Posts

Disinformation Campaigns Are Coming for Your Bottom Line 

disinformation campaigns

The rise of disinformation campaigns could put the reputation of your company at risk

Imagine waking up to find the internet flooded with fake news that one of your products was killing hordes of people or your company had been implicated in a human trafficking ring. Imagine if there was a deepfake video of you or one of your company executives engaging in criminal activity: purchasing illegal drugs, bribing an official or defrauding the company and its shareholders. 

Welcome to the age of disinformation campaigns.

These types of campaigns are increasingly being used to target businesses and executives. For centuries, they’ve been used as a political tool for one simple reason: They work. There’s ample evidence that Russia manipulated the 2016 presidential election through fake news. In July, a European Commission analysis found that Russia targeted the European parliamentary elections, and just last week, Facebook and Twitter had to take action against China after it orchestrated numerous coordinated social media campaigns to undermine political protests in Hong Kong. 

From Italy to Brazil, Nigeria to Myanmar, governments or individuals are sowing division, discrediting an opponent or swaying an election with false information — often with deadly consequences.

Here at home, there have been numerous disinformation campaigns aimed at politicians and other individuals. Earlier this summer, a video of House Speaker Nancy Pelosi, doctored to make it appear that she was drunk, went viral. Last July, the Conservative Review network (CRTV) posted an interview to Facebook with Congresswoman Alexandria Ocasio-Cortez (who was then a candidate) where she was generally confused and appeared to think Venezuela was in the Middle East. It turned out the “interview” was a mashup of an interview Ocasio-Cortez gave on the show Firing Line spliced with staged questions from CRTV host Allie Stuckey. The post was viewed over a million times within 24 hours and garnered derisive comments from viewers who thought it was real — before Stuckey announced that it was meant as satire. 

Republican politicians have also been targeted (though to a lesser degree). Last year, North Dakota Democrats ran a Facebook ad under a page titled “Hunter Alerts.” The ad warned North Dakotans that they could lose their out-of-state hunting licenses if they voted in the midterm elections, a claim that was unsubstantiated and refuted by the state’s GOP.

Regardless of the targets, disinformation campaigns are designed to leave you wondering what information to trust and who to believe. They succeed when they sow any sense of doubt in your thinking.

The same technology that makes the spread of false information in the political arena so dangerous and effective is now being aimed at the business sector. 

Earlier this year, the Russian network RT America — which was identified as a “principal meddler” in the 2016 presidential election by U.S. intelligence agencies — aired a segment spooking viewers by claiming 5G technology can cause problems like brain cancer and autism. 

There’s no scientific evidence to back up the claims, and many seem to think the success of America’s 5G network is seen as a threat to Russia, which will use every weapon in its arsenal to create doubt and confusion in countries it deems competitors or enemies. 

Whether for political gain (to help elect a U.S. President sympathetic to Russia) or to sabotage technological progress that threatens Russia’s place in the world economic hierarchy (as with 5G), Russia has developed and deployed a sophisticated disinformation machine that can be pointed like a tactical missile at our underlying democratic and capitalistic institutions. 

Economic warfare on a macro level is nothing new, and fake news and “pump and dump” tactics have long been used in stock manipulation. But more and more, individual companies are being targeted simply because the perpetrator has an axe to grind. 

Starbucks was a target in 2017, when a group on the anonymous online bulletin board 4Chan created a fake campaign offering discounted items to undocumented immigrants. Creators of the so-called “Dreamer Day” promotion produced fake ads and the hashtag #borderfreecoffee to lure unsuspecting undocumented Americans to Starbucks. The company took to Twitter to set the record straight after it was targeted in angry tweets.

Tesla, Coca-Cola, Xbox and Costco are among numerous companies or industries that have also been targeted by orchestrated rumors.

The threat to American companies is so severe that earlier this month, Moody’s Investment Services released a report with a dire warning: Disinformation campaigns can harm a company’s reputation and creditworthiness. 

How would you respond to a fake but completely believable viral video of you as a CEO, employee (or even as a parent) admitting to stealing from your clients, promoting white-supremacy or molesting children? The consequences to your reputation, personally and professionally, would be devastating — and often irreparable regardless of the truth behind the claims. As I explored in Deepfakes: When Seeing May Not Be Believing, advances in artificial intelligence and the declining cost of deepfake videos make highly credible imposter videos an immediate and powerful reality. 

