What disinformation in the 1930s looked like #CYBERWARCON 
Investigating the 1930 case, @RidT says he realised that forensics alone were not sufficient to get to the bottom of what happened. You need geopolitical context.
Next up is @camillefrancois talking about information operations on social media designed to disseminate hacked materials #CYBERWARCON
Speaking about the #DopingLeaks incident two years ago, a network map shows that the people who should be driving the conversation (sports/media) are on try periphery while spam accounts are at the centre of the conversation #CYBERWARCON
Talking about #DCLeaks, we see that media activity is way up, accounting for 34% of the conversation Twitter. #CYBERWARCON
Network Mao of #PodestaLeaks shows that this leak was marketed differently and really resonates with the conservative media/Trump supporters #CYBERWARCON
Francois says that if you want to conduct disinformation dissemination campaigns, you need accounts that are woven into the network already. Spinning up accounts and pushing out hashtags will no longer work #CYBERWARCON
Next up is Alex Orleans from @FireEye looking at how Russian hackers are targeting US electrical grids #CYBERWARCON
#CYBERWARCON had been hacked.... Well they can't get the slides to work at least
They have removed the Russians from the network and #CYBERWARCON is back on...
Alex Orleans now talking about Russian hacking group known as Temp.Isotope (aka Berserk Bear, Energetic Bear, DragonFly 2.0) who are the group hacking the US grid. Their work was first reported over a year ago fortune.com/2017/09/06/hac… #CYBERWARCON
The US electrical grid is actually 5 grids, with more than 3000+ power companies. It’s the "most complex quilt” ever built by humans according to @chrissistrunk #CYBERWARCON
“The day everything changed” was Dec. 23, 2015 when a Russian hacking group took control of a Ukraine electrical grid and shut off power for over 200,000 people #CYBERWARCON
New compliance standards have harden the core parts of the US electrical gird, but the Russians continue to target the grid anyway. So you need to ask why? #CYBERWARCON
And this is the answer:
Russian continue to conduct attacks on the grid, because it means the US has to deal with the threat (costs money and time) and feeds into influence operations among US citizens #CYBERWARCON
Russians taking advantage of the fact that US citizens don’t really understand how the grid works, and media misinterpretations adds to the problem #CYBERWARCON
Orleans doesn’t see a disruptive attack from Russia any time soon, as their strategy is "death by a thousand cuts” #CYBERWARCON
Orleans says that we still don’t know how deeply Russia has penetrated the electrical grid….which is a little worrying #CYBERWARCON
Next up at #CYBERWARCON is @RecordedFuture talking about how control of the internet is influencing Yemen’s civil war….something that has not been talked about much
How not to colour code a map #CYBERWARCON
Yemen’s internet is not great. In terms of user bandwidth Yemen ranks 189 out of 189 countries. Most of the internet infrastructure is based in Sana’a meaning when Houthi gained control of capital, they also gained control of the internet. #CYBERWARCON
If the government seized the port city of Al-Hudaydah, it would be able to cut off Houthi access to the internet, as that is where the submarine cable lands #CYBERWARCON
Houthis have been using Netsweeper to censor the internet, while there is also evidence of people using Tor and OpenVPN to get around the censorship #CYBERWARCON
There are a lot o major vulnerabilities in the Yemennet infrastructure leaving it open to surveillance and monitoring and there is evidence that Chinese-made routers have purposely built backdoors #CYBERWARCON
The Houthi government is using #CoinHive to secretly mine cryptocurrencies to aid their efforts
Next up at #CYBERWARCON is @nejenkins from the Cyber Threat Alliance and @Jason_Healey from Columbia University talking about whether US cyber deterrence operations are making things better or worse #CYBERWARCON
Trying to assess where the US new deterrence policy is working is difficult, even with hard data says Healy #CYBERWARCON
Knowing what attacks the US were conducting would help categories the severity of the attacks conducted by adversaries, Healy says. Unlikely this type of info will be make public any time soon #CYBERWARCON
The OPM hack was within acceptable limits of espionage efforts according to @Jason_Healey - Bolton has specifically singled out OPM as crossing the line #CYBERWARCON
Healy adds that as far as he is aware no one in the administration is trying to decide is the new policy is working or not. Which is a problem... #CYBERWARCON
Next up at #CYBERWARCON is Olga Belogolova and Madelyn Wilson from #Facebook who are talking about how they tracked disinformation campaigns during the #midterms
Here are the reasons Facebook gives for why disinformation campaigns take place on social media.....one that is missing is how easy it is to weaponize these platforms. They much have just forgot to include that one #CYBERWARCON
Facebook says there are huge variations between information operations from different countries - different strategies, different goals, different methods (ads, WhatsApp, pages, install etc) #CYBERWARCON
