• British government’s new “anti-fake news” unit has been tried before – and it got out of hand

    The decision to set up a new National Security Communications Unit to counter the growth of “fake news” is not the first time the UK government has devoted resources to exploit the defensive and offensive capabilities of information. A similar thing was tried in the Cold War era, with mixed results. Details of the new anti-fake news unit are vague, but may mark a return to Britain’s Cold War past and the work of the Foreign Office’s Information Research Department (IRD), which was set up in 1948 to counter Soviet propaganda. This secretive government body worked with politicians, journalists, and foreign governments to counter Soviet lies, through un-attributable “grey” propaganda and confidential briefings on “Communist themes.” IRD eventually expanded from this narrow anti-Soviet remit to protect British interests where they were likely “to be the object of hostile threats.” IRD’s rapid expansion from anti-communist unit to protecting Britain’s interests across the globe also shows that it’s hard to manage information campaigns. Moreover, government penny pinching on defense – a key issue in current debates – could also fail to match the resources at the disposal of the Russian state. In short, the lessons of IRD show that information work is not a quick fix. The British government could learn a lot by visiting the past.

  • Dutch intelligence instrumental in launching FBI’s investigation into U.S. election meddling

    In 2014, Dutch government hackers from AIVD, the Dutch intelligence agency, managed to infiltrate “the computer network of the infamous Russian hacker group Cozy Bear,” a Dutch newspaper reports. A year later, the Dutch operatives witnessed “Russian hackers launching an attack on the Democratic Party in the United States.” The penetration of the Russian network allowed the Dutch intelligence services to provide the FBI with valuable information. The Steele Dossier was taken so seriously by the FBI not only because Christopher Steele was a credible and reliable Russia expert – but because much of the raw intelligence contained in the dossier dovetailed with information the FBI already had from other sources – one of them being Dutch intelligence.

  • Moods can impact cybersecurity behavior

    As professionals return to work after holidays, their moods are undoubtedly affected by the emotional impact of their holiday experiences, but these moods may be more critical to workplace cybersecurity than previously realized. New research suggests that people’s positive or negative moods can affect the likelihood that they will engage in insecure computing behavior in the workplace.

  • Fake news kicks into high gear in Czech presidential runoff

    Jiri Drahos, the pro-West, pro-EU challenger of incumbent Czech president Milos Zeman, came in second in the first round of the Czech presidential election, held 12-13 January. Zeman is one of Russian President Vladimir Putin’s strongest allies in central Europe, and the Russian government’s disinformation specialists have been ordered to help him win the runoff election, which will be held 27-28 January. These specialists have been successful in their social media efforts to boost the political strength of Marine Le Pen and her National Front in France; Geert Wilders and his Party of Freedom in the Netherlands; the Alternative für Deutschalnd (AfD) in Germany; Beppe Grillo and his Five Star movement in Italy; and increase the influence of other populist, ethno-nationalist movements such as Golden Dawn in Greece, Ataka in Bulgaria, and Jobbik in Hungary. They have also helped Donald Trump win the 2016 election. In the last two weeks, these disinformation experts have been targeting Drahos and his pro-West supporters.

  • Making network-connected systems less vulnerable

    The rise of network-connected systems that are becoming embedded seemingly everywhere–from industrial control systems to aircraft avionics–is opening up a host of rich technical capabilities in deployed systems. Even so, as the collective technology project underlying this massive deployment of connectivity unfolds, more consumer, industrial, and military players are turning to inexpensive, commodity off-the-shelf (COTS) devices with general-purpose designs applicable for a range of functionalities and deployment options. While less costly and more flexible, commodity components are inherently less secure than the single-purpose, custom devices they are replacing. DARPA says it trains its sights on the expansive attack surface of commodity off-the-shelf devices.

  • How secure is your data when it’s stored in the cloud?

    Data stored in the cloud is nearly always stored in an encrypted form that would need to be cracked before an intruder could read the information. But as a scholar of cloud computing and cloud security, I’ve seen that where the keys to that encryption are held varies among cloud storage services. In addition, there are relatively simple ways users can boost their own data’s security beyond what’s built into systems they use. Ultimately, for people who don’t want to learn how to program their own tools, there are two basic choices: Find a cloud storage service with trustworthy upload and download software that is open-source and has been validated by independent security researchers. Or use trusted open-source encryption software to encrypt your data before uploading it to the cloud; these are available for all operating systems and are generally free or very low-cost.

  • So what did we learn? Looking back on four years of Russia’s cyber-enabled “Active Measures”

    Americans continue to investigate, deliberate, and wallow in the aftermath of Russia’s rebirth of “Active Measures” designed to defeat their adversaries through the “force of politics rather than the politics of force.” Kremlin interference in the 2016 U.S. presidential election represents not only the greatest Active Measures success in Russian history, but the swiftest and most pervasive influence effort in world history. Never has a country, in such a short period of time, disrupted the international order through the use of information as quickly and with such sustained effect as Russia has in the last four years. Russia achieved this victory by investing in capabilities where its adversaries have vulnerabilities — cyberspace and social media. Putin’s greatest success through the employment of cyber-enabled Active Measures comes not from winning any single election, but through the winning of sympathetic audiences around the world he can now push, pull, and cajole from within the borders of his adversaries. Much has been learned about Russia’s hackers and troll farms in the year since the 2016 presidential election, but there remain greater insights worth exploring from a strategic perspective when looking at the Kremlin’s pursuit of information warfare holistically.

