Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project

Presented at Black Hat USA 2019, Aug. 8, 2019, 3:50 p.m. (50 minutes).

Online propaganda and election influence have received much attention recently. Defense leaders and the general public are aware of the risks, but have little understanding of the techniques involved, nor relevant technical details of social networks. The cybersecurity community has a ready understanding of the protocols, services, etc. of a tech platform, but less understanding of how these networks affect society and politics collectively. There is now a thriving field of computational social science that studies how social networks and other digital media affect society, but the field does not generally address the topic as a security question—let alone a defense problem. Here we will present an integrated view of Socio-Technical Systems (STS) amenable to application of security principles. Applying this novel approach requires unification of three skill sets: data science, psychology, and security thinking, which are not commonly found together. An STS consists of a social network, the human population that uses it, and an output system where effects are targeted, such as a political system or economic market. By combining analytical techniques from political or market economics, voting theory, etc. with the ML models that run tech platforms, an entire STS could be modeled as a single system. While tech platforms are already skilled at predicting individual behaviors for marketing purposes, enhanced models could enable the development of improved monitoring systems for hostile campaigns of political or financial influence. We will also provide examples of what a red team/blue team process could look like in the context of STS security, and walk through some examples of red-team analysis of influence operations.


Presenters:

  • Pablo Breuer - Innovation Officer, SOCOM
    Pablo Breuer is currently the director of US Special Operations Command Donovan Group and senior military advisor and innovation officer to SOFWERX. He's served at the National Security Agency and U.S. Cyber Command as well as being the Director of C4 at U.S. Naval Forces Central Command. He is a DoD Cyber Cup and Defcon Black Badge winner, and has been adjunct faculty at National University, California State University Monterey Bay, and a Visiting Scientist at Carnegie Mellon CERT/SEI. He has taught classes for various U.S. government agencies and industry on topics ranging from malware reverse engineering and exploit development to cyber policy and authorities. Pablo is also a founder and board member of The Diana Initiative, an InfoSec event focused on advancing the careers of women in cyber security, and is on the staff for BSides Las Vegas and CircleCityCon. Pablo holds degrees in computer science and is a PhD candidate in information science.
  • David Perlman - Researcher, A Social Network
    David M. Perlman moved through the fields of Applied Physics, Electrical Engineering, IT, medical software, and cognitive neuroscience before settling in the world of tech. His work on meditation took him to India to present to HH the Dalai Lama, and led to a thesis using econometrics and psychophysiology to study narrative, social identity, and choice. He has a unique and synergistic perspective on how technology, especially social networks, affect society, psychology, and political processes. Since 2017 he has worked with a number of US and NATO defense agencies on understanding and combating information warfare, particularly the role of social networks in influence campaigns. He also role plays as a legitimate employee of a major tech company in Silicon Valley.

Links:

Similar Presentations: