Saturday, June 20, 2015

Wapack Labs Analyst Monitors Russian-based Troll Farm

-->Tweeters from a Russian-based troll farm have slipped into sleep mode after proving how easily the media and public perception can be manipulated using social media. But analysts at Wapack Labs have been monitoring the troll farm’s movements on the internet to try and identify the potential targets of future attacks. 
A Russian-based troll farm called the Internet Research Agency, the focus of a recent New York Times Magazine article by Adrian Chen, is suspected to be behind three social media attacks in the US in 2014.
According to Chen, troll farms like the Internet Research Agency employ hundreds of people who sit at desks with computers and flood the internet with comments designed to sway public opinion and manipulate the media. The trolls infiltrate chat rooms and trigger conflict between members, and leave comments on stories posted on the web by newspapers and television networks. But one of the most effective means of spreading the Internet Research Agency’s messages is through Twitter. 
The trolls at the Internet Research Agency are able to create hundreds of Twitter accounts and launch coordinated tweeting assaults. They have shown that they’re able instill fear in the American people and manipulate news outlets into reporting false stories with an arsenal of hashtags and some carefully chosen words.
On September 11, 2014, according to Chen, the Internet Research Agency hit the Twitter-sphere with news that there had been an explosion at a Louisiana chemical plant. Tweets and text messages were also sent to specific members of the media and targeted local and national politicians. Once news of the explosion hit the general public and media outlets, the trolls began using carefully crafted videos to give credibility to tweets. From there the trolls began attempting to elicit fear from the public by placing blame for the alleged disaster on terrorist groups like ISIS. Though Columbian Chemicals was able to debunk the explosion hoax within a few hours, the Internet Research Agency revealed just how powerful they were in manipulating the media and the American public.  
The troll farm continued to poke at the vulnerabilities of those who rely on social media for information by again using Twitter to spread a rumor about an outbreak of Ebola in Atlanta, complete with corroborating videos like those used to validate the tweets about the explosion hoax. That day, Atlanta was targeted for a second attack. The trolls took the fear stemming from the phony Ebola outbreak, and mixed it with the racial tension being felt nationwide as the result of the shooting of an unarmed black man by police in Ferguson, Missouri. With the community already on edge, the trolls hit Twitter with reports that an unarmed black woman had been fatally shot by Atlanta police.
An analyst for Wapack Labs who specializes in tracking cyber criminals in Russia and Ukraine, has been watching the moves of the trolls very carefully by tracking their online personas and linking them to the websites and domains they use. The analyst looks for patterns in millions of hashtags and commonalities in language or messaging within social media. Fluent in Russian, and a student of geopolitics in Eastern Europe, the analyst is able to piece together timelines and narratives that reveal the activities of troll farms and their henchmen.
Following the 2014 tweeting assaults in Louisiana and Atlanta, the analyst honed in on the perpetrators of the attacks and has been following their movements ever since and has traced them back to the Internet Research Agency.  Some of the Twitter accounts, including @DanyRoseee, @AndrewMonsonn, and @jessebrannan8, “went to sleep” or were deleted immediately following the September 11, 2014 explosion hoax.
According to Jeffery Stutzman, co-founder and CEO of Wapack Labs, Twitter accounts go to sleep when they aren’t being used regularly or were deleted. If they’re unused or deleted, beyond a certain amount of time, another person can assume that name, thus the sleeping Twitter ID of a soccer mom from Toledo could be commandeered by a Russian hacker in St. Petersburg and used to spread misinformation.
One of the Twitter IDs that particularly caught the Wapack analyst’s attention was @JasonJL100. This user made his first tweet, “Hello Twitter! #myfirstTweet,” on August 25, 2014. On the day of the reported Louisiana explosion, @JasonJL100 joined the noise on the internet by propagating news about Columbian Chemicals. On the surface, he was just a local guy sharing breaking news via Twitter. But something about @JasonJL100 caught the attention of the Wapack analyst, who continued to monitor him long after the explosion story was debunked. The analyst watched as the presumed local guy suddenly began communicating on Twitter in Russian.
@JasonJL100 has been asleep since December 2014, but @zaplatovaalena, @georgiostr, and @GlebushkaGleb, all Russian tweeters, converted to English on the day of the explosion, and back to Russian tweets soon after, are still active but have since deleted any references to the explosions in their twitter history.
The analyst at Wapack Labs will continue to monitor the activity of the Internet Research Agency as the troll farm trains it sights on its next target, whatever it may be.

Nancy Foster
Jun 29, 2015

Small Manufacturers need cyber help... NIST MEP must offer messaging!

I'm on a bit of a diversion this year. My goal is to not attend any security conferences during the year. I've blown that of course, but so far, I've attended conferences for insurance, litigation, and yesterday, manufacturing.  Why? Well, first, security conferences are becoming just to crowded. There's a boatload of noise out there, and even the best conferences are becoming overrun. Second, I really want to see how other industries are dealing with cyber, and there's not a better way than to sit in on meetings, attend a conference, or smoke a couple'a cigars with someone you've never met before in another industry.

So yesterday I spent two hours in a session with the Research Triangle Park Institute (RTI) in Manchester, NH. They've partnered with NIST's Manufacturing Extension Program (I'm not sure the parallel is correct, but I likened it to the Agriculture's Cooperative Extension Service but for Manufacturing companies). Anyway, RTI partnered with NIST MEP to produce market intelligence for companies who are considering moving into other products, expanding what they currently sell, etc.

Essentially what RTI offered was an analysis framed by Porter's five forces. Porter authored a model that framed five competitive forces that every business should (must?) consider when devising strategy.  I'm a believer.  I used this model in nearly every job and start-up that I've been involved with in the last 15 years --including (especially) my government position as the Director of the DCISE.  RTI offers a simplified view of Porter --something for manufacturers. They work with the company, mind-map the forces, using free software, exchange the mind map with the manufacturers, and in the end, offer a report --how best to build, position, and market this new R&D or technology.

I was a bit taken aback however... do they realize that that newtech that they're researching is probably highly sought after by others? And that the reason the mind mapping software is free is because someone else is reading your stuff? Do they consider that in this new normal, someone will steal that newtech if they're not careful?

So I asked the question (you knew I would!) "Do you consider who will want to steal that technology?" "How do you protect it during R&D?" "How long can you hold that market if the tech gets stolen during early stage strategy development?"  I've written hundreds of pieces over the years. Many describe stolen R&D. Manufacturing companies aren't the target because they make cool stuff, they're targeted for efficiencies, processes, and industrial engineering techniques. Wouldn't it be nice if it could be stolen during development of those processes?

OK NIST,   if you're going to send an FFRDC out to see small and medium sized manufacturing companies, eat your own dogfood and talk to them about protecting their IP.  RTI is your FFRDC.  Check their messaging before sending them into the field..

Great idea. Incomplete messaging and execution.