SlideShare una empresa de Scribd logo

Tooling Up for Cognitive Security

bodaceacat
bodaceacat

Presentation "Misinfosec: tooling up for cognitive security", given at Disclosure 2019

Tecnología
1 de 28
Descargar para leer sin conexión
Misinfosec: Tooling up for Cognitive Security SARA “SJ” TERP Disclosure, November 5th 2019 !1
MIS / DISINFORMATION deliberate promotion… of false, misleading or mis-attributed information focus on creation, propagation, consumption of misinformation online We are especially interested in misinformation designed to change beliefs in a large number of people !2
EVOLUTION OF INFORMATION 3
4 EVOLUTION OF INFORMATION
WESTPHALIAN SOVEREIGNTY Each nation has sovereignty over its own territory and domestic affairs Principal of non-interference in another country’s domestic affairs Each state is equal under international law 5
NATIONAL INSTRUMENTS OF INFLUENCE …and how to influence other nation-states. Diplomatic Informational Military Economic Resources available in pursuit of national objectives… 6
BUSINESS INSTRUMENTS OF INFLUENCE Business Deals & Strategic Partnerships PR and Advertising Mergers and Acquisitions R&D and Capital Investments 7 Resources available in pursuit of corporate objectives…
INFORMATION THREATS Democracy • Require common political knowledge • Who the rulers are • Legitimacy of the rulers • How government works • Draw on contested political knowledge to solve problems • Vulnerable to attacks on common political knowledge Autocracy • Actively suppress common political knowledge • Benefit from contested political knowledge • Vulnerable to attacks on the monopoly of common political knowledge 8
MOST CYBERSPACE OPERATIONS ARE BASED ON INFLUENCE Force an adversary to make a decision or take an action based on: • Information I hide • Information I give • Information I change • Information I deny/degrade • Information I destroy Enable my decisions based upon knowing yours “Operations to convey selected information and indicators to audiences to influence their emotions, motives, and objectives reasoning, and ultimately the behavior of governments, organizations, groups, and individuals” 9
THE NEED The only defense against the world is a thorough knowledge of it. - John Locke 10
COMBINING DIFFERENT VIEWS OF DISINFORMATION • Information security (Gordon, Grugq, Rogers) • Information operations / influence operations (Lin) • A form of conflict (Singer, Gerasimov) • [A social problem] • [News source pollution] !11
MISINFOSEC COMMUNITIES ● Industry ● Academia ● Media ● Community ● Government ● Infosec !12
COMPONENTWISE UNDERSTANDING AND RESPONSE • Lingua Franca across communities
 • Defend/countermove against reused techniques, identify gaps in attacks
 • Assess defence tools & techniques
 • Plan for large-scale adaptive threats (hello, Machine Learning!) !13
DOING IT AT SCALE • Computational power • Speed of analysis • Lack of framework • Systems theory and emergence of characteristics • Cognitive friction • Cognitive dissonance https://www.visualcapitalist.com/wp-content/uploads/2018/05/ internet-minute-share2.jpg 14
CONNECTING MISINFORMATION ‘LAYERS’ !15 Campaigns Incidents Narratives Artifacts attacker defender
WHAT WE BUILT All warfare is based on deception. - Sun Tzu All cyberspace operations are based on influence. - Pablo Breuer 16
STAGE-BASED MODELS ARE USEFUL RECON WEAPONIZE DELIVER EXPLOIT CONTROL EXECUTE MAINTAIN Persistence Privilege 
 Escalation Defense 
 Evasion Credential 
 Access Discovery Lateral
 Movement Execution Collection Exfiltration Command
 and Control !17
WE EXTENDED THE ATT&CK FRAMEWORK !18
POPULATING THE FRAMEWORK: HISTORICAL ANALYSIS • Campaigns • e.g. Internet Research Agency, 2016 US elections • Incidents • e.g. Columbia Chemicals • Failed attempts • e.g. Russia - France campaigns !19
HISTORICAL CATALOG: DATASHEET • Summary: Early Russian (IRA) “fake news” stories. Completely fabricated; very short lifespan. 
 • Actor: probably IRA (source: recordedfuture) 
 • Timeframe: Sept 11 2014 (1 day) 
 • Presumed goals: test deployment 
 • Artefacts: text messages, images, video 
 • Related attacks: These were all well-produced fake news stories, promoted on Twitter to influencers through a single dominant hashtag -- #BPoilspilltsunami, #shockingmurderinatlanta, 
 • Method: 1. Create messages. e.g. “A powerful explosion heard from miles away happened at a chemical plant in Centerville, Louisiana #ColumbianChemicals” 2. Post messages from fake twitter accounts; include handles of local and global influencers (journalists, media, politicians, e.g. @senjeffmerkley) 3. Amplify, by repeating messages on twitter via fake twitter accounts 
 • Result: limited traction 
 • Counters: None seen. Fake stories were debunked very quickly. !20
TECHNIQUES !21
FRAMEWORK (AMITT) !22
TACTIC STAGES (AND PHASES) Planning Strategic Planning Objective Planning Preparation Develop People Develop Networks Microtargeting Develop Content Channel Selection Execution Pump Priming Exposure Go Physical Persistence Evaluation Measure Effectiveness !23
STIX AMITT Misinformation STIX Description Level Infosec STIX Report communication to other responders Communication Report Campaign Longer attacks (Russia’s interference in the 2016 US elections is a “campaign”) Strategy Campaign Incident Shorter-duration attacks, often part of a campaign Strategy Intrusion Set Course of Action Response Strategy Course of Action Identity Actor (individual, group, organisation etc): creator, responder, target, useful idiot etc. Strategy Identity Threat actor Incident creator Strategy Threat Actor Attack pattern Technique used in incident (see framework for examples) TTP Attack pattern Narrative Malicious narrative (story, meme) TTP Malware Tool bot software, APIs, marketing tools TTP Tool Observed Data artefacts like messages, user accounts, etc Artefact Observed Data Indicator posting rates, follow rates etc Artefact Indicator Vulnerability Cognitive biases, community structural weakness etc Vulnerability Vulnerability !24
STIX GRAPHS (THANKS, STIG!) !25
INTELLIGENCE SHARING AND COORDINATION !26
NEXT: MITIGATIONS AND COUNTERS !27
NEXT NEXTS • Continue to grow the coalition of the willing • Support the Cognitive Security ISAO • Continue to build an alert structure (ISAC, US-CERT, Interpol, Industry, etc.) • Continue to refine TTPs and framework • More mitigations and counters • STIX-based data science • AMITT updates at misinfosec.org !28

