Platt Perspective on Business and Technology

Rethinking national security in a post-2016 US presidential election context: conflict and cyber-conflict in an age of social media 7

Posted in business and convergent technologies, social networking and business by Timothy Platt on January 29, 2018

This is my 7th installment to a new series on cyber risk and cyber conflict in a still emerging 21st century interactive online context, and in a ubiquitously social media connected context and when faced with a rapidly interconnecting internet of things among other disruptively new online innovations (see Ubiquitous Computing and Communications – everywhere all the time 2, postings 354 and loosely following for Parts 1-6.)

I touched upon the issues and challenges of trolling behavior in Part 6 of this series, and how it has become weaponized by assembling coordinated online disinformation spreading troll armies, and in much the same way that botnets are assembled and used for enabling coordinated denial of service attacks. And I add here that one of the most salient differences between these two cyber threat approaches, was at least once that usurped computers and their owners, caught up in botnets are essentially all unknowing and unwilling participants, with those people’s computers surreptitiously taken over by malware that they have unintentionally downloaded and activated. But online trolls, and by that I mean the more traditional and once fully expected human troll participants in this, do know what they are doing, even if they are being manipulated by skewed and misleading news sources to do so, and with social media an increasingly significant source of the false information that would lead to their troll behavior.

I added the word “once” there because, while a great deal of trolling activity still comes from people, and from lone individuals, an increasing amount of this activity is now coming from maliciously oriented artificial agents that are constructed using artificial intelligence capabilities, and with visible persona assembled from the online profiles of unwitting social media participants to give them credibility.

Social media and the interactive online experience in general, and the host of technologies that enable all of that, can be used for positive purposes and they generally are. And the same applies to automation and artificial intelligence as they can be applied to an online context too. Just consider the essential role that artificial intelligence plays in enabling the progressively more comprehensive online search engines that we all rely upon, as a source of working examples of the positive side of this. But all of these resources and capabilities can also be turned to serve malicious and belligerent purposes too, and can be used in support of the worst that people would or could do too.

I offered two points of information in Part 6 that I have to return to here, to both further explore them and to question them for their overall long-term accuracy and relevancy. And both of them are aging into what will become irrelevance and inaccuracy.

The first of those statements is:

• “Trolling behavior and intentional disinformation creation and its online dissemination as a form of disruptive attack, serve as what can perhaps best be considered a quintessential source of examples of how new advances in the technological bases of information and communication systems allow for new and disruptive negative and even overtly destructive forms of use, as well as positive ones.”

That is still basically true and certainly as of this writing, but we can all expect some disruptively new technological exploit to supplant these threats into holding lesser relevancy than they do now. The word “quintessential” will come less and less to mind for them, and online troll activity to cite the specific attack form, will fade for its significance as new sources of threat supplant it in the public eye and in general discourse.

And the second point that I made there that is worth repeating here is:

• “The distinction (n.b. between technological vulnerabilities and their exploitation, and human behavioral vulnerabilities and their exploitation) will become moot as artificially intelligent agents more fully participate online as people do. But we are not there yet, as of this writing.”

It is now known that a significant percentage of the concerted army-like troll attack coming out of Russia to suborn the 2016 national elections in the United States, was coming from computer software and not from real individual people; this attack did involve large numbers of human online trolls but it was also to a large degree coming from robotrolls, to coin a term.

Russian agencies have developed and cultivated large and robust human agent troll farms that, as noted above, use online personas created from photos and other content found in real online social media profiles to create credibility for themselves. But they have also begun developing and testing artificial intelligence backed software trolls that post using similarly created and similarly fraudulent online personas too. Think of their use in the 2016 US elections, and other recent efforts as live fire tests of one of their new and emerging cyber warfare capabilities. (See, for example:

The Fake Americans Russia Created to Influence the Election.

As I have noted before in this blog and alluded to just now in this posting, Russia has more recently used the same approaches to sway and suborn other elections and referenda too, besides just the 2016 US elections. But beyond that, they have also sought to hack into Britain’s and other nation’s energy, media and telecommunications industries, among other critical national systems. They have made test runs to see how their cyber capabilities in general can be used to compromise both private sector systems and critical national infrastructure. And yes, this takes me way beyond trolling and weaponized trolling per se and certainly insofar as a great deal of the wider attack approaches used there, rely on development and use of automated weaponized systems too. See, for example:

British Cybersecurity Chief Warns of Russian Hacking.

