Sections

Introduction

Cyber Influence Operations: Multiple Dimensions

Vulnerabilities in the Information and Cognitive Realms

Techniques for Conduct of CeSIO

Techniques for Conduct of CeTIO

Cyber Influence Stratagems

References

Introduction

Cyber Influence Operations (CIO) are proving to be an increasingly potent capability in the armoury of nations for achieving strategic effects in global conflict scenarios. The dramatic effects of cyber-attacks in the cognitive domain carried out (allegedly by Russia) against Estonia (2007), Georgia (2008), Ukraine (2015 onwards) and the US presidential elections (2016) [1, 2]; the hacking of Sony Pictures [3], purportedly by North Korea; and stealing of millions of personal records from the US Office of Personal Management [4], widely believed to be ex-China, have caught the attention of the world. The fact that the US Cyber Command has been specifically pressed into service for warding off such attacks in the ongoing US presidential election campaigns is an indicator of the seriousness with which CIO are now being taken.

The previous article in this series on CIO dwelt on conceptual aspects, bringing out that the emerging notion of CIO lies at the confluence of the nebulous concepts of Cyber Operations and Influence Operations, and is essentially a manifestation of Information Operations in cyberspace. The article also highlighted that it was important to make a distinction between Technical and Cognitive facets of CIO, termed respectively as Cyber-enabled Technical Influence Operations (CeTIO) and Cyber-enabled Social Influence Operations (CeSIO), as making such a distinction facilitates the understanding and implementation of operational, organisational and training issues related to CIO.

This piece first discusses several facets of the CIO concept, an understanding of which helps in analysing the diverse objectives and strategies of CIO which are observed to be in play. It then goes on to give a brief overview of CeSIO and CeTIO tools and techniques, and how these may be synergised to execute several types of influence stratagems in cyberspace.

Cyber Influence Operations: Multiple Dimensions

One may abstract three dimensions of operation while conceptualising cyber influence strategies. The first dimension relates to the level of precision with which the target audience is selected. The type of effect which the influence strategy is expected to have on the target audience (positive, negative or distractive) constitutes the second dimension. The third dimension denotes the intensity of the operation across the spectrum of conflict (peace, low-intensity conflict (LIC), full-blown conflict), which is also linked to the intrusiveness of attacks: as the level of conflict escalates, intrusive CeTIO capabilities are likely to be increasingly employed (please refer to section on CeTIO below). The first two dimensions are further discussed in the succeeding paragraphs.

CIO Targeting: Levels of Precision

Cyber influence operations may be directed towards the society as a whole, specific groups or even selected individuals. Cyberspace in conjunction with various modern technologies greatly facilitates precision targeting of groups and individuals. The three levels of precision in targeting are elaborated upon as under [5]:-

• General Societal Targeting. This is aimed at targeting society as a whole, by aligning messages with narratives widely shared by the society’s populace. Attacks in this category may even be targeted against critical infrastructures and institutions of the society (government, electrical grids, etc).
• Socio-Demographic Targeting. Here, specific social groups and networks are targeted by tailoring messages based on socio-demographic factors such as ethnicity, religion, caste, gender, income, education, etc, or even groups driven by specific causes.
• Psychographic Targeting. In psychographic targeting, technology such as big data analytics is used to build psychographic profiles of individuals, and precision-targeting of these individuals through messaging is resorted to by using automated tools. The psychographic parameters could be based on personality traits, political leanings, and behavioural patterns, etc. Depending on the nature of the influence campaign, key political leaders, decision makers, influencers or even ordinary citizens may be targeted. Social media platforms offer a rich resource of data to be exploited for building the psychographic profiles of individuals. Psychographic targeting of individuals enabled by information and communication technologies is a novel dimension which has been added to the field of influence operations in this information age.

Types of CIO Narratives

Unlike other military strategies, offensive and defensive paradigms do not readily apply to cyber influence operations. Instead, CIO strategies may be categorised into three classes, characterised by differing degrees of malevolence. One or more of these may be adopted to achieve the desired objectives [6]:-

• Positive or Constructive CIO. Constructive CIO endeavour to establish a coherent narrative about an ideology (eg, communism) or issue which might correlate with or complement existing narratives.
• Oblique or Distractive CIO. As the term suggests, this approach tries to distract and dilute the attention of the target audience from an existing key issue by raising alternative minor but emotive issues, and flooding the information environment with messages accordingly.
• Negative or Disruptive CIO. Disruptive CIO attempt to undermine an existing narrative by playing up divisive and contested issues and spreading disinformation about the narrative. For disruption to be effective, alternative themes must be presented which are congruent to and compete with the narrative being targeted. However, the alternative narrative need not necessarily be coherent.

