The document discusses frameworks for analyzing misinformation from an information security perspective. It begins by describing the problem of misinformation and how it has evolved, then introduces a misinformation-focused version of the ATT&CK framework for mapping misinformation techniques. The framework is populated with historical misinformation examples and analytical approaches. The goal is to establish common languages and methods to better understand, track, and respond to misinformation operations.
Search & Rescue and Missing Persons’ investigations often come to a standstill due to lack of information. How can technology change that? Robert Sell will explore the answer. We will hear how crowdsourced OSINT can be successfully used by emergency services and law enforcement, providing lifesaving information to fill the gaps and bring loved ones back to their families.
Robert Sell, OSINT expert and Founder, Trace Labs
Search & Rescue and Missing Persons’ investigations often come to a standstill due to lack of information. How can technology change that? Robert Sell will explore the answer. We will hear how crowdsourced OSINT can be successfully used by emergency services and law enforcement, providing lifesaving information to fill the gaps and bring loved ones back to their families.
Robert Sell, OSINT expert and Founder, Trace Labs
Sharing is Caring: Medindo a Eficácia de Comunidades de Compartilhamento de T...Alexandre Sieira
O compartilhamento de threat intelligence está subindo na lista de prioridades da maioria das grandes organizações. Muitas áreas de segurança estão sendo cobradas para consumir estas informações sem necessariamente ter processos implementados para usá-las. Junte-se a nós nesta apresentação para uma exploração baseada em dados quantitativos sobre práticas e comunidades de compartilhamento de threat intelligence. Nosso objetivo é demonstrar o que deve ser feito para que o compartilhamento de threat intelligence possa escalar além das barreiras técnicas e de confiança que atualmente atuam como fortes limitadores.
Esta é mais uma apresentação da série Data-Driven Threat Intelligence. Na Mind The Sec do ano passado, apresentamos ferramentas e metodologias que permitiam a análise quantitativa de fontes individuais de threat intelligence, em especial feeds abertos e pagos, além de uma análise crítica em cima dos resultados baseados em um grande conjunto de indicadores coletados por nós. Este ano, o objetivo é estender estas ferramentas e metodologias para medir e analisar a eficácia, benefícios e barreiras associadas ao uso de comunidades de compartilhamento de threat intelligence, que estão proliferando mundialmente em diversas verticais do mercado.
Researching Social Media – Big Data and Social Media AnalysisFarida Vis
Researching Social Media – Big Data and Social Media Analysis, presentation for the Social Media for Researchers: A Sheffield Universities Social Media Symposium, 23 September 2014
Using Chaos to Disentangle an ISIS-Related Twitter NetworkSteve Kramer
Paragon Science used a combination of network analysis, community detection, topic detection, sentiment analysis, and anomaly detection to find key influencers and emotionally charged websites in a ISIS-related Twitter network.
AI and the Researcher: ChatGPT and DALL-E in Scholarly Writing and PublishingErin Owens
The artificial intelligence tool ChatGPT has taken the world by storm, prompting concerns about student plagiarism. But A.I. text and image generators also pose ethical and legal conundrums for scholarly researchers. This session will delve into some of the emerging issues and developments that may affect faculty in scholarly writing and publishing.
Eavesdropping on the Twitter Microblogging SiteShalin Hai-Jew
Research analysts go to Twitter to capture the general trends of public conversations, identify and profile influential accounts, and extract subgroups within larger collectives and larger discourses; they also go to eavesdrop on individual self-talk and individual-to-individual conversations. So what is technically in your tweets, asked Dave Rosenberg famously in a CNET article (2010). The answer: a whole lot more than 140 characters. How are the most influential social media accounts identified through #hashtag graphs? How are themes extracted? How are sentiments understood? How can users be profiled through their Tweetstreams? How can locations be mapped in terms of the Twitter conversations occurring in particular physical areas? How can live and trending issues be identified and categorized in terms of sentiment (positive, negative, and neutral)? This presentation will summarize some of the free and open-source tools as well as commercial and proprietary ones that enable increased knowability.
