GT - Applying Information Security Paradigms to Misinformation Campaigns: A Multidisciplinary Approa

true okay we'll try now okay so quick agenda we'll do a little bit of an introduction we'll talk about information warfare nation-states misinformation and mass influence is something that like a lot of attacks started out in the nation-state military realm and has now been democratized it can be done by anyone I just actually have to talk into the mic can you hear me now good so we're going to talk a little bit about information warfare nation-states how this got started and how I became kind of more commonplace and why we're seeing it now how the influence actually happens what are the mechanisms that allow for this we'll talk about some of the mitigations and challenges to existing mitigations we

have attempted mitigations not very well and then we're going to talk about designing shared responses in a different way to look at this problem we'll introduce you to a mitt our misinformation security framework and then we'll talk about how we built that and the way ahead so information warfare nation-states information warfare has been around since the dawn of time ramses ii used information warfare against the Hittites where he would paint these minerals about what was going to happen during the war the problem was that there was no transmission distance if you had to go to where the message was and see it but back as far as Sun Tzu and Clausewitz um sue said all warfare is based on

deception Clausewitz said warfare is an act of forced to compel an enemy to do our will it's not to destroy things and hurt people it's to change their minds it's still influenced that's what really warfare is about so you know why are we sitting here talking about in an information security conference you know where's the where's the cyber well if you look at information warfare and it's a shame that they changed the department Vence had this joint publication would explain how the DoD did information warfare and they had it very nicely broke out these five pillars so they had psyops computer network operations or cyber if you will military deception and electronic warfare operational security and really

when you talk to the part to expression that the Mughals and they say cyber usually what they mean is some combination of two or more of these pillars so they mean psychological operations combined with computer network operations or electronic warfare combined with computer network operations or some combination therein so when you look at when you look at cyber warfare right or information warfare or cyberspace operations offensive they're all based on influence right at the end of the day you want the adversary or the target to make decisions based upon information that you're showing them you're hiding from them that you're changing for them you want to deny or degrade their information streams so they make

decisions that are advantageous to you or you want to give yourself a leg up so that you enhance your decision-making process by giving yourself more information than you allowed the adversary to have either way if you're doing it on the internet that's some form of influence very rarely is the end result that you're going for the effect on that box it's usually on the air-breathing unit at the other end of that box so let's talk a little bit about nation-states I'm not a political scientist I'm a computer scientist are there any lawyers or political scientist in the room oh good don't hate me this is like the fat crayon version you know Westphalian sovereignty is

explained by computer scientists so most international law is still based upon the Westphalia model of the nation-state and there are three basic precepts of it the first one is that each nation has sovereignty over its own territory and domestic affairs so I'm a country I'm a nation state my territory the things that happen inside the territory nobody should be messing with that those are mine the second principle is that non-interference don't mess with my internal affairs mess with your internal affairs and the third one is that each nation is equal under the law regardless of size now I want to skip ahead a little bit and I don't want to go down a hole of whether

or not the Russian influence attacks actually changed votes or change the result of the election but I think we can all agree that there was at least an attempt to influence those elections I would say that those elections are internal affairs therefore sovereign affairs and had this been done by dropping leaflets into Times Square as opposed to memes on Facebook we would be having an entirely different discussion we would absolutely not put up with that so part of our question is why do we put up with it on the internet so nation-states do try to influence each other and if your work in government you work in the military they break it out they call it the dyeing

model so these are kind of the big heavy levers that nation-states can pull to influence other nations so there's diplomatic informational military and economic there you go well that's great I'm not government I work for a corporation why do I care well it turns out that you've got very similar levers if you're a corporation so the diplomatic you got business deals and strategic partnerships your informational instrument is your PR and your advertising most corporations don't have militaries however not all mergers and acquisitions are friendly right it's like that's been offered to be bought out by a large corporation like Facebook or Google and turned it down and then found out that they have a competing

product that it's almost just like yours would think that that is not necessarily a friendly thing and the last one is the economics so your research and development your capital investments are certainly a way that you can affect your business sector and your competitors so these things do correctly apply so let's talk go back to the nation-state thing for a minute most of us anybody here not live in a democracy or something relatively close to a democracy okay good I'm glad we still kind of agree that in theory we're supposed to be there so Bruce Schneier actually wrote this great paper about a year ago and he talked about well you know if you're gonna