Vulnerabilities in the Information and Cognitive Realms

On occurrence of newsworthy events such as a scientific discovery or a political development, information regarding the event is analysed by experts, then communicated through print, television and digital media to the public. The information which reaches individuals is often tempered by public dialogue over social media platforms and in social interactions. This information flow is subject to media system, public opinion and cognitive vulnerabilities, as explained in succeeding paragraphs, which may be exploited for conduct of CeSIOs [7].

Media System Vulnerabilities

While journalistic business models have always been subjected to corrupting influences, vulnerabilities in this area have increased with the proliferation of alternative channels for information dissemination through cyberspace, and availability of new technologies for easy photo-shopping of images, creating deepfakes, forging documents, etc. These vulnerabilities may be exploited to achieve political or economic benefits.

Public Opinion Vulnerabilities

Public opinion may be influenced and manipulated by exploiting social behavioural trends such as the natural tendency to be part of majority opinion, wherein false pictures of majority views may be engineered through creation of fake accounts and other such techniques. Also, passions can be more easily aroused through carefully crafted messages disseminated speedily to a wide audience by using troll armies, etc.

Cognitive Vulnerabilities

These are vulnerabilities which exploit the psychographic profiles of individuals, obtained through analysis of personal data available on social media platforms, using legitimate or covert means. As per one analysis, there is sufficient data currently available on the Internet to extract around 800 parameters for each individual through such analysis, which can then be used to influence perceptions, behaviours, and decision-making.

Techniques for Conduct of CeSIO

There are a large number of techniques which may be resorted to for carrying out influence operations in cyberspace. Techniques used for conduct of CeSIO are discussed in this section [8], while the next section deals with weapons in the CeTIO armoury.

Socio-Cognitive Hacking

Here the cognitive vulnerabilities of a group are exploited to influence behaviour. Swiftboating, wherein politicians are subjected to a smear campaign just before elections so that there is no time to offer counters, is an example of this technique. The campaign need not be based on fact, as long as it alters cognitive behaviour by triggering feelings of anger, hate, anxiety, fear, etc. Rumour-mongering to incite hate between religious or ethnic groups is another example of socio-cognitive hacking.

Psychographic Hacking

This involves targeting individuals based on their psychographic profiles, as explained earlier. Dark Ads, ie, ads visible only to specific individuals and designed to influence based on their political leanings (for instance), are a good example of psychographic hacking. Since the ads are not broadcast to all, the technique can be used very discretely. This technique was resorted to on a large scale during the 2016 presidential elections in the US.

Social Hacking

This type of technique depends on the inherently social nature of the human mind, which longs for in-group conformance. Bandwagon Effect makes use of the fact that people who feel part of majority opinion are more likely to express their views, arising from the human need for belonging to a group, which in turn further amplifies the view. The initial effect of a majority view may be artificially created through the use of bots. Astroturfing is another such deceptive technique, wherein one is made to feel that a leader is more popular than he actually is using various means, which in turn triggers a larger following.

Spirals of Silence is the opposite of the Bandwagon Effect, in which people who feel left out of the mainstream are less likely to express their opinions.

Echo Chambers refer to groups of people with similar beliefs who interact mostly amongst themselves, thus strengthening their existing convictions. WhatsApp groups, suitably orchestrated, can be effectively use for exploiting this effect for carrying out CIO.

Para-Social Hacking

Para-Social Hacking refers to the exploitation of para-social relationships where individuals start believing one-sided relationships as being two-sided. Social media platforms enable para-social relationships with strangers, celebrities and decision-makers. LinkedIn networks wherein connections are solicited from, and often granted by, influencers is a good example of such relationships.

Disinformation

Disinformation refers to false or manipulated information which is propagated with the intention to mislead. Modern technology has greatly facilitated the task of falsifying information. Deepfakes created using AI technology is a remarkable example of disinformation. Such disinformation may be used for creating false narratives and discrediting individuals and organisations.

There are various types of disinformation techniques. Fabrication refers to information which has no factual basis, but is published in a manner which makes it seem legitimate, eg, fake emails. Manipulation involves altering the content of a text, image, video or audio recording to convey a different message. Misappropriation refers to using factually correct content which is presented out of context with the intention of misleading. Satire, Parody and Humour are also often used to present information in a manner which is designed to propagate a particular narrative.

