In one look.
- Gangs, inspiration and fraud.
- Ransomware adopts familiar amplification techniques from information operations.
- American elections outside the year are conducted without significant disinformation.
Fraud, sure, maybe, but does it matter?
It is difficult to identify criminal groups. They change, they’re Protean, they’re called Legion, and they’re liars like their proverbial father. Take Groove, which appeared in online forums with some flash on October 22, when a nominal spokesperson called out their “business brethren” for attacks on the real enemy, essentially the United States. “Stop competing, unite and start destroying the US public sector,” the statement urged.
The spokesperson or the spokespersons who call themselves the hack names “boriselcin” and “Orange”, now say that it is all a blunder, a blow to show the stupidity and the credulity of the media. Groove, Flashpoint security company reports now says his call for attacks on the United States was simply designed to embarrass Western media. Plus, Groove adds, there isn’t himself anyway. Groove, his blog says, is just a one-person operation, that the gang, as a gang, doesn’t really exist, and all of the thinking was just an attempt to see “s ‘it was possible to manipulate the Western media through a ransomware blog.
Of course, maybe. But in either case, cybercriminal gangs move, fracture, combine, and rebrand often. And, sham or not, the call to destroy the American public sector was howling that would be heard by various wolves, known, lonely, or unknown, so the distinction Mr. Orange makes may be irrelevant. What is said in a criminal forum, especially in the form of inspiration, may as well be taken at face value.
Security firm Intel 471 told the Washington Post, “While it’s possible that only one player concocted Groove as a way to troll security researchers and the media, we think it’s more likely that the attempt for the actor to create his own ransomware group did not work. as they expected. It is also important to remember that the true identity and nature of any Ransomware-as-a-Service gang is not always clear, and the makeup of the members or affiliates of these gangs can be fluid.
Emsisoft’s judgment is even more severe. Anti-ransomware specialists told Post, “There is no reason to believe that [ransomware hackers] always tell the truth about anything. The default assumption should be that they are lying or, at best, just telling the parts of the story that they want to make public.
And the individuation of criminal and other inauthentic groups is inherently hazardous until you can identify the physical people behind the keyboards. It’s not as if a gang is establishing itself by incorporating in Delaware and choosing a board of directors.
Ransomware goes to the school of information operations.
Ransomware gangs continue to evolve their tactics. The daily beast reports that the Grievance Gang has sought to increase pressure on the National Rifle Association, recently one of the gang’s victims, by amplifying the threat of leaks with an army of Twitter bots created in August and September.
Bots have the usual characteristics of inauthentic accounts. They appeared around the same time, they are neither following nor being followed by anyone, and they are focused on retweeting information about compromised NRA accounts. And, of course, much of their publication is written in what the Beast calls “stilted” English, which we consider a dialect of Shadowbrokerese, that mundane criminal lingua franca.
This is a technique familiar to the information operator, and in this case it appears to be applied for criminal purposes, although an undeclared political motive may also be present. Some of the robot trolls also tweet about gun violence and the alt-right, suggesting possible interest in a general disturbance. Still, it seems like an effort to make the victim’s seat even hotter.
Disinformation on election day and CISA countermeasures.
With Election Day this week for over thirty U.S. states, Dark Reading reports That the Cybersecurity and Infrastructure Security Agency (CISA) organize an Election Awareness Room to foster collaboration between federal officials, state and local election administrators, private sector electoral partners and political organizations. The hope is that by opening up channels of communication, officials can better help voters avoid misinformation, misinformation and misinformation. In an official CISA email, the agency specified the following sources for reliable information:
- a election disinformation toolkit: Created to support election officials with a suite of infographics designed to ‘pre-mask’ misinformation
- A rumor control site: clarifies which details are rumors and which are reality regarding electoral processes
- The Resilience series: a series of graphic novels created by CISA drawing attention to the dangers of spreading false information on the Web
The rumor control site is traditional in form and familiar in content. One wonders how convincing it will prove to its audience. This audience is clearly not the hard core of the left or right conspiracy, but rather appears to be the undecided voter who continues to have great faith in official sources. Those who are well informed about conspiracy theories will not be more convinced by this effort to control rumors than a ufologist will buy the former US Air Force Project Bluebook. When designing future rumor control efforts, a more in-depth examination of the public and persuasive rhetoric might prove useful.