The growing danger of targeted fake news, disinformation, and mal-information attacks against businesses
What is Disinformation, Mal-information and Fake News?
Disinformation could be described as modern-day propaganda, manufactured tactical reality or a tool of economic war used to weaponize information.
Disinformation is manifested in various guises, with fake news frequently used as an umbrella term encompassing aspects of misinformation, disinformation and mal-information. It is used by state actors, criminals and groups with political and ideological agendas.
It often contains emotive content designed to prejudice public opinion and reduce critical thinking, relying on social media, celebrities and influencers to rapidly share and spread its content and with it, fear and uncertainty.
Fake news is a description most people have been familiar with since Donald Trump became the US president. It is often used dismissively to describe or expose a story as being untrue, whether it is or not.
Misinformation is false information, often disseminated by people who do not realise it is inaccurate and have no sinister agenda or malicious intent.
Disinformation is distorted, used in the wrong context or completely false information created and shared deliberately for entertainment, satire, or to cause a deliberately disadvantageous outcome to a person, business, group or demographic. Examples can range in severity from authoritarian governments seeking to influence their population and disrupt events overseas to fraudsters selling fake medical remedies.
Mal-information adds a more malicious and sometimes illegal context and aims to cause severe damage to the entity being targeted. The information shared can be disinformation or may be genuine but acquired through dubious practice, such as the case of Hilary Clintons leaked emails, it is often exposed at a time pertinent to cause as much damage as possible.
Mal-information is often associated with the repercussions of Doxxing or Swatting which can be explored in more detail here.
The History of Disinformation
Disinformation campaigns have been used throughout history especially as a method of warfare, a famous example is Operation Mincemeat.
This was a deception operation planned by the British government to provide the Nazis the false information that an allied invasion was going to take place against Greece and Sardinia. This manipulated the Nazis to move their troops, enabling the allies to attack the real target of Sicily.
The operation involved the use of a body dressed to look like a crashed pilot who was carrying classified documents detailing the attack. The body was planted to wash up in Spain as the Spanish government were known to share information with Nazi intelligence. The operation was a success and is thought to have contributed to a change in the course of the war.
Targeted Disinformation in the Corporate Sector
In the same way that social engineering is used to gain advantage, usually via manipulation of employees, disinformation seeks to manipulate the public, end customer or shareholder to the detriment of the business.
For instance, the conspiracy theory that radiation from 5G causes a range of illnesses from Cancer to Covid has resulted in disruption to services, extreme vandalism and attacks against telecommunications workers.
Another example was the sudden influx of subscribers to the video communications app Houseparty as lockdown commenced. Within weeks this changed to a mass frenzy of users deleting their accounts as reports emerged on twitter from people stating that their Netflix, PayPal, and Spotify accounts had being hacked since downloading the app. Subsequent investigation found that many of the twitter accounts spreading the reports were fake accounts, but the damage had been done.
State level disinformation campaigns are notoriously used by Russia, honed through years of internal political interference which has progressed to manipulate overseas elections as seen in the 2016 US election. Disinformation is typically disseminated through fake accounts on forums, and social media on an industrial level known as farming. Stories are quickly propagated by super spreaders resulting in a harmful sway of opinion. It is also known for influencers with thousands of followers to be paid to share news, memes, reports and comments.
Why is this a Danger to Businesses?
Disinformation campaigns have never been easier to launch and can now be purchased online, through disinformation service providers, disinformation-as-a-service (DaaS) is a cheap way to target competitors with very little risk of detection. DaaS can be used to rapidly instigate major reputational damage, resulting in lost contracts and business relationships. Another common threat often seen is from short sellers who aim to lower share prices. Businesses in all sectors are at risk from DaaS attacks.
The methods used include false news about executives and their family life, false information about deals and data sharing, images used in the wrong context, damaging investment rumours, untrue news stories and the use of cheapfakes and deepfakes.
Deepfakes are images, audio or video content which has been altered through the application of artificial intelligence (AI). A project to demonstrate how convincing deepfakes are, can be seen in a video where Barak Obama used defamatory language to describe Donald Trump. Cheapfakes require less technological input. A speech which surfaced showing the Speaker of the US House of Representatives, Nancy Pelosi, appearing to slur her speech, sparking rumours that she was drunk or unwell was simply created by slowing down her voice. AI created influencers are even starting to gain popularity on platforms such as Instagram, with a modelling agency existing for digital models who endorse brands and appear at fashion shows.
Another emerging threat is the use of deepfakes by criminals to imitate company executives by phone or video call, requesting employees to transfer large sums of money or divulge sensitive information to a supplier or associate. This type of scam relies on the same principles as social engineering, using authority, urgency and social proof to evade the targets critical thinking and perform an action which results in a catastrophe to the business.
What can be done by Businesses to Prevent Disinformation and Mal-information Attacks?
Our top tips to prevent and control economic attacks are:
Monitor – effective monitoring of both your business and industry via social media, and forums will identify chatter and content before it becomes mainstream. Tools can be used to identify content in different languages across numerous platforms on both the dark and surface web, providing the ability to get ahead of a growing story.
Create an effective response plan – address fake news by evaluating the likely threat actors in advance, the stakeholders they might target and their vectors of attack. Rehearse every scenario and create response and brand protection plans accordingly, identifying responsibilities within the organisation. This will enable a timely response and will reduce the spread of the fake news.
Communications – be consistent, communicate technical and scientific news effectively and transparently. Maintain a voice across all social network platforms to quickly counteract disinformation. Have a plan to communicate directly with staff and stakeholders in a crisis.
For further advice and for a range of business threat and risk assessments, physical penetration testing, due diligence and corporate investigations please contact Sloane Risk Group.
0203 897 22 72
71-75 Shelton St, Covent Garden, London, WC2H 9JQ