really attack a democracy or an autocracy what do you do and it turns out that a democracy requires that we have a common political knowledge it requires that all of the members of that democracy agree on who the rulers are that the rulers are there legitimately they were legitimately elected and they understand how the government is supposed to work right and those things are transparent the things that we disagree on are things like well you know how much government influence do we want in my retirement or my medical care or you know the types of weapons that I buy and those kind of disagreements that contested political knowledge is how these democracies solve problems and we

can do it that way because we all understand how the government works and how leaders were elected until you get to influence that deals with the elections now people start to question the legitimacy of our elected officials so these are foundational attacks on the things that make our democracies work so what's different what what why now if I've just said that influence has been around since the dawn of man what's changed well let's go back to spoke more from Ramsey's where I mention he did the mural with a hieroglyphs let's go forward - paper appears you used to be able to if you were the church for the state you would have these learning people that were literate

which was very uncommon at the time and you could get parchment or Scrolls which were hard to come by and English is hard to come by and they can mass produce massive quotes messages for you by ain't copying these manuscripts and then giving them to messengers and having this message heard right out by horse or sale and transmit that message and so transmission was limited who could crude transmit the message with lemon and who could receive it was limited because you can only make so many copies you could only travel so far and when he got there again literacy wasn't very common so you fast forward the 14 40s and you get the Gutenberg press and

we'll type and this allows for further match reproduction it takes a while to set up the press but once you set it up you can mass-produce things quickly that they still have to carry these presses are still expensive literacy is becoming a little bit more common so where people can receive the message but the number of people that the mass transmitted is still very small you throw it again to the Telegraph and The Telegraph is requires an infrastructure so now what's needed is that you need to be within range of a telegraph station you need to convince that Telegraph station and transmit for you which is part of specialized knowledge of Morse code and then this is key your recipient has to

know to go get the message right Pony Express didn't didn't exist right route didn't help you they didn't come by with your telegram and just entity at your door you had to go to the telegraph station but now you can transmit and near the speed of light over long distances you go to radio and the Marconi radio and now the Marconi radio allows you to transmit and very long ranges and it requires no specialized knowledge to receive the message you just need a radio and to to move into the frequency and you can get it in your home now something interesting happen about this Tony let me go back a second to the Gutenberg press one of the things

that you know the church and the state probably didn't account for is the fact that once the presses out there right yeah it's expensive but I'm guessing the Catholic Church didn't foresee Martin Luther printing his ninety-five pieces on a booth bird press and never involved 12 the churches right when Marconi invented the radio and people listened to the news on the radio they probably didn't foresee that a lot of people wouldn't a stake the war of the worlds' for actual news and panic so we fail to account for the fact that these mass transmission mediums can be misused abused or misinterpreted so we move forward from the radio you now go to television and for the first time you

can now transmit not only spoken or written word but you can actually transmit pictures and sounds and really up until the mid 90s this was the permanent way to reach the public now if you want to reach the American public if you are an American living in the United States in the 1980s you can't just walk down onto your television station and go well you know I'd like to do a news broadcast it doesn't work that way you better be something like the present United States that says look you're going to put me on at 7 o'clock so I'm doing a presidential address or I'm gonna pull your FCC license to transit and so again why

DeMaio says you can retrigger people's phones with cars no specialized knowledge they don't even know a priori that the message is coming but you still have to be somebody of import to transmit so what's different now what's different now is that social media has democratized talking to the masses you have to be no one of import to get a message from a populist so we live in a world where Katy Perry god bless her has roughly twice the number of followers as a part of the United States and fifty times the number of followers with the Prime Minister of Britain and join her after day mister than anybody before she reaches her a hundred and seven and

almost 180 million followers right now and so that's what it's different we don't have authority of sources anymore and anybody can transmit to a mass populous and they can do it distantly so what's really going on here is powers that used to belong to the nation-state now belong to the individual so the good news is the Internet is conceived to give everybody a voice worked the bad news is the Internet has conceived gave everybody a voice so now that we understand that we can all transmit how comes that actually work how those these mechanisms of influence happen well it turns out that if you're going to be on social media and transmit mass influence you need certain resources you need

certain types of accounts and this is not an inclusive these are some basic types so the first ones that you've got is a box about two relatively stupid account so you don't create content what they do is they amplify content they like they retweet and they otherwise send out your content parody accounts are exactly that their curries are real people real organizations they are not intended to be miss misrepresenting the actual entity they're not intended to deceive you into thinking that they're at the actual entity but it happens the next one up is a spoof these are intended to somewhat fool people that they're legitimate account I think it's funny that you know the president's

