Dr. Alina Polyakova, the David M. Rubenstein Fellow for Foreign Policy at the Brookings Institution, is one of the world’s foremost experts on fake news and Russian disinformation. She had a brilliant idea the other day.
In the Western world, we’ve been playing catchup with the Russians for years, trying to find a way to counter the pesky disinformation tactics they’ve become famous for.
She came up with something just as simple as it is profound- to look for an analogous solution, based on the American anti-smoking campaign that started in 1964. These two completely unrelated subjects have some amazing similarities.
What we want to examine are the actual techniques used by the Surgeon General and others to paint cigarettes in the light they deserve- as filthy, smelly, cancerous sticks of death you’ve got to pay for.
That’s the way to go here.
First off, disinformation is dangerous. It leads to a gross devaluation of truth and a breakdown in the entire moral order. Though zany Russian hacker disinformation combos of race-baiting and coordinated cyber-lying may seem silly and random one at a time, they add up.
Ladislav Bittman, the former Communist Czechoslovak deputy chief of the disinformation department, compared the effects of disinformation to a slow acting poison, saying “One drop may not be a problem, but together a dose could be fatal.”
This is a significant concept for a few reasons. First, it’s always elegant when you can fit an old key in a new lock. She went rifling through the old Public Threat or Menace manual, found a campaign in the past that gave her precedent, and voila.
This is conduct to be emulated as much as possible, especially as that particular connection isn’t easy to see. Well done, Doctor!
Returning to our topic, people have been thinking this whole time that these Russian cybercrimes are all really stylish, powerful, interesting things to do. They think Russian hackers, and they picture this:
What they should be picturing, is this:
Think back. When your mother first told you not to smoke cigarettes, did she give you any pamphlets on the subject? Did she cite scholarly sources to you? Or did she just do like mine did, and shout “No! Mucky! Gives you cancer!”
I got the point. Looked it up later.
This thing with the Russian disinformation is exactly the same. It is so obviously bad for America that the case cannot be overstated, and yet they are not listening. The whole thing has had to be completely infanticized, and it’s us who’s changing the diapers.
Inside those disinformation diapers are the images we need to show people.
Disinformation is gross. It’s like being smelly. Telling lots of lies is for the kid nobody wants to sit next to. That’s probably why he became a hacker, the poor schmoe- Glad I’m not that guy!
Disinformation is smoggy. It makes it hard to see, hard to breathe.
That’s why watching Fox News these days make people behave like they’ve been doing bathtub crank. There’s no bathtub-crank chic. Nobody is remaking Trainspotting, over bathtub crank.
Smoggy. Wasteful. Smelly. Stupid. Gross. These are the reasons people quit smoking. Once smokers realized that nobody was looking at them and seeing the Marlboro Man, they got red in the face and cut it out, en masse.
We have received numerous requests for a focus piece regarding cyber-defense for Democrats, especially right now as we are going into the midterms. In it is an introduction to a number of the techniques we can use to defend ourselves going forward. Knowledge is power. Pass it on.
Regular readers of Millennial Democrats will not require a lot of explanation as to how and why the threat of Russian hacking is real. We have been up against it for years. The time has come to soberly and objectively assess Russia’s cyberwarfare capabilities, and examine how we plan to fight back.
In 2016, America was caught off guard and we got a bloody nose. Guys like Roger Stone’s buddy Guccifer 2.0, or the guys in Fancy Bear pulled a fast one, to be sure.
They had the element of surprise back then. Most people had no idea what they were doing(and rolled their eyes at those who were trying to warn them, but that’s another subject). These days things are very different.
Regardless of the lies of the great orange malignance, America knows the Russians are out to get us. Trump is sticking his head in the sand on this and will do nothing to help us, so we’re going to have to learn to help ourselves, and each other.
It’s too bad we’ve got no national leadership on this, but it is what it is. We’ll get by on our own.
In starting out, the most important thing to keep in mind is this: Hackers rely on our mistakes, and mistakes are most often made when we don’t know we are making them. They need to catch us off guard, and their job is to find creative ways to use their tools to get us to slip up.
The first place a smart hacker will look is outside the box, so to speak. They’re always looking for ways to burrow in that you wouldn’t think to look for.
Employing a given system, be it a human being or a PC, for a purpose it wasn’t designed for is what hacking means. However, if you’re careful, neither you nor your computer will end up thus employed. It’s all about being careful.
Hackers are clever, be they Russian or from elsewhere, but they are far from invincible. We’ve already stopped a number of Russian cyber-assaults directed at Democrats this year, such as the ones aimed at our Claire McCaskill.