And there is significant evidence that Russia and agents working for their government have repeatedly used cyber attacks as tools of diplomacy in an effort to keep the Baltic States: once vassal states to the old Soviet Union, in check as they have sought greater independence as neighbors to a now Russian Federation (see for example: Russian Hacking and the Baltic States.) And it is clear that Russia used trolling and other disinformation attack approaches as key preparatory and supportive elements of their drive into the Ukraine too (see for example, Ukraine Points Finger at Russian Security Services in Recent Cyber Attack and How an Entire Nation Became Russia’s Test Lab for Cyberwar.)

And this leads me to a crucially important point as to the emerging threat offered by these belligerently oriented technology uses. I have been discussing here, how Russia has been developing cyber warfare capabilities and actively testing them in the real world. I add here that other nations have been doing that too, including North Korea and the United States as I will at least briefly and selectively discuss in what follows. (See for example, Asking the Fundamental Questions When Considering North Korea’s Cyber-Espionage and Cyber-Warfare Capabilities and its Part 2 continuation. And also see my series on Stuxnet and its real world deployment and use as can be found at Ubiquitous Computing and Communications – everywhere all the time, starting with its posting 58 for a discussion of an instance in which the United States and Israel coordinately used cyber weapons too, there to stop Iran’s nuclear weapons development program.)

• One of the most important steps in developing weaponized systems of any type, that would be usable to promoting and advancing national or other organizational goals, is real world, live fire testing to prove that they in fact can reliably work. Absent that validating testing, these resources cannot be relied upon in planning, and with any real certainty. And this point particularly applies to disruptively new and novel potential weapons such as new cyber weapons. This testing by Russia, and as will be discussed below by North Korea, allows those nations to include them in their basic arsenals and as tested and known resources.

And with that noted, I propose a disquieting though increasingly likely conclusion: we are a lot closer to seeing effective artificial intelligence based cyber warfare capabilities right now, that are sufficiently developed and advanced to be effectively used, and that the people controlling them would feel confidence in deploying and using now, than we would like.

Yes, we have been approaching that point a lot faster than we would like to think possible, and we have arrived there as of today in early 2018. This has already become a part of our still emerging but already significantly here-and-now reality.

And with that noted, I turn to consider the second basic threat that I said I would address next when writing Part 6 to this series: ransomware. And I begin addressing that by citing an example of how ransomware has also been weaponized, and as a case in point by the government of North Korea through the widespread dissemination and use of a piece of malware that has come to be known in the West as WannaCry.

WannaCry was launched in a wide ranging attack in May, 2017 against individuals, businesses, and government agencies where possible, and with a single goal: that of extorting money and in large quantities, in return for relinquishing control over the computers and computer network systems that they had hacked into and suborned with this software weapon. Ransomware works by locking people out of their computer and computerized data repository systems and out of their computer networks where servers that manage them become infected with this type of software too. And those who deploy such weapons demand payment before they agree to share the passwords needed to regain access and control to those systems, through this malware.

And while many companies: larger corporations included, that face that type of challenge routinely seek to keep their cyber vulnerabilities and failings secret to prevent a loss of public trust in them, the evidence that is visible from this widespread attack indicates that the North Korean government and its cyber warfare system did capture control over a great many computer systems. They did in fact capture a significant amount of foreign currency payment out of this.

The United States and Israel developed and launched Stuxnet in order to at least significantly set back Iran’s effort to develop a working atomic bomb, and the capability of producing a succession of them. Russia made its cyber attacks against the United States and I add in Europe too as I have been writing about here, in an attempt to create discord among and within its opponents, nationally and with a goal of strengthening their own hand internationally. And North Korea launched their ransomware attack as noted here, to raise their overall foreign currency holdings at a time in which their economy and their system of government have been severely challenged by mounting trade sanctions and other international responses to their ballistic missile and nuclear weapons development programs.

I add here that North Korea already had a long-established track record of cyber attacking South Korea and both in its private sector and in its government held computer networks. That was more harassment in nature, while this attack sought to achieve a specific short term goal.

And this leaves me at a decision point as to what to address next in this series. One possible next step in developing this narrative would be to more fully discuss purpose and motive, and how that has driven all of the examples I have touched upon up to here, and how it is shaping and driving similar cyber weaponization efforts under development and their at least possible use too. And the other to-address issue would be to more fully discuss and address cyber vulnerabilities from a preventative and remediative perspective, and how we might better address them proactively. I am going to address those two topic areas in that order, starting with a more detailed discussion of the why of these attacks, and both as carried out by private sector and governmental agencies. And as part of that, I will discuss how the boundaries between the two have been blurring. Then I will turn to and discuss the second.

Meanwhile, you can find this and related postings and series at Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation. And you can also find this and related material at Social Networking and Business 2, and also see that directory’s Page 1.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: