Analysis | Cyber Foreign Influence and Interference Operations: Emerging Weapons in an Unstable World
Cybercrime and terrorism intelligence expert Jeremy Makowski delves into this growing threat
Jeremy Makowski
| 23/06/2024
Illustration: AAP Image/Joel Carret via Reuters Connect
The first quarter of this 21st century has seen the development of technologies we use daily like never before. From the dumb phones of the early 2000s, we've transitioned to smartphones, combining the best microcomputing in a single device. Billions of people have become connected to the Internet daily and almost constantly.
This new influx of consumers gave birth to Web 2.0, with its social networks and video streaming sites. But this shift wasn't just technological. The political and societal impact has been enormous and is likely still underestimated. This impact, particularly on our ability to communicate and access information, has profoundly changed how we experience significant events of our time and has clearly influenced political practices in the 21st century. For several years, a new dimension of cyber warfare has been created, as cyberspace has become a new battlefield, like land, air, sea, and space.
For decades, cyberwarfare has been viewed by the public and states as a means to disrupt or destroy critical enemy infrastructures. However, since the mid-2010s, we have seen massive recourse to destabilization or influence campaigns via social networks. The extreme volatility of our current geopolitical world now constitutes the ideal experimental laboratory for new means of destabilization via social networks or various communication applications.
Sometimes, ancestral methods are used: physical disruptors who, by engaging in provocation, create the conditions for a controversy on social networks, destabilizing the targeted country.
A Paradigm Shift in Access and Perception of Information
The expansion of cyberspace and the growing development of social networks and apps have fundamentally changed human behavior in the face of information. The proliferation of fake websites and social media accounts in recent years has made accessing and verifying the info disseminated more difficult.
In 2018, a study by three MIT researchers revealed that fake news spread more quickly on the social network X (formerly Twitter) than accurate information. Since then, other universities have conducted studies on the subject, such as one from the University of Southern California, USC, suggesting that the most important influencing factor in spreading fake news is probably the structure of social platforms, which generally rewards users for sharing information.
Social media and apps have fundamentally changed the way people get information. Disinformation campaigns also work, thanks to several psychological factors. In recent years, several studies have been conducted on the psychological impact of fake news on social networks.
Generally speaking, people exposed to information tend to focus more on understanding it than on whether it is true. If information is false but seems credible, many people will unconsciously view it as valid. Several factors can increase this phenomenon.
Internal/external factor: If false information comes from an internal source, such as a private WhatsApp or Facebook group, people will be more likely to believe it than from an external source. This phenomenon is based on the trust that people can have in a group by imagining that the information disseminated is, by default, accurate and/or verifiable.
Emotional factor: people are likelier to believe false information that arouses anger and indignation.
Group factor: whether political, social, ideological, or religious, people are often more likely to believe false negative information about their opponents than false negative information about them.
A Growing Threat to Democracies
For several state actors engaged in wars or geopolitical conflicts, foreign cyber influence and interference operations are effective ways to impact their enemies. From the Ukrainian to the Israeli-Palestinian conflict, from tensions between Israel and Iran to Chinese ambitions to ward off Taiwan, the world is experiencing a resurgence of political tensions today. These cyber operations constitute a growing threat to democracies. They can have several purposes, including:
Undermining public confidence: Some campaigns aim to spread disinformation and sow discord, affecting public confidence in democratic institutions and elections. People may doubt the legitimacy of the results or the fairness of the process itself.
Manipulating public opinion: By using social media algorithms and developing strategies with targeted messages, these campaigns can encourage voters to turn to particular candidates or specific policies that can distort the valid will of a people.
Disrupting Electoral Systems: Some offensive cyber operations target electoral infrastructures like voter registration systems or machines. This can disrupt the voting process, potentially disenfranchising voters and delaying results.
Exacerbating social divisions: These campaigns can exploit existing social tensions in a country and polarize populations. This can lead to increased social unrest and make it more difficult for democracies to function effectively.
Tactics and Modus Operandi
The modus operandi of a foreign cyber influence and interference campaign generally takes place in several stages, including the following:
Target and objective identification: Threat actors identify their target. It could be a specific population, a political party, or even a particular industry. They also define the goal of their campaign.
Reconnaissance and Social engineering: Threat actors then study and spot the target audience to understand their vulnerabilities and adopt the best attack strategy accordingly, exploring their online habits, interests, and relationships.
