Disinformation is nothing new: it is a form of propaganda used throughout history to create or bolster a politically motivated narrative. It has been used to serve the goals of almost every national and society in human history, the well-documented propaganda of oppressive regimes, to the uncomfortably-close-to-home activity of the Brexit campaign and Donald Trump’s presidency.
Once upon a time, disinformation campaigns were the preserve of governments and governments alone: when the news was disseminated through much narrower channels – newspapers and state broadcasters for example – only those with access or influence over these institutions could hope to influence the news agenda with untruth.
In today’s age, however, the sources where individuals can access their news are significantly wider: traditional media is now competing with the unregulated wilderness of social media, and the partisan interests of new media and pressure groups. In short, disinformation is easier than ever to spread – Something which the COVID 19 crisis has thrown into the spotlight.
The ‘Reopen’ Campaign: A Masterclass in Deception
An example of how disinformation can work in the modern online ecosystem can be found in the ‘reopen’ campaigns which spread across the US in April, calling for an end to the Coronavirus lockdown. Tipped off by a Reddit user that several of the ‘reopen’ campaigns set up for various sites were registered on GoDaddy within minutes of each other, the DomainTools research team came to feel like these websites did not represent the organic, grassroots campaigns that those who created them would like us to believe.
Upon further investigation, we concluded that huge swathes of the ‘reopen’ domains were associated with a known lobbyist for the state of Iowa, Aaron Dorr, via the historical SSL certificates associated with these domains, in addition to loosely tied firearm advocacy groups
Mr. Dorr does a type of advocacy consulting business where he teaches people to run advocacy groups. You will notice the similarity of the sites from their homepage, similar content and that Mr. Dorr is often listed as the author of the articles published, confirming what we surmised before.
Therefore, we can see the uncomfortable truth: that what appeared firstly as a spontaneous grassroots campaign was in fact a coordinated campaign of astroturfing and disinformation from a known lobbyist. Where once disinformation campaigns needed willing participants to disseminate the false claims, or the mechanisms of state, now one individual with an understanding of domain infrastructure can create what looks like an already active grassroots campaign, making people susceptible to these tendencies even more likely to become indoctrinated – strength lies in numbers, after all.
The Future of Disinformation
People wanting to influence the news agenda is nothing new. What is new however is the fact that individuals can create what seems like an organic campaigning network, with incredible ease and to a very large degree of professionalism: using website templates provided by people such as Squarespace and WordPress, these websites look and feel legitimate, and do not exist in a vacuum: there are hundreds of other sites, in the case of the ‘reopen’ campaign, which are saying the same thing, giving very little indication that one or a few individuals with vested interests lie behind them. In addition to this, there are political campaign services, operating as non-partisan actors who simply help to provide campaign templates for a wide range of pressure and interest groups. These services make it even easier to set up legitimate-looking campaigns.
The next logical conclusion of this process is something we have seen explode in the theatre of cybercrime into the disinformation arena: disinformation-as-a-service. Doing so via the purchase of armies of Twitter bots is a well-established route, but we may see this expand more stringently into exploiting domain infrastructure. Where malware-as-a-service and phishing-as-a-service have become well-established parts of the cybercrime ecosystem, we might see the same kind of services available on the dark web in recent years, available to generate organic-looking partisan campaigns to affect the news agenda
To conclude, it remains more important than ever for individuals to remain vigilant: check the authenticity of everything you read and be aware that online, not is all as it seems. And for security researchers, journalists, and individuals hoping to protect the public from the very real dangers of disinformation – continue what you are doing. It is a necessary public service, in this climate more than ever.
Originally Published on IT Pro Portal
