DemLabs blog

“The supreme art of war is to subdue the enemy without fighting.” - Sun Tzu.

Instead of the bullets and tanks used in conventional war, online warfare uses media and computer code. It's asymmetric. Small countries can force their will on larger ones for a fraction of the cost of traditional warfare.

"Cyberwarfare isn't about breaking into computers anymore — it's about spreading disinformation." - Salon. Understanding such attacks is the first step in defending against them. This primer covers key cyberwarfare concepts such as information operation kill chains, influence operations, center of gravity analysis and the role of deception in destabilizing democracies.

Background
Gregory Conti and Robert Fanneli from IronNet Cybersecurity presented "Defending A Nation In Cyberspace: A Collective Defense Approach" at BlackHat, a major security conference. (Disclaimer: The views expressed in their talk are those of the authors and do not reflect the official policy or position of IronNet, the US Government, or any of the authors' current or past employers). This blog abstracts their presentation along my comments and links to  examples of real world cyberattacks (in red).

There is a special briefing on Guarding Against Disinformation Attacks on Tuesday, Sept 24 in Washington, DC. RSVP link  below.

Workshop: Guarding against disinformation attacks and influence operations.

The playbook

Cyberwarfare extends conflict form the physical world into an electronic one. "Joint fire support is joint fires that assist air, land, maritime, space, cyberspace, and special operations forces to move, maneuver, and control territory, airspace, space, cyberspace, the electromagnetic spectrum, and key waters and to influence populations."  - Joint Chief of Staffs' document.

Greg & Robert's BlackHat presentation explains cyberwarfare and recommends defenses agains it. Many of the tactics covered are reminiscent of recent elections, including phishing campaigns, divisive content and establishing false personas.

Influence operations
"Use cyberspace to persuade, dissuade, deceive, and influence".
Example: Hacking into DNC systems, setting up fake news to depress voter turnout in key states and manipulating social media discussions.  

"The phishing email that hacked the account of John Podesta." - CBS News

"Russian agents set up fake 'local' news outlets in the U.S." - Daily Kos
"Inside Russia’s Social Media War on America" - Time

"Construct and deliver information designed to induce your adversary to willingly act in a manner that furthers your goals".
"How Russian Trolls Helped Elect Donald Trump" - Pacific Standard
"Trump’s plan to create a cybersecurity partnership with Putin..." - LA Times
"Trump administration eliminates top cyber post" - The Hill

Information Operations kill chain
"Information attacks against democracies, whether they’re attempts to polarize political processes or to increase mistrust in social institutions, also involve a series of steps. And enumerating those steps will clarify possibilities for defense." - Bruce Schneier, a pre-eminent security expert.

The 'kill chain' is a military concept related to the structure of an attack; consisting of target identification, force dispatch to target, decision and order to attack the target, and finally the destruction of the target. An information operations kill chain has the same intent and can be broken into a series of steps.
  1. Find the cracks in the fabric of society—the social, demographic, economic and ethnic divisions.
    "Did Russia fake black activism on Facebook to sow division in the US? The popular ‘Blacktivist’ account claimed to be a force for community organizing. Now it looks to have been part of Russia’s effort to influence politics." - Guardian
  2. Seed distortion by creating alternative narratives. In the 1980s, this was a single “big lie,” but today it is more about many contradictory alternative truths—a “firehose of falsehood”—that distorts the political debate.
  3. Wrap those narratives in kernels of truth. A core of fact helps the falsities spread.
  4. Build audiences, either by directly controlling a platform or by cultivating relationships with people who will be receptive to those narratives.
    "The NRA Received Donations From Russian Nationals" - Bloomberg
    "McConnell Received $3.5M In Campaign Donations From Russian Oligarch-Linked Firm" - The Intellectualist
  5. Conceal your hand; make it seem as if the stories came from somewhere else.
    "Is WikiLeaks a Russian Front?" - Atlantic
  6. Cultivate “useful idiots” who believe and amplify the narratives. Encourage them to take positions even more extreme than they would otherwise.
    "Mitch McConnell is a Russian asset" - Washington Post
    "Mitch McConnell blocks election security legislation" - CBS News
  7. Deny involvement, even if the truth is obvious.
    “I don’t know if we know it was Russia who broke into the DNC,” the Republican presidential candidate said when the first presidential debate turned to the topic of cybersecurity." - CNBC

Center of Gravity
"It is difficult to defend if you do not know where and how you will be attacked. Center of Gravity (CoG) analysis uncovers points of vulnerability to develop defenss plans. Adversaries use CoG-like analysis to create a targeting list and assigning forces to exploit these vulnerabilities."

  1. Center of Gravity – Identify the key asset or source of strength for the entity.
    Strong democracy and established values.
  2. Critical Capabilities – Determine the capabilities critical for that entity to function.
    Trusted electoral system with checks and balances.
  3. Critical Requirements – For each critical capability, identify the conditions and resources required for those capabilities.
    A trusted means for citizens to vote and the results to be audited and published.
  4. Critical Vulnerabilities – Analyze each critical requirement and determine which aspects are vulnerable.
    Manipulate the voter files. Hack the voting systems. Sow doubt about the results.Source: JP 5-0: Joint Planning, U.S. Dept of Defense, 2017, p. IV-23 and Gregory Conti & David Raymond, On Cyber: Towards an Operational Art for Cyber Operations, Kopidion Press, 2017, p. 186.

Deception 
"Information operations make it difficult to distinguish fact from fiction. Propagated by social media, online videos, text messaging, radio broadcasts, and analog techniques like posters and leaflets, information operations hamper national command and control, frustrate international assistance, and destabilize the population – imagine using a realistic, but fake, video to undermine a political opponent." Here are two recent examples of social media manipulation and deep fake videos.
"Doctored Nancy Pelosi video highlights threat of 'deepfake' tech" - CBS News.
"Pizzagate is a debunked conspiracy theory that went viral during the 2016 United States presidential election cycle. Members of the alt-right, and other opponents of Clinton's presidential campaign, spread the conspiracy theory on social media outlets such as 4chan, 8chan, and Twitter." - Wikipedia

Destabilize democracies
"Attackers will probe defenses, systems, infrastructure, trust relationships, and people to look for weaknesses that can be exploited. This phase will include gathering information from social media accounts and other freely available information." Here are three examples of cyber attacks against election and transport infrastructure:
"Russia Targeted Election Systems in All 50 States, Report Finds" - NY Times
"FBI investigating cyberattack on Atlanta that involves ransom note" - The Hill
"Before the Gunfire, Cyberattacks" - NY Times

Other tactics include "using fake online identities to build relationships with important individuals like senior leaders acquiring user passwords...
"The phishing email that hacked the account of John Podesta" - CBS News

... and inserting intelligence operatives into target organizations, among numerous other strategies. The attacker, slowly and unobtrusively chips away at the target country’s defenses".
"Maria Butina, explained: the accused Russian spy who tried to sway US politics through the NRA." - Vox

 

 

 

 

 

Take away
Adversaries who cannot challenge the US directly, are waging cyberwarfare and disinformation campaigns to undermine our democracy. Understand how the attacks work and be on guard.

Deepak
Co-Founder, DemLabs

Please share this bulletin. Democracy Labs is a SF-based, hub for ongoing technology and creative innovation for progressives. Donate here to support our work.

Subscribe to DemLabs Bulletin

A Project of The Advocacy Fund

DemLabs is a Unique Collaboration of Leading Technologists,
Creatives and Political Professionals

We deliver technology and storytelling innovation
to progressive campaigns and groups

The Democracy Labs — New Ways To Win