Infrastructure setup: To spread disinformation, threat actors create fake accounts on social media platforms, fake websites, or establish bot networks.
Execution
Network and Data Breaches: In some cases, threat actors hack computer systems to steal sensitive data, such as emails or internal documents, which they can then release to the public to damage a target's reputation.
DDoS attacks: Denial-of-service (DoS) attacks can overwhelm websites or online services, making them inaccessible to legitimate users. Such an attack is made to disrupt critical operations or hamper communication at a crucial time.
Disinformation and Propaganda: Some threat actors use disinformation and propaganda as an essential tactic. This involves creating fake news articles and websites, manipulating social media content, or using deepfakes to create fake videos.
Social media manipulation: Some threat actors use bots and fake accounts to manipulate trends and discussions on social media. They artificially inflate the popularity of specific topics or viewpoints, creating a false sense of consensus.
Until a few years ago, foreign cyber influence and interference campaigns were carried out manually or using tools developed by different military and civilian entities. However, since the democratization of generative AI with Chat GPT, numerous campaigns have been carried out using tools based on generative AI, thus allowing different threat actors to increase their strike force by massively disseminating false news or manipulating images or comments.
In 2023, the cybersecurity company Mandiant claimed to have seen an increase in the use of AI to carry out manipulative information campaigns online in recent years. According to Mendiant, this phenomenon appears to be global since these campaigns are carried out by groups aligned with the governments of countries such as Russia, China, Iran, North Korea, Ethiopia, Indonesia, Cuba, Argentina, Mexico, Ecuador, and El Salvador.
More recently, OpenAI said it had taken steps to combat influence operations identified as coming from China, Iran, Israel, and Russia, seeking to abuse its artificial intelligence tools to manipulate public discourse or political results online while hiding their true identity.
Some threat actors have also adopted a strategy combining physical and cybernetic actions. Russia, accused of being responsible for several cyber operations of influence and interference against European infrastructures, would also be accountable in recent months for several physical acts, particularly in France.
With an impact on the population, they also aim to create controversy on social networks by creating debate and division. With the development of new technologies and the growth of information, foreign campaigns of cyber influence and foreign interference will undoubtedly continue in the years to come to be part of the strategy of several States. Their impacts and consequences on populations and governments can be detrimental, pushing them to take some decisions or actions that are not really desired or considered.
Cybercrime and terrorism intelligence expert Jeremy Makowski delves into this growing threat
Illustration: AAP Image/Joel Carret via Reuters Connect
The first quarter of this 21st century has seen the development of technologies we use daily like never before. From the dumb phones of the early 2000s, we've transitioned to smartphones, combining the best microcomputing in a single device. Billions of people have become connected to the Internet daily and almost constantly.
This new influx of consumers gave birth to Web 2.0, with its social networks and video streaming sites. But this shift wasn't just technological. The political and societal impact has been enormous and is likely still underestimated. This impact, particularly on our ability to communicate and access information, has profoundly changed how we experience significant events of our time and has clearly influenced political practices in the 21st century. For several years, a new dimension of cyber warfare has been created, as cyberspace has become a new battlefield, like land, air, sea, and space.
For decades, cyberwarfare has been viewed by the public and states as a means to disrupt or destroy critical enemy infrastructures. However, since the mid-2010s, we have seen massive recourse to destabilization or influence campaigns via social networks. The extreme volatility of our current geopolitical world now constitutes the ideal experimental laboratory for new means of destabilization via social networks or various communication applications.
Sometimes, ancestral methods are used: physical disruptors who, by engaging in provocation, create the conditions for a controversy on social networks, destabilizing the targeted country.
A Paradigm Shift in Access and Perception of Information
The expansion of cyberspace and the growing development of social networks and apps have fundamentally changed human behavior in the face of information. The proliferation of fake websites and social media accounts in recent years has made accessing and verifying the info disseminated more difficult.
In 2018, a study by three MIT researchers revealed that fake news spread more quickly on the social network X (formerly Twitter) than accurate information. Since then, other universities have conducted studies on the subject, such as one from the University of Southern California, USC, suggesting that the most important influencing factor in spreading fake news is probably the structure of social platforms, which generally rewards users for sharing information.
Social media and apps have fundamentally changed the way people get information. Disinformation campaigns also work, thanks to several psychological factors. In recent years, several studies have been conducted on the psychological impact of fake news on social networks.