Twitter account is the real abdominal talk and it's the real Donald Trump because if you put a Donald Trump on Twitter go have fun going through the encounter so really entertaining ones there right so those are intended to actually have you believe that they're the real person camouflage accounts are used to infiltrate certain groups so if there's a group whose narrative you want to change pick any group you know the Scouts of America then you create an account and you can apply as a member or interested party so you can get invited to the chat groups inside of the news groups inside of the information exchanges so that you can take in the narrative and hopefully

steer the narrative and so on Deep Cover counts should never ever be discarded if they're done correctly those are very very time-intensive they're very expensive you can't just go out now and create a brand new persona on the internet because somebody's going to go around and do a Google search ago this person didn't exist at six months ago and they're telling me that they're a 35 year old that's been working in government forever right it just smells fishy so these take a long time to create they require substantial knowledge substantial resources but the most dangerous one is the takeover the takeover is when the legitimate account of a legitimate person or organization is taken over in 2013 The Associated

Press Twitter account was hijacked somebody tweeted out that there was a bombing at the White House and President Obama had been injured and the Dow Jones fell so precipitously that it tripped the circuit breakers they had been trained and that was October of 2013 so those are the really dangerous ones so now I've got these accounts what I do well we say that there's five tactics we call them the five DS distort dismiss distract divide and dismay so one three years I'll give you some very brief examples hopefully they're not not too abrasive or disturbing so distort is when you take a fact and you distort the actual fact no no the Russians aren't invading the Ukraine we're freeing and

protecting ethnic Russians dismiss you're presented with a fact you just dismiss it don't deal with the China famously uses this all the time they're routinely accused of stealing intellectual property by the United States an industrial theft and espionage and their standard response is not only did we not do that but we we are the poor victims of American aggression and hacking you were the greatest defenders out there distract is you don't deal with a narrative presented to you you create a new narrative so mh17 was poorly shot down by Russian missiles the Russian said they didn't get addressing what they send it why oh wow I wonder why commercial airliner was flying over a combat zone

Dubai you take the population you divide them into two polarizing groups and you haven't fighting with each other if they're fighting with each other they're not paying attention to what you're doing the last one is dismaying those are ad common hunted personalized attacks and those attacks are so personal that you can't even address it in trying to address it and saying that the attacks were ridiculous you lending credence so who remembers the pizza gate scandal right yes the her believe of the government have a secret sex dungeon in the basement of a piece of horror it's like I can't even address it right just by addressing it I'm lending credence to the attack and the person making the

attack so you know what are our mitigations you know the only the best against these kind of things is to really understand why they happen how they happen and start kind of working your way down the line and see what things you can affect there to kind of break that kill chain or break that process so the first way you've stored leave done this is by using checkers so either manual or automatic fact checkers so everybody here I'm assuming is familiar with either pulling it back or Snopes right we've all probably used those those are manual the automated want to work in similar ways they take a 4-quart in fact they split it up into a trip it

into at regular excuse me and then they use one or two models either open world mode or a closed world model and here's the difference and an open world model you can introduce new facts and they're assumed true unless later you find out that they run a mess of another accepted fact in a closed world on you assume that all new purported facts are false until you can verify with previously proof facts neither of those models is ideal right so in InfoSec we would call these you know white listing or black listing and they're not ideal and they definitely don't deal with things like editorials and satire and God knows we never find any of those things in the news when we

turn on the TV or on Facebook or on Twitter or on any of the social media so this totally works so moving on to social media you can look at things like propagation based detection so hop based cascade and time based cascade so if you look at the the graphs there the top graph on the left there is fake news and the top right one is confirmed news any movement at hazard a guess as to why the fake views has multiple peaks and the real news has only one peak two shares bite by botnets right so we talked about those pots that periodically reamp Liffe iMessages and so that's what ends up happening right real news comes out it comes out in the

