Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:30 PM
Mike Convertino
Mike Convertino
Connect Directly
E-Mail vvv

Russia, Facebook & Cybersecurity: Combating Weaponized FUD in the Social Media Age

It's up to everyone -- users, security pros, government -- to be critical about the online information we encounter.

In the weeks since indictments were handed down from the ongoing investigation into Russia's influence over the 2016 United States election, much has come to light. A picture has emerged of a massive global effort to create division and sow conflict — not necessarily to elect one person or another.

The primary point was fear, uncertainty, and doubt (FUD), and the powerful consequences of those emotions on the human psyche. It was an effort to destroy confidence in the country's democratic institutions, to break people's trust in the election system, and, by extension, the legitimacy of our democracy.

The system of bots continues to exploit other hot-button issues, such as the gun debate, not to sway the issue one way or the other but to fuel tension and mistrust.

This struggle for the mind to exercise control has been going on since time immemorial, but today's tools are different. The attackers have brought their world here — on a giant scale that can only be accomplished by a government.

The same techniques could be used to short a stock, spark a consumer boycott, or affect some as yet unforeseen challenge to a company's survival. As such, this is an issue all security professionals need to be thinking — and doing something — about.

From Timelines to Algorithms
It's known that Facebook was a primary vehicle for these efforts; much of the reason for that ties back to a shift in strategy the company made over the past few years, primarily for ad revenue.

Facebook's feed formerly was organized as a chronological timeline of posts from users' own connections. But as the platform grew, the company started to provide a more curated newsfeed to increase the stickiness of content. Facebook began allowing users to subscribe to feeds, and then suggested and highlighted certain content to individuals based on sentiment they expressed, as determined by algorithms.  

At first, this wasn't problematic because trolls had trouble getting through. Fact-checking efforts disallowed much of the marginal content trolls produced — and actual human checkers were screening it. But after complaints from several groups whose content was being blocked, the company dialed down its fact-checking efforts and allowed content to be posted virtually unfiltered, creating a toxic environment that enabled unprecedented access and communication from one nation to another and directly to the populace.

We know now that the online influence efforts exploiting social media were not just online but also on the ground, with people organizing protests in the real world while trolls and bots posted, replied, and stoked sentiment on various social media platforms.

The US Government's Outdated Paradigm
As this situation escalated, it didn't entirely catch the US government off guard. The press has shown that the intelligence community (IC) knew fairly early. So why didn't the IC do more? The roadblocks were part philosophical and part legal. To the US government, businesses are responsible for their own cyber defense. Protecting companies is not part of the government's remit online, outside of critical infrastructure like power plants and water supplies.

Here we have an information resource that half the country is plugged into, but our laws are designed such that the government doesn't protect that resource directly. Congress and our government's infrastructure are set up to protect citizens from physical harm through the military and law enforcement.

But this a new horizon, and governments in the US and all over the world are struggling to respond. Many people are beginning to wonder if and how this needs to change. Even Facebook CEO Mark Zuckerberg admitted recently that he's "not sure we shouldn't be regulated." Maybe social media is critical infrastructure after all.

New Technologies, New Responsibilities
What can companies and organizations do? There will be new technologies involved, and, as usual, the defenders are far behind in developing them. There are also some shifts in both philosophy and technique that can help companies adapt to this new world. 

Although the larger effect of this issue is to sway public sentiment in the physical realm, a big part of the problem still lies in social media bots in cyberspace — software processes automatically running on a network with the purpose of engaging and inputting on those networks to drive behaviors or perceptions determined by their programmers.

This, of course, is familiar territory for security orgs. Detecting a bot by posting speeds and other indicators is common in the industry. But what the organization decides to do after detection is up for debate. Right now, we just stop it, but it may be worthwhile for security pros to stymie the bots with error codes or other means to spend more time understanding what the bots are up to, where they come from, and who controls them.

Advances in technologies like artificial intelligence and natural language processing will bring the next level of defense against information warfare. Being able to detect whether the same person is behind dozens of personas or posts will require a level of data and correlation that today is available only to the world's top intelligence agencies. But we know the industry is working on it. Clearly, Facebook has the most data to work with right now, but this would also be a natural extension to the security industry's intelligence or reputation services.

Ultimately, these are human threats, and humans need to evolve along with them. Where security professionals have tended to gather intelligence about our own applications, our own networks, PCs, and logs, it's imperative in this new world that they look beyond their own four walls to see what is happening elsewhere.

CISOs need to be cognizant of how events transpiring in the physical world could bring their organization under the crosshairs. Similarly, the role of government should evolve its idea of defense to extend more fully into the digital realm.

In this environment, users are more important than ever. It's up to everyone to be critical about the information they encounter, no matter where it comes from. Look for corroboration. Find actual facts from trusted sources. Don't believe everything you're told.

In the age of weaponized FUD, it's up to all of us to become security pros.  

Related Content:

Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.


Mike Convertino is the chief security officer at Arceo.ai, a leading data analytics company using AI to dynamically assess risk for the cyber insurance industry. He is an experienced executive, leading both information security and product development at multiple leading ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
6/27/2018 | 11:02:30 PM
Unfortunately, the other huge fallout from this, I think, is that FB has found itself compelled to rely less on algorithms and more on outright spying and snooping on people.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-07
Temi firmware 20190419.165201 does not properly verify that the source of data or communication is valid, aka an Origin Validation Error.
PUBLISHED: 2020-08-07
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the p...
PUBLISHED: 2020-08-07
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior...
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.