The growing danger of targeted fake news, disinformation, and mal-information attacks against businesses

 

What is Disinformation, Mal-information and Fake News?

 

Disinformation could be described as modern-day propaganda, manufactured tactical reality or a tool of economic war used to weaponize information.

Disinformation is manifested in various guises, with fake news frequently used as an umbrella term encompassing aspects of misinformation, disinformation and mal-information. It is used by state actors, criminals and groups with political and ideological agendas.

It often contains emotive content designed to prejudice public opinion and reduce critical thinking, relying on social media, celebrities and influencers to rapidly share and spread its content and with it, fear and uncertainty.

Fake news is a description most people have been familiar with since Donald Trump became the US president. It is often used dismissively to describe or expose a story as being untrue, whether it is or not.

Misinformation is false information, often disseminated by people who do not realise it is inaccurate and have no sinister agenda or malicious intent.

Disinformation is distorted, used in the wrong context or completely false information created and shared deliberately for entertainment, satire, or to cause a deliberately disadvantageous outcome to a person, business, group or demographic. Examples can range in severity from authoritarian governments seeking to influence their population and disrupt events overseas to fraudsters selling fake medical remedies.

Mal-information adds a more malicious and sometimes illegal context and aims to cause severe damage to the entity being targeted. The information shared can be disinformation or may be genuine but acquired through dubious practice, such as the case of Hilary Clintons leaked emails, it is often exposed at a time pertinent to cause as much damage as possible.

Mal-information is often associated with the repercussions of Doxxing or Swatting which can be explored in more detail here.

The History of Disinformation

Disinformation campaigns have been used throughout history especially as a method of warfare, a famous example is Operation Mincemeat.

This was a deception operation planned by the British government to provide the Nazis the false information that an allied invasion was going to take place against Greece and Sardinia. This manipulated the Nazis to move their troops, enabling the allies to attack the real target of Sicily.

The operation involved the use of a body dressed to look like a crashed pilot who was carrying classified documents detailing the attack. The body was planted to wash up in Spain as the Spanish government were known to share information with Nazi intelligence. The operation was a success and is thought to have contributed to a change in the course of the war.

Targeted Disinformation in the Corporate Sector

In the same way that social engineering is used to gain advantage, usually via manipulation of employees, disinformation seeks to manipulate the public, end customer or shareholder to the detriment of the business.

For instance, the conspiracy theory that radiation from 5G causes a range of illnesses from Cancer to Covid has resulted in disruption to services, extreme vandalism and attacks against telecommunications workers.

Another example was the sudden influx of subscribers to the video communications app Houseparty as lockdown commenced. Within weeks this changed to a mass frenzy of users deleting their accounts as reports emerged on twitter from people stating that their Netflix, PayPal, and Spotify accounts had being hacked since downloading the app. Subsequent investigation found that many of the twitter accounts spreading the reports were fake accounts, but the damage had been done.

State level disinformation campaigns are notoriously used by Russia, honed through years of internal political interference which has progressed to manipulate overseas elections as seen in the 2016 US election. Disinformation is typically disseminated through fake accounts on forums, and social media on an industrial level known as farming. Stories are quickly propagated by super spreaders resulting in a harmful sway of opinion. It is also known for influencers with thousands of followers to be paid to share news, memes, reports and comments.

Why is this a Danger to Businesses?

Disinformation campaigns have never been easier to launch and can now be purchased online, through disinformation service providers, disinformation-as-a-service (DaaS) is a cheap way to target competitors with very little risk of detection. DaaS can be used to rapidly instigate major reputational damage, resulting in lost contracts and business relationships. Another common threat often seen is from short sellers who aim to lower share prices. Businesses in all sectors are at risk from DaaS attacks.

The methods used include false news about executives and their family life, false information about deals and data sharing, images used in the wrong context, damaging investment rumours, untrue news stories and the use of cheapfakes and deepfakes.

Deepfakes are images, audio or video content which has been altered through the application of artificial intelligence (AI). A project to demonstrate how convincing deepfakes are, can be seen in a video where Barak Obama used defamatory language to describe Donald Trump. Cheapfakes require less technological input. A speech which surfaced showing the Speaker of the US House of Representatives, Nancy Pelosi, appearing to slur her speech, sparking rumours that she was drunk or unwell was simply created by slowing down her voice. AI created influencers are even starting to gain popularity on platforms such as Instagram, with a modelling agency existing for digital models who endorse brands and appear at fashion shows.