But there are some similarities, including the use of state-owned media to amplify the message, similar linguistic mistakes, leveraging memes and pop culture, trying to co-opt activist communities to disseminate fake news #CYBERWARCON
Interesting to hear these Facebook employees talking about FB, Instagram, WhatsApp, Messenger as all being part of a single, unified platform....not sure antitrust regulators would be happy about that #CYBERWARCON
Asked about issues in Myanmar, Facebook trots out the line that it is putting more resources into the problem #CYBERWARCON
Asked by @RidT if a dimishing return on investment for campaigns means we have seen peak disinformation on Facebook, Madelyn Wilson says she can't say if that's the case #CYBERWARCON
@RidT #CYBERWARCON is back after lunch. Next up are six lightning talks. First is a look at th eTriton malware that targeted ICS controllers and used by Temp.Vales which is linked to a Russian government scientific institute
@RidT Next up is Dan O’Keefe who is talking about the Houthi Information operations #CYBERWARCON
@RidT O\’Keefe highlights @USAKillsYemeni as an example of an account that trying to create campaigns that look like an activist grassroots campaign #CYBERWARCON
Next up is @k_sec talking about Russian-speaking state-sponsored hacking groups and how they are linked #CYBERWARCON
Next is @criskittner and @tiskimber talking about outsourcing cyberwar — how much does it cost for other nations to conduct a cyberwar? #CYBERWARCON
Outsourcing is done by most legitimate businesses and can bring benefits in terms of speed and cost-savings — and the same benefits are there for cybercriminals or nation state, with the added benefit of muddying the waters in terms of attribution #CYBERWARCON
You can easily go into any underground hacker forum and find people selling access to pretty much any enterprise. Prices differ depending on industry — financial company costs $3600 while educational company costs less than $2000 #CYBERWARCON
As well as malware, you can outsource influence operations, buying 1,000 followers for as little as $20 — and these services are not even hidden, available freely on the open web #CYBERWARCON
Next up is @SiminK_ talking about Iran’s influence operations #CYBERWARCON
@SiminK_ Most of the spread of disinformation in Iran happens on Instagram because it is highly popular and not blocked in the country. Focusing on FB and Twitter misses a big part of the picture @SiminK_ #CYBERWARCON
Final lightning talk is from @Adam_Cyber who is talking about what will the next destructive attack look like? #CYBERWARCON
Meyer says that you can predict the next Russian destructive attack simply by looking at important dates on the calendar #CYBERWARCON
Next up is Lauren Cooper from Carnegie Mellon who is talking about China’s efforts to target and disrupt US universities #CYBERWARCON
Number of Chinese students exploded in the last decade, going from 67,000 in 2006 to over 350,000 in 2016 #CYBERWARCON
Chinese Communist ideology spread in the US through Confucius Institutes which are joint venture between US universities and organisation called Hanban, which reports directly to the Ministry of Education in Beijing #CYBERWARCON
Another soft power effort is the China-United States Exchange Foundation, founded by billionaire Tung Chee Hwa, who headed up on of China’s main propaganda’s organs #CYBERWARCON
The result of this is the theft of valuable IP and the infiltration of computer network operations, as well as talent recruitment. The Thousand Talents Plan was a recruitment scheme to lure talent to China #CYBERWARCON
Some of those who were recruited in the areas where China wants to become a world leader
Artificial Intelligence is "the next battlespace” for China, Cooper says, referencing its plans to become a world leader by 2030. In Berkeley, the research lab received a $1 million grant from the US government's favourite Chinese tech company Huawei
The future? First off Chinese student visas will decrease dramatically. There will also be more pressure on Chinese students from the CCP. Also Chinese universities have built up their expertise meaning students won’t have to travel #CYBERWARCON
Next up at #CYBERWARCON is @juanandres_gs who is going to talk about APTs
The current way of describing APTs (usually using the word “sophisticated”) is just not good enough, so we need to come up with new ways of talk about them - @juanandres_gs says, #CYBERWARCON
It is important to build dynamic rather than static profiles of these hacking groups, because they change. Operatives leave/die/defect, the geopolitical context changes, resources change, #CYBERWARCON
Next up at #CYBERWARCON is @kyleehmke who is talking about how to identify information operations using cyber threat intelligence tools
@kyleehmke Ehmke talking about the tools he used to identify the people behind a campaign launched by the Russian troll farm in 2016 on Facebook #CYBERWARCON
Using the same techniques he used to investigate the Russian troll factory, Ehmke looked at Definers, the PR company who Facebook hired to smear opponents. He found sites about Tim Cook, building a border wall and a lot of others
Next up is Robert Lipovsky from @ESET talking about Grey Energy. #CYBERWARCON
The evolution from BlackEnergy to GreyEnergy, via Telebots
• • •
Missing some Tweet in this thread? You can try to
force a refresh