Cyberspace is the perfect arena for the execution of all the above techniques.

Malicious Rhetoric

Malicious Rhetoric is designed to dissuade certain actors from expressing opinions on public platforms. Trolling is an apt example of this technique’s use in cyberspace, wherein social media users working to a particular narrative silence dissenting opinions and suffocate legitimate discussion through improper and offensive comments online. State sponsored troll armies have been known to be in operation for several years now. While Trolling targets individual users, Flaming incites readers in general.

False Identities

Here, hostile actors executing influence operations assume fraudulent identities which imitate legitimate information sources in a bid to exploit the “trust capital” associated with the legitimate source. In cyberspace, this technique could manifest as fake media platforms which look similar to legitimate ones. Another example, involving larger resources, is the creation of Potemkin Villages, which involves setting up networks of news sites and institutions which are designed to mislead and deceive. Shilling refers to the modus operandi of actors (shills) who claim to be independent but are paid to express views (for instance, on social media networks) which align with a given narrative.

Exploitation of Technology

Execution of CeSIO involves exploitation of the latest technologies, such as bots & botnets, sockpuppets, deepfakes, etc. Bots are computer programs which execute automated tasks, and a network of bots is referred to as a Botnet. These may be used in a variety of ways, such as triggering of a bandwagon effect, indulging in malicious rhetoric such as trolling, etc. Sockpuppets are fake accounts which may be used for presenting false identities, spreading disinformation, etc. Deepfakes use advanced AI technology to manipulate or create false audio and video, for instance, a real politician giving a fictitious speech.

Techniques for Conduct of CeTIO

It was brought out in the previous article in this series that CeTIO are those CIO which gain unauthorized access to networks and systems in order to destroy, alter, extract or inject information, with the intention of influencing the attitudes, behaviours, or decisions of target audiences. In other words, CeTIO are Cyberspace Operations which are carried out with the primary intention of achieving cognitive effects. In contrast, CeSIO focus on manipulation and dissemination of messages, and are non-intrusive in nature. CeTIO may be sub-categorised into three levels, depending on the degree of intrusion and/ or the impact on the targeted audience, as explained below [9]:-

Low-Level Attacks

The lower end of the CeTIO spectrum would be characterised by Distributed Denial of Service (DDOS) attacks, website defacement and Doxing (publicly broadcasting private information). These would be aimed at sowing confusion, undermining credibility and trust, and such other disruptive ends. The 2007 attacks on Estonia, allegedly at the behest of Russia, would fall in this category.

Intermediate-Level Attacks

Attacks at the middle level involve the use of more intrusive attack vectors such as viruses, worms, trojans and rootkits. The 2015 attack on the US Office of Personnel Management, purportedly by China, in which 21.5 million records were stolen, as well as the alleged attack by North Korea on Sony Pictures, which elicited a response by the US at the national level in the form of additional sanctions against North Korea, are examples of attacks at this level.

High-End Attacks

Highly sophisticated attacks using customized malware, advanced persistent threat vectors and zero day exploits, especially those which have cyber-physical effects, lie at the high end of the spectrum of CeTIO threats. The attack on the Ukrainian electrical grid, which had significant cognitive effects on the population, is an example of such an attack. The Stuxnet attack on Iran’s nuclear enrichment centrifuges, was also a high end cyber-attack, but was not designed to have cognitive impact since it was meant to inflict the damage silently, and thus would not fall within the scope of CeTIO.

Employment of CeTIO to Facilitate CeSIO

As brought out in a previous article, in certain cases CeTIO may be employed to facilitate the conduct of CeSIO. For instance, CeTIO may be used for obtaining psychographic profiles of individuals using intrusive cyber capabilities, followed by precision-message targeting of the individuals based on their profiles. The Cambridge Analytica data breach and the follow-up tailored advertisements in the Ted Cruz campaign is an example of integrated employment of CeTIO and CeSIO [10].

Cyber Influence Stratagems

Cyber influence tools and techniques will rarely be applied in isolation, and more often than not a combination of multiple techniques would be used for achieving specific malicious objectives. Such coordinated uses of influence techniques are referred to as influence stratagems. The term ‘stratagem’ differs from ‘strategy’, in that it implies the use of deceit and trickery with the aim of outwitting an adversary. In this work, which is focused on influence operations in cyberspace, some of the better known cyber influence stratagems are discussed [11].

