COMMENTARY: Tactics rarely change, even though the tools do. The 2024 elections continue to test the ability of defenders to counter the evolving tactics of our adversaries. One thing is for sure during the final days of the campaign: we’ll see many more malicious attempts to influence the election.
The real question: How hard will we fall for them? The FBI, CISA, and DHS continue to issue alerts about ongoing foreign malign influence operations emanating from Russia, China, and Iran, most notably.
Some activities are overt, like deceptive videos and websites. Conversely, China tends to favor more clandestine activities, including penetration of communications systems. While election campaigns go on much longer than before, the groundwork to target specific individuals began even earlier.
Inside Chinese operations
China's attempts to infiltrate private communications could lead to tailored influence operations. However, playing the long game like they do, the latest operation is probably more about collecting intelligence on the plans and intentions of whoever becomes president, as well as members of the House or Senate. Knowing the nuances of potential policy positions on Taiwan, trade negotiations, tariff proposals, and possible sanctions is valuable information to the Chinese.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
An interesting new group has appeared within the last five years that bolsters China's overt influence operations: Spamouflauge. According to Graphika: while Spamouflage has continued to use hundreds of fake accounts with little or no attempt at persona development, it began in parallel to experiment with persona accounts which looked and behaved as though they were real people, and thus gave a veneer of authenticity to what they posted.
Clemson University professors Darren Linvill and Patrick Warren of the Media Forensics Hub, analyzed an attack by the group against Florida Senator Marco Rubio in 2022. Their conclusion: "We think they were testing new tactics before they might apply them more broadly elsewhere."
Now, in 2024, these tactics are appearing more frequently as Graphika released a report in September pointing out that China has stepped-up these tactics.
China's influence operations have not yielded the same level of engagement and impact as Russia’s. Overall, China has been more interested in industrial espionage. They are waging a longstanding economic war. While over time, that might change, it's not as embedded in their political DNA: yet.
Moves by Russia to influence the campaign
In 2016, the Internet Research Agency (IRA), a notorious Russian troll farm founded by the Wagner Group, operated a social media campaign to disrupt elections in the United States. However, the campaign started two years earlier to establish personas and build the necessary channels to exploit divisive issues.
Volume I of the Mueller Report on Russia’s alleged interference in the 2016 election devotes an entire section to the tactics and techniques of the IRA. These same tactics are now found in another appropriately named entity--the Social Design Agency (SDA).
The SDA operation was part of what the FBI described as a group of 32 internet domains that have been used by the Russian government and Russian government-sponsored actors to “engage in foreign malign influence campaigns colloquially referred to as Doppelganger."
In an FBI affidavit to support the seizure of these internet domains, a sophisticated plan was discovered to target foreign countries, including Mexico and Israel, with the intent that those efforts would influence associated ethnic or religious groups residing in the United States and influence the 2024 Presidential election.
So, it’s important for everyone to understand that the tools of social media and internet domains purporting to be legitimate news sites are all designed to amplify the same tactics used for decades. There’s nothing new under the sun: only a new way of delivering it.
Prepare for more deception as we move closer to election day. Stay skeptical about anything posted on social media, online podcasts, and for sure, political ads run on local cable TV.
Expect a muddy and chaotic ride ahead.
Morgan Wright, chief security advisor, SentinelOne
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.