Stepping into the Matrix: Learning to Hunt
Buckle-up buttercup.
I warned you about the negative impact on your health of taking this journey, but you came back, so let’s get this over with.
You are just an animal, so we’ll learn to hunt like one. We’ll start by playing with previous kills, then graduate to partials, and then maybe unleash you on a live hunt.
WARNING: We NEVER declare someone an adversary. Any and all accounts mentioned from here on out must be assumed to be innocents. All we are doing is identifying suspected posts and associated accounts which are suspicious. We then do secondary screening to get rid of clear errors. If something still looks odd, we recommend verifying that the account belongs to a human in the U.S. If so, we recommend doing NOTHING. The harm has been done. If the account does not belong to a human in the U.S., then a proper follow-up may be warranted. We are 100% against censorship. Adversary attacks rely on innocents.
The answer you have been waiting for: Cognitive warfare works by hacking the brain’s uncertainty management process. It sounds so simple, but it is incredibly complicated.
Your body has too much data coming in to process and react to. That data overload creates anxiety. Your brain needs a cheat. Enter your uncertainty management process. Your brain looks for relationships in situations to know how to respond quicker. That is essentially Kahneman’s System 1 and System 2 brains. Your brain will do everything it can to reduce uncertainty. Your brain associates “cold” with “snow.” Feelings transfer from from one object to another such that if I keep mentioning snow you will eventually feel colder. David Robson’s The Expectation Effect is a great read on the issue.
Issue transference is how advertising is supposed to work. See the dog and love the Subaru. The issue-to-issue relationship is set and we just need to repeat it (amplify it) long enough for the relationship to stick in your brain. That mass of metal, plastic and rubber evokes the same warm and comforting feeling that Fido gives you. Imagine that.
Issue transference is how therapy works. “Tell me about your relationship with your mother.” It is how we develop biases. For example, assuming all Arabs are terrorists because that is how they are commonly portrayed in movies. It is even the cause of the placebo effect. Issue transference works so well that it is how the FBI recruits foreign agents. The Like Switch: An Ex-FBI Agent's Guide to Influencing, Attracting, and Winning People Over by Shafer and Karlins is a great read on that issue. And if you don’t believe me, go have a gross food party. Smear chocolate pudding on a diaper and ask people to eat it. I’ll bet some vomit.
To find adversaries engaging in cognitive warfare we need to find issue-to-issue relationships that resonate in large enough portions of the population to effectuate the change. That is what we need to hunt for.
In the 2018 example in the last post, the issue of “Korea” was associated with a negative emotion or issue that adversely impacted how people felt about “McCaskill.”
I am going to call these issue-to-issue relationships nudges. Nudges have two key features:
The nudge will relate in some manner to the user’s lived experiences and as such will “make sense” once uncovered.
The nudge will not be overt. The human brain instinctively rejects overt attempts at manipulation. As such, to be effective a nudge will be presented as passive information.
Nudges are used in two types of attacks:
Type 1 – Repetitive use of messaging across multiple accounts; and
Type 2 – Repetitive use of content across a single account.
Example 1: Softening the battlefield.
From April 30th to May 21st, 2021, Veriphix ran a data feed on air travel from the East Coast of the U.S. The goal was to identify how to get people flying again after travel fell during COVID. The May 7, 2021 Belief3 output gave us both positive and negative nudges (issue-to-issue correlations).
To give you an idea of how those “nudges” work, these were advertisements that appeared on Meta that week. You can see some ad agencies got it right, but some got it horribly wrong.
Great, but what about adversaries?
“Work from home” would REDUCE business travel, so it was a negative nudge.
Now let’s look at how this tactic was used in real life.
Ukraine’s economy heavily relied on U.S. East Coast business travel. Business travel can represent up to 10% of Ukrainian GDP. Therefore, reducing U.S. business travel to Ukraine would have a negative impact on Ukraine.
We took the nudge (reduced business travel from the U.S. East Coast) and performed a simple Boolean search:
(Target audience or location) AND (nudges)
On May 3, 2021, ZeroHedge, which is known to push pro-Russia narratives, used the content indicator. That was then retweeted by: Die Rote Pille, Cletus1942, politicalHEDGE; and PS641600.
That was the start of the cascade, not of mis- or disinformation, BUT of information used for the purpose of achieving a tactical military advantage. It had NOTHING to do with a U.S. election. Rather, it represents a potential adversary attack whose purpose was to weaken the Ukraine economy pre-invasion.
Those accounts still need to go through secondary screening. While any one of these criteria is not necessarily grounds for labeling an account as malicious, viewed in the aggregate, they do form a basis to justify confirming that the account has a human (v. bot) operator:
Disparities between advertised location and content matter;
Links to foreign-language speaking accounts;
In addition to #1, a lack of ‘expected’ content based on the profile’s content;
Tweeting at consistently odd times of the day; and
Tweeting at a much higher volume than could be reasonably expected.
