Welcome to Saturday's Potluck - 6-26-2022
“Learn the rules like a pro, so you can break them like an artist.”
Looking forward to a future where the subject of an Open Thread is simply a celebration of a few common experiences making life a little simpler. The book Everything You Need to Know You Learned in Kindergarten crossed my path in the early 90's when air travel was part of the regular business week and airport layovers provided ample time for reading. It is one book I have revisited when I begin taking life too seriously.
Looking back at World War II the citizens of the US were subject to government control of information, plus rationing of certain food and fuels. In our current political enviornment the control is most likely to be done with a public/private partnership. Non-profit bureaucracies to coordinate social services has grown in the local area.
Interesting times for technology and social media companies as they try to increase ability to shape events, while at the same time growing awareness of their activities creates behavior changes in the target audience they are trying to monitor and manipulate.
New York Times is starting to put pressure on Meta (Facebook)with its recent article As Midterms Loom, Elections Are No Longer Top Priority for Meta C.E.O.
Microsoft is publicizing its efforts helping the War effort around the world. The company plans on improving its efforts and utilize lessons from pandemic information control efforts.
Defending Ukraine: Early Lessons from the Cyber War (29 pg pdf) Microsoft June 22, 2022
As much as anything, this captures the importance of stepping back and taking stock of the first several months of the war in Ukraine, which has been devastating for the country in terms of destruction and loss of life, including innocent civilians. While no one can predict how long this war will last, it’s already apparent that it reflects a trend witnessed in other major conflicts over the past two centuries. Countries wage wars using the latest technology, and the wars themselves accelerate technological change. It’s therefore important to continually assess the impact of the war on the development and use of technology. The Russian invasion relies in part on a cyber strategy that includes at least three distinct and sometimes coordinated efforts—destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operations targeting people around the world. This report provides an update and analysis on each of these areas and the coordination among them. It also offers ideas about how to better counter these threats in this war and beyond, with new opportunities for governments and the private sector to work better together. The cyber aspects of the current war extend far beyond Ukraine and reflect the unique nature of cyberspace.
This report offers five conclusions that come from the war’s first four months
As part of a new initiative at Microsoft, we are using AI, new analytics tools, broader data sets, and a growing staff of experts to track and forecast this cyber threat. Using these new capabilities, we estimate that Russian cyber influence operations successfully increased the spread of Russian propaganda after the war began by 216 percent in Ukraine and 82 percent in the United States.
These ongoing Russian operations build on recent sophisticated efforts to spread false COVID-19 narratives in multiple Western countries. These included state- sponsored cyber influence operations in 2021 that sought Defending Ukraine: Early Lessons from the Cyber War 3 to discourage vaccine adoption through English-language internet reports while simultaneously encouraging vaccine usage through Russian-language sites. During the last six months, similar Russian cyber influence operations sought to help inflame public opposition to COVID-19 policies in New Zealand and Canada.
We will continue to expand Microsoft’s work in this field in the weeks and months ahead. This includes both internal growth and through the agreement we announced last week to acquire Miburo Solutions, a leading cyber threat analysis and research company specializing in the detection of and response to foreign cyber influence operations. We’re concerned that many current Russian cyber influence operations currently go for months without proper detection, analysis, or public reporting. This increasingly impacts a wide range of important institutions in both the public and private sectors. And the longer the war lasts in Ukraine, the more important these operations likely will become for Ukraine itself. This is because a longer war will require sustaining public support from the inevitable challenge of greater fatigue. This should add urgency to the importance of strengthening Western defenses against these types of foreign cyber influence attacks.
. (In total, Microsoft has provided $239 million in financial and technology assistance to support Ukraine, including support for the government, businesses, nonprofits, and humanitarian assistance for refugees.)
Microsoft notifies customers when we observe a nation-state attack against them, regardless of whether the attack was successful. These efforts to promptly notify victims of these breaches likely led to the successful defense of their networks. But in most instances the victims were operating on local servers, not in the cloud. As a result, our visibility into the total number of attacks, the success rate, and in particular the extent of data exfiltration, likely understates the extent of Russian cyber espionage success.
