www.soundshore.nethubfssoundshore-siteheader-img-2

The Next Level Network Blog

IT Management, Security, Compliance for Regulated Firms

Disinformation Campaigns Not Limited to Politics; Businesses Beware

‘Fake News’ Sites, Troll and Other Attacks Can Trash Reputations, Manipulate Stock Prices, More

Lately, not a day goes by when we don’t hear or see a reference to ‘Fake News’ – generally related to politics. We read about Russian, Irani and Chinese bots, trolls and ‘fake news’ sites spreading disinformation in efforts to influence elections and otherwise disrupt nation states. As unsettling as this truth of modern life may be, it’s equally disturbing that the same disinformation campaign tactics are being applied to the business community.

Unfortunately, using disinformation to hurt an opponent or to gain advantage in other ways is nothing new. It’s baked into the dark side of our human DNA. Examples can be found going back to the beginnings of our history. Today, though, technology has once again changed the game. Lies and misleading information can be widely disseminated at lighting speed online. Great damage can be done before a victim has any idea what’s going on.

Misinformation vs Disinformation: A Question of Intent

Dictionary.com defines misinformation as “false information that is spread, regardless of whether there is intent to mislead.” It defines disinformation as “deliberately misleading or biased information; manipulated narrative or facts; propaganda.” ‘Fake News’ is just a new way to express ‘false reports.’

Beyond intent, the motives behind disinformation campaigns vary. In general, there are three kinds of actors that use the tactic:

  • Malcontents/Troublemakers
  • Manipulators for Money
  • Nation State Marauders

Malcontents/Troublemakers

Malcontents have a gripe or a grudge against a company or brand. They often use anonymous message boards like 4Chan to spread their mischief.

A recent article in the Washington Post by Matthew F. Ferraro and Jason C. Chipman, both visiting fellows at the National Security Institute at George Mason Law School, offered some examples:

“…Someone said on 4Chan that he wanted to inflict pain on a ‘liberal place’ and cooked up a campaign against Starbucks, posting bogus tweets that advertised ‘Dreamer Day,’ when the coffee chain would supposedly give out free drinks to undocumented immigrants. The Seattle-based company had to move quickly to counter seemingly legitimate social media advertisements that carried the hashtag ‘#borderfreecoffee’ and were adorned with the company’s logo, signature font and graphics.

Other recent lies held that Coca-Cola was recalling Dasani bottled water because it had been infested by ‘clear parasites,’ that an Xbox console killed a teenager, that Costco was ending its membership program…”

It’s not necessary to be a Fortune 1000 company to be a victim of someone with a grudge. The potential damage to a targeted company’s reputation won’t pay the grudge-holder in dollars; only sick satisfaction. However, it can definitely affect the victim’s bottom line.

Manipulators for Money

These players are of particular importance to our customers in the financial services world. They often use misleading social posts, click bait ads and false press releases to influence stock prices – upward or downward. This is far more likely as investment firms use algorithms to identify news releases in support of buy/sell/hold decisions.

Since as early as 2015, the SEC has been warning investors of social media-based securities frauds. The agency has actually charged and convicted individuals for committing these crimes. In an article on its site that also offers some good tips for identifying fraudulent posts the SEC wrote:

“In a recent Enforcement action, SEC v. Craig, the SEC accused an individual of manipulating the share prices of two publicly traded companies by tweeting false and misleading information. The defendant allegedly tweeted rumors that federal law enforcement was investigating a technology company for fraud, and that a biopharmaceutical company had tainted drug trial results and a federal government agency seized its papers. The SEC asserted that these deceptive tweets were made from Twitter accounts mimicking established securities research firms. The hoaxes allegedly caused investors to lose more than $1.5 million.”

In addition to social media sites, securities cyber fraudsters also use false press releases posted on ‘fake news’ sites with domains that seem like established, trustworthy media sites but are not. Before using online news releases as the basis of an investment decision, confirm the story on a trusted news site by typing the url into a search field yourself rather than clicking through from another site or info source.

You can also use fact-checking sites. The Reporter’s Lab at Duke University maintains a list of reliable sites around the world for fact-checking both political and general news. They use strict criteria for inclusion on the list. Three examples are:

  • org and FactCheckEd.org: non-partisan,[36] nonprofit sister websites that are self-described "advocates for voters that aims to reduce the level of deception and confusion in U.S. politics," and serving as an educational resource for high school teachers and students, respectively (the latter founded 2005). They are projects of the Annenberg Public Policy Center of the Annenberg School for Communication at the University of Pennsylvania, and are funded primarily by the Annenberg Foundation.
  • com focuses on, but is not limited to, validating and debunking urban legends and other stories in American popular culture.
  • com validates and debunks urban legends, Internet rumors, e-mail forwards, and other stories of unknown or questionable origin.

Nation State Marauders

In their Washington Post article, Ferraro and Chipman say that this category of disinformation bad actors hasn’t yet materialized in their research, however they make a good case that some governments – particularly autocratic ones – could perpetrate disinformation campaigns against major business in another country in order to help the global interests of companies in their own countries. We don’t necessarily agree that these guys represent future threat. They’re already active. Hackers in Russia, North Korea and others that have attacked companies like SONT and Target are likely authorized by their governments. There have been attacks on infrastructure companies and others via ‘Fake News’. It’s something to be aware of.

What Should Companies Do?

In addition to the tips throughout this post and in the SEC article it links to, here are some ideas for coping with this type of cyber threat. Although there are no federal laws specifically designed to punish disinformation fraud, if you can identify a disinformation campaign against your company and its perpetrator you can sometimes rely on existing state and federal laws regarding libel, intellectual property and securities fraud.

As with all types of cyber threat, preparation and training is the best defense.

  • Have a plan in place to address disinformation attacks.
  • Be social media savvy. Engage in the platform and monitor what’s being said about your company online.
  • Train employees about red flags so that you can catch attacks quickly, before too much damage can happen.
  • Communicate proactively with stakeholders about your anti-disinformation initiative and enlist their help to notify you if they see anything suspicious about your company online.
  • If you identify a disinformation campaign against you, communicate proactively about it to minimize negative results.

If you’d like to speak with Soundshore Technology Group’s cyber security experts, send an email to sales@soundshore.net. We’ll be happy to help. While you’re here, please take a look at our full list of cyber security services – growing as we help more and more companies defend themselves against very real and increasing cyberattack threats.

Topics: cyber security, Disinformation Campaign, Fake News Sites