Misinformation can take many forms, but its aim remains the same: to undermine the security of critical processes and infrastructure.
In late May, just weeks after his landslide victory in a runoff election against Marine Le Pen, French President Emmanuel Macron held a joint press conference in Versailles with Russian President Vladimir Putin. Macron spared no time—and pulled no punches—addressing the strategic use of fake news and hacking to undermine his presidential campaign.
“I have always had an exemplary relationship with foreign journalists, on condition that they act like journalists…Russia Today and Sputnik were influencers in this campaign…spreaders of propaganda and lies, nothing more or less”
For many, Macron’s response may have felt like déjà vu. Less than a year prior, the American electorate was having its own debate about what constituted fake news and who, if anyone, should be responsible for curbing its visibility. One thing is certain: the rise of the internet—and by extension, the Internet of Things (IoT)—has made it easier than ever to disseminate headlines that are, well, just plain made up.
What does fake news have to do with cybersecurity? A lot, says Dr. Char Sample, a visiting research fellow at the University of Warwick and an ICF research fellow at the U.S. Army Research Laboratory. At its core, fake news is simply a different way of manipulating data to undermine security. She says that the uptick in misinformation and all the ways perpetrators expand its influence, exposes just how vulnerable all of our security solutions are to the influence of compromised data and users.
The Intersection of Data Fidelity and Fake News
“The rise of fake news is essentially evidence of data infidelity,” says Sample. “In cybersecurity, there is an inherent assumption that the user who enters the data is trusted, and that’s really why this is a massive problem. We’ll go through all sorts of solutions to authenticate a user and we’ll do nothing to make sure that the user is actually entering data that is valuable and not false.”
False information can take many forms, from propaganda used to support genocide or fake news intended to undermine a political candidate, but its aim remains the same: to undermine the security of critical processes and infrastructure.
“The rise of fake news is essentially evidence of data infidelity. In cybersecurity, there is an inherent assumption that the user who enters the data is trusted, and that’s really why this is a massive problem.”
In short, we’re not talking about one or two nefarious individuals or outlets, but sophisticated networks working together to sway public opinion. According to a 2017 TrendMicro report, these networks weren’t just publishing flawed (or in many cases, completely baseless) information. They were employing tactics like Twitter bots to get this information in front of as many eyes as possible. “Cognitive hacking,” a term coined by Dartmouth professor George Cybenko in 2002, uses weaponized information to “manipulate a user’s perception and rely on his changed actions to carry out the attack.”
That concept may sound far-fetched, but research shows otherwise. A 2016 Buzzfeed analysis showed that fake news outperformed more reliable counterparts, and a study of 700 students at the University of British Columbia indicated that many people struggle to identify legitimate information sources. Even the Oxford Dictionary has recognized the influence of fake news, by identifying “post-truth” as the 2016 word of the year.
Safeguarding Against Data Infidelity Requires an Anticipatory Approach
According to Sample, our current methods aren’t sufficient because they react to threats rather than anticipate them. Take antivirus software, for example, which uses a technique called signature detection. These programs are designed to locate the presence of a virus’ signature, or the trait that makes it unique, in a given system. Attackers need only change a bit to “hide” the virus and enable it to slip through any filter the vendors have created.
“Similarly, ‘blacklisting’ known fake news sites will work as well as signature detection did,” Sample warns. Blacklisting can be subverted in a similar manner by changing a few characters in the domain name or URL resulting in the fake news slipping past the blacklisted filter. Reputation analysis is a little more anticipatory, but not by much—it can also be subverted through the same identity changing techniques associated with DNS “fast-flux” behaviors. “Ultimately,” she says, “modifications to machine learning algorithms that result in returning different results will be undermined by user-confirmation biases.”
There are a few more anticipatory methods that security experts can use to understand whether their data holds water:
- Authentication. “Mature certification and PKI technologies can detect the spoofing of an information server, for example,” writes Cybenko. “Additionally, the provider can use reliability metrics for an information server or service that score its accuracy over repeated trials and different users.”
- Collaborative filtering. Often used by e-commerce vendors like Ebay to vet vendors and buyers, filtering and reliability reporting “involve user feedback about information received, which builds up a community notion of a resource’s reliability and usefulness. The automation in this case is in the processing of the user feedback, not the evaluation of the actual information itself.” In the case of fake news, says Sample, “this would require a trusted broker to authenticate the veracity of a story while the publications wait for the go-ahead signal. In the competitive news market, this outcome is not likely.”
- Linguistic analysis. This type of analysis might be used to determine if a trusted journalist actually authored or disseminated a piece of writing. The approach, Cybenko reports, uses “cluster and other types of analyses on the writing and linguistic style” in hopes of determining whether the writing is consistent with the author in question. “More recently linguistic analysis can be used to associate with certain writers or writing styles, and in some cases linguistic analysis can identify an author,” says Sample. “More common linguistic analysis can determine if the text language is the author’s primary language.”
- Byzantine solutions. Referring to the "Byzantine generals' problem," a logical dilemma described by researchers Leslie Lamport, Robert Shostak and Marshall Pease in 1982 — strive to solve for the “issues that arise when a single unreliable actor is present.” For instance, says journalist Chris Tozzi, “a computer network will fail if the devices on it do not agree on a common networking protocol to use when exchanging information.” Sample says that Byzantine solutions for dealing with fake news will suffer from two significant problems. “First, trolls and bots ensure a sufficient number of infected points to make the story appear legitimate. Second, when individuals see a story that conflicts with their own confirmation biases, they will simply skip reading the story.”
- Contextual evaluation. “Contextualizing data is a key component to solving this problem,” says Sample. One way to do that is by gathering more information about the data through environmental variables, such as memory, CPU cycles, connections, process scheduler, routing table, switching information, temperature, and flow data.
How do we scale these types of tactics and methods? Success will depend on the will and support of a global community.
Better Cybersecurity Measures for a Safer World
The good news is that different nations, teams, and organizations are now making coordinated attempts to quell fake news and cognitive hacking. Finland, for example, has successfully deflected Russia’s disinformation campaigns even as many of its EU neighbors have fallen prey to them. Finnish officials cite “a strong public education system, long history of balancing Russia, and a comprehensive government strategy” as critical tools in defending against misinformation. In April, Finland joined eight other countries from the EU and NATO to announce the creation of a “hybrid threat” center designed to build a collective resilience against fake news and other types of information attacks.
While the move is promising, it also speaks to the immediacy and scope of this threat. As more team efforts to combat these challenges arise, the U.S. will need to evolve its understanding of the way data is sent, received, and validated. We may have invented the internet, but it has since matured well beyond our purview—and our cybersecurity measures need to keep pace.
Will the tactics and methods we’ve outlined here help us win the fight against data infidelity? Let us know your thoughts on LinkedIn, Facebook, or Twitter.