At a glance.
- LinkedIn takes steps to purge itself of catphish.
- No significant Russian cyberattacks observed against US election infrastructure.
- Killnet may be more interested in influence than it is in effects.
- Spinning combat failure.
- Guerrilla theater, by reenactors.
LinkedIn takes steps to purge itself of catphish.
KrebsOnSecurity has summarized measures being taken by LinkedIn to eliminate inauthentic profiles and bots from its professional networking platform. The platform’s approach is interesting in that it concentrates on providing metadata about profiles that, it hopes will betray inauthenticity to an alert user. Since social media profiles can be used to distribute and amplify bogus stories as well as for perpetrating simple fraud, the move has implications for the recognition and debunking of disinformation.
Chris Lehman, CEO of Safeguard Cyber, commented on the changes to LinkedIn:
“Multichannel phishing campaigns are so effective because social engineering attacks target humans, NOT systems. The human eye and mind did not evolve towards suspicion, so most multichannel phishing and social engineering attacks cloaked in simple, unassuming words escape scrutiny. Social engineers create these language-based attacks and design them to impersonate someone you trust. This deception can lead to serious damage.
“Enterprises need to apply technology long before the hacker tricks employees into giving up the goods. And unfortunately, legacy Secure Email Gateway Systems can no longer handle a sophisticated attack of this nature. Disrupting social engineering and phishing attacks early, especially during the initial compromise phase, with Natural Language Understanding (NLU) is critical. With contextual analysis of communications, it’s possible to discern the context and intent of these attacks, and therefore detect social engineering indicators earlier in the kill chain, such as false urgency, coercive language, persuasion techniques, etc. This analysis adds a crucial layer where defenders can act when training falls short. It’s vital that technology be brought to bear on securing business communications environments spanning email, collaboration, conferencing, and chat channels. These channels comprise the primary layer at which adversaries can reach and compromise or manipulate any employee.”
No significant Russian cyberattacks observed against US election infrastructure.
And even the disinformation seems to be lost in the noise.
Despite Yevgeny Prigozhin’s recent avowal of a campaign to interfere with and disrupt US elections, and despite claims of a group styling itself “the Cyber Army of Russia” to have counted coup against US election sites, the actual effect of any Russian cyberattacks were negligible, Defense One reports. Some minor, unattributed distributed denial-of-service (DDoS) attacks were observed, but none of them affected voting infrastructure itself. The AP this morning offered a brief retrospective of Mr. Prigozhin’s discussion of election meddling, quoting him as saying, Monday, “Gentlemen, we have interfered, are interfering and will interfere. Carefully, precisely, surgically and in our own way, as we know how to do. During our pinpoint operations, we will be removing both of the kidneys and the liver at once.” He was responding to a Russian media inquiry about US accusations of interference, and while it’s surely possible he was expressing himself ironically, just yanking the Yankees’ chain, the Yankees do indeed seem to have the goods on him. In any case there was no evidence of the sort of surgical cyber action Mr. Prigozhin promised.
This does not mean that disinformation attempts are over. More should be expected as the votes are counted and the results certified. But so far, at least, stories of election conspiracies don’t appear to have legs. (So far, we emphasize.)
Killnet may be more interested in influence than it is in effects.
We’ve seen the US Federal Bureau of Investigation’s assessment of Russia’s Killnet hacktivist auxiliary as posing more of a psychological than a tangible threat to the networks it hits with distributed denial-of-service attacks. Yesterday the Record by Recorded Future offered some notes on Killnet’s interests and targeting. The threat actor is mostly interested in hostile nations found in the Near Abroad (now-independent former Soviet Republics, especially Estonia and Moldova) and former members of the defunct, Soviet-led Warsaw Pact (in particular Bulgaria and Poland). Officials in those countries essentially agree with the FBI: Killnet’s operations were punitive in their intent, and while the group crowed high in its social media channels, the actual effects they achieved didn’t rise above the now familiar nuisance level. At this point in the hybrid war, such cyberattacks are best regarded as a form of influence operation, intended more to menace and intimidate than to hobble or disrupt.
Spinning combat failure.
The Telegraph, citing Ukrainian sources, said this week that “hundreds” of Russian troops were being killed daily. Enemy casualties are notoriously difficult to assess with any accuracy, particularly in near-real time, and high estimates should be treated with caution, but the Ukrainian claims received some partial confirmation from Russian sources. The Washington Post reports that Russian hard-war advocates (who’ve recently been excoriating some Russian senior regular army leaders as soft and inept) are repeating soldier complaints in letters home of high casualties and poor leadership. Official Russian sources have responded that casualties, while high, haven’t been as high as rumor makes them out to be. It’s a minimizing statement intended to mollify public opinion, but it’s also the first time official military sources have directly addressed reports of heavy battlefield losses.
Another occasion for spin came Wednesday, when Russian Defense Minister Shoigu and theater commander General Surovikin engaged in a bit of advise-and-decide theater on Russian television. The general recommended withdrawal back across the Dnipro River and the evacuation of Russian forces from Kherson, and the Defense Minister tersely consented. The retreat represents a strategic failure, and is particularly embarrassing because Kherson is the capital of the eponymous oblast Russia annexed to much public fanfare this summer.
President Putin has made no public comment on the retreat, allowing his defense minister and theater commander to do the public talking. The decision to withdraw has been framed as a professional military judgment, in large part to deflect blame from the president himself, the Telegraph observed. But, as a Washington Post op-ed pointed out, it’s unlikely in the extreme that the withdrawal order was issued without direct presidential authorization. Mr. Shoigu, widely regarded as a costumed civilian, no soldier, and Mr. Putin’s yes-man, is not one to take such a decision on his own authority.
The New York Times suggested that public announcement of the withdrawal was intended largely for domestic consumption, as operationally such an announcement makes little sense. The Times cites comment from two leaders of Russia’s alternative military establishment, Chechen warlord Kardoyov and Wagner Group boss Prigozhin, both of whom have been critical of the generals, but who now express sympathetic understanding of the decision to withdraw. “Ramzan Kadyrov, the strongman ruler of the Russian republic of Chechnya, described it as a ‘difficult but right choice between senseless sacrifices for the sake of high-profile statements and saving the priceless lives of soldiers.’ Yevgeny Prigozhin, the business magnate who runs the private army known as the Wagner Group, said it was now important ‘not to agonize, not to writhe in paranoia, but to draw conclusions and work on mistakes.’”
Not all the hard-war advocates in Russia have been similarly mollified, however. One widely read war blogger described the decision to retreat as a “betrayal.” Another called it the “greatest defeat since 1991,” that is, since the collapse and disintegration of the Soviet Union.
Guerrilla theater, by reenactors.
If battlefield victory eludes you, a boffo night of dinner theater can be your consolation prize. Theater-goers in Kaluga were surprised when men in Ukrainian uniforms burst into the building, fired weapons in the air (blanks, but that wasn’t immediately obvious), roughed up theater-goers and pretended to execute one of them. It was a performance sponsored by Russia’s Ministry of Culture designed to bring the reality of the special military operation to the homefront, the Telegraph reported. The paper continues:
“The performance was named ‘Polite People’ in a nod to the phrase coined by Russian media to describe the troops who seized Crimea in 2014.
“Vilen Babichev, an actor in the show, said he has been fighting in a Luhansk separatist force against Ukrainian government troops since 2014.
The theatre group’s ‘immersive performance’ was meant to bring home to Russians the horrors of the war they have experienced, he told Nika TV.
“‘I play the main villain whose part is supposed to show to all the viewers – all Russians – the nature of the enemy that Russia is fighting against, the enemy that attacked our land more than eight years ago,’ he said.
“Roman Razum, the show’s director and leader of a rock band, said the performance was an educational project.
“‘We explain that this is not just the Ukrainian people [fighting against Russia] but well-equipped and trained Nato fighters,’ said Mr Razum, who was reportedly injured in Ukraine and had medals pinned on to his uniform.”
The narrative is, of course, mendacious hogwash, but representative of the inward-looking domestic propaganda that increasingly marks Russian influence operations.
