When it comes to hacking societies, Russia remains the master at sowing discord and disinformation online

China can't hold a candle to GRU's shenanigans, says expert

Black Hat While China is the bête noire du jour of the US government, Russia is the master of spreading disinformation, fostering conflict, and derailing discourse online, the Black Hat security conference was told today.

At her Thursday keynote, Stanford Internet Observatory's research manager Renee DiResta explained how Russian military intelligence – the GRU – and the private Internet Research Agency (IRA) were putting the likes of China to shame. Security companies and government agencies have good reason to move their focus from Beijing to Moscow, she warned.

The basic methods of hacking public opinion are fairly simple, DiResta explained. Fake accounts generate content and spam it out on social media to amplify the message. If enough real people pick up and the posts go viral the mainstream media kicks in and amplifies the desired message still further.

In Russia's case, it spreads divisive material, stolen information, and fake news in an attempt to turn Americans against each other, sour civil society, sow doubt, and create distractions, leaving people unsure of what's really going on. This worked. In China's case, it tried to make people like China. This didn't work.

Middle Kingdom middling

DiResta says that, despite having gobs of cash and manpower at their disposal, efforts by China to sway public opinion in its favor weren't very effective. She pointed to the Communist Party's failed effort earlier this year to play up Middle Kingdom's handling of the coronavirus outbreak, a campaign that barely made a blip on social media channels.

"They really didn't do a very good job at getting people to pick up their content and amplify it," DiResta explained. "These are barely agents of influence, this is shockingly poor."

China v USA

China slams President Trump's TikTok banned-or-be-bought plan in the US


In terms of influence, DiResta likens Chinese Communist Party campaigns to those of Saudi Arabia in the wake of the Jamal Khashoggi killings; fairly basic, heavy-handed stuff that didn't do much to swing public opinion. The tightly controlled media in China simply does not have enough impact on people outside of the Great Firewall, she said.

By contrast, Russia's GRU and IRA are able to sway public opinion thanks to not only being better at spreading clickbait through its networks of sockpuppets, but also having a much simpler objective. While China was trying to polish up its national image on the world stage and push political points, Russia simply wants to divide people along existing social fissures, so they only have to reaffirm what their targets already believe.

"Russians are not trying to tell a story," explains DiResta, "They are simply dividing the population of the adversary."

In a way, this should come as no surprise: in the Soviet Union era, dezinformatsiya was a program implemented by Stalin in 1923 to confuse and befuddle his opponents.

Hacking support

Russian disinformation efforts are also aided by the Kremlin's hackers.

DiResta noted how everyone, from Russian "patriot" trolls to IRA operations and even state media, were fed information that Moscow's miscreants stole from governments and companies in other countries. The swiped info is a particularly effective bait for social media shares, news articles, and broadcast packages, allowing the Kremlin to shift conversations toward the topics it wants people talking about.

"If you can turn people into unwitting content amplifiers, or people who will go out in the streets, that is a very powerful tool," said DiResta. "That is the kind of thing that is happening behind the scenes."

For Americans, this means that we should be spending less time worrying about China's influence operations and more time thwarting Russian efforts to divide the US population and cause chaos, she explained. While Chinese intelligence operations are nothing to sniff at, we are probably doing more harm than good by devoting so much news coverage to Beijing's operations.

"China is a well-resourced state advisory, it has developed significant capabilities," said DiResta. "They are modernizing tactics they have used for decades, but we should not overstate the impact of the efforts. That kind of breathless pumping up in some ways helps the adversary."

Twitter is trying

DiResta had barely finished her keynote when Twitter announced it is identifying accounts of government officials and state-backed media on its platform in the name of transparency.

"Labels will only be applied to accounts from the countries represented in the five permanent members of the UN Security Council: China, France, Russian Federation, the United Kingdom, and the United States," Twitter said in a blog post.

"We believe this is an important step so that when people see an account discussing geopolitical issues from another country, they have context on its national affiliation and are better informed about who they represent."

Interestingly, Twitter said the application of a "state-affiliated media" badge comes whenever "outlets where the state exercises control over editorial content through financial resources, direct or indirect political pressures, and/or control over production and distribution." That means RT gets the label while Blighty's BBC, Canada's CBC, and – strangely enough – the US government's Voice of America doesn't. ®

Other stories you might like

  • US won’t prosecute ‘good faith’ security researchers under CFAA
    Well, that clears things up? Maybe not.

    The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.

    Good-faith, according to the policy [PDF], means using a computer "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability."

    Additionally, this activity must be "carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

    Continue reading
  • Intel plans immersion lab to chill its power-hungry chips
    AI chips are sucking down 600W+ and the solution could be to drown them.

    Intel this week unveiled a $700 million sustainability initiative to try innovative liquid and immersion cooling technologies to the datacenter.

    The project will see Intel construct a 200,000-square-foot "mega lab" approximately 20 miles west of Portland at its Hillsboro campus, where the chipmaker will qualify, test, and demo its expansive — and power hungry — datacenter portfolio using a variety of cooling tech.

    Alongside the lab, the x86 giant unveiled an open reference design for immersion cooling systems for its chips that is being developed by Intel Taiwan. The chip giant is hoping to bring other Taiwanese manufacturers into the fold and it'll then be rolled out globally.

    Continue reading
  • US recovers a record $15m from the 3ve ad-fraud crew
    Swiss banks cough up around half of the proceeds of crime

    The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.

    "This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement

    The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."

    Continue reading

Biting the hand that feeds IT © 1998–2022