Preparing your organization for disinformation attacks is of paramount importance, as your speed of response can make a significant financial and reputational difference. Just as you should develop a Breach Response Plan before cybercriminals penetrate your systems, you would also be wise to create a Disinformation Response Plan that:

  • Outlines your public relations strategy
  • Defines potential client and stakeholder communications 
  • Prepares your social media response
  • Predetermines the legal implications and appropriate response.

Disinformation campaigns are here to stay, and advances in technology will ensure they become more prevalent and believable. That’s why it’s vital that you put a plan in place before you or your company are victimized — because at this point in the game, the only way to fight disinformation is with the immediate release of accurate and credible information. 


About Cybersecurity Keynote Speaker John Sileo

John Sileo is an award-winning author and keynote speaker on cybersecurity, identity theft and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

Trump Russia Investigation Update: Did Campaign HELP Russians Plot Disinformation Strategy?

Honestly, we don’t know yet. There was a time when our voting preferences, our political leanings, our policy choices were our own business. Now they are someone else’s business, quite literally. There are so many stories coming out about Donald Trump’s connections to and collusion with the Russians that it is getting hard to keep these accusations straight. Here’s the latest:

Trump Russia Investigation Update

The key word is help. As in, actively provide information that the Russians may not have been able to discover on their own. “Help” is not a synonym for encourage, appreciate or enjoy.

Without getting too political (because after all, this is a cyber security blog), here are the basics of the Trump-Russia Investigation from a cyber security perspective:

  1. The Trump campaign had possession of a huge amount of information about American voters from Cambridge Analytica, the data mining firm hired to help collect and use social media information to identify and persuade voters to vote (or not vote), through an activity known as political micro-targeting.
  2. Jared Kushner, the president’s son-in-law and now a senior adviser in the White House, was head of digital strategy during the campaign, meaning he was overseeing this effort to micro-target voters.
  3. The Russians unleashed bots, or robotic commands, that swept across the Internet and picked up fake news stories or harshly critical news stories about Hillary Clinton and disseminated them across the United States. By Election Day, these bots had delivered critical and phony news about the Democratic presidential nominee to the Twitter and Facebook accounts of millions of voters.
  4. Some investigators suspect the Russians micro-targeted voters in swing states, even in key precincts where Trump’s digital team and Republican operatives were spotting unexpected weakness in voter support for Hillary Clinton.

So the question is this: Did the Trump campaign, using what we assume to be lawfully-obtained micro-targeted voter intelligence, give access to the Russians so that they could point harmful disinformation campaigns at those vulnerable  jurisdictions?

Many top security analysts doubt Russian operatives could have independently “known where to specifically target … to which high-impact states and districts in those states.” As Virginia Sen. Mark Warner said recently, “I get the fact that the Russian intel services could figure out how to manipulate and use the bots. Whether they could know how to target states and levels of voters that the Democrats weren’t even aware (of) really raises some questions … How did they know to go to that level of detail in those kinds of jurisdictions?”

And that is Senator Mark Warner’s mistake – that the micro-targeting had to be so specific that it only hit potential Trump voters in certain jurisdictions. It did not. The campaigns could have been aimed at every person in that state, let alone the jurisdiction, only touching the opinions of those who were ready to hear the message. A phishing campaign isn’t sent only to those people in an organization most vulnerable to that type of social engineering – it is sent to everyone, and the most vulnerable are the only ones that respond. Similarly, it was good enough for Russia to cast their anti-Hillary message in the general vicinity of the target; there was no need for a bullseye to render the disinformation campaign to be effective. Those who received the message but were slightly outside of the voter profile or geographical jurisdiction simply recognized it for what it was, false news. The rest were unethically influenced.

But we don’t know yet if there is a connection between the micro-targeting big data purchased by the campaign and the Russian botnet disinformation attack.  We do know, however, that Russia attempted to influence the outcome of the election – and that is what we as cyber security experts, must focus on. 

Either way – collusion or not – the implications against our privacy (let alone the political ramifications of foreign entities influencing our election process) are huge. Remember, the Trump campaign had obtained this huge volume of information on every voter, maybe as much as 500 points of data from what kind of food do they eat to what are their attitudes about health care reform or climate change. And yes, I’m sure the Democrats had much of the same information and probably didn’t “play fair” either. The point is that we have gotten so far beyond just accepting that our personal information is readily available and easily manipulated that no one is even bringing up that part of the story.

We, America, have been lulled into allowing everyone else – corporations, our government, even foreign nations – to have more access to our data footprint than even we do. 

John Sileo is an an award-winning author and keynote speaker on cyber security. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.