Blog

FireStarter: Truth and (Dis)Information

By Mike Rothman

We all have our own truth. Think about it: two people can see exactly the same thing, but remember totally different situations. Remember the last argument you had with your significant other. It happens all the time. You see the world through your own lens, and whatever you believe: that’s your truth.

But when someone questions that truth, even the strongest of us may falter. That’s the secret of disinformation, which creates deception and distrust, and can subvert any collective. Two recent data points push me to believe we are seeing a well-orchestrated disinformation campaign against the folks Josh Corman calls chaotic actors.

Yes, the truth can be stranger than fiction...You see, these loosely affiliated collectives of cyber-vigilantes are causing significant damage within the halls of power. And it seems the powers that be are concerned. To be clear, I don’t know anything specific. I’m basically speculating based on the ton of information I consume about security, making a living matching patterns, and a lot of spy novels.

When I see a very specific gauntlet laid down by someone within NATO, basically claiming that Anonymous will be infiltrated, it’s interesting. Then I see another story which seems kind of wacky. The Guardian reports that 1 in 4 so-called hackers are actually informants. Gosh, that seems like a lot. To the point of being unbelievable. But combining these two data points gets very interesting.

You see, by definition these chaotic actors are geographically dispersed. They communicate via secure(ish) mechanisms that obscure true identities, for obvious reasons. They have some kind of vetting process for folks who want to join their groups. Aaron Barr of HBGary Federal can tell you a bit about what happens when you are caught as an unwanted interloper. But at some point, they have to trust each other in order to put their plans into action. But disinformation breeds distrust. So it makes sense that, lacking any direct means to take down these collectives, a disinformation campaign would be next.

Basically NATO has specifically called out Anonymous. The FBI allegedly has thousands of informants at all levels of all the online syndicates. Then throw in the high-profile takedowns of a few botnets recently, the arrest of some Spanish guys allegedly involved with Anonymous, and the reality that the hacker of all hackers, Albert Gonzalez, was an informant – and maybe the story isn’t so unbelievable, is it?

So basically the chaotic actors start wondering if the folks they’ve been working with can be trusted. Maybe they are informants. Maybe they’ve already been infiltrated. Maybe the traitor is you. You see, whether the informants actually exist is besides the point.

I do believe there are active efforts to penetrate these groups, since a public execution is another aspect of a psychological campaign to breed distrust. But I figure these efforts aren’t going too well. If the informants existed, the powers that be wouldn’t talk, they’d act. No?

Am I nuts? Been reading too much Ludlum? Let me know what you think…

PS: My old colleague Brian Keefer (@chort0) tweeted some similar thinking on Friday. Unfortunately I was tied up with our CCSK training and couldn’t engage in that discussion. But I wanted to recognize Brian drawing a similar conclusion…

Photo credit: “disinformation is king” originally uploaded by ramtops

No Related Posts
Comments

@saso virag
i think you’re over estimating the effects lack of trust have on operational effectiveness in an amorphous group engaged in extralegal activities. the anonymity (or pseudonymity) isn’t just to protect themselves from outsiders, it’s to protect themselves from each other as well. groups like this expect there to be narcs amongst their ranks.

By kurt wismer


What do we know?
- Amorphous groups are terribly hard to target;
- Anonymous / LulzSec / you-name-it members only know each other online;
- This lack of face-to-face communication makes for weaker bonds in the greater group and lack of identification of the person with the group;
- The above makes the prisoners dilemma skewed towards snitching rather than sticking together;
- A number members had their identities revealed;
- No one in those groups really knows what others in the group know about him.

So, it’s fair to say that LEA can only benefit from sowing distrust amongst the members of those amorphous groups. If they only targeted those that their informants can provide definitive information on they’ll remove a few people that will be replaced by others in no time. If they speak out loud that the group has been widely infiltrated the resulting distrust will reduce operational effectiveness of the group as a whole. And unlike groups with face to face dealings they don’t put their informants in any great danger - after all, no one really knows each other, right?

By Saso Virag


If the IRC chat log from backtracesecurity.com are legit and not disinformation from Anonymous, then Anonymous core member entropy might be traceable by seeing who scored 877/1000 for their CCIE exam on 12 Feb 2011.  The Anonymous member who did the HBGary attack - sabu - might be located by checking hashkiller.com for the IP that looked up the four HBGary MD5s. —sharpesecurity

By david@sharpesecurity.com


you’re not nuts. telling your opponent how you intend to attack them, thereby giving them an opportunity to deploy countermeasures, would be a great way to cause your strategy to fail.

even in the unlikely event that the authorities believe they’ve already gotten all the information they need out of these informants, there are always new actors entering the arena that the informants could have been useful against if their existence hadn’t been given away.

the only way this makes sense for an intelligent actor is if the claim about informants is psyops, as you suggest.

unfortunately, i don’t think we can’t assume the authorities are that intelligent. it would certainly be nice if they were, but high-level stupidity is not unheard of.

By kurt wismer


The amount of people who come to the same conclusion on the same day makes me think there’s some credibility in this whole “shared consciousness” idea.  It is also my assessment that law enforcement has been unsuccessful at seriously penetrating Anonymous/Lulzsec, so they’re switching to PsyOps as a way to neutralize them.

I think it’s a smart strategy shift, but it remains to be seen how effective it will be.  It could take months to see results and years for that to be public.

By chort


If you like to leave comments, and aren’t a spammer, register for the site and email us at info@securosis.com and we’ll turn off moderation for your account.