In week 8 of “Lies & Disinformation” @Georgetown, we focused on how state-sponsored espionage operations, hacks and leaks can play a role in influence operations. How does the dissemination of leaked material and forgeries fit into the IO playbook? https://twitter.com/olgs7/status/1271500145868365832?s=20
To start, students read “Tainted Leaks: Disinformation and Phishing With a Russian Nexus” frm @citizenlab @jsrailton @CyberClues @cmatthewbrooks, Peter Tanchak, Ron Diebert https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/ for a case study into stolen and manipulated documents & how they can be used in IO
For a refresher on the 2016 Russian hack & leak operation, students read “The Perfect Weapon: How Russian Cyberpower Invaded the US” @SangerNYT @ScottShaneNYT @EricLiptonNYT https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html?_r=0. Perhaps next semester, I’ll assign documentary now @HBO https://www.hbo.com/documentaries/the-perfect-weapon
For a primary source document, students read the 2018 @TheJusticeDept indictment of 12 Russian nationals for "federal crimes that were intended to interfere with the 2016 U.S. presidential election.” You can’t complete a class on IO w/o reading this: https://www.justice.gov/file/1080281/download
In class, we broke down hack-and-leak ops into a kill chain, from phishing and data collection, optional post-hoc fabrication, audience building, dissemination, and amplification. We also talked about whether indictments are an effective deterrent /punishment for a hack-and-leak
We also spent a bit of time in class and in our readings focused not only on US 2016, but also on the 2017 MacronLeaks campaign. For an overview of that, students read this great analysis of that operation from @jeangene_vilmer @AtlanticCouncil https://www.atlanticcouncil.org/in-depth-research-reports/report/the-macron-leaks-operation-a-post-mortem/
In class, we discussed how much the media blackout, official media advisories in France, the lessons learned from US 2016, and what Macron campaign “cyber geek” Mahjoubi called “cyber-blurring” played a role in slowing down/ muting the MacronLeaks hack-and-leak operation in 2017
Another interesting study on this subject students read was “Hacking the discourse: Leaked emails, transparency, and disinformation" @bsorensen96 @Stanford which delves into importance of the response of journalists, politicians, voters to leaked material https://pacscenter.stanford.edu/publication/hacking-the-discourse-leaked-emails-transparency-and-disinformation-working-paper/
In that piece, @bsorensen96 wisely writes that “readers are not accustomed to scrutinizing the contents of a leak for themselves, and may instinctively assume due diligence on the part of whoever is presenting the information,” speaking to the importance of context creation
In class we discussed some interesting questions like whether platforms should treat hack and leaks differently from whistleblower leaks and how that might work in practice. And what kind of role government should play in providing cybersecurity assistance to political campaigns
Another fun thing that we did in class was an exercise led by one of the students @RiddellSam, now an IO Analyst @FireEye, looking at Op Secondary Infektion, trying to determine what made some of the forgeries and posts look suspicious & the techniques one might use to see that