Sharing is Caring: Medindo a Eficácia de Comunidades de Compartilhamento de T...Alexandre Sieira
O compartilhamento de threat intelligence está subindo na lista de prioridades da maioria das grandes organizações. Muitas áreas de segurança estão sendo cobradas para consumir estas informações sem necessariamente ter processos implementados para usá-las. Junte-se a nós nesta apresentação para uma exploração baseada em dados quantitativos sobre práticas e comunidades de compartilhamento de threat intelligence. Nosso objetivo é demonstrar o que deve ser feito para que o compartilhamento de threat intelligence possa escalar além das barreiras técnicas e de confiança que atualmente atuam como fortes limitadores.
Esta é mais uma apresentação da série Data-Driven Threat Intelligence. Na Mind The Sec do ano passado, apresentamos ferramentas e metodologias que permitiam a análise quantitativa de fontes individuais de threat intelligence, em especial feeds abertos e pagos, além de uma análise crítica em cima dos resultados baseados em um grande conjunto de indicadores coletados por nós. Este ano, o objetivo é estender estas ferramentas e metodologias para medir e analisar a eficácia, benefícios e barreiras associadas ao uso de comunidades de compartilhamento de threat intelligence, que estão proliferando mundialmente em diversas verticais do mercado.
Researching Social Media – Big Data and Social Media AnalysisFarida Vis
Researching Social Media – Big Data and Social Media Analysis, presentation for the Social Media for Researchers: A Sheffield Universities Social Media Symposium, 23 September 2014
Using Chaos to Disentangle an ISIS-Related Twitter NetworkSteve Kramer
Paragon Science used a combination of network analysis, community detection, topic detection, sentiment analysis, and anomaly detection to find key influencers and emotionally charged websites in a ISIS-related Twitter network.
AI and the Researcher: ChatGPT and DALL-E in Scholarly Writing and PublishingErin Owens
The artificial intelligence tool ChatGPT has taken the world by storm, prompting concerns about student plagiarism. But A.I. text and image generators also pose ethical and legal conundrums for scholarly researchers. This session will delve into some of the emerging issues and developments that may affect faculty in scholarly writing and publishing.
Eavesdropping on the Twitter Microblogging SiteShalin Hai-Jew
Research analysts go to Twitter to capture the general trends of public conversations, identify and profile influential accounts, and extract subgroups within larger collectives and larger discourses; they also go to eavesdrop on individual self-talk and individual-to-individual conversations. So what is technically in your tweets, asked Dave Rosenberg famously in a CNET article (2010). The answer: a whole lot more than 140 characters. How are the most influential social media accounts identified through #hashtag graphs? How are themes extracted? How are sentiments understood? How can users be profiled through their Tweetstreams? How can locations be mapped in terms of the Twitter conversations occurring in particular physical areas? How can live and trending issues be identified and categorized in terms of sentiment (positive, negative, and neutral)? This presentation will summarize some of the free and open-source tools as well as commercial and proprietary ones that enable increased knowability.
Hashtag Conversations,Eventgraphs, and User Ego Neighborhoods: Extracting So...Shalin Hai-Jew
This introduces methods for extracting and analyzing social network data from Twitter for hashtag conversations (and emergent events), event graphs, search networks, and user ego neighborhoods (using NodeXL). There will be direct demonstrations and discussions of how to analyze social network graphs. This information may be extended with human- and / or machine-based sentiment analysis.
Data Science: Origins, Methods, Challenges and the future?Cagatay Turkay
Slides for my talk at City Unrulyversity on 18.03.15 in London. Discuss the term Data Science, touch upon the origins and the data scientist types. A longer discussion on the Data Science process and challenges analysts face.
And here is the abstract of the talk:
Data Science ... the term is everywhere now, on the news, recruitment sites, technology boards. "Data scientist" is even named to be sexiest job title of the century. But what is it, really? Is it just a hype or a term that will be with us for some time?
This session will investigate where the term is originating from and how it relates to decades of research in established fields such as statistics, data mining, visualisation and machine learning. We will investigate how the field is evolving with the emergence of large, heterogeneous data resources. We will discuss the objectives, tools and challenges of data science as a practice, and look at examples from research and industrial applications.
Practical Influence Operations, presentation at Sofwerx Dec 2018bodaceacat
Presentation on practical responses to misinformation as part of hybrid warfare, including the use of infosec frameworks to frame attacks and responses.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
4. SOCIAL ENGINEERING AT SCALE
Facebook Group Shares Interactions
Blacktivists 103,767,792 6,182,835
Txrebels 102,950,151 3,453,143
MuslimAmerica 71,355,895 2,128,875
Patriototus 51,139,860 4,438,745
Secured.Borders 5,600,136 1,592,771
Lgbtun 5,187,494 1,262,386
5. INTENT TO DECEIVE
Force adversary to make decision or take action based on information that I:
• Hide
• Give
• Change (or change the context on)
• Deny/degrade
• Destroy
Enable my decisions based upon knowing yours
“Operations to convey selected information and indicators to audiences to
influence their emotions, motives, and objectives reasoning, and ultimately the
behavior of governments, organizations, groups, and individuals”
9. INSTRUMENTS OF NATIONAL POWER
…and how to influence other nation-states.
Diplomatic Informational Military Economic
Resources available in pursuit of national objectives…
10. NATIONSTATE MISINFORMATION
From To
Brazil Brazil
China China, Taiwan, US
Iran India, Pakistan
Russia Armenia, France, Germany, Netherlands, Philippines,
Serbia, UK, USA, Ukraine, World
Saudi Qatar
Unknown France, Germany, USA
20. ADDING MISINFORMATION TO INFOSEC
“Prevention of damage to, protection of, and restoration of computers,
electronic communications systems, electronic communications services, wire
communication, and electronic communication, including information contained
therein, to ensure its availability, integrity, authentication, confidentiality, and
nonrepudiation” - NSPD-54
24. THERE’S NO COMMON LANGUAGE
“We use misinformation attack (and misinformation campaign) to refer to the
deliberate promotion of false, misleading or mis-attributed information. Whilst
these attacks occur in many venues (print, radio, etc), we focus on the creation,
propagation and consumption of misinformation online. We are especially
interested in misinformation designed to change beliefs in a large number of
people.”
30. AND STARTED MAPPING MISINFORMATION ONTO IT
Initial
Access
Create
Artefacts
Insert
Theme
Amplify
Message
Command
And Control
Account takeover Steal existing
artefacts
Create fake
emergency
Repeat messaging
with bots
Create fake real-life
events
Create fake group Deepfake Create fake argument
Parody account Buy friends
Deep cover
31. POPULATING THE FRAMEWORK
• Campaigns
• e.g. Internet Research Agency, 2016 US elections
• Incidents
• e.g. Columbia Chemicals
• Failed attempts
• e.g. Russia - France campaigns
33. HISTORICAL CATALOG: DATASHEET
• Summary: Early Russian (IRA) “fake news”
stories. Completely fabricated; very short lifespan.
• Actor: probably IRA (source: recordedfuture)
• Timeframe: Sept 11 2014 (1 day)
• Presumed goals: test deployment
• Artefacts: text messages, images, video
• Related attacks: These were all well-produced
fake news stories, promoted on Twitter to
influencers through a single dominant hashtag --
#BPoilspilltsunami, #shockingmurderinatlanta,
• Method:
1. Create messages. e.g. “A powerful explosion heard from
miles away happened at a chemical plant in Centerville,
Louisiana #ColumbianChemicals”
2. Post messages from fake twitter accounts; include handles
of local and global influencers (journalists, media,
politicians, e.g. @senjeffmerkley)
3. Amplify, by repeating messages on twitter via fake twitter
accounts
• Result: limited traction
• Counters: None seen. Fake stories were debunked very
quickly.
