Pages

8 October 2018

Next time, information operations may not be so easy to detect

By: Mark Pomerleau 

One of the cybersecurity industry’s leading officials said he expects so-called influence operations, like the Russian meddling during the 2016 presidential election, to become significantly worse and more difficult to notice in the months and years to come.

“They’re going to be hard to police, they’re going to be hard to detect, they’re going to get harder to police and harder to detect in the near-term. That’s what we’ve seen lately in regards to information operations,” Kevin Mandia, CEO of cyber firm FireEye, said during a media roundtable discussion hosted by Stanford’s Hoover Institution in California Oct. 1.

Mandia said his gut tells him that government-funded efforts from many nations already exist in this sphere, but he acknowledged that the overall effect from these information operations is difficult to predict because it’s hard to guess how those targeted will respond to the events.

Sean Kanuck, a visiting fellow at the Hoover Institution and formerly the National Intelligence Officer for Cyber Issues, said he expects more information-based conflicts in the future than cyber conflicts.

“It’s going to be governments against societies and societies against societies, not militaries against militaries,” he said during the same event. “The game is going to be in information, it’s going to be indirect, it’s going to be against your society, and it’s going to be getting your society to harm itself. For example, casting votes based on wacko information I gave you that had no provenance and no measurability.”

Mandia added that FireEye’s foray into the information space stems from its interest in cybersecurity and cyber-enabled information operations. That’s a key distinction made by many academics who point out that the Russian operation in 2016 was cyber-enabled, meaning the information used was accessed and disseminated through cyber means.

Mandia said whoever was responsible for the intrusions and stealing information during the lead-up to the election that FireEye observed was first, either handing that information to somebody else to post online or posting it themselves. Next, there’s another audience promoting that stolen information and working with reporters and developing a social media campaign to promote stolen materials.

He pointed to an Iranian example: an up-and-comer in the cyber influence operations space that has been exposed recently for conducting global campaigns.

Mandia said his team noticed a tweet earlier this summer from an alleged U.S. college student that was anti-Saudi and pro-Iranian. The FireEye analyst believed this likely wasn’t a U.S. student and thus began investigating the Twitter profile. Mandia said when the FireEye team began digging, they uncovered what appears to be a state-sponsored campaign out of Iran, though he acknowledged FireEye didn’t dive too deep into this specific account.

This was likely the first time FireEye had seen such action from Iran, he said. Now, Mandia said it’s likely a majority of the tools and techniques this group used to set up those information operations will have already been fine tuned or changed.

“All we caught was the lowest bounds of what they were doing and I’m certain they’re doing more right now,” he said.

No comments:

Post a Comment