news cycle it's accepted as fact we see and everybody understands it and it goes out onto the next news cycle fake information is periodically we amplify because they want to keep in the public consciousness now because it's periodically to be amplified what ends up happening is every time it gets real if I'd it reaches broader and broader networks and so what that does is that actually affects the cascading so if you go to the bottom ones the green line there is really in the red line is false honest okay so what ends up happening is you're getting a reaching keeper other network with the fake views again because every time a new Babri amplifies you reach new parts

of social media new accounts that haven't seen it so it's fairly easy to tell these things the last bottle there is the epidemic diffusion mode and that's that little flowchart there that is a model that comes from tracking infectious diseases and so our C is your rate of contact with false information our F is the rain which the subject is infected and our C is the rate of which they're cured now this is a nice simple model but the problem is that we really don't understand what's the catalyst that takes somebody from okay this time that I'm contact with it false information I'm actually going to believe in become infected we don't understand why that transition happens

why the face happened so I think most people can understand the model but it's arguable how useful it is so when you take a look at these they're all kind of fall short we now have more devices on the internet than we have people on the planet the rate at which we create information is huge the internet minute infographic gets worse and worse every year and really you want to determine if something is false news ideally before everybody else sees it but you're never going to be able to analyze the data and verify it as quickly as it's great you're just done so the speed analysis is a problem the computational power that's required is a

problem you need a whole new internet plus some there's a lack of common framework or at least their laws we'll get to that shortly there's a lack of understanding of the emergence of characteristics now what do I mean by that we understand fairly well in certain circles that after your 15th or 16th tweet you're likely to believe something we don't understand it is how much more do you believe in after your 16th tweet your 3rd YouTube video and your fourth Instagram post you don't understand that there's also a bit of the cognitive friction and cognitive dissonance here's the difference misinformation works because you're already biased to believe it right if you will if you fall

for misinformation you are probably already leaning that way and so once you believe that convincing somebody that what they believed is not correct is part of that cognitive friction and on top of that there's that cognitive dissonance because they don't want to believe what you're now telling them is truth so it just doesn't sound true it doesn't hurt right those things are very hard to get over so so far we've been talking about social media and we talked about leaflets and it may from there with this copy of The Washington Post so this was fascinating this was an actual printed newspaper it was actually distributed in his station in Washington DC this past December you can find it at

the newsstands at the coffee shops it is not a real Washington Post he was a piece of psychological propaganda it's the first time since World War two that the US populace has been the target of physical psychological operations products he was put out by the orange group they did leave little clues in it that it was not the real Washington Post but it was convincing enough that the actual Washington Post felt compelled to release the story put out via their official social media that this was not them and they says going back and sued the group so if people are falling for this how's it going to work when we get to eat face you talk to the average

citizen and you show them a video and they're inclined to believe that video and you want to tell them here are all of the metadata reasons way I can tell that that video is fake what they're going to tell you is I know what I saw I know what I heard and you're a government shill or your show for whatever group and you're trying to fool me so this problem is really only going to get worse okay so data scientist and things so I would love to say we have this one ring to rule the whole beautiful dead sight solution the answer is actually no this is a cross platform across the world's huge community problem it's gonna take a

big joined up response to solve it I have a clicker cool so we're gonna need to build communities and we spoke last year about the problems this year we're going to talk about four things we've done first thing we've done is we've created co-opted adaptive communities we've got summer super sick people in the room David you're one of them anyone else okay they just they've been laying around in here today but we went out we've looked for people who were working on this boundary between misinformation and InfoSec people who were applying InfoSec principles of misinformation people who were looking at it in in that night and we threw them all into a channel together got talking to each other I was

one of the people who but the founding of the credibility coalition which is the standards body working on the standards for describing misinformation we've built a standards body within that for applying basic principles to misinformation the leads in that just to give an idea of the variety in there and information operations person a data scientist warfare specialist and a social scientist where Pablo and I both part of the people centered Internet who are working on misinformation at the government level IRC the help me here thank you yeah who the nice helps buddies who are responsible ease for cyber security incident instance but we're building communities on left to deal with misinformation that include all of the people from the right because

these are all the people you need doesn't go any sorry so and the reason we're doing this is because we need not just to admire the problem there are lots of people looking at misinformation information events and again one of the prongs is work so we start to talk about incidents and going look that's a nice incident and not actually responding to it so we need people to join up one of the existing bodies is the the ice axe information Intelligence Sharing coordination bodies and the ice status which are the ones that the president hat doesn't have to sign off on so we're talking about sorry sorry I wouldn't touch it again so we were talking about

misinformation ice House response bodies but actually it's better to talk about cognitive security because instead of focusing on the problem you want to focus on the thing you want you want to secure these groups of rights you want to secure the endpoints which is people communities the things that are being attacked so and and you also want to feedback to things like the financial things like agriculture all of the other communities that get affected by misinformation because it's not just misinformation for its own its own sake it hits everywhere and the reason you want to do this again is not just at neither point we actually want to respond to it you want to start talking about okay

I've seen an incident I've seen the units of this incident I've seen the parts of things how can we start responding how can we start being Mazzilli into this this is starting staff a minute it's a start and sound like in Kosak we kind of thought so too so one thing we looked at was all the different views so we found people who were looking at it as information security so so people like Dan Gordon people at grukk people like Danny Rogers and we found people who were looking at it as an influence operations problem so people like Lydon people like a blur yeah I know your top end of it we thought we found people on

both sites so so Pete's saying going Grasim off in US and Russian we're seeing in this complexity most people talking about misinformation we're really seeing it as a social political problem you hear people talking about this as a political problem you hear people talking about originally we talked about as a media problem it was like people are talking about fake news as though it was just like a juice pollution but they're all talking about the same thing just from different angles and that leads to the second problem which was there was no common language so a we thrown all those people in the same place and got to talk to each other and the second thing is ok

let's start building a language so we've talked about incidence we talk about campaigns as the the longer scale the 1 year 2 year things like the 2016 election US election work is a campaign but within that you get things like pizza gate which is a small scale incident within that you see artifacts which are the the message is the users inside that and there's a lot of argument about what misinformation actually is versus what this information actually is and that's fine we have all those discussions but we gotta go do stuff and we don't have time to argue about definitions right now we've got to go respondent mix so we've just put up a working definition you got on with it

and the things we need we we need this lingua franca but we also need to start those defenses we need to countermove we need to counter move against if you see every use technique for example we've seen this hack grab a document adapt the document Liat used a few times nothing well in France which is wonderful we see people building tools defense tools we'd like to know if they actually work so unless they're started assessing those let's start worrying about the the next thing so far a lot of the stuff we've seen this be pretty done it's done but it works we haven't really seen much in the way we've seen learning adaptation this type of email circuit axe that's gonna

come I'm expecting 2020 to be quite exciting I'm very much on the narrative level at the moment people are still talking about messages artefacts misinformation at that level what's really happening out there is narrative warfare people are pointing in terms of the stories that people have as their groundings they're fighting on that level they're flanking with means are fighting the stories and unless we're working at that level it's we're losing make it'll lose and the things that we need behind this the those mortgages those common languages if we're going to join up if we're going to join communities if we're going to have these joined up responses we need to be able to talk to each other across all of

those communities and the first piece of infrastructure we need its frameworks is infrastructure so the first piece we built was a framework structure so me talent stalk about this so this is the pyramid so I've already mentioned campaigns and instance and narratives and artifacts let's let's talk about what these things are so this whole commit is what somebody designing misinformation campaign sees they are building this longer scale think they might be block link what's calls an advanced persistent manipulator so you've got an advanced persistent threat they have a target probably a target country a thing they want to do they might be a charm campaign like try they might have a goal of weakening another country they might have a

secondary goal they might have useful idiots on that second you go for instance if you are weakening a country through its vaccination scheme there's certainly plenty of useful idiots in there so you have this longer scale campaign you build these smaller scale instance within this campaign and then you use the narratives of that population and you adapt those narratives you target those now did you you've just seen with the shootings recently there were original narrative and then suddenly whose captain narratives being pushed in using the narratives of people and just adapting the top of those and then you'll see the artifacts underneath that you'll see individual messages you'll see but you'll see users you'll see those useful