Another emerging threat is the use of deepfakes by criminals to imitate company executives by phone or video call, requesting employees to transfer large sums of money or divulge sensitive information to a supplier or associate. This type of scam relies on the same principles as social engineering, using authority, urgency and social proof to evade the targets critical thinking and perform an action which results in a catastrophe to the business.

What can be done by Businesses to Prevent Disinformation and Mal-information Attacks?

Our top tips to prevent and control economic attacks are:

Monitor – effective monitoring of both your business and industry via social media, and forums will identify chatter and content before it becomes mainstream. Tools can be used to identify content in different languages across numerous platforms on both the dark and surface web, providing the ability to get ahead of a growing story.

Create an effective response plan – address fake news by evaluating the likely threat actors in advance, the stakeholders they might target and their vectors of attack.  Rehearse every scenario and create response and brand protection plans accordingly, identifying responsibilities within the organisation. This will enable a timely response and will reduce the spread of the fake news.

Communications – be consistent, communicate technical and scientific news effectively and transparently. Maintain a voice across all social network platforms to quickly counteract disinformation. Have a plan to communicate directly with staff and stakeholders in a crisis.

For further advice and for a range of business threat and risk assessments, physical penetration testing, due diligence and corporate investigations please contact Sloane Risk Group.

www.sloaneriskgroup.co.uk

enquiries@sloaneriskgroup.co.uk

0203 897 22 72

71-75 Shelton St, Covent Garden, London, WC2H 9JQ

 

Women’s Safety and Security

 

As a result of the devastating news surrounding the murder of Sarah Everard, there is currently a national conversation regarding women’s safety. As a female led security consultancy, we would like to offer some of the top safety tips which we often recommend to our female clients.

In our opinion, the first rule of self-defence is to develop a strong sense of environmental situational awareness. Being able to understand and identify the risks of a situation and to react appropriately, is the best way to avoid becoming a victim or target of both environmental and criminal situations.

 

Raise Your Situational Awareness

We often walk around oblivious to our surroundings, this could be through a false sense of security because we know where we are, or due to distractions such as mobile phones.

It is vital to remain alert in public, know who is around and behind you, look ahead and premeditate where you would go if you were in danger. Don’t wear earphones, they will reduce your chance of noticing an approaching person or vehicle.

 

Manage Your Profile

By this, we mean realise how to blend in and not be identified as a potential target for theft or worse. Be mindful of how you show and carry expensive jewellery, handbags, watches and electronics. A woman should have the freedom to dress how she chooses; however, it is also important to realise that unfortunately there are people whose perception of you will be directly linked to the way that you are dressed which will impact their treatment of you. This is especially relevant when travelling. (more information can be found in our online lone female travellers course)

 

Look Strong and Confident

A potential harasser can be deterred by a projection of strength. Most criminals have a strong instinct for self-preservation, which has a direct impact on their selection or subsequent disregard of an intended target or victim. Project strength by walking with purpose, keeping your head up and shoulders back, standing straight and making eye contact.

 

Check In

When you go out, get into the habit of telling somebody where you are going, how you are getting there and when to expect you. This will become a routine and safe practice to follow.

 

Live Location

A great tool available to WhatsApp users is the use of the live location function. This is located within the addition menu (marked with a blue cross) you can select “live location” for a period of time, up to 8 hours which is very useful if you can arrange for a friend to monitor your journey or evening run.

 

Don’t Overshare

Be wary of disclosing your address or full name to strangers. When using social media, don’t post exactly where you are or where you are going, post after you have left and don’t post details of places that you visit regularly. Set your settings to approve posts that other people tag you in. Think, if you would not share details of your address, job, partner, children, parents, phone number or email with someone in a supermarket queue don’t do it online.

 

Have a Plan

If you are going out late, plan your travel home and stick to it. Stay with any friends that you have planned an evening with and check that each other get home safety. Consider taking trainers or flat shoes if your journey home involves walking or public transport. Don’t use unlicensed mini cabs and don’t be afraid to photograph the number plate of a taxi that you are travelling in before you board. If travelling by bus, stay downstairs in sight of the driver. In train carriages try and find a carriage with a conductor. Familiarise yourself with your mobile phones shortcut to 999, it is much harder to perform normal functions when you are under pressure.