Without the element of surprise, hackers have many limitations. It’s not that easy to brute-force open a website. Just ask these guys:
Basic cyber-hygiene techniques would cut down on more than 80 percent of cyber attacks and cyber thefts, according to Herbert Lin, senior research scholar for cyber policy and security at Stanford University’s Hoover Institution. It will benefit us to learn a few.
There is a great deal of white-hat(ethical hacking) work that can be done to defend America in this realm, and most of it has to do with how careful we are.
We repeat- It’s all about being careful. This cannot be repeated too often.
In this piece, we’re going to talk about a few common mistakes made by end-users(that means us, the consumer) and how they are exploited by criminals. We’re also going to talk about some of these cyber-hygiene measures and assign them three rules of thumb.
Don’t open strange emails.
Don’t click on strange links.
Don’t accept chat messages from people you don’t know, particularly on Facebook.
Before we get started, think for a second about all your other social media accounts. Are they just as secure as your Facebook or Twitter? Make sure they are! That’s the first place a hacker will go to collect more data about you. You’re particularly vulnerable to having your account on the ones you don’t often use pried open.
As an aside, this is also why you don’t want to use the same passwords for everything. Passwords are obviously critical, as somebody who’s got them has got all your information at his fingertips. Be careful!!
A great deal of a hacker’s job revolves around getting the passwords of their victims. Their most popular tools are all various ways to apply “spear-phishing” hacks, designed to steal passwords and personal data. The unlucky “phish” who opens one has become a victim and is now open to all kinds of trouble.
There are all kinds of ways to go spear-phishing. A brand new one showed up not long ago when U.S. government agencies recently received letters via snail mail.
One example that all readers of this blog will vividly recall took place on March 10, 2016, when the first volley of malicious e-mail messages hit the inboxes of thirty people who were closely associated with the Hillary Clinton campaign. Inside them were links that were actually viruses, like worms on a hook.
Nearly all of them were failures. All but one, actually. But one was enough.
Within nine days, a horrendous amount of critical data had been stolen and passed along to Wikileaks, to be strategically released in a way they figured would hurt us. It did.
Those leaked e-mails, in which Debbie Wasserman-Schultz was seen to be fussing over Bernie’s lack of ability to fill out campaign finance forms correctly, were spun up into a narrative that Bernie(who lost by four million popular votes) had been cheated.
Bernie or Bust bought it, there were riots in the streets of Philadelphia, and a rift was torn in the Democratic Party that still has yet to heal.
All of that was made possible, with just a few phished passwords.
To combat phishing is to make sure everyone knows how common and damaging these attacks can be. Everyone should keep their guard up when checking emails, and they should report any email they find suspicious.
It’s necessary to point out here that Facebook phishing in particular is horrendously easy. They can hack you right through your chat box. We recommend in the strongest possible terms that you put as little of your personal information as possible on Facebook.
Facebook presents about a million added vulnerabilities to all of us that use it. When Edward Snowden was asked what to do to keep your data safe on that platform, his response was, “Delete your account.”
We can’t recommend that, as Facebook gives us access to 2 billion people, but we can recommend this much. If people you don’t know send you strange messages on Facebook, don’t accept them.
“We are looking at just some of the malicious material that already may be circulating or will be released before the midterms. It also bears repeating that we know the campaign of Sen. Claire McCaskill (D-Mo.) was targeted.”
Cyber-intelligence experts see this as being major, and with clear reason.
Moving on, it isn’t only Facebook and social media you’ve got to be careful with. Websites too are vulnerable.
Anecdotally, the webmaster of this site has seen hackers from all over the world try to take us down, from Beijing, China to Lviv, Ukraine, from Adelaide, Australia to Beauharnois, Quebec. They use all kinds of tricks, but they’ve never gotten in and they never will.
This is not because I’m a cyber-genius who speaks binary code, but because WordPress is awesome.Sucuri, the plugin that keeps safe all of us Millennial Democrats, is likewise excellent. They care about their clients and they hold the same liberal values sacred that we do.
WordPress users should strongly consider using Sucuri, not least for the reverse IP trace it automatically performs. This has the benefit of letting you know a lot more about who’s trying to hack you. Sometimes it will tell you everything.
Once a flower store owner from Adelaide, Australia tried to hack us. By using a reverse IP trace, Sucuri let us know who she was as soon as she had done so. Then we went to a site called WhatismyIPaddress.com, put it in, and voila.
We were able to get the name of her business by looking at the name of her domain. We then used that to look her up, and jackpot. We found the store’s address, website, and owner. We also found far-right garbage smeared all over her life.
I could put her on blast right here with a screenshot like this one:
Luckily for her, I’m not that mean. But the next guy might be. It’s a dangerous game for newbies (noobs- learn your hacker-ese) to play. It’s easy to run into trouble.
