Investigating the 1930 case, @RidT says he realised that forensics alone were not sufficient to get to the bottom of what happened. You need geopolitical context.

Next up is @camillefrancois talking about information operations on social media designed to disseminate hacked materials #CYBERWARCON

Speaking about the #DopingLeaks incident two years ago, a network map shows that the people who should be driving the conversation (sports/media) are on try periphery while spam accounts are at the centre of the conversation #CYBERWARCON

Talking about #DCLeaks, we see that media activity is way up, accounting for 34% of the conversation Twitter. #CYBERWARCON

Francois says that if you want to conduct disinformation dissemination campaigns, you need accounts that are woven into the network already. Spinning up accounts and pushing out hashtags will no longer work #CYBERWARCON

Next up is Alex Orleans from @FireEye looking at how Russian hackers are targeting US electrical grids #CYBERWARCON

#CYBERWARCON had been hacked.... Well they can't get the slides to work at least

They have removed the Russians from the network and #CYBERWARCON is back on...

Alex Orleans now talking about Russian hacking group known as Temp.Isotope (aka Berserk Bear, Energetic Bear, DragonFly 2.0) who are the group hacking the US grid. Their work was first reported over a year ago fortune.com/2017/09/06/hac… #CYBERWARCON

The US electrical grid is actually 5 grids, with more than 3000+ power companies. It’s the "most complex quilt” ever built by humans according to @chrissistrunk #CYBERWARCON

“The day everything changed” was Dec. 23, 2015 when a Russian hacking group took control of a Ukraine electrical grid and shut off power for over 200,000 people #CYBERWARCON

New compliance standards have harden the core parts of the US electrical gird, but the Russians continue to target the grid anyway. So you need to ask why? #CYBERWARCON

Russian continue to conduct attacks on the grid, because it means the US has to deal with the threat (costs money and time) and feeds into influence operations among US citizens #CYBERWARCON

Russians taking advantage of the fact that US citizens don’t really understand how the grid works, and media misinterpretations adds to the problem #CYBERWARCON

Orleans doesn’t see a disruptive attack from Russia any time soon, as their strategy is "death by a thousand cuts” #CYBERWARCON

Orleans says that we still don’t know how deeply Russia has penetrated the electrical grid….which is a little worrying #CYBERWARCON

Next up at #CYBERWARCON is @RecordedFuture talking about how control of the internet is influencing Yemen’s civil war….something that has not been talked about much

Yemen’s internet is not great. In terms of user bandwidth Yemen ranks 189 out of 189 countries. Most of the internet infrastructure is based in Sana’a meaning when Houthi gained control of capital, they also gained control of the internet. #CYBERWARCON

If the government seized the port city of Al-Hudaydah, it would be able to cut off Houthi access to the internet, as that is where the submarine cable lands #CYBERWARCON

Houthis have been using Netsweeper to censor the internet, while there is also evidence of people using Tor and OpenVPN to get around the censorship #CYBERWARCON

There are a lot o major vulnerabilities in the Yemennet infrastructure leaving it open to surveillance and monitoring and there is evidence that Chinese-made routers have purposely built backdoors #CYBERWARCON

The Houthi government is using #CoinHive to secretly mine cryptocurrencies to aid their efforts

Next up at #CYBERWARCON is @nejenkins from the Cyber Threat Alliance and @Jason_Healey from Columbia University talking about whether US cyber deterrence operations are making things better or worse #CYBERWARCON

Trying to assess where the US new deterrence policy is working is difficult, even with hard data says Healy #CYBERWARCON

Knowing what attacks the US were conducting would help categories the severity of the attacks conducted by adversaries, Healy says. Unlikely this type of info will be make public any time soon #CYBERWARCON

The OPM hack was within acceptable limits of espionage efforts according to @Jason_Healey - Bolton has specifically singled out OPM as crossing the line #CYBERWARCON

Healy adds that as far as he is aware no one in the administration is trying to decide is the new policy is working or not. Which is a problem... #CYBERWARCON

Next up at #CYBERWARCON is Olga Belogolova and Madelyn Wilson from #Facebook who are talking about how they tracked disinformation campaigns during the #midterms

Facebook says there are huge variations between information operations from different countries - different strategies, different goals, different methods (ads, WhatsApp, pages, install etc) #CYBERWARCON

But there are some similarities, including the use of state-owned media to amplify the message, similar linguistic mistakes, leveraging memes and pop culture, trying to co-opt activist communities to disseminate fake news #CYBERWARCON

Interesting to hear these Facebook employees talking about FB, Instagram, WhatsApp, Messenger as all being part of a single, unified platform....not sure antitrust regulators would be happy about that #CYBERWARCON

Asked about issues in Myanmar, Facebook trots out the line that it is putting more resources into the problem #CYBERWARCON

Asked by @RidT if a dimishing return on investment for campaigns means we have seen peak disinformation on Facebook, Madelyn Wilson says she can't say if that's the case #CYBERWARCON

@RidT #CYBERWARCON is back after lunch. Next up are six lightning talks. First is a look at th eTriton malware that targeted ICS controllers and used by Temp.Vales which is linked to a Russian government scientific institute

@RidT Next up is Dan O’Keefe who is talking about the Houthi Information operations #CYBERWARCON

@RidT O\’Keefe highlights @USAKillsYemeni as an example of an account that trying to create campaigns that look like an activist grassroots campaign #CYBERWARCON

Next up is @k_sec talking about Russian-speaking state-sponsored hacking groups and how they are linked #CYBERWARCON

Next is @criskittner and @tiskimber talking about outsourcing cyberwar — how much does it cost for other nations to conduct a cyberwar? #CYBERWARCON

Outsourcing is done by most legitimate businesses and can bring benefits in terms of speed and cost-savings — and the same benefits are there for cybercriminals or nation state, with the added benefit of muddying the waters in terms of attribution #CYBERWARCON

You can easily go into any underground hacker forum and find people selling access to pretty much any enterprise. Prices differ depending on industry — financial company costs $3600 while educational company costs less than $2000 #CYBERWARCON

As well as malware, you can outsource influence operations, buying 1,000 followers for as little as $20 — and these services are not even hidden, available freely on the open web #CYBERWARCON

Next up is @SiminK_ talking about Iran’s influence operations #CYBERWARCON

@SiminK_ Most of the spread of disinformation in Iran happens on Instagram because it is highly popular and not blocked in the country. Focusing on FB and Twitter misses a big part of the picture @SiminK_ #CYBERWARCON

Final lightning talk is from @Adam_Cyber who is talking about what will the next destructive attack look like? #CYBERWARCON

Next up is Lauren Cooper from Carnegie Mellon who is talking about China’s efforts to target and disrupt US universities #CYBERWARCON

Number of Chinese students exploded in the last decade, going from 67,000 in 2006 to over 350,000 in 2016 #CYBERWARCON

Chinese Communist ideology spread in the US through Confucius Institutes which are joint venture between US universities and organisation called Hanban, which reports directly to the Ministry of Education in Beijing #CYBERWARCON

Another soft power effort is the China-United States Exchange Foundation, founded by billionaire Tung Chee Hwa, who headed up on of China’s main propaganda’s organs #CYBERWARCON

The result of this is the theft of valuable IP and the infiltration of computer network operations, as well as talent recruitment. The Thousand Talents Plan was a recruitment scheme to lure talent to China #CYBERWARCON

Artificial Intelligence is "the next battlespace” for China, Cooper says, referencing its plans to become a world leader by 2030. In Berkeley, the research lab received a $1 million grant from the US government's favourite Chinese tech company Huawei

The future? First off Chinese student visas will decrease dramatically. There will also be more pressure on Chinese students from the CCP. Also Chinese universities have built up their expertise meaning students won’t have to travel #CYBERWARCON

Next up at #CYBERWARCON is @juanandres_gs who is going to talk about APTs

The current way of describing APTs (usually using the word “sophisticated”) is just not good enough, so we need to come up with new ways of talk about them - @juanandres_gs says, #CYBERWARCON

It is important to build dynamic rather than static profiles of these hacking groups, because they change. Operatives leave/die/defect, the geopolitical context changes, resources change, #CYBERWARCON

Next up at #CYBERWARCON is @kyleehmke who is talking about how to identify information operations using cyber threat intelligence tools

@kyleehmke Ehmke talking about the tools he used to identify the people behind a campaign launched by the Russian troll farm in 2016 on Facebook #CYBERWARCON

Next up is Robert Lipovsky from @ESET talking about Grey Energy. #CYBERWARCON