 

Draw Attention

If you feel threatened react to your instincts, cross the road, go somewhere more public or call for help. Don’t be scared to draw attention to yourself.  A discussion between our staff has identified multiple occasions where females have avoided theft or physical harm by shouting and making a noise when confronted by a potential attacker. Be aware of what is known as the bystander effect; it has been proven that when many people can help, often no-one does. This is because everyone expects someone else to intervene. If you are attacked in a public place and people are watching; make eye contact and direct your plea for assistance “you, help me”

 

 

Self-Defence

Whilst it is common knowledge that carrying a weapon can have an adverse effect as apart from being illegal it can be used against you. Sadly, there are situations where self-defence might be the last available option. In the UK, carrying mace or pepper spray is against the law. However, if you are physically threatened you may take reasonable and proportionate measures to defend yourself. If you have an alternative option, such as a defence dye spray, use it. You can use any item that you are legitimately carrying for another purpose as a weapon if it is proportionate, i.e. the miniature bottle of hairspray or mosquito repellent that might be in your bag.  For these to be effective you have to have them ready to access, they are no good if you can’t locate them. Similarly attack alarms, these need to be easily accessible such as attached to the outside of your bag where you can easily pull a string or activate a button if needed.

 

 

 

If you would like more advice and exercises which teach you how to raise your awareness levels, identify if you are under surveillance, plan your travel safely and be more considerate of your approach to online security; visit our online training platform. Our current courses include:

Lone Female Traveller Security Awareness

Security Awareness for High-Net-Worth Nannies

Canine Surveillance Awareness & Protection for Dog Walkers

Women’s Safety and Security

 

 

 

www.sloaneriskgroup.co.uk

enquiries@sloaneriskgroup.co.uk

Doxxing, weaponising your data for revenge

 

 

 

What is Doxxing?

 

Doxxing or Doxing is an abbreviation of Documents or Docs. Doxxing is sharing a persons or a company’s private or identifying information, this is usually online but can also take a physical form such as graffiti or in newsprint.

 

Doxxing is a weapon which is used by people with a variety of intentions, from addressing social injustices to attacking someone with the aim of inciting physical harm against them. The information shared through doxxing is generally meant to expose, embarrass, extort or endanger the person being doxxed. This information can include phone numbers, email addresses, home addresses, photographs or any other identifying information which the victim of doxing would not voluntarily place in the public domain, or in the context used by the doxxer.

 

The main attraction of doxxing is to inflict a monumental level of pain or harassment against someone without leaving home or being easily detected as the perpetrator or instigator of the attack.

 

What are the origins of doxxing?

 

Doxxing was originally known as Dropping Docs and was initially a method used by hackers and gamers to take revenge against opponents. An early example involved the details of white supremacists being doxed on UseNet. It has evolved into a modern-day method of attack used by a range of people.  Anyone with access to an online platform such as Facebook or Twitter can publish information about someone else in a basic form of doxxing. Dedicated Doxxing sites hosted on both the surface and the dark web go a stage further and are designed as a platform for information to be revealed, shared and acted upon.

 

What do doxxers hope to achieve?

 

On dedicated doxxing platforms, the victim’s details are often published with a rough description of what they are accused of such as paedophilia, cheating, child or animal abuse in the hope that other people will subject them to harassment, ranging from using their details to sign up to junk mail services to physical abuse or even swatting attacks.

 

Swatting takes doxxing to another level, generally seen in America, this is a method of using the victim’s information to call a swat team claiming that an armed or hostage situation is underway. The aim is that the swat team causes severe distress or even shoots the person being doxxed.

 

Examples of doxxing include:

 

An instance in the late 90’s and early 2000’s where an anti-abortion campaigner published a list of abortion providers forming a hit list. People’s names were annotated if they had been hurt or killed. To date eight people from that list have been killed.

 

In 2013 a student was misidentified and doxxed on Reddit as a suspect of the Boston Marathon bombing. After a considerable amount of abuse, he was found dead. His death was ruled as a suicide, believed to be as a result of doxxing.

 

Over the last three years we have seen a steep rise in clients experiencing problems relating to doxxing. We have helped a client who after ending a relationship was doxxed by his previous partner. He was wrongly listed as a paedophile on a number of websites. Our investigation was able to produce evidence linking his former partner to the accounts sharing the information.  Another case involved the distribution of revenge porn against a teenage girl which was being widely shared via social media. The images were actually deepfakes, her Image had been superimposed on another person’s body, however this was deeply embarrassing for both her and her family. After some work we were able to identify the source of the images and eventually remove the content.

 

Is Doxxing Illegal?

 

Different countries have different laws regarding doxxing. At present in the UK there is not a law dedicated to doxxing however most cases will fall under the data protection act, the protection from harassment act or the computer misuse act. The problems generally lie with enforcing these legalities as most doxxers are very tech savvy and will hide behind several layers of protection and aliases.

 

Can doxxing be prevented?

 

People can protect themselves to an extent, we recommend the following:

 

  • Don’t overshare, this relates to social media. Consider your posts and comments and the consequences of them. Keep your accounts locked down and limit the information which you provide.
  • Do not make your phone number visible on social media sites, consider using a secondary disposable number for account set up.
  • Opt out of the open electoral register.
  • Use a virtual private network (VPN) to mask your computers IP address
  • Consider who you provide you address, phone number and email address to. Set up secondary email accounts for online shopping and services which request your delivery details. You can gain additional protection by arranging to pick deliveries up from collection points, this is recommended when using services such as eBay where subsequent disputes are common.
  • Only provide your home address when you really need to, don’t fill out surveys or prize giving questionnaires, most of that information eventually works its way into the public domain either through mailing list sales or data breaches.

 

 

Most importantly, audit yourself, check your own online identity by running your name and partial details trough a range of search engines. See what information about you is easy to find.

 

Alternatively, our online profiling service can save you the time and do this on your behalf. We will compile a report detailing what information about you or your business can be easily located, our experienced team can then execute a process to remove this information where possible.

 

For more information or to discover our other services including, physical penetration testing, surveillance, close protection, investigations and due diligence visit our website.

 

www.sloaneriskgroup.co.uk

Email – enquiries@sloaneriskgroup.co.uk

Phone – 0203 897 22 72

Counter-surveillance and security awareness training for dog owners, extreme or a necessary service?

Dog guards the house concept with door keyhole and portrait of looking Jack Rusell dog.  Pet dog stay at home and watch. Copy space.

One of the reactions of the pandemic is the uptake in pet ownership, with more time to enjoy country walks and a desire for companionship many people have added a new dog or puppy to their family. The negative impact of this is a surge in pet theft by organised criminals who target dogs which they breed for profit, use for illegal fighting and even ransom back to their owners.

 

More than 60 dogs are stolen in the UK per week and less than 5% of these cases lead to a conviction. In October Tom Hunt MP called for pet theft to become a specific offence, this would result in tougher sentencing for pet theft. Currently most cases are heard in the magistrates court where convictions typically only incur a £250 fine, the same punishment as the theft of an inanimate object. For more information see pettheft.org

 

The stories that unfolded in 2020 tell heartbreaking tales of support dogs, working dogs and children’s pets being stolen often in blatant and planned attacks. The stereotypical example of a dog being taken from outside a shop whilst their owner popped in for a quick pint of milk has been replaced with accounts of sophisticated methods of breaking and entering property, people being placed under surveillance and followed home whilst walking their pets and even being violently attacked for their dogs.

 

These advanced attacks have resulted in the need for serious countermeasures. We have recently been asked to provide several of our clients and their households with security awareness and counter-surveillance training which they can subtly deploy to remain safe whilst walking their dogs. This has led to the creation of our specialist canine counter-surveillance project which 2021 will see us roll out as an online and in-person security awareness service for our clientele.

 

Our training programs are based on years of counter-espionage experience and include subjects such as how to raise your awareness levels, how to identify if you are under surveillance, how to deter potential criminals, what to do if you suspect that you are being followed and safety and security advice which should be adopted in everyday life.

 

For more information regarding any of our services including:

 

Physical penetration testing

Close protection

Surveillance

Counter-surveillance

Security awareness training

Bug sweeping

OSINT and Due Diligence

 

 

Please contact us;

info@sloaneriskgroup.co.uk

www.sloaneriskgroup.co.uk

0203 897 22 72