Change your life, would-be hacker flower store owner! Mend your wicked ways, before it’s too late.
Speaking of WordPress, using the two-factor authentication feature they offer as part of their platform is another good idea. This is a highly effective security measure and is available for Facebook, Gmail, WordPress, and many other major platforms.
Using this feature means a second device’s input will be required to access email accounts or websites on new computers, usually by prompting you and sending an SMS code to your phone or whatever. This can prevent scammers from accessing compromised accounts.
In addition to good cyber-hygiene, which amounts to common sense, caution, and our three rules of thumb, there are some tools we can use to make our online experience safer still. You may find this necessary, from time to time.
Guccifer 2.0 recently made a mistake and forgot to turn his VPN on, and we connected him to an IP address connected to Russian intelligence. Now his whole identity is blown because he didn’t use his VPN.
We strongly recommend getting one of these, specifically IVPN. They take protecting their customers super seriously and they are located on the Rock of Gibraltar. That fortress strikes me as a good place to keep anything valuable.
HotspotShield is another good one, and also NordVPN. There’s a lot of them; shop around and find one that’s right for you. We feel it’s worth repeating that they are a very good investment.
Additional tools include TOR(The Onion Router), which offers a former naval encryption system that we can now all use. Tor takes all your internet traffic and routes it through its own network, providing total anonymity.
The DuckDuckGo browser, which Tor employs, is good to know about also. It has a number of different features that keep you safe, including a “Flame” feature that burns up all your cookies in a second. Pretty cool.
Now, just as then, there is a need for deterrence, to defend the nation and hopefully prevent a further escalation of tensions. There is more at stake than we can even put into words. We need to be ready.
There are bigger dangers here than the usual America vs. Russia, liberal world order vs the new world order that the extremist crazies keep screaming that they want kind of thing. This is different completely.
One superpower actively destroying the democratic process of another is new and very dangerous, especially since Russian destability tactics rely heavily on disinformation and a systematic devaluing of the truth.
Alternately called “Dragonfly” and “Energetic Bear”, this group has been involved in about 100 such breaches since the start of the year, half of them in the U.S., according to a new report from the system security firm Symantec.
Symantec believes the U.S. breaches may be moving into similar terrain. Simply stated, this means they can shut our power off and attack us, anytime they want.
“The original Dragonfly campaigns now appear to have been a more exploratory phase where the attackers were simply trying to gain access to the networks of targeted organizations,” the Symantec report concludes. Now, “the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future.”
Meanwhile, Russia has been holding a set of “strategic command exercises” called the Zapad war games that are looking an awful lot like a preparation for war this week, due to run until September 20. Moscow says almost 13,000 Russian and Belorussian service personnel are taking part.
The Ukrainian organization StopFake.org has accomplished amazing results, tracking down and reverse-engineering Russian propaganda pieces. These have provided us key glimpses into how the Russian disinformation machine operates and what types of methods it uses. Incidents such as Brexit have ensured there will be no shortage of cases to study.
From the way Russia defines cyberwarfare, to its employment for strategic use, Russia has developed a big edge over its western counterparts. As James Wirtz, Dean of the Naval Postgraduate School in California, has noted, “Russia, more than any other nascent actor on the cyber stage, seems to have devised a way to integrate cyber warfare into a grand strategy capable of achieving political objectives.”
CIA chief Mike Pompeo recently said “It’s tough. You now have not only nation states trying to steal our stuff, but non-state, hostile intelligence services, well-funded. Folks like WikiLeaks, out there trying to steal American secrets, for the sole purpose of undermining the United States and her democracy.”
Nuclear deterrence is becoming obsolete, as mutually assured destruction is unpalatable even to the Russians, and new ways are being found to fight. The most ancient struggles for power and dominance are being played out in our very newest world. Cyberspace has become a very dangerous place, but it’s a place we all spend a lot of time in. Therein lies the crux of the problem.
Donald Trump thinks that by not using email, he can protect himself from the dangers of a digital world. But no matter what he would like to think, the solution won’t be found by returning to the golden age of post-It notes and Rolodexes. The computer isn’t going away any more than the firearm.
It is the opinion of Millennial Democrats that going toward the future, U.S. policy should include the immediate and thorough modernizationof the U.S. Cyber Command. After last year, we should take the offensive. An overt, popular, and well- financed American cyber- force would overtake the efforts of the Russians within months.
As soon as our highest office has been vacated by the impeachment of Donald Trump, a man that Putin has been cultivating for five years and is the property of, it will be a top priority to attain world preeminence in this area as well.
America created the Internet, and that makes its governance our responsibility. We consider this a sacred duty, and we will not shirk in its upholding.