Recomendados

Chapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplinesChapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplinesDoing What I Do
 
Information Warfare
Information WarfareInformation Warfare
Information Warfaredibyendupaul
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfareshifahirani
 
Chapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whomChapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whomDoing What I Do
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect usLuis Borges Gouveia
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
 
Information Warfare
Information WarfareInformation Warfare
Information WarfareDibyendu Paul
 
2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_secSara-Jayne Terp
 

Recomendados

Chapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplinesChapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplinesDoing What I Do
 
Information Warfare
Information WarfareInformation Warfare
Information Warfaredibyendupaul
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfareshifahirani
 
Chapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whomChapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whomDoing What I Do
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect usLuis Borges Gouveia
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
 
Information Warfare
Information WarfareInformation Warfare
Information WarfareDibyendu Paul
 
2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_secSara-Jayne Terp
 
Chapter 6 analysis
Chapter 6 analysisChapter 6 analysis
Chapter 6 analysisDoing What I Do
 
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGUNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGLillian Ekwosi-Egbulem
 
Socialmediapublicsavety
SocialmediapublicsavetySocialmediapublicsavety
SocialmediapublicsavetyFrank Smilda
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1Doing What I Do
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeleySara-Jayne Terp
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operationsClifford Stone
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
Risk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageRisk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageSara-Jayne Terp
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radarSaraJayneTerp
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umarylandSara-Jayne Terp
 
Kenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warMarioEliseo3
 
Counterintelligence
CounterintelligenceCounterintelligence
Counterintelligencekelsports
 
Terror And Technology
Terror And TechnologyTerror And Technology
Terror And Technologypradhansushil
 
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...Sara-Jayne Terp
 
Vol7no2 ball
Vol7no2 ballVol7no2 ball
Vol7no2 ballMarioEliseo3
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopoliticstnwac
 
2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformationSaraJayneTerp
 
About cyber war
About cyber warAbout cyber war
About cyber wareugenvaleriu
 
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE - ATT&CKcon
 
Targeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts areTargeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts arearchiejones4
 

Más contenido relacionado

La actualidad más candente

UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGUNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGLillian Ekwosi-Egbulem
 
Socialmediapublicsavety
SocialmediapublicsavetySocialmediapublicsavety
SocialmediapublicsavetyFrank Smilda
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1Doing What I Do
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeleySara-Jayne Terp
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operationsClifford Stone
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
Risk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageRisk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageSara-Jayne Terp
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radarSaraJayneTerp
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umarylandSara-Jayne Terp
 
Kenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warMarioEliseo3
 
Counterintelligence
CounterintelligenceCounterintelligence
Counterintelligencekelsports
 
Terror And Technology
Terror And TechnologyTerror And Technology
Terror And Technologypradhansushil
 
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...Sara-Jayne Terp
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopoliticstnwac
 
2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformationSaraJayneTerp
 

La actualidad más candente (20)

Chapter 6 analysis
Chapter 6 analysisChapter 6 analysis
Chapter 6 analysis
 
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGUNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
 
Socialmediapublicsavety
SocialmediapublicsavetySocialmediapublicsavety
Socialmediapublicsavety
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy
 
Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1Chapter 10 oversight and accountability 1
Chapter 10 oversight and accountability 1
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operations
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...
 
Risk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageRisk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of age
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radar
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
 
Kenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-war
 
Counterintelligence
CounterintelligenceCounterintelligence
Counterintelligence
 
Terror And Technology
Terror And TechnologyTerror And Technology
Terror And Technology
 
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
2021 IWC presentation: Risk, SOCs and Mitigations: Cognitive Security is Comi...
 
Vol7no2 ball
Vol7no2 ballVol7no2 ball
Vol7no2 ball
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
 
2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation2021 12 nyu-the_business_of_disinformation
2021 12 nyu-the_business_of_disinformation
 
About cyber war
About cyber warAbout cyber war
About cyber war
 

Similar a Tooling Up for Cognitive Security

MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE - ATT&CKcon
 
Targeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts areTargeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts arearchiejones4
 
Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other thingsSara-Jayne Terp
 
ASIS NYC InT Presentation
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT PresentationDaniel McGarvey
 
WG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdfWG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdfSaraJayneTerp
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
 
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Maurice Dawson
 
MASINT and Global War on Terror
MASINT and Global War on TerrorMASINT and Global War on Terror
MASINT and Global War on TerrorTpeisi Nesby
 
Disinformation post report-eng
Disinformation post report-engDisinformation post report-eng
Disinformation post report-engarchiejones4
 
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionTeam Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionStanford University
 
2.7 workshop-on-intelligence-Steele on future
2.7 workshop-on-intelligence-Steele on future2.7 workshop-on-intelligence-Steele on future
2.7 workshop-on-intelligence-Steele on futureRobert David Steele Vivas
 
The Social Takeover
The Social TakeoverThe Social Takeover
The Social TakeoverZeroFOX
 
Cracking the Code of Emerging Social Media Communications
Cracking the Code of Emerging Social Media CommunicationsCracking the Code of Emerging Social Media Communications
Cracking the Code of Emerging Social Media CommunicationsScott Rickard
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
William Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docxWilliam Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docxambersalomon88660
 

Similar a Tooling Up for Cognitive Security (20)

MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
 
Targeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts areTargeted disinformation warfare how and why foreign efforts are
Targeted disinformation warfare how and why foreign efforts are
 
Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other things
 
2013 workshop-on-intelligence
2013 workshop-on-intelligence2013 workshop-on-intelligence
2013 workshop-on-intelligence
 
ASIS NYC InT Presentation
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT Presentation
 
WG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdfWG-misinfosec report out to CredCo.pdf
WG-misinfosec report out to CredCo.pdf
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...
 
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
 
MASINT and Global War on Terror
MASINT and Global War on TerrorMASINT and Global War on Terror
MASINT and Global War on Terror
 
Disinformation post report-eng
Disinformation post report-engDisinformation post report-eng
Disinformation post report-eng
 
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionTeam Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
 
2.7 workshop-on-intelligence-Steele on future
2.7 workshop-on-intelligence-Steele on future2.7 workshop-on-intelligence-Steele on future
2.7 workshop-on-intelligence-Steele on future
 
Facebook
FacebookFacebook
Facebook
 
The Social Takeover
The Social TakeoverThe Social Takeover
The Social Takeover
 
2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosure
 
Cracking the Code of Emerging Social Media Communications
Cracking the Code of Emerging Social Media CommunicationsCracking the Code of Emerging Social Media Communications
Cracking the Code of Emerging Social Media Communications
 