idiots coming through that's as a designer you will see all of that as I respond it you're gonna start from the bottom so info ops is gonna come from the top data scientists come from the bottom so you're going to see first the messages so you might see the box you might be lucky enough to see unusual activity I mean the days of seeing really dumb BOTS posting all the time seeing these wonderfully fast rates like screaming hey I'm about to look look and it'd be much over now we're looking to a subtle things now we're looking for the subtle of normal ease but you're gonna have to really fight from that artifact level up to the narrative level up to

the okay something's happening and this is the same fight we have nml sec very similar two links needed so this this this is where we are so you have attackers from the bog down from top down defend us from the bottom up and the third set of people you don't see in here are the the endpoints the targets targets the the transmissions so keep this in mind as we go through the next part so it's a problem but in for a sec has things we can use for this we need it to build with miss bill responds fast and we looked around and we found frameworks and we found sticks so there's already a set of

messaging formats that connect up those top-level info ops incidents level entities to those bottom level data science entities so great we can use this and there are frameworks already use this so we found a bunch of stage based models so we settled on the cyber kill chain which already uses stick so cyber kill chain with the attack framework underneath it in fact we we looked at a whole bunch of frameworks we look

we really useful they show you how people get radicalized we looked at some of the existing models starting to come out for misinformation and we took apart a bunch of that is that very much attack framework was useful because we have this idea of stages but we also have this idea techniques for each stage you can pull out individual techniques so we were looking at for instance phishing if you say fishing you know what it is you don't have to put in a long-winded explanation for this thing I've seen that involves email that you just say phishing and that's real hat so shorthand for the thing is a shorthand for the response exceeds of the thing is

a shorthand for who probably does it and you can get on with actually responding to it we want to do that with misinformation so text so how do we how do we build this thing so we went up looked at existing campaigns existing incidents and we also looked at failed attempts France has been wonderful because France is incredibly resistant to this especially Russian attempts on France they just kind of don't get it there's a cultural problem there which great failures tell you stuff so we found about 60 something different instance of our first problem was that there was a master list of misinformation instance and there certainly wasn't they must a list of misinformation instance that was in the

standardized forms that we built one and we picked out 22 of these and we pulled out all of techniques we could find in these so go to catalog here's one of them it's one of them really early ones the first one that I saw was 2010 some of the early Russian tests were 2010 but this is 2014 just a really simple one day bunch of people woke up in an area had a bunch of chemical factories with a message on their phones thing that's been applied panic that was climbing chemicals so this is we built format for how to describe things we bought formats of techniques so this is worth techniques so now we can talk about pay

targeted ads what is it when was it used who uses it which instruments were used in so we know that it was user brexit and this is we have a github repo with the latest version of the amp framework in it so this is just one of the technique sheets from the repo so you link this together and the way we pulled this together whereas we just did this top-down let's look at well we think the usual suspects are doing in this bottom-up what we've seen in terms of artifacts and techniques build out the sting call dammit I you're not supposed to read this thing there's a rethink go straight and see everything in gory detail the

top two lines of the big important ones so the blue line is the stages this this is equivalent to the cycle continue next slide up I'll show you has them in print in small detail so these are 12 different stages that we think somebody creating a misinformation campaign will go through the four above that is made by moi for ourselves these are the four phases we think they belong to and underneath green-green length of the techniques that we found in those 22 campaigns plus a few that when we ran through example campaigns we realized we've missed so phases and tactics part of this is that most of the people looking at misinformation campaigns only look at

right at boom so left a boom right boom so right of boom is after an attack is visible widely visible so in this case after this is hit the general public that's when most people have seen the artifacts and where most of the analysis has happened that's not when you want to really stop these things you actually want to stop this at the planning stages to the left of boom so the left side you've got planning a campaign you've got some preparation work so developing people who use things like find your useful idiots it's things like set up your botnets it's things like set up your backstories for your truss and then Michael targeting is things like the ad

network stuff most of this stuff leave some form a trace so how do we look for those traces how do we stop at that level so we've got a bunch of work going on left a boom and other pieces are getting missed things like measuring the effectiveness so if you run one incident you'll get a bad boys so how do people do basic measures effectiveness how do they we well so this is phases tactics and this is where to go find it so Miss effect org is where we're hiding out and there's an issues list so if you see stuff you want to add in and we've put a CC license on it so you can just pull it