And, unfortunately, especially when pursued with patience and persistence, these cyber influence operations are almost perfectly positioned to take advantage of the longstanding openness of democratic societies and the public polarization that is characteristic of current times. The Russian government currently is deploying an expanding cyber influence operation to support its war efforts in Ukraine. These appear to be focused on four distinct audiences. They target the domestic Russian population with the goal of sustaining support for the war by portraying Ukraine’s military as responsible for the conflict. They target the Ukrainian population with the goal of undermining confidence in the country’s willingness and ability to withstand Russian attacks. They target American and European audiences to diminish Western unity and deflect criticism of Russian military war crimes. And they target nonaligned countries to support Russian efforts at the United Nations and in other venues, combining longstanding narratives demonizing democracy and Western intentions and with emerging efforts to blame the west for potential food shortages.
A few examples help illustrate ongoing Russian tactics. Like the patient pre-positioning of malware within an organization’s computer network, Russian cyber influence operations pre-position false narratives in the public domain on the internet.
This approach was applied beginning in late 2021 to support the Russian false narrative around purported bioweapons and biolabs in Ukraine. This narrative was first uploaded on to YouTube on November 29, 2021, as part of a regular English-language show by a Moscow-based American expatriate who claimed that US-funded biolabs in Ukraine were connected to bioweapons. The story went largely unnoticed for months. On February 24, 2022, just as Russian tanks crossed the border, this narrative was sent into battle. A data analytics team at Microsoft has identified 10 Russian- controlled or influenced news sites that simultaneously published reports on February 24 pointing back to “last year’s report” and seeking to give it credence. Russian- sponsored teams then worked to amplify the narrative on social media and internet sites more broadly. In recent months, we have used data analytics and new data sets to better track the flow and impact of Russian cyber influence operations. Using these techniques, the Microsoft team identified more than 300 Russian-sponsored websites that published within two weeks stories promoting the biolabs narrative.
Microsoft’s AI for Good Lab has created a Russian Propaganda Index (RPI) to monitor the flow of of news from Russian state-controlled and -sponsored news outlets and amplifiers. This index measures the proportion of this propaganda flow to overall news traffic on the internet, and is enabled for geographical regions, online channels, and infrastructure providers such as registrars and webhosts. The Lab has also developed AI tools to detect new propaganda sites as they appear, using data from a wide variety of internet sources and other identifying characteristics to determine and forecast which new domains may be candidates for foreign cyber influence operations. This technology is used in conjunction with sources from third-party reviewers, such as NewsGuard, and the Global Disinformation Index (GDI) to help us define which sites are known purveyors of state-sponsored media.
Using internet data and these techniques, it’s also possible to identify the social media, search, and other sites that are being used to encourage and channel traffic to these stories. And it’s possible to identify, as shown below, the specific reports and narratives that attain the highest consumption levels in specific geographies and time periods
Perhaps more than anything, the lessons from Ukraine call for a coordinated and comprehensive multilateral and multistakeholder strategy to strengthen defenses against the full range of Russian cyber destructive, espionage, and influence operations. It’s perhaps too easy for those outside of Russia to view these three areas as falling into separate silos. But it’s helpful to recall the lessons that the British author and journalist Gillian Tett documented more broadly in her book “The Silo Effect.” Notably, when people put problems and issues in different categories, they more likely will fail to connect the dots between them.
The proposed solutions:
Recognize that Russian cyber threats are being advanced by a common set of actors inside and outside the Russian government and rely on similar digital tactics. Use digital technology and tactics to help counter them.
Recognize that unlike the traditional threats of the past, cyber defenses require a unique level of public and private collaboration.
Embrace the need for close and common multilateral collaboration among governments to protect open and democratic societies.
Uphold the importance of creativity and free expression in democratic societies, even as new steps are needed to address the full range of cyber threats.
The proposed four strategic pillars of an effective response.
Collectively hunt, track, and investigate foreign cyber influence operations—much like for other cyber threats. Pull together and analyze disparate efforts, currently often in separate data sets and in separate organizational silos.
Reinvigorate traditional journalism. Develop and deploy technology to help consumers identify foreign propaganda. Advance civics education. Educate the public about how to be a sophisticate.
Use the power of transparency to alert the public about new foreign cyber influence operations. Address the financial supply to known foreign cyber influence sites, including through digital advertising.
Strengthen and extend international norms to protect against foreign cyber influence operations.
The four principles.
These start with a first principle that commits us to respect freedom of expression and uphold our customers’ ability to create, publish, and search for information via our platforms, products, and services. Second, we will proactively work to prevent our platforms and products from being used to amplify foreign cyber influence sites and content. Third, we will not willfully profit from foreign cyber influence content or actors. And finally, we will prioritize surfacing content to counter foreign cyber influence operations by utilizing internal and trusted third-party data on our products.
What is on your mind today?