E2112733
E2112733E2112733
E2112733
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
William Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docxWilliam Strong1. Explain what is meant by the collaborations bet.docx
William Strong1. Explain what is meant by the collaborations bet.docx
 

Más de bodaceacat

CansecWest2019: Infosec Frameworks for Misinformation
CansecWest2019: Infosec Frameworks for MisinformationCansecWest2019: Infosec Frameworks for Misinformation
CansecWest2019: Infosec Frameworks for Misinformationbodaceacat
 
Terp breuer misinfosecframeworks_cansecwest2019
Terp breuer misinfosecframeworks_cansecwest2019Terp breuer misinfosecframeworks_cansecwest2019
Terp breuer misinfosecframeworks_cansecwest2019bodaceacat
 
Misinfosec frameworks Cansecwest 2019
Misinfosec frameworks Cansecwest 2019Misinfosec frameworks Cansecwest 2019
Misinfosec frameworks Cansecwest 2019bodaceacat
 
Sjterp ds_of_misinfo_feb_2019
Sjterp ds_of_misinfo_feb_2019Sjterp ds_of_misinfo_feb_2019
Sjterp ds_of_misinfo_feb_2019bodaceacat
 
Practical Influence Operations, presentation at Sofwerx Dec 2018
Practical Influence Operations, presentation at Sofwerx Dec 2018Practical Influence Operations, presentation at Sofwerx Dec 2018
Practical Influence Operations, presentation at Sofwerx Dec 2018bodaceacat
 
Session 10 handling bigger data
Session 10 handling bigger dataSession 10 handling bigger data
Session 10 handling bigger databodaceacat
 
Session 09 learning relationships.pptx
Session 09 learning relationships.pptxSession 09 learning relationships.pptx
Session 09 learning relationships.pptxbodaceacat
 
Session 08 geospatial data
Session 08 geospatial dataSession 08 geospatial data
Session 08 geospatial databodaceacat
 
Session 07 text data.pptx
Session 07 text data.pptxSession 07 text data.pptx
Session 07 text data.pptxbodaceacat
 
Session 06 machine learning.pptx
Session 06 machine learning.pptxSession 06 machine learning.pptx
Session 06 machine learning.pptxbodaceacat
 
Session 05 cleaning and exploring
Session 05 cleaning and exploringSession 05 cleaning and exploring
Session 05 cleaning and exploringbodaceacat
 
Session 04 communicating results
Session 04 communicating resultsSession 04 communicating results
Session 04 communicating resultsbodaceacat
 
Session 03 acquiring data
Session 03 acquiring dataSession 03 acquiring data
Session 03 acquiring databodaceacat
 
Session 02 python basics
Session 02 python basicsSession 02 python basics
Session 02 python basicsbodaceacat
 
Session 01 designing and scoping a data science project
Session 01 designing and scoping a data science projectSession 01 designing and scoping a data science project
Session 01 designing and scoping a data science projectbodaceacat
 
Gp technologybuilds july2011
Gp technologybuilds july2011Gp technologybuilds july2011
Gp technologybuilds july2011bodaceacat
 
Gp technologybuilds july2011
Gp technologybuilds july2011Gp technologybuilds july2011
Gp technologybuilds july2011bodaceacat
 
Ardrone represent
Ardrone representArdrone represent
Ardrone representbodaceacat
 
Global pulse app connection manager
Global pulse app connection managerGlobal pulse app connection manager
Global pulse app connection managerbodaceacat
 
Un Pulse Camp - Humanitarian Innovation
Un Pulse Camp - Humanitarian InnovationUn Pulse Camp - Humanitarian Innovation
Un Pulse Camp - Humanitarian Innovationbodaceacat
 

Más de bodaceacat (20)

CansecWest2019: Infosec Frameworks for Misinformation
CansecWest2019: Infosec Frameworks for MisinformationCansecWest2019: Infosec Frameworks for Misinformation
CansecWest2019: Infosec Frameworks for Misinformation
 
Terp breuer misinfosecframeworks_cansecwest2019
Terp breuer misinfosecframeworks_cansecwest2019Terp breuer misinfosecframeworks_cansecwest2019
Terp breuer misinfosecframeworks_cansecwest2019
 
Misinfosec frameworks Cansecwest 2019
Misinfosec frameworks Cansecwest 2019Misinfosec frameworks Cansecwest 2019
Misinfosec frameworks Cansecwest 2019
 