Black Propaganda

The distinction between the terms white, grey and black propaganda is widely recognised by scholars to be as follows: In White Propaganda, the source is known, the propaganda is pursued openly and the information disseminated is fairly accurate; in contrast, the objective of Black Propaganda is to deceive the target audience by falsifying information and obfuscating its origin; Grey Propaganda lies somewhere in between these two extremes.

Cyberspace provides an ideal medium for executing the stratagem of Black Propaganda, using CeSIO techniques covered under Disinformation and False Identities above.

Flooding

Flooding involves overloading the information space with spurious alternative narratives in order to reduce the credibility of factually substantiated ones. It is characterized by four distinct features: high volume messaging using multiple information sources; rapid, continuous, and repetitive; may not be grounded in objective reality; and scant commitment for being consistent. By adopting the maxim of complexity over credibility, the objective is to overload fact-checking capacities and crowd out alternative narratives. Botnets and troll armies come in as handy tools for executing this stratagem.

Raiding

Raiding as a stratagem in CIO is a sudden and coordinated attack in the information domain against an individual or a group to silence opinions by surprising, confusing and exhausting the target(s), causing disruption. CeSIO tools such as spammer bots and trolls, in combination with CeTIO attack vectors such as DDoS attacks, may be used to carry out Raiding.

Swiftboating, ie, smear attacks on a political candidate just before an election so that the damage is done before the attack can be countered, is an example of the Raiding stratagem.

Polarization

Polarization is a stratagem aimed at dividing mainstream opinion into two diametrically opposed viewpoints. It uses a mix of techniques to support pre-existing extreme views by using techniques such as social and para-social hacking, spamming, trolling, spreading fake news and using memes in support of both sides. The two extreme perspectives may even be generated by creating False Identities and ‘debating’ the opposing views in cyberspace.

Hack, Mix and Release

The Hack, Mix and Release stratagem is a complex operation which is executed as follows: in the first step, restricted or internal documents are hacked by using CeTIO techniques such as spear-fishing and malware; thereafter, selected information is tainted using Disinformation techniques, and then released to the public. A combination of fake news, bot-supported social media distribution, memes and trolls can may be used to amplify the effect of the stratagem.

Conclusion

In the absence of a rigorous conceptualisation, CIO as a term is mostly used in a generic sense to mean any influence operation which might be carried out in cyberspace, and is often used synonymously with the terms Information Operations/ Information Influence Operations. While the previous write-up in this series attempted to bring some clarity to the concept and scope of CIO, this article has taken a step further and has dwelt on the multiple dimensions along which different flavours of CIO might unfold, the large variety of techniques which are available for conduct of CeSIO and CeTIO, and the manner in which these techniques may be synergistically employed to execute a multitude of creative influence stratagems in cyberspace.

Follow-up articles in this series will study the strategic employment of CIO by major players, counter-CIO strategies, and issues related to organisation and training with specific reference to the Indian security environment.

References

(1)     Michael Connell and Sarah Vogel, Russia’s Approach to Cyber Warfare, CNA Occasional Paper, Mar 2017, pp. 13, 17, 19, Accessed 15 Oct 2020.

(2)     Sean Cordey, Cyber Influence Operations: An Overview and Comparative Analysis, Centre for Security Studies, ETH Zurich, Oct 2019, pp. 5, Accessed 15 Oct 2020.

(3)     Sony Pictures Hack, Wikipedia, Accessed 24 Oct 2020.

(4)     Cybersecurity Incidents, Cybersecurity Resource Centre, US Office of Personal Management, Accessed 24 Oct 2020.

(5)     Sean Cordey, Cyber Influence Operations: An Overview and Comparative Analysis,  ….., pp. 11-12, Accessed 25 Oct 2020.

(6)     James Pamment et al, Countering Information Influence Activities: The State of the Art, 01 Jul 2018, Department of Strategic Communication, Lund University, pp. 24-25, Accessed 24 Oct 2020.

(7)     Countering Information Influence Activities – A Handbook for Communicators, Swedish Civil Contingencies Agency (MSB), Dec 2018, pp. 14, Accessed 25 Oct 2020.

(8)     Sean Cordey, Cyber Influence Operations: An Overview and Comparative Analysis, ….., pp. 16-18, Accessed 15 Oct 2020.

(9)     Sean Cordey, Cyber Influence Operations: An Overview and Comparative Analysis, ….., pp. 15-16, Accessed 15 Oct 2020.

(10)   Facebook–Cambridge Analytica Data Scandal, Wikipedia, Accessed 15 Oct 2020.

(11)   James Pamment et al, Countering Information Influence Activities: The State of the Art, …., pp. 70-79, Accessed 24 Oct 2020.