34. FEEDS INTO TECHNIQUES LIST
• Behavior: two groups meeting in same place at
same time
• Intended effect: IRL tension / conflict
• Requirements: access to groups, group trust
• Detection:
• Handling:
• Examples:
Title
Description
Short_Description
Intended_Effect
Behavior
Resources
Victim_Targeting
Exploit_Targets
Related_TTPs
Kill_chain_Phases
Information_Source
Klil_Chains
Handling
37. INCIDENT ANALYSIS
Top-down (strategic): info ops
❏ What are misinformation creators
likely to do? What, where, when,
how, who, why?
❏ What do we expect to see?
❏ What responses and impediments
to responses were there?
Bottom-up (tactical): data science
❏Unusual hashtag, trend, topic,
platform activity?
❏Content from ‘known’ trollbots,
8/4chan, r/thedonald,
RussiaToday etc
❏What are trackers getting excited
about today?
40. DISTORTION TECHNIQUES
• Distort facts: match intended outcome
• Exaggerate: rhetoric & misrepresent facts
• Generate: realistic false artifacts
• Mismatch: links, images, and claims to
change context of information
41. DISTRACTION TECHNIQUES
• String along: respond to anyone who engages to
waste time
• Play dumb: pretend to be naive, gullible, stupid
• Redirect: draw engagement to your thread
• Dilute: add other accounts to dilute threads
• Threadjack: change narrative in existing thread
42. DIVISION TECHNIQUES
• Provoke: create conflicts and confusion among community
members
• Dehumanize: demean and denigrate target group
• Hate speech: attack protected characteristics or classes
• Play victim: claim victim status
• Dog-whistle: use coded language to indicate insider status
• Hit and run: attack and delete after short time interval
• Call to arms: make open calls for action
43. DISMAY TECHNIQUES
• Ad hominem: make personal attacks, insults
& accusations
• Assign threats: name and personalize enemy
• Good old-fashioned tradecraft
44. DISMISSAL TECHNIQUES
• Last word: respond to hostile commenters
then block them so they can’t reply
• Brigading: coordinate mass attacks or
reporting of targeted accounts or tweets
• Shit list: add target account(s) to insultingly
named list(s)
57. COMPONENTWISE UNDERSTANDING AND RESPONSE
• Lingua Franca across communities
• Defend/countermove against reused techniques, identify gaps in attacks
• Assess defence tools & techniques
• Plan for large-scale adaptive threats (hello, Machine Learning!)
• Build an alert structure (e.g. ISAC, US-CERT, Interpol)
63. THANK YOU
Sara “SJ” Terp
Bodacea Light Industries
sarajterp@gmail.com
@bodaceacat
CDR Pablo C. Breuer
U.S. Special Operations Command / SOFWERX
Pablo.Breuer@sofwerx.org
@Ngree_H0bit
64. Community
• Parody-based counter-campaigns (e.g. riffs on “Q”)
• SEO-hack misinformation sites
• Dogpile onto misinformation hashtags
• Divert followers (typosquat trolls, spoof messaging etc)
• Identify and engage with affected individuals
• Educate, verify, bring into the light
64
65. Offense: Potentials for Next
• Algorithms + humans attack algorithms + humans
• Shift from trolls to ‘nudging’ existing human communities
(‘useful idiots’)
• Subtle attacks, e.g. ’low-and-slows’, ‘pop-up’, etc
• Massively multi-channel attacks
• More commercial targets
• A well-established part of hybrid warfare
65
66. Defence: Potential for next
• Strategic and tactical collaboration
• Trusted third-party sharing on fake news sites / botnets
• Misinformation version of ATT&CK, SANS20 frameworks
• Algorithms + humans counter algorithms + humans
• Thinking the unthinkable
• “Countermeasures and self-defense actions”
66