BSidesLV 2018 talk: social engineering at scale, a community guide
•Download as PPTX, PDF•
1 like•359 views
A guide for communities on what misinformation is, where it's coming from, and what you can do about it
Recommended
More Related Content
What's hot
What's hot (11)
Similar to BSidesLV 2018 talk: social engineering at scale, a community guide
Similar to BSidesLV 2018 talk: social engineering at scale, a community guide (20)
More from Sara-Jayne Terp
More from Sara-Jayne Terp (20)
Recently uploaded
Recently uploaded (20)
BSidesLV 2018 talk: social engineering at scale, a community guide
- 1. Social Engineering at Scale (A Community Guide) SJ Terp BSidesLV 2018
- 4. Social Engineering 4 “psychological manipulation of people into performing actions or divulging confidential information”
- 5. Scale Facebook group total_shares interactions Facebook.com/Blacktivists 103,767,792 6,182,835 Facebook.com/Txrebels 102,950,151 3,453,143 Facebook.Com/MuslimAmerica 71,355,895 2,128,875 Facebook.Com/Patriototus 51,139,860 4,438,745 Facebook.Com/Secured.Borders 5,600,136 1,592,771 Facebook.Com/Lgtbun 5,187,494 1,262,386 5
- 9. Communities: Diverted Crisis Efforts 9
- 10. Democracies: QAnon Campaigns 10 “Action: continuous barrage of memes. All SM platforms Hashtags: #HRCvideo #releasethevideo #maga #QAnon Use top trending hashtags along with your posts. Share and retweet as much as possible”
- 11. HOW BIG IS THIS? 11
- 14. Targetting All Social Sites 14
- 16. WHO AND WHY? 16
- 17. 17
- 18. 18
- 19. 19
- 20. 20
- 21. What do they want? 21
- 22. Collect Data 22
- 23. Sources 23
- 24. Artifacts: Content 24 ● Co-occurring hashtags ● Correlated text ● URLs
- 25. Artifacts: Context 25 ● Known botnets/trolls ● Previous rumours ● friends/followers ● retweets/likes ● Metadata (e.g. DNS)
- 26. Stories 26
- 27. Money 27
- 28. Fight Back 28
- 29. Report 29 “Twitter (reportedly) suspended over 70 million accounts” “Facebook created a human crisis team after algorithms failed it”
- 31. Block 31
- 32. Engage 32
- 33. Repair 33
- 35. Typical Plans 35 2018 Canadian Elections - Monitoring (at the moment) 2018 US Midterms - Monitoring and coordinating groups
- 36. Manage Risk 36
- 37. Coordinate with Other Teams 37
- 38. TAKEAWAYS 38
- 39. Your Opponents 39 ● Trolls, botnets, advertisements ● Attention, power, money, confusion
- 40. Your Defences 40 ● Monitoring ● Response: platforms, adtech, elves, politicians
- 41. More Information 41 ● https://misinfocon.com/ ● https://github.com/bodacea/misinfolinks ● @bodaceacat Thanks to @Straithe!
Editor's Notes
- I’m Sara, a data scientist with a small hacking habit, and for the past two years my side project has been working on ways to counter large-scale online misinformation. I work on platforms, with journalists and other affected communities, but this talk is about what you as a community member could do.
- Social engineering: Scale Misinformation Community response
- Misinformation is deliberately false information. One example is the “fake news” sites above, containing misinformation that’s used to gain advertising money, with clickbait tweets that bring people to them. Some of these currently contain the typical aliens and healthcure material, but many are political and trading on strong emotions like fear and useful divisions in society. Image: screenshot of http://www.sawthis.one/ 2018-07-08
- “A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.” Source: wikipedia
- Online misinformation is huge. A few hundred trolls and thousands of bots can affect millions of people at a time. This is the scale that nationstate-run groups and pages, dedicated to creating division and confusion, typically work at. Here are some of the Russian-owned Facebook groups shown to Congress: these high volumes of shares and interactions might include a lot of botnet activity, but are still not insignificant. [Add grid: scale (individual to nationstate) vs stages (use stages from cansec talk)]
- Large-scale misinformation is often planned or around events like elections. The bad guys use deployments; the good guys can too. And it helps to plan the inputs, resources and outputs for these (e.g. monitoring, team, pushbacks). Here’s part of a misinformation deployment guide we’ve been working on.