and use it and I think this is why I hand it back to you okay so now that we've told you that there's all for buying a broken you want to run high I mean we feel we should give you a little hope and go where we go forward from here so we created this framework people is a small Coalition of the Willing we'd like to get more of you involved take a look what we've built add on to it disagree with us help us to fix it we want to grow that coalition SJ and I are going to be leaving here at the end of this week and we're going to be going up to DC to help various

entities stand up a cognitive security information sharing and analysis organization as that gets announced be on the lookout for convinced your company's your businesses your corporations to join and to share threat indicators so that we can get a handle on this and contributing at Mississippi org we want to continue to build that and work infrastructure again it's easy for us to taken up a us-centric view not everybody hears from the u.s. certainly Europe Asia Africa the rest of the world needs this because we're not the only targets it would be great to have be great to have an international consortium that could do this we need to refine the TTP subframe our TTP's our techniques tactics and procedures we

looked at 22 scenarios certainly we don't know all of the campaign's that have happened all of you have access to campaigns I'm sure that we miss the stuff the really important work happens when you find out only the gaping holes but when you get in these deeply held irrational religious arguments over whether this work means you know this thing or this other thing of a simple person if it doesn't exist in the deep box of Crayola Crayons I don't recognize it as a color so we need some help there response meeting coming up soon we're going to be talking about response at the technique level or the tactical level or and the procedure level and then for those of you that are

already sharing threat indicators using the miters attack framework we are building schemas for tape sticks and taxis so that you can actually share those threat indicators amongst the various information share communities intelligence oh and just the backend because you know this is the data science track there are some really good data scientist out there on that artifact level you should track these guys because they know what they're doing and I guess this is yeah because there's always references this is us

[Applause] so this is pretty cool I think it's awesome that's right this is pretty cool I think it's awesome to be able to plug into the sticks taxi framework and be able to maybe pull the stuff into you know tools like anomaly one of the questions that I have is okay awesome that were we're doing this awesome that you know the things like the multi-state ice axe are gonna have eyes on this but what can government actually do you know because we have a First Amendment there's you know nobody trusts the government anyway if they say things are true or false so you know if you're sitting in a government position trying to deal with with these threats

what do you actually do with the information yes that's an excellent question the short version is what does government do to solve the problem and you know get speaking for myself now my employer the government doesn't solve this problem right industry in the community and the citizenry solve this problem what the government can do is foster those relationships and provide resources in ways for the communities to have those conversations and to be able to share that information and provide intelligence and analysis to those things so that the people that can address these problems do address these problems some of these things are relatively easy to to address I'll just give you a very simple one and it's not

this is not a panacea there are lots of problems with this solution but one of the problems right now with the Internet and this actually just happened a few weeks ago I'm sorry that's not true if this happened in this past December somebody had taken an ultra right-wing blog and taken pictures that were legitimately taken by The Associated Press of the protests in Paris and specifically they took a picture that was published of a huge bonfire and then they took a picture that was taken of a much smaller kind of trash campfire and the narrative that this fragment locked vault was this is the lovely news trying to make although these are both the same fire

and The Associated Press did it exactly right within a couple of hours on their official Twitter they went back and they posted I think it was about 19 tweets with the pictures going you're the original picture they are pictures huge original stories and went to pictures here's an analysis working to certain differences to show you that these pictures were taken in different types of different places right and the reason that the right-wing blog was able to do that is when you look at media on a website you don't know who who actually published it you don't know what they were till narrative wouldn't it be great if we could digitally sign our medium with a sir so that I can right click on

it go yes this picture was taken by The Associated Press and as part of that signature was the hash of the original URL so I can go back and read the original story ago okay does the narrative that I'm being told now that's what their original narrative if that's great if not this person cited right The Associated Press cited the other one did not or maybe they didn't cite it maybe it was associated across and Fox News to tell you the different area I'm not gonna tell you which one's true what I'm going to tell you is now as a consumer can make an informed decision about who you want to so we can enable those kind

