Our https://digital.report project secured an interview with one of the companies that provides the Russian government with their cyber warfare capabilities, on the information operations side. You can read the interview here:
It’s in Russian, but if you run the URL through Chrome it should automatically translate into English.
This is how the Russians are doing influence operations.
Андрей Масалович: Информацию надо впрыскивать только в те мозги, которые ее готовы воспринять
(Translated from Russian by my Chrome browser)
Andrew Masalovich: Information must be injected only in those brains that are ready to accept it
NATALIA ANISCHUK – 06/15/2017
Andrew Masalovich, Board Member and Head of Competitive Intelligence Company “Sophos” (Russia), told how modern technology can control public opinion in social networks, as they are today, hackers steal account with the most protected resources, and how this knowledge is the “light side”.
Digital.Report: In addition to your other competencies you are a methodologist and teacher in the field of security of information space in the broadest sense, including the use of social engineering techniques in social networks. What is the question you hear most often?
Andrew Masalovich: I call myself a “manager of touch with reality”, and the most popular question in this year – is it true that Russian hackers have ensured the victory of Donald Trump in the elections?
And what do you answer?
The second component of Trump’s success is based on audience targeting technology. Today, with this pool of technologies to analyze the environment of extremist groups and terrorist orientation.
The third part of the success can be attributed to a particular group within the electoral headquarters of Trump, who cruised around the country and it identified opinion leaders and thematic focus that these leaders are willing to take. Then followed stuffing information in the social network (which is only suggested Trump audio and audio promised), which attracted the voice group. A deep analysis of the audience and the impact of a sharp point to help reduce the budget to create an information field. Narrow thematic information is injected exactly in those brains that are ready to perceive it. Scientists have confirmed that the phenomenon of Trump played a key role in the impact of mass social media technology.
How does this technology work?
Let’s take a look “under the hood”. I, like many others, has worked for years on the Internet, in the mistaken belief personalities Internet community. Relatively recently, we did visualizer Internet activity, translating the image in real time. The picture turned out quite different compared with the analysts working with a time delay.
Visualization Twitter audience
Look at the slide. Painting and reflect the size and popularity of the activity of users, which can be divided into several types. The first type is standard – a standard user, who has few friends and a dense organic circle. Sometimes these people are grouped together to discuss some news.
The second group – high beams of ordinary users – this is politics, popular artists and all kinds of media persons who do not speak much, but whose popularity is inflated.
More than half the world’s Internet traffic is generated by bots sgodnya.
But now, in addition, we saw a cluster of countries, who live by their own laws and whose reaction is not similar to the reaction of ordinary people. This boats, and in order to be effective, they must be hundreds of thousands, if not millions. Otherwise, their actions are not visible, their activity will have no effect. That is why today more than half of global Internet traffic is generated by bots and not humans.Close to ordinary users opinion leaders live, which listens to the audience, such as the sect Navalny witnesses. I have listed three groups that we have seen before with the help of ordinary intelligence.
Is it too much influence on the opinion of bots online audience? After all, they can not pass the captcha, and, therefore, in their social networks can not be much.
Picture of the world has changed. Yes, initially the boat was defined as a program whose behavior is characterized by simple repetitive activities on the web. Now it was not true.
Bots are known for more than 20 years. At the dawn of Runet was 220 thousand. Users, and 700 of them have been set aside for the bots. For a long time it was thought that the bots to easily identify and filter – they can not answer the tricky questions, can not bypass the captcha. Do not forget that for social networks is one of the most important tasks – allow traffic living people and not to skip the spam traffic, advertising. That is, they watch for bots and constantly develop protective features.
Boat №1 must penetrate into the community of social networks, but it prevents the CAPTCHA. Then connect the attacker and the bot №2. Hacker hacking forum unconventional porn, gets captcha bot from №1 and gives it to the bot №2. №2 Boat is a living member of the forum, which now looks at funny pictures, it substitutes the captcha and says: “Your actions seem suspicious. Please confirm that you are human and not a robot. ” The man in the full confidence that has got to where it is not necessary, pass the captcha. Boat №2 transmits the result to the first and thus bot №1 extends in the social network. Because of illegal porn sites there is always a live audience, get free round the clock duty change in the target language.
Bot can bypass the captcha, if he is not alone.