Generally speaking, people exposed to information tend to focus more on understanding it than on whether it is true. If information is false but seems credible, many people will unconsciously view it as valid. Several factors can increase this phenomenon.
Internal/external factor: If false information comes from an internal source, such as a private WhatsApp or Facebook group, people will be more likely to believe it than from an external source. This phenomenon is based on the trust that people can have in a group by imagining that the information disseminated is, by default, accurate and/or verifiable.
Emotional factor: people are likelier to believe false information that arouses anger and indignation.
Group factor: whether political, social, ideological, or religious, people are often more likely to believe false negative information about their opponents than false negative information about them.
A Growing Threat to Democracies
For several state actors engaged in wars or geopolitical conflicts, foreign cyber influence and interference operations are effective ways to impact their enemies. From the Ukrainian to the Israeli-Palestinian conflict, from tensions between Israel and Iran to Chinese ambitions to ward off Taiwan, the world is experiencing a resurgence of political tensions today. These cyber operations constitute a growing threat to democracies. They can have several purposes, including:
Undermining public confidence: Some campaigns aim to spread disinformation and sow discord, affecting public confidence in democratic institutions and elections. People may doubt the legitimacy of the results or the fairness of the process itself.
Manipulating public opinion: By using social media algorithms and developing strategies with targeted messages, these campaigns can encourage voters to turn to particular candidates or specific policies that can distort the valid will of a people.
Disrupting Electoral Systems: Some offensive cyber operations target electoral infrastructures like voter registration systems or machines. This can disrupt the voting process, potentially disenfranchising voters and delaying results.
Exacerbating social divisions: These campaigns can exploit existing social tensions in a country and polarize populations. This can lead to increased social unrest and make it more difficult for democracies to function effectively.
Tactics and Modus Operandi
The modus operandi of a foreign cyber influence and interference campaign generally takes place in several stages, including the following:
Target and objective identification: Threat actors identify their target. It could be a specific population, a political party, or even a particular industry. They also define the goal of their campaign.
Reconnaissance and Social engineering: Threat actors then study and spot the target audience to understand their vulnerabilities and adopt the best attack strategy accordingly, exploring their online habits, interests, and relationships.
Infrastructure setup: To spread disinformation, threat actors create fake accounts on social media platforms, fake websites, or establish bot networks.
Execution
Network and Data Breaches: In some cases, threat actors hack computer systems to steal sensitive data, such as emails or internal documents, which they can then release to the public to damage a target's reputation.
DDoS attacks: Denial-of-service (DoS) attacks can overwhelm websites or online services, making them inaccessible to legitimate users. Such an attack is made to disrupt critical operations or hamper communication at a crucial time.
Disinformation and Propaganda: Some threat actors use disinformation and propaganda as an essential tactic. This involves creating fake news articles and websites, manipulating social media content, or using deepfakes to create fake videos.
Social media manipulation: Some threat actors use bots and fake accounts to manipulate trends and discussions on social media. They artificially inflate the popularity of specific topics or viewpoints, creating a false sense of consensus.
Until a few years ago, foreign cyber influence and interference campaigns were carried out manually or using tools developed by different military and civilian entities. However, since the democratization of generative AI with Chat GPT, numerous campaigns have been carried out using tools based on generative AI, thus allowing different threat actors to increase their strike force by massively disseminating false news or manipulating images or comments.
In 2023, the cybersecurity company Mandiant claimed to have seen an increase in the use of AI to carry out manipulative information campaigns online in recent years. According to Mendiant, this phenomenon appears to be global since these campaigns are carried out by groups aligned with the governments of countries such as Russia, China, Iran, North Korea, Ethiopia, Indonesia, Cuba, Argentina, Mexico, Ecuador, and El Salvador.
More recently, OpenAI said it had taken steps to combat influence operations identified as coming from China, Iran, Israel, and Russia, seeking to abuse its artificial intelligence tools to manipulate public discourse or political results online while hiding their true identity.
Some threat actors have also adopted a strategy combining physical and cybernetic actions. Russia, accused of being responsible for several cyber operations of influence and interference against European infrastructures, would also be accountable in recent months for several physical acts, particularly in France.
With an impact on the population, they also aim to create controversy on social networks by creating debate and division. With the development of new technologies and the growth of information, foreign campaigns of cyber influence and foreign interference will undoubtedly continue in the years to come to be part of the strategy of several States. Their impacts and consequences on populations and governments can be detrimental, pushing them to take some decisions or actions that are not really desired or considered.