Sjterp ds_of_misinfo_feb_2019
Sjterp ds_of_misinfo_feb_2019Sjterp ds_of_misinfo_feb_2019
Sjterp ds_of_misinfo_feb_2019
 
Practical Influence Operations, presentation at Sofwerx Dec 2018
Practical Influence Operations, presentation at Sofwerx Dec 2018Practical Influence Operations, presentation at Sofwerx Dec 2018
Practical Influence Operations, presentation at Sofwerx Dec 2018
 
Session 10 handling bigger data
Session 10 handling bigger dataSession 10 handling bigger data
Session 10 handling bigger data
 
Session 09 learning relationships.pptx
Session 09 learning relationships.pptxSession 09 learning relationships.pptx
Session 09 learning relationships.pptx
 
Session 08 geospatial data
Session 08 geospatial dataSession 08 geospatial data
Session 08 geospatial data
 
Session 07 text data.pptx
Session 07 text data.pptxSession 07 text data.pptx
Session 07 text data.pptx
 
Session 06 machine learning.pptx
Session 06 machine learning.pptxSession 06 machine learning.pptx
Session 06 machine learning.pptx
 
Session 05 cleaning and exploring
Session 05 cleaning and exploringSession 05 cleaning and exploring
Session 05 cleaning and exploring
 
Session 04 communicating results
Session 04 communicating resultsSession 04 communicating results
Session 04 communicating results
 
Session 03 acquiring data
Session 03 acquiring dataSession 03 acquiring data
Session 03 acquiring data
 
Session 02 python basics
Session 02 python basicsSession 02 python basics
Session 02 python basics
 
Session 01 designing and scoping a data science project
Session 01 designing and scoping a data science projectSession 01 designing and scoping a data science project
Session 01 designing and scoping a data science project
 
Gp technologybuilds july2011
Gp technologybuilds july2011Gp technologybuilds july2011
Gp technologybuilds july2011
 
Gp technologybuilds july2011
Gp technologybuilds july2011Gp technologybuilds july2011
Gp technologybuilds july2011
 
Ardrone represent
Ardrone representArdrone represent
Ardrone represent
 
Global pulse app connection manager
Global pulse app connection managerGlobal pulse app connection manager
Global pulse app connection manager
 
Un Pulse Camp - Humanitarian Innovation
Un Pulse Camp - Humanitarian InnovationUn Pulse Camp - Humanitarian Innovation
Un Pulse Camp - Humanitarian Innovation
 