But today, the bot can bypass CAPTCHA, I will tell you how. Suppose bot is registered in the social network and trying to communicate with users. At last there is a doubt whether a person is alive. And then the bot offered CAPTCHA. It proved that the robot can not recognize the captcha, especially when it comes, for example, about the choice of designs. Now imagine that we have a 2 and 1 bot hacker.
What is interesting from hackers? What fundamentally new types of attacks using bots, you noted?
In 2016-2017, we observed three fundamentally new types of attacks. The first group is conventionally called “horizontal brute-force”. Let’s say you want to hack into e-mail service and receive mailbox passwords well protected service, gmail or mail.ru. The basic type of attack – when take login and password are chosen simple search – called brute-force. Here, it is not suitable, because too much is almost immediately blocked service.
New types of attacks using bots to steal accounts to allow the most secure resources.
But imagine that I have a million bots and have a list of a million logins taken from spamming. Then a million bots at the same time address to the server, ask different usernames and the same password, for example, 123456. And the program decides that simultaneously authorizes a million people, each of whom made one mistake, and it is permissible. Of that million logins, from my experience, there will always be about 300-350 accounts that, indeed, the password is 123456. The next second bots organize check “unopened” logins on other popular password and so on. Thus, after half an hour in the hands of a hacker will be thousands of compromised accounts, and the service does not identify the attack.
Another interesting type of attack we saw on Facebook. As you know, if you click on the button “forgot your password?”, Then you will receive a letter in the mail with the code. By studying these codes, the attacker came to the conclusion that the code string is tied to the current seconds and because no more than 1 million codes, you can generate the record length. He took 2 million bots and also sent them to the assault with Facebook trained codes. And for one second I received 20 accounts.
The third type of attack we saw in relation to the so dear to us with bank cards. They all have almost all of the data card is easy to recover the secret for hackers is only CVC / CVV. The code is not transmitted, it does not appear in public databases. But there’s only 3 digits, ie a total of 1 thousand. Numerical sets. If I try to pick up brute-force code, on the third attempt, the bank will block me. But in the world more than 400 online stores, of which 360 have no even basic protective equipment. Hacker takes more than 1 thousand. Attempts to buy something for $ 1 by the bots and within seconds get your CVC / CVV.
With the help of a hacker bots for a few seconds can get your CVC / CVV.
The described techniques are used and massive attacks. For example, the attack on the Democratic Party of the server, which is attributed to Russian hackers, was initiated by the Romanian hacker. By the way, according to the results of our linguistic analysis, he certainly is moldovaninom. So, he used the proxy server. A proxy is used for anonymous access, but at the moment the work on proxy variables saved your data, which you can keep track of you. However, now on sale have a proxy, not just a “distorting” the data, and other account data of a substitute. Accordingly, the intruder, whom I talk, spoke then as Russian, something like a Chinese. It is clear that such opportunities are not only used for small-scale attacks, but also for major offenses.
All this sounds very sad. As these features are used for the benefit of society?
Of course, the power tool can be used on the “light” side. For example, December 18, 2014 Russia blew SMS that Sberbank is about to stop credit card payments. The average deposit size was then 30 thousand. Rubles, which is in general a little bit. But the problem was that the Savings Bank does not check the work of call center load. What’s happened? People here are quiet and serious, no one ran to the bank, all the phone calls. And gentle female voice answered: “Your call is very important to us, all the operators are busy, the approximate waiting time in queue 2 weeks.” After this answer the man realized that the world is falling apart, and ran to withdraw their 30 th. When such type first flew 10 billion 10 million and the accounts, Savings realized that it is not so and big. Over half were drawn heatmaps activity, and found that there are several clusters. And the next day, the excitement was extinguished. I suppose that the ATM in an emergency mode were provided in cash, which helped to avoid panic.
With analytics, you can “put a primary diagnosis of” school, region, class, baby.
If you select 2 laps around the person in the social network (. To friends and friends of friends, only about 50 thousand accounts), you can create a detailed picture – the person breathes than interested. When we analyzed the teenage group, and if they were able to advance to color (one nationalist who is an extremist who is suicidal), then we would have painted a picture. Quiet group colorable yellow – you can not worry about that school. Groups that are friends with extremists (blue) and nationalists (purple), are closely interwoven. On the basis of these images is easy to put a primary diagnosis of school, region, class, baby. You can keep track of how the growing danger of the mood and prevent critical developments.