Malware for humans

Wars in cyberspace are wars on our minds. JJ Patrick on the murky underworld of big data, social media, espionage and the spread of chaos through disinformation

In the mid-2000s in Libya, a new type of conflict was first officially recognized. By 2010 the term ‘hybrid warfare’ was sufficiently well understood in military circles – and of such concern that doctrine was updated and plans were drawn up. In the case of NATO, this came under the name ‘Capstone’.

Hybrid warfare combines non-traditional, asymmetric techniques – including cyber attacks and psyops (psychological warfare) – with traditional violence. The idea behind it is a simple one: expand the fronts of attack, reduce the ability to defend, increase speed and efficiency of assault, reduce physical damage and human loss and do it all for less money.

In a world of Continuous Improvement and Value for Money, applying these principles to the military and espionage environment has been utterly devastating. As a military doctrine it exemplifies the art of deception – what Russia calls maskirovka. Or in the words of the 5th century BC Chinese military strategist Sun-tzu: ‘The way of war is a way of deception.’

Defending against hybrid attack is punching smoke. As the world became increasingly interwoven, the internet and social media bringing people closer than ever before, humanity was presented with a rare opportunity; a crowning moment of togetherness when old barriers and boundaries collapsed and we found new ways to collaborate and coexist. But old monopoly and omnipresent greed have sullied what could have been the brightest dawn we would ever know. State-sponsored criminality seized the vulnerability of hope and turned it into a weapon more harmful than any bullet or bomb conceived in darkest hours of war.

By the time NATO formalized the Capstone Concept, private defence contractors had identified the warfare value of big data and opportunities for harvesting information from the exploding social media market. Companies like HB Gary and Palantir were weaponizing our online lives. And, as technology advanced, so did military capability and appetite.

Beyond Cambridge Analytica

During the same period, Strategic Communications Laboratories – better known due to their subsidiary Cambridge Analytica – were delivering external training to the British Ministry of Defence. A contract followed four years later with a £150,000 ($212,500) spend on ‘target audience identification’. SCL as a company is a combination of political lobby, psychological warfare operation, election consultant, marketing specialist, and espionage outfit, born of the British establishment and still tightly linked to the Conservatives by over £700,000 ($992,000) in donations from one board member even today.

By the time Cambridge Analytica, led by old Etonian Alexander Nix and specializing in voter fear micro-targeting and psychographics, became famous for its role in the 2016 election of US President Donald Trump, hybrid warfare had been effectively privatized. When the company later became infamous due to its use of illegally obtained Facebook data and allegations of underhand techniques, including blackmail, it was too late to put the genie back in the bottle. Even as the UK’s Information Commissioner battled for warrants in March 2018, evidence was being taken away by the company in crates and Nix had already registered the next endeavour, Emerdata, in cahoots with Trump campaigner Rebekah Mercer.

As is the case with all espionage operations, they don’t just disappear in a puff of smoke. They are dandelion seeds, quick to set down new roots. Meanwhile, soft targets such as Facebook make perfect scapegoats – easier to deal with in the eyes of the public, more recognizable and less terrifying than a spectre.

Privateers are but one head of the hydra. Nation-states have also harnessed the same insidious power. The Russian state excels in this regard.

Friendly-face targeting

Focusing on the key techniques of using data to identify audiences and target them at an emotional level, the Kremlin has invested heavily in relentless troll farms and automated bots. It drives disinformation into public debate through social media and creates fake news in the mainstream by harnessing the traditional media’s inherent weakness for stories that go viral, as it strives to adapt to the online marketplace. The 13 Russians from the Internet Research Agency indicted by Robert Mueller’s inquiry into the Kremlin’s involvement in the Trump election point to the success of this method.

Putin has not stopped at social media. With significant investment in external-facing state media outlets such as RT (formerly Russia Today) and Sputnik, the Kremlin has created a propaganda machine, masquerading as a friendly face to audiences around the world.

As RT’s editor-in-chief Margarita Simonyan admits: ‘Since RT receives budget from the state it must complete the tasks given by the state’ and ‘when Russia is at war, we are, of course, on Russia’s side’. These outlets are a part of Russia’s foreign office apparatus and integral to Putin’s hybrid war machine. As Simonyan has said, not having an outfit like RT would be like ‘not having a ministry of defence’.

Audience fears are harnessed and the credibility of the domestic press undermined, while using local dissidents and celebrities to enhance the outlets’ own standing.

It is much harder to change a mind than it is to provoke one to disengage entirely

Polishing the illusion of independence and often managing to cash-compromise legitimate politicians, Russia effectively dwarfed other pro-leave voices during Britain’s Brexit vote in terms of volume. Over 130 million impressions of anti-EU articles were generated across online news and social media platforms, spiking on the day of the referendum vote (23 June 2016) led by Russian state media outlets RT and Sputnik, and supported by an army of Twitter bots.

Whether a state or pressure-group activity, these hybrid threats work in the same way: reaching populations at nano-targeted, segmented levels, on a purely emotional basis to drive a response in behaviour. They are most successful not in creating votes but suppressing them, in part by destroying the truth, painting up as down and left as right. It is much harder to change a mind than it is to provoke one to disengage entirely.

All the while, as hybrid warfare has advanced insidiously into our everyday lives, technology has also rendered financial regulation and even traditional money laundering irrelevant. The rise of cryptocurrency alongside these methods is no coincidence. Cash in the shadows, as unseen as the operations themselves.

Take back control

None of this would have been possible without a degree of international complicity at the highest levels, with old guards and oligarchs embracing this brave new world to secure election victories, third country regime change, and managed democracies.

Broadly, this explains the deficit in suitable regulation for the new landscape: the gaps in electoral law, data protection, and definitions of ‘use of force’ at an international level. And this is where the world can focus: taking back control in the truest sense by reclaiming data privacy; regulating social media by verifying user identities and creating new laws; by bolstering electoral legislation and adding new transparency around funding and suppliers.

The European Union is leading the way on data, with its tough new General Data Protection Regulation, live from May 2018, but the debate can no longer be entrusted to the governments who have benefited from and permitted the spread of a virus which has attacked us all.

This pandemic can only be cured by the people and with the acknowledgement that we just weren’t ready for life online.

JJ Patrick is a former Scotland Yard detective and whistleblower. He is now an investigative journalist, writing regularly for Byline.