of things did that answer the question any other questions and so uh the Chinese government has an example seems to be really good at dealing with what they would consider disinformation and especially utilizing their citizenry to help do you have any thoughts as to whether examining the Chinese modelling and methodology would be useful in American space right and it won't work because when you talk to the average Chinese citizen they legitimately believe that Chinese commas party everything that they do is to protect them from bad outside influence as Americans we historically have a healthy distrust of our government right and so if the government tried to implement that we included immediately shouting censorship so there is some social background and

there is some kind of cultural China part of the expression that goes along with that you have to understand the ins and outs of the society that you're trying to be their influence or protect solutions that work in China will work here solutions that work in Frank's what we're here and vice versa I really have to analyze now if the same solutions will put out by freedom of the press as opposed to the US government you might find that they have different perceptions yeah this is my side of it so I actually ran an elf a prototype health campaign a couple years back using Australians who had a hell of a sense of humor so there is a place for

citizen led health campaigns but you've got to work at keeping people safe so there's infrastructure at least put in that and we figured that this was the important piece of infrastructure to build first this place this type of place front and there are some of that rightful it back does some of these things it just needs to be bigger and broader and address more than just so it was mentioned that you know the real impact of this is in meatspace and in the the human mind do you have any recommendations on the hardening of that surface is there a way to hack my next-door neighbor into being more of a skeptic and to critical thinking or is

in a follow-up I would I would ask is is American society in particular susceptible to these sorts of things given certain large percentages of our population and things they believe you Americans are so

put out recently about pineapple on pizza so one of the five visas divided that's his fault he actually got blamed that 50 put on and the planet if we look at pineapple Pete so misinformation you'll find I think it's take pun put it out which was just as beautiful as I explained of how it works and just show your neighbors that that will help I think if people know it's happening to them it helps a little so I actually do have a suggestion let me first start off by saying we can't you Brits out once we'll do it again vulnerable indeed do things that are uncomfortable so anybody here not on social media okay good by

show of hands who intentionally follows people that absolutely infuriate them okay then that's less than half the room for those of you that aren't in the room you should absolutely follow people that infuriate you to see what the other side sees right so if you were an American in the 1980s and you went to the news you had three options you had a AC CES and NBC and so you and your neighbor can agree or disagree on how accurate the news was but at least you saw the same coverage if you watch the same story on Fox News and on CNN there they look entirely different there is a vastly different reality and so we're not even

living in a consistent reality where we can have civil discourse so you should definitely follow people that make you uncomfortable see what they're saying and it try to at least understand you'll have to agree with it understand the argument so that you could have that sort of discussion or you could do the extreme thing of spending six months driving around the country listening to people but that's probably two more questions I got five minutes left this gentleman over here is heads hand up for a while you mentioned Francis being particularly adept at combating these or or they're not susceptible to this do you know some of the reasons behind it and it can't just be they're more skeptical i it must

be more subtle I imagine actually their educational system is based on skepticism so they are more skeptical that does help also they were prepared for it they watched America and releases their system was set up so they have like a moratorium their election had also that I can release and they had everything set up they just we're ready for it they had been takes very interesting stuff I'm interested in the partnerships that you're having with the groups whether it's your Facebook or your AP and I can see some possibility that there could be some progress made there where the AP fake news comes out they can address that but how do you partner with or address the grassroots

groups your H and your subreddits that are created by or co-opted by nefarious groups so if you could do that in United States first of all we have to be an open system anybody that wanted to apply for a certificate should be able to get one so if you're a ultra right-wing you know four or five Nazi grooved and you want a certificate I'm not going to tell you you know I'm gonna give you one but here's the difference I said that before the internet you had a four tative sources you couldn't be just anyone and transmit to masturbate again now anyone can transmit to mass media so really the impetus is on the consumer to look at

the source and go am I gonna grant them authoritative space or not and I'm not going to tell you what that today's is that that is an individual choice if you want to believe something that you spent in or on 4chan or you know fascist group or on a white night but those things trickle down into the short they trickle down but again it's one of those things where you go okay where did you hear that well I read that from this block okay I'm not going to grant that blog authoritative you know source kind of status we'll go from there we men have small disagreement we do sometimes discrete goat I believe strongly that everyone has the right to

a voice but they don't have the right to a megaphone yeah so that's where I sit on that discussion yeah I think we're out of time thanks so much for coming [Applause]