Último

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 

Último (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 

Tooling Up for Cognitive Security

  • 1. Misinfosec: Tooling up for Cognitive Security SARA “SJ” TERP Disclosure, November 5th 2019 !1
  • 2. MIS / DISINFORMATION deliberate promotion… of false, misleading or mis-attributed information focus on creation, propagation, consumption of misinformation online We are especially interested in misinformation designed to change beliefs in a large number of people !2
  • 5. WESTPHALIAN SOVEREIGNTY Each nation has sovereignty over its own territory and domestic affairs Principal of non-interference in another country’s domestic affairs Each state is equal under international law 5
  • 6. NATIONAL INSTRUMENTS OF INFLUENCE …and how to influence other nation-states. Diplomatic Informational Military Economic Resources available in pursuit of national objectives… 6
  • 7. BUSINESS INSTRUMENTS OF INFLUENCE Business Deals & Strategic Partnerships PR and Advertising Mergers and Acquisitions R&D and Capital Investments 7 Resources available in pursuit of corporate objectives…
  • 8. INFORMATION THREATS Democracy • Require common political knowledge • Who the rulers are • Legitimacy of the rulers • How government works • Draw on contested political knowledge to solve problems • Vulnerable to attacks on common political knowledge Autocracy • Actively suppress common political knowledge • Benefit from contested political knowledge • Vulnerable to attacks on the monopoly of common political knowledge 8
  • 9. MOST CYBERSPACE OPERATIONS ARE BASED ON INFLUENCE Force an adversary to make a decision or take an action based on: • Information I hide • Information I give • Information I change • Information I deny/degrade • Information I destroy Enable my decisions based upon knowing yours “Operations to convey selected information and indicators to audiences to influence their emotions, motives, and objectives reasoning, and ultimately the behavior of governments, organizations, groups, and individuals” 9
  • 10. THE NEED The only defense against the world is a thorough knowledge of it. - John Locke 10
  • 11. COMBINING DIFFERENT VIEWS OF DISINFORMATION • Information security (Gordon, Grugq, Rogers) • Information operations / influence operations (Lin) • A form of conflict (Singer, Gerasimov) • [A social problem] • [News source pollution] !11
  • 12. MISINFOSEC COMMUNITIES ● Industry ● Academia ● Media ● Community ● Government ● Infosec !12
  • 13. COMPONENTWISE UNDERSTANDING AND RESPONSE • Lingua Franca across communities
 • Defend/countermove against reused techniques, identify gaps in attacks
 • Assess defence tools & techniques
 • Plan for large-scale adaptive threats (hello, Machine Learning!) !13
  • 14. DOING IT AT SCALE • Computational power • Speed of analysis • Lack of framework • Systems theory and emergence of characteristics • Cognitive friction • Cognitive dissonance https://www.visualcapitalist.com/wp-content/uploads/2018/05/ internet-minute-share2.jpg 14
  • 16. WHAT WE BUILT All warfare is based on deception. - Sun Tzu All cyberspace operations are based on influence. - Pablo Breuer 16
  • 17. STAGE-BASED MODELS ARE USEFUL RECON WEAPONIZE DELIVER EXPLOIT CONTROL EXECUTE MAINTAIN Persistence Privilege 
 Escalation Defense 
 Evasion Credential 
 Access Discovery Lateral
 Movement Execution Collection Exfiltration Command
 and Control !17
  • 18. WE EXTENDED THE ATT&CK FRAMEWORK !18
  • 19. POPULATING THE FRAMEWORK: HISTORICAL ANALYSIS • Campaigns • e.g. Internet Research Agency, 2016 US elections • Incidents • e.g. Columbia Chemicals • Failed attempts • e.g. Russia - France campaigns !19
  • 20. HISTORICAL CATALOG: DATASHEET • Summary: Early Russian (IRA) “fake news” stories. Completely fabricated; very short lifespan. 
 • Actor: probably IRA (source: recordedfuture) 
 • Timeframe: Sept 11 2014 (1 day) 
 • Presumed goals: test deployment 
 • Artefacts: text messages, images, video 
 • Related attacks: These were all well-produced fake news stories, promoted on Twitter to influencers through a single dominant hashtag -- #BPoilspilltsunami, #shockingmurderinatlanta, 
 • Method: 1. Create messages. e.g. “A powerful explosion heard from miles away happened at a chemical plant in Centerville, Louisiana #ColumbianChemicals” 2. Post messages from fake twitter accounts; include handles of local and global influencers (journalists, media, politicians, e.g. @senjeffmerkley) 3. Amplify, by repeating messages on twitter via fake twitter accounts 
 • Result: limited traction 
 • Counters: None seen. Fake stories were debunked very quickly. !20
  • 23. TACTIC STAGES (AND PHASES) Planning Strategic Planning Objective Planning Preparation Develop People Develop Networks Microtargeting Develop Content Channel Selection Execution Pump Priming Exposure Go Physical Persistence Evaluation Measure Effectiveness !23
  • 24. STIX AMITT Misinformation STIX Description Level Infosec STIX Report communication to other responders Communication Report Campaign Longer attacks (Russia’s interference in the 2016 US elections is a “campaign”) Strategy Campaign Incident Shorter-duration attacks, often part of a campaign Strategy Intrusion Set Course of Action Response Strategy Course of Action Identity Actor (individual, group, organisation etc): creator, responder, target, useful idiot etc. Strategy Identity Threat actor Incident creator Strategy Threat Actor Attack pattern Technique used in incident (see framework for examples) TTP Attack pattern Narrative Malicious narrative (story, meme) TTP Malware Tool bot software, APIs, marketing tools TTP Tool Observed Data artefacts like messages, user accounts, etc Artefact Observed Data Indicator posting rates, follow rates etc Artefact Indicator Vulnerability Cognitive biases, community structural weakness etc Vulnerability Vulnerability !24
  • 25. STIX GRAPHS (THANKS, STIG!) !25
  • 26. INTELLIGENCE SHARING AND COORDINATION !26
  • 27. NEXT: MITIGATIONS AND COUNTERS !27
  • 28. NEXT NEXTS • Continue to grow the coalition of the willing • Support the Cognitive Security ISAO • Continue to build an alert structure (ISAC, US-CERT, Interpol, Industry, etc.) • Continue to refine TTPs and framework • More mitigations and counters • STIX-based data science • AMITT updates at misinfosec.org !28