying vaccine access to entire communities.

Misinformation campaigns thrive on inequality of knowledge. Malicious entities can drive a wedge between communities by exploiting those societal fractures. At a time with deep, seemingly intractable cultural divides, there are three divisive elements of the vaccine likely to be exploited.

Vaccine Availability
Misinformation on availability could look like a run on the bank. For example, this type of misinformation could sound like, "They've got more vaccine at the corner store." This causes disorganization in our wide-scale vaccination efforts.

Vaccine availability misinformation could also look like rumors about vaccine shortages, preventing people from booking an appointment at a facility that still has available doses. This leads to vaccine waste and puts vulnerable people at risk.

Fake vaccine scams will turn out to be both financially lucrative and an easy way to harm a nation's ability to achieve herd immunity. In many cases, they are easy, self-propagating operations. All that is needed is a list of targets for a "watering-hole" attack where people are lured to a site in order to be exploited. Additionally, these campaigns are often very hard to dismantle until after there has been harm.

Vaccine Health & Safety
Vaccine safety misinformation fuels the worst fears of anti-vaxxers. It focuses on how quickly the vaccines were developed or claims they were developed deceptively. This eclipses and extends the anti-vaxxer movement. Key targets are people who deal with vaccines for others, such as parents or people with elderly relatives.

Adults have to choose to take action with the vaccine, which presents an opportunity for misinformation spreaders. Often, vaccination decisions are informed by research that pulls from conflicting or misleading sources. It's easy for people to generate memes and soundbites to make vaccines sound scary, making claims such as:

  • "The vaccine was produced too quickly; a typical vaccine takes 10 years to produce, this one took one year."

  • "What are they hiding in there?"

  • "It's all just a lie to give 'them' more control."

Under these conditions, anti-vaxxers and extremists will be able to recruit, and they will have a larger, receptive audience. It's not the anti-vaxxers' first rodeo: They have been convincing vulnerable parents for years — now they're going to convince vulnerable grandparents, caretakers, and more.

Proof of Vaccination
As a society, we don't yet know what vaccination cards will mean. Are they a reminder of your vaccination, or are they proof? If they are proof, can you use your older sister's? Will there be a market for people taking vaccines for each other?

A vaccination proof card is valuable to those who want to work but don't qualify yet. It's also possible that in the future, only people who have been vaccinated will be able to travel, opening up another potential area for fraud through illegitimate vaccination card sales.

What Can We Do?
Misinformation thrives on fear and ignorance. By ensuring accurate, consistent information takes precedence over sensationalist rumors, we can go a long way toward preventing misinformation.

This is easier said than done. Trust has taken a serious blow in recent years, creating profound changes in the way we consume news. Re-establishing trusted sources, harnessing the power of influence, and avoiding fanning the flames of polarization are challenges we need to tackle.

Weaponized misinformation thrives on social divisions and cultural inequality. While technology can help identify, label, and suppress misinformation, it's a primitive science. Algorithms aren't sophisticated enough yet to manage the nuances of human communication. Teams of moderators have a higher chance of success but don't scale, and even brief exposure to toxic information is harmful.

In an ideal world, we would weaponize our citizenry against misinformation. Practical experiences from the front lines show that an informed citizenry that actively criticizes information counters misinformation campaigns more effectively than any other form of intervention. Just as humans are the vector for misinformation, they can also be the antidote.

Misinformation is a real threat to our vaccination efforts, yet it's not taken as seriously as cybersecurity or operations threats. When it comes to a life-saving COVID-19 vaccine, the consequences of misinformation are enormous. By leveraging the power of relationships and influence, we can neutralize misinformation campaigns before they take root, saving lives in the process. Ultimately, access to healthcare is fragmented and imbalanced enough without allowing criminals to exploit our fears in order to further balkanize our recovery from the pandemic.

Dr. Pablo Breuer, cyber warfare and disinformation expert, and The Grugq, an information security researcher, contributed to this column.

About the Author(s)

Marc Rogers & Sara-Jayne Terp

Executive Director of Cybersecurity, Okta/Founder at Bodacea Light Industries LLC

Marc Rogers, Executive Director of Cybersecurity, Okta

Marc Rogers is the executive director of cybersecurity at Okta. With a career that spans more than 20 years, Marc has been hacking since the 80's and is now a white-hat hacker. Prior to Okta, Marc served as the head of security for Cloudflare and spent a decade managing security for the UK operator, Vodafone. He was a CISO in South Korea and co-founded a disruptive Bay Area startup. In his role as technical advisor on "Mr. Robot," he helped create hacks for the show. And, as if that's not enough, he also organizes the world's largest hacking conference: DEF CON.

Sara-Jayne Terp, Founder at Bodacea Light Industries LLC

Sara-Jayne Terp helps autonomous systems, algorithms, and human communities work together. She's an Atlantic Council senior fellow, working on technology policy, and cofounded CogSecCollab and ThreeT Consulting, where she works on processes and technologies for disinformation defense. Her background includes autonomous systems, intelligence systems, data strategy, data ethics, nationstate policy development, crowdsourcing, and crisis data response.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights