PG - Modern Political Warfare: A Look at Strategy and TTPs - Sina Kashefipour

let's start so I want to start off with so the future of tech driven political warfare there's three takeaways and the first one is the ability of the Russian government and associated organizations to pair an attack on information systems with an attack on information content in a largely reproducible cheap and with little specific tooling is the future so essentially what the Russians did during the 2000 presidential campaign is what I would consider the future there's also this idea that we're beginning to reflect in offensive and defensive information security in to explicitly social and political spaces so Twitter Facebook reddit things like that and then lastly while we've created defenses for information systems so I think AV IDs filters etc we haven't

really created a defense for social and political data so things you would post on Facebook reddit Twitter with that I'm seeing a chef before I'm a threat analyst over at Webroot I've always been interested in sort of how we mesh technology with political influence and vice-versa this presentation that are my views my views alone not web roots any questions comments concerns just tweet me that's where I'm most responsive okay so political warfare isn't new it is rooted in the u.s. is contemporary tradition of national security so coming out of World War two and into the Cold War there's this line of thinking that says that nuclear weapons have essentially removed the need for war and

you won't engage in war because really that's just mutual assured destruction and part of that there's this all this offshoot of like other thinkers like George Kennan who said well you remove war but you didn't get rid of conflict they're still people are going to still butt heads they're still gonna go at each other it's just in a different way and so he writes this 19 memo 1948 on organizing political warfare which I take from for this presentation so when we talk about political warfare we're really talking about countries extending their political influence and their authority and going after that of their adversary so political influence in this case can be thought of as policymakers

how they make policy how they relate to other policymakers how society relates to policymakers and then sort of the debates within society itself political warfare is really complex so you're talking about over in covert channels you're talking about political alliances you're talking about economic measures and then the use of propaganda so in this case white propaganda which is your true or positional people know the source and then black propaganda is something that we would consider as misinformation disinformation and the source of that information is almost always off you skated and it's always delivered maliciously and then political warfare is this whole of government approach so the government itself and its associated organizations are coming to bear on to a political problem and

then at the same time war isn't a feasibility it's not possible you want to avoid war rather you want to engage in a spectrum of conflict so avoiding war but engaging in complexity of conflict so Kenan writes this in 1948 and the problem is is that in the 1948 and in the 50s 60s etc you didn't have the internet you didn't have the social web you didn't have the use of mail code bots in our modern media environment and what that means is the tactics and tooling have changed but the strategy is not and so when we talk about strategy what we're talking about is you as an adversary are attacking what a defender trusts his social networks is financial

networks political institutions and the consumption of and filter of social and political and then you're creating a message or narrative that is favorable to you as the attacker and political warfare at its most specific is seeking to drive somebody towards the decision that is favorable to an attacker or it's at least specific and most chaotic is seeking to basically you find every division you pour gasoline on it and you light it on fire you're looking for chaos you're looking to weaken your adversary through absolute chaos and not a specific decision so today's case studies are how the United States got Iran to the Iran deal and how the Russians interfered in the 2016 US presidential campaign and they represent

proofs of concept because they show in my view the realm of possibility when you begin to integrate technology into political warfare but at the same time they represent opposite ends of the spectrum in terms of complexity executions and speed of success so let's talk about the Iran deal so the Iran go at its core is limiting Iran's nuclear program in exchange for sanctions relief so before the deal the Iranians are going out and expanding their program in such a way that they're either establishing breakout capacity so the capacity to create a bomb very quickly or to actually acquire a weapon and so the deal sort of reflects this it places limits on enrichment stockpile research and development and then its

facilities and then also part of the deal is intense surveillance to the International Atomic Energy Agency so every part of this program is categorized is surveilled and it's accounted for so they write the Iran deal is a big political deal the idea that you're going to get the Iranians to the table to stay at the table then ultimately consent to a deal is solely the product of Iranian decision-making and politics and so the challenge for the United States is that war isn't feasible this idea that that you could physically eliminate Iran's program was not feasible that it was the cost would pile up and the payoff would diminish so the challenge was how do you get Iran to an

agreement or understanding without actually engaging in physical war and how the United States does this is through Stuxnet through sanctions and then complex diplomacy so Stuxnet is this very complex piece of mal code that is inserted into Iran's nuclear supply chain so you're talking about from procurement and research down to deployment into the plants so Stuxnet is very aggressive it spreads via USB it spreads via Network and it just keeps replicating until certain conditions are met so when it meets this condition which is a programmable logic controller and dropped some payload that modifies this PLC PLC is modified and it begins to tell the centrifuges to spin up spin down you know spinning correctly and in some

cases spin up so fast that the centrifuge would actually explode while that's happening false data is being fed into the Iranian program so they assume based on the data they're seeing that everything is ok everything's working but in reality it's not so Stuxnet is this explicit attack on try so it's the first of its kind to go after a supply chain like this in an agressive malicious manner and so for the Iranians they have to consider who's the initial vector you know how does an adversary how are they able to map out the program so well and then is what the Iranians are seeing is it true is it real is it actual genuine data and then

you know what is the willingness of an adversary to update and retarget and so the narrative that Stuxnet creates for the Iranians is simple you can't hide this program and then every part of this program is going to be exploited it's going to be destroyed you know you have to get rid of this program it is what Stuxnet sort of communicates so the problem with selection that it has it's run it destroys Iran's centrifuges but doesn't necessarily alter Iran's political will to give up its program so it continues with this sort of this the partial part of the program that Stuxnet leaves so the United States which is footing and begins to use secondary sanctions so every financial

relationship that Iran has with a third party is targeted and they're basically given the choice of you can do business with Iran or you can ultimately lose business the United States so to use an example the energy sector wants to do business with Iran and under sanctions the u.s. says ok if you have a subsidiary in the United States they're under legal action if you route any banking through the United States that is also under legal action and so it's shaping investment in Iran away from Iran essentially and so it's largely goes beyond economic measures because it's rooted in a diplomatic relationship you can't get a secondary sanctions program to work without Russia on board

without China without the EU and ultimately without you know with the UK so the outcome is successive the United States is able to drive Iran towards the decision to accept the Iran deal and for the United States this achieves its main political goals of boxing in Iran's ability to get a nuke and at the same time create a good deal of clarity into Iran's program and so that's a success for the United States so let's sort of switch footing to the Russian involvement in the 2016 presidential campaign so it takes approximately ten years for the United States to get Iran to the jcpoa it has to use Stuxnet first and then it has to switch the sanctions and it has to

engage in diplomacy and it's this really decades-long campaign and it's very complex the Russian involvement in the 2016 presidential campaign on the other hand takes about two years and it's techniques are rather simple based in leaking trolling and then an exploitation of how we in the United States consume and process social and political data so the leaks so the leaks are targeted towards the Democratic Party's political infrastructure so Democratic National Committee the Democratic Congressional Campaign Committee and then John Podesta the then chairman of the Clinton campaign the leaks are put through these fronts so DC leaks is one of the one of their fronts and DC this is taken from their about page where they're posing as American

hacktivists they're telling you the truth about us decision-making and they're checking the validity of the information what we now know is that this is a Russian military intelligence front and it was used to that effect to funnel leaked documents the public a little note so this page before it's taken down in November excuse me March 2017 has about a million page views overall the usage of Twitter so they use Twitter a lot to insert themselves into US political discourse to disseminate documents and links and a lot of these accounts are started in June 2016 so so about six months into the year and about a little before the election so here's WikiLeaks so this is

the DNC email database so these are just 44,000 leaked emails from the DNC so a special note on how WikiLeaks made the documents public leek was timed with an event this particular league was timed with the Democratic National Convention so this is the convention that nominated Hillary Clinton to become the presidential camp presidential nominee so gusoff are 2.0 though this is from his wordpress still up you can still read the documents what's important about gusoff or 2.0 is that a lot of the documents that were leaked have no real use for a civilian so democratics internal workings in those states financial documents analytics documents and in the heated campaign by making these documents public you're

essentially chipping away at any political advantage that the DNC and the d-triple-c might create again through Twitter June 2016 was when this account was created okay so that brings us to the Podesta emails so the Podesta you know the the leaks themselves aren't terribly interesting it's how they were leaked so on the day that these were leaked at you know around 4:00 p.m. you have the Access Hollywood tape that's dropped so the Access Hollywood tape if you remember is where then Canada Trump says grab her by the so he's on tape saying grab her by the that is dropped around 4:00 p.m. 20 minutes later the Podesta emails are made public and what what happened was

now you have two major stories and you're essentially diluting the coverage of the damaging Access Hollywood tape you're making it more difficult for it to become the prime story and instead you you have media that is dividing itself between the Podesta emails and the Access Hollywood tape okay so beyond that the leaks out comes what happens is that you take the division in the Democratic Party between the Clinton camp and the Bernie camp and you set it in stone so now neither party neither part of the Democratic Party is willing to we can say it self and you weekend not only Hillary Clinton's position with the Democratic Party but you're weakening the Democratic Party overall

and you also have analytics documents and you have financial documents that are made public which then chip away at the Democratic Party's advantage you also have the emergence of conspiracy theories like pizza gay and like Seth Ridge and so what's important about these conspiracy theory is not only are they debunked but they also create this sort of scar tissue upon political discourse and we are still sort of contending with this and more conspiracy theories as these go along have been evolving out of these these previous theories okay so the usage of trolls so a troll here is you're creating spectacle and in this case creating political spectacle over hot topics social issues so the US government

largely believes this is the work of the IRA of the internet research agency that went out coordinated campaign of posting and running advertisements and they targeted explicitly so like explicitly hot button social issues so in this case this is very typical of their approach they targeted blue lives matter and black lives matter activists but again this could just as easily be LGBTQ issues you know Muslim immigration immigration from Central America this could be anything they went out took both sides for the explicit intent of aggravation and sort of creating controversy and division so this is one of the more famous personas Tennessee GOP so they're posing as the GOP Party of Tennessee and the best way

to describe this is that it's political shitposting so they would go out adopt the character of a somebody on the right but sort of on the extreme right and go out and tweet and promote division promote arguing and just generally cause division on Twitter okay so what we now know two years later is that the Russian campaign taken as a whole from a social media perspective does okay too they have you know a few accounts and maybe hit a million pageviews they have a you know a good following maybe you know 43,000 here 50,000 here a hundred thousand but it's not impressive in terms of a little larger social media picture what's in my view why they were

successful is that they it was the ability to exploit of how we produce promote and consume social and political data in the United States so first our modern ecosystem modern media ecosystem is driven by morality clickbait and fake news so the ability to put out a story or put out an idea that is it doesn't have to be true it doesn't have to be vetted it just has to feel true or be true the-- and have that sort of sensation of being true and it's you know quickly able to spread and people just consider it to be real to be true highly automated so you can use bots to brigade to create false consensus to

game popularity systems the game recommendation systems and move stories from the fringe or low popularity into the mainstream I think from what we saw is that it's guided by the fringe the ability of bright bards or any media organization that sort of caters to a fringe to put out a story and then to pull other news organizations and to covering or thinking about that story is a pretty significant power so you don't need the viewers you just need the ability to set and manipulate the agenda ok so what do we consider the future of political warfare it's an iteration or form of the Russian campaign so their ability to attack an information system pair it with an information and attack

on information content and something that is reproducible cheap with no specific tooling and using somebody else's platform is the future and it's also the reflection of offensive and defensive information security into social spaces and political spaces so to look at the campaign the Russians were able to bring techniques that were already out there so Brigade in dock saying you know leaking documents and bodying and and Brigade and they were able to put a strategy of a country behind it and music successfully and to the point where Facebook Twitter and reddit have to catch up they were fumbling but at the same time Facebook Twitter and reddit have the advantage of owning their network they own every account

every piece of data produced they own the code they own that whole space and then as we see recently an attacker isn't obligated to nuance the Russians aren't obligated to your First Amendment rights they're not obligated to legal stakeholders or business stakeholders they were only obligated to their own success whereas Facebook for instance has to engage our First Amendment rights has to engage business holders political stakeholders and its decision making is much more complex and nuanced lastly and loose so we're two years away from this and Facebook and Twitter have reconciled themselves and gone out and tried to find solutions and we have media organizations that are devoted to outing disinformation we have open source

intelligence groups that are outing disinformation and it's a problem taken seriously but at the same time it's not enough because when we consider disinformation we are considering something that has a very complex attack surface and a surface that is not just technical in nature rather it's also strategic legal social and it's you know very difficult to just deal with on a tech basis and at the same time you know when an attacker goes after trust through a narrative you know what tools do we have to rebuild trust to challenge a narrative you know we can we can spot a lie we can spot you know you know disingenuous parts of that narrative but how do we build tools to

actually attack something like that and in my view that's you know once an attacker has chipped away your trust or your ability to trust something you can't it's impossible to restore or to rebuild that on that cheery note that's this is modern political warfare I'm I really appreciate you guys coming out if you have any questions comments and concerns I'm most responsive on Twitter feel free to tweet me I will respond and I'm also around here all week so please love to talk thank you [Applause]