- Misinformation is also moving from online to offline. Several times now, misinformation actors have sent invites to opposing groups to demonstrate at the same time in the same place. https://twitter.com/JuliaDavisNews/status/994704834577215495 https://twitter.com/donie/status/957246815056908288
- Misinformation is information that’s deliberately false (actually that’s disinformation, but “misinformation” as a term won). The smallest form of online misinformation is ‘joke’ viral content, for example in every disaster there’s someone who puts up an image of a shark in the street. Image: http://www.politifact.com/truth-o-meter/statements/2017/aug/28/blog-posting/there-are-no-sharks-swimming-streets-houston-or-an/ and pretty much any major US disaster
- And then, if you look, you can find organising pages for campaigns. Here are two Qanon “meme war organising page”. Qanon is a major group, but is just one of many. Note that this is from March/April, and has a specific date on it, targetting a specific event.
- Familiarity backfire effect Memory traces Emotions = stronger traces Here are some common brain vulnerabilities. My favourites are the familiarity backfire effect, where if you repeat a message with a negative in it, people remember the message without the negative, and that when people read, they take false information in as true before rejecting it - and in that fraction of a second, build other assertions off the false information, even if they *know* the original information is false.
- This is targetting groups. This is one of the congress adverts set
- This stuff is everywhere online: the expected places (FB, twitter, reddit, eventbrite, medium etc) but also comment streams, payment and event sites.
- 100 good bots = long game; 10000 ba ones = short but effective You can also use other advertising techniques, and things like that familiarity backfire. Botnets are very useful for this, and very cheap, at about $150 for a difficult-to-find “aged” set, to a few dollars per thousand for Russian recent bots. Buy the bots, use any of the handy online guides to set them up messaging or retweeting etc, or use some simple pattern matching or AI to make them harder to find.
- So here are major reasons for using misinformation: money, political confusion, attention, political power. The ways to get those include advertising dollars, dividing communities, getting visibility and actions (eyeballs, clicks, retweets, votes), and adjusting online conversations. Dollar from https://www.publicdomainpictures.net/en/view-image.php?image=33435&picture=dollar-sign Baltic states image; https://www.theguardian.com/world/2014/jun/09/-sp-profiles-post-soviet-states
- One big weakness for attackers is that they have to tell you about themselves. They leave a lot of “artefacts” - ways to find them. botsentinal.com
- Here are some of them, including hashtags, URLs, adverts. A simple media search with twitter, tweetdeck etc will find a lot of these. On the right are the artifacts tracked as part of the Canadian elections. [DO: make a readable list from the RH content]
- Here are some of them, including hashtags, URLs, adverts. A simple media search with twitter, tweetdeck etc will find a lot of these. On the right are the artifacts tracked as part of the Canadian elections. [DO: make a readable list from the RH content]
- There’s also a lot of content in fact check sites(Snopes etc); if you have the resources, then it’s also possible to pay someone to go look at an area being discussed. Sometimes misinformation propagation is more subtle. These are a good place to look for that too.
- You *can* report to platforms. So far this has been pretty underwhelming, but if we did it at scale, it could be interesting. What would be good in an ideal system includes: Realtime botnet removal Realtime troll dampening Etc But that’s not where we are, so here’s some others.
- Two things: advertising works by putting adverts into slots on pages. We can track unlabelled political ads, we can see the fakenews pages and pages associated with them, and we can see botnets going to pages to drive up their ad revenue. For communities, you can report ads on fake pages to brands.
- And as an individual, there are still things you can do. One of these is to work with other people to block misinformation sources and channels. Many anti-harassment apps can be repurposed for this.
- My favourite communities are the Lithuanian elves. Formed as an anonymous online group. They fight back every day against Russian misinformation, using a combination of humour and facts. It seems to be working. OTher cool things to do include overwhelming misinformation hashtags with other content, and hacking search terms to make disambiguation pages appear above misinformation sites. Another group that’s got some traction is VOST (Virtual Operation Support Team), a team that supports responders in disasters: VOST Panama also used humour and “fake stamps” to counter misinformation, and helped me run a deployment on this during Hurricane Irma (when people also reported misinformation to Fema and Buzzfeed).
- You can also help in rebuilding damaged communities: this is The Commons Project, that uses a combination of bots, humans and peace techniques for this.
- You need to plan. Goals (find and disrupt misinformation attacks), timings (important dates), resources etc. Important in this is an end date: burnout is a real thing.
- Your biggest issues are doxxing and PTSD. And speaking of burnout, your team will be dealing with difficult material around things they care about, probably working long hours on it. Look after them: virtual PTSD is a thing; avoid it.
- And if we’re sharing, we need ways to do that with less friction. Which is how I ended up on yet another data standards committee, working on misinformation indicators and how to share them.
- So here we are. This is what you have. And here’s where to find more. @bodaceacat - that’s me.
- So here we are. This is what you have. And here’s where to find more. @bodaceacat - that’s me.
- So here we are. This is what you have. And here’s where to find more. @bodaceacat - that’s me.