  • What we didn’t learn from Twitter’s news dump on Russiagate

    On Friday evening, amid a pending U.S. government shutdown and a presidential porn payoff scandal, Twitter released its long-awaited report on Russian uses of its platform to interfere in the 2016 presidential election. The numbers were striking. Twitter officials said, they had found a cluster of 3,814 accounts that were “a propaganda effort by a Russian government-linked organization known as the Internet Research Agency (IRA).” These were supplemented by a broader project of 50,258 automated accounts — bots — which spread the messaging further. In total, 677,775 people in the United States followed one of these accounts or retweeted or liked a Tweet from these accounts during the election period. Peter Singer writes that social media is about scale and networking, and this combination means that, in actuality, the numbers released by Twitter are far worse than they seem.

  • Rubio, Van Hollen introduce legislation to deter foreign interference in American elections

    U.S. Senators Marco Rubio (R-Florida) and Chris Van Hollen (D-Maryland) on Tuesday introduced the Defending Elections from Threats by Establishing Redlines (DETER) Act. The senators said it sends a powerful message to any foreign actor seeking to disrupt our elections: if you attack American candidates, campaigns, or voting infrastructure, you will face severe consequences. “We cannot be a country where foreign intelligence agencies attempt to influence our political process without consequences,” said Senator Rubio. “This bill will help to ensure the integrity of our electoral process by using key national security tools to dissuade foreign powers from meddling in our elections.”

     

  • EU issues call to action to combat Russian “propaganda”

    The European Commission and lawmakers have accused Russia of orchestrating a “disinformation campaign” aimed at destabilizing the bloc and called for increased measures to combat the threat. “There seems frankly little doubt that the pro-Kremlin disinformation campaign is an orchestrated strategy, delivering the same disinformation stories in as many languages as possible, through as many channels as possible, as often as possible,” EU Security Commissioner Julian King told the European Parliament in Strasbourg on 17 January.

  • Declining trust in facts, institutions imposes real costs on U.S. society

    Americans’ reliance on facts to discuss public issues has declined significantly in the past two decades, leading to political paralysis and collapse of civil discourse, according to a RAND report. This phenomenon, referred to as “Truth Decay,” is defined by increasing disagreement about facts, a blurring between opinion and fact, an increase in the relative volume of opinion and personal experience over fact, and declining trust in formerly respected sources of factual information.

  • Responding to Truth Decay: Q&A with RAND’s Michael Rich and Jennifer Kavanagh

    Winston Churchill is reported to have said, “A lie gets halfway around the world before the truth can get its pants on.” Experts say it is worse now. With social media, false or misleading information is disseminated all over the world nearly instantaneously. Another thing that’s new about Truth Decay is the confluence of factors that are interacting in ways we do not fully understand yet. It is not clear that key drivers like our cognitive biases, polarization, changes in the information space, and the education system’s struggle to respond to this sort of challenge have ever coincided at such intensive and extreme levels as they do now. Russian disinformation and hacking campaigns against the United States and other Western democracies are the most obvious examples of the amplification – and exploitation – of Truth Decay. Garry Kasparov, the chess master and Russian dissident, said about Russian disinformation efforts: “The point of modern propaganda isn’t only to misinform or push an agenda. It is to exhaust your critical thinking … to annihilate truth.”

  • New malware espionage campaign compromises mobile devices around the world

    Cybersecurity experts have uncovered a new malware espionage campaign infecting thousands of people in more than twenty countries. Hundreds of gigabytes of data have been stolen, primarily through mobile devices compromised by fake secure messaging clients. The Trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more. The threat, called Dark Caracal, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors.

  • Interconnected technological risks: Responding to disruptions of cyber-physical systems

    When infectious diseases strike, the World Health Organization acts swiftly, coordinating with the U.S. Centers for Disease Control and Prevention and its foreign counterparts to contain the threat. But there is no equivalent international organization similarly dedicated to identifying and mitigating a cyberattack. The World Economic Forum (WEF), however, is bringing together infrastructure and technology developers, insurers and government officials from across the globe to develop strategies for responding to interconnected technological risks, including those that can cascade when hackers disrupt cyber-physical systems.

  • Tracking and reacting to Russian attacks on democracy

    Last week, a U.S. government report outlined attacks made by Russian President Vladimir Putin on democratic institutions over nearly two decades. The report details the many ways in which the Russian government has combined Soviet-era approaches with today’s technological tools. Princeton’s Jacob Shapiro says: “While not a revelation to people who have been following the issue, the depth and intensity of Russian efforts against America’s allies in Europe are striking and well-documented in the report. While some may argue that turnabout is fair play insofar as the United States and its European allies have been aggressively pushing their vision of governance inside Russia and its allies for decades, those efforts have taken place in the context of institutions that abide by widely accepted legal norms. What is striking about the Russian effort is the extent to which it employed actors and approaches that clearly and routinely transgress Russian, international, and domestic laws in the places they operate. To me, the extralegal nature of Russian influence efforts was just striking.”