And if that operator is a human? You let it go. The harm has been done. Innocents are part of the process, humans are diverse and fallible, and preserving free speech is vital.
Example 2: Eroding Support for Ukraine
In this example the nudges are “Poland” and “Coal.” They are taken from a July 25, 2022 data collection (which was processed and reported out 24 hours later on July 26, 2022). “Coal” was a nudge that negatively impacted the Polish population’s belief in an improving economy, and increased the likelihood of domestic protest in Poland.
The query used was: (Poland OR Poles) AND coal.
For this analysis, we used Twitter search. Twitter provides the Tweets containing the search terms in chronological order. A single isolated tweet containing nudge issues is unlikely to be a test or attack and is ignored. Instead, we focused on collections of tweets that included the search terms and appeared in close temporal approximation (e.g., 48 hours).
The following repetitive Tweets posted on July 27, 2022, and containing the content indicator (coal) were identified:
This time let’s do some of the secondary screening to see if it is worth elevating the account to verification.
In this case, the video that appears in all four (4) Tweets appears to originate from the following Russian Telegram account: https://tgstat.ru/en/channel/@pl_syrenka.
Tweets that include the nudge and appear in close temporal proximity are indicative of a network attempting to insert influence. The influencing content is broadcast across multiple networks. The nudge in the four tweets above were directed into four different regional networks (French, UK, UAE and US):
Circonscripti18 7/27/22 12:12 FR
Withy 7/27/22 17:48 UK
Withy RT self 7/27/22 20:16 UK
Khalediskef 7/27/22 22:23 UAE
Dana916 7/27/22 23:11 US
Then we look at the actual content of the Tweets. Common posted subject matter used between the apparently otherwise unrelated Twitter accounts is indicative of an intentional propagation of the nudge (indicator).
Then we look to see how the content and behavior of the (otherwise seemingly unrelated) identified accounts correspond to each other. This Dana916 account has retweeted the Khalediskef account on August 29, 2022. The posting of very similar subject matter in some cases and retweeting in others raises the possibility that the accounts are coordinating in some manner. The fact that the underlying subject matter came from a Russian linked Telegram account is further reason to find this change in behavior suspicious. Performing the same analysis on the Withy account, we see a similar relationship with the Khalediskef account.
The Circonscripti18 does not link to the other three accounts. The Circonscripti18 Tweet was posted first and the subject matter appears to have more differences than the others. Circonscripti18 may be an innocent account.
Next, we look at the account profiles for inconsistencies. For example, in the above collection of Tweets from August 27, 2022, the DANA916 account identifies as being from Tennessee and yet posts on Ukraine, China and other foreign events with little to no Tennessee-related content. A review of DANA916’s tweets show a heavy pro-Russia bias. The DANA916 appears to start Tweeting each day at 9:00 am East Coast and Tweets constantly until midnight. This pattern repeats each day, strong indication of a human-bot account.
Even then, we do NOT label these as adversary accounts. All that work just means someone should pick up the phone and verify that the account is a person in the U.S. That is all. American’s have an absolute right to express their opinions even if they align with and amplify adversary messaging.
Example 3: Do NOT step on a landmine.
Ok this isn’t actually an example, but then again maybe it is.
The Russians did not originate their system from scratch. They copied the U.S. system. Surprise!
The US military is developing software that will let it secretly manipulate social media sites by using fake online personas to influence internet conversations and spread pro-American propaganda.
A Californian corporation has been awarded a contract with United States Central Command (Centcom), which oversees US armed operations in the Middle East and Central Asia, to develop what is described as an "online persona management service" that will allow one US serviceman or woman to control up to 10 separate identities based all over the world.
In 2010, the U.S. system opened this space and the Russian system followed in 2011-2012. I had a front row seat for those initial disinformation wars. I was representing Libyan Jamahiriya Broadcasting Company on copyright violations. Those copyright violations were initial attacks. What transpired over the next 10-24 years is that Russia perfected the issue selection process and surpassed the U.S.
The defense we are talking about is only 10% of the U.S. budget. U.S. offense is 90%. and that offense saves lives. It uses words, not bullets, to solve problems. It is some of the most sensitive and important work that exists.
That also means that a defensive solution is not viable if they do not allow for offensive activity because the (10%) defensive measures will apply to, and hamper, the (90%) offensive activity. In other words, the offense will be shut down. That is also how we can call “bullshit” on certain solution providers. Do they account for offense? No, then it can’t work. And there is a lot of “bullshit” in this space.
Next post we’ll need to dig into the science of how to find the nudges. There is a problem with using social listening, which is what got State GEC in trouble and which you’ll need to avoid as well.
Cheers,
-J
"a potential adversary attack whose purpose was to weaken the Ukraine economy pre-invasion."
This reminds me my blogs concerning Ukrainian sunflower oil had alot of visits from russia in the months before the invasion. Luckily I kept the screen capture of the visitors IP adresses...Those are likely the location of hacking services.