Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Data Leakage

3/13/2019
06:00 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Is China as Bad as Russia When It Comes to Trying to Influence America?

The 2016 election brought the concept of information warfare to the American populace for the first time. It was the judgement of the American intelligence community that Russian state actors had attempted to influence the outcome of the election.

The report says, "The Kremlin's campaign aimed at the US election featured disclosures of data obtained through Russian cyber operations; intrusions into US state and local electoral boards; and overt propaganda. Russian intelligence collection both informed and enabled the influence campaign."

Since this was the first general exposure of this kind of political information twisting operation, it was understandable that the public would assume that all nation-states would use information in this manner.

Threat intelligence firm Recorded Future, which supplies advice to many major Fortune 500 companies, wondered what China was doing in this area and if their goals and techniques were the same as the Russians.

So, they did some research. They analyzed data from several Western social media platforms from October 1, 2018 through February 22, 2019 to determine how the Chinese state exploits social media to influence the American public.

The found that the Chinese state utilized techniques different from the Russian state, which were driven by dissimilar foreign policy and strategic goals.

They found the Chinese "employed a plethora of state-run media to exploit the openness of American democratic society in an effort to insert an intentionally distorted and biased narrative portraying a utopian view of the Chinese government and party."

They saw Chinese social media operations as largely positive and coordinated because those techniques support Chinese strategic goals. So, the Chinese seem to have run a campaign to make themselves look better than they are.

RF made a number of key judgements about the Chinese efforts, including that English-language social media influence operations were seeded by state-run media (not military intelligence as was true with Russia), and that they overwhelmingly present a positive, benign and cooperative image of China.

Second, Chinese influence accounts used paid advertisements as their primary vehicle to target American users with political or nationally important messages and distorted general news about China.

While RF felt the Chinese state-run influence accounts did not attempt a large-scale campaign to influence American voters in the run-up to the November 6, 2018, midterm elections, they felt that Chinese accounts did perform small-scale dissemination of breaking news and biased content surrounding President Trump and China-related issues.

But that does not mean things were without problems. Some Chinese posts on Facebook were found not to have a "paid for" disclaimer on them, though that is supposed to happen. The majority of these paid advertisements from state-run accounts appealed to users to like or follow the account for access to global and China-specific news.

China seeks to convince the world that its development and rise is unfailingly positive, beneficial, cooperative, and constructive for the global community. But internally used techniques of censorship, filtering, astroturfing and comment flooding for domestic content are not viable abroad, so they use classic forms of propaganda to present their messages.

It is easy to be complacent when confronting Chinese information manipulation on social media. But, identifying the goals and techniques of these kinds of influence operations -- even though they may not be as self-evident as those of the Russians -- is the first step toward countering their deleterious effects.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.