One of my favorite activities we perform for clients is Social Engineering so I thought that a recent trend, disinformation, would be an interesting topic to discuss:
In 1943, British Intelligence dressed up a corpse, equipped it with fake operation plans, and floated it out to sea where Axis troops would eventually recover it. The ruse was designed to make the Germans believe that the Allies planned to invade Greece and Sardinia, instead of Sicily, their actual target.
“Operation Mincemeat” was a successful disinformation campaign. Also called “Black Propaganda,” Disinformation is the intention is to spread false or inaccurate information to damage or gain an upper-hand against an opponent. While it was often used in wartime throughout history, the new battleground for disinformation is cyberspace where hackers spread disinformation about a company through their own systems.
According to a study on hacking incidents and trends for the first quarter of 2009, “Disinformation” is now the second most common attack outcome by hacking (losing to “Information Leakage” by only 3%). This is a major jump since Disinformation was not even on the list in the previous study, falling somewhere below Phishing (3%). Defacement, which can be distinguished from Disinformation because it spreads obviously false information, is third on this list.
And if you don’t think Disinformation can cost your company money, just ask Steve Jobs who recently shared sentiments with Mark Twain – “reports of my death have been greatly exaggerated.”
A hacker that broke into the live Mac Rumors Feed to announce – in all capital letters –“STEVE JOBS JUST DIED.” It took three minutes before a retraction was given, “Steve did not die.” In another incident, someone uploaded photos to Wired magazine’s website with a detailed story describing Steve having a cardiac arrest. In this case, it wasn’t even a code flaw that allowed the disinformation to be publicized, but an obvious application design flaw. Wired’s public image viewing utility allows anyone to upload whatever images they wish which are then viewable on their public website.
Harmless pranks? The incidents caused Apple stock to plummet from the disinformation campaign. Considering Steve’s recent health problems made the disinformation so plausible and the same disinformation was used on multiple occasions, you can’t help but wonder if the culprit has a vested interest in seeing Apple stock drop.
Disinformation isn’t going away. Consider the rise of social network trends like Twitter. Social networks are very susceptible to hacking in the first place. Twitter allows news to be sent directly to thousands of users. This makes it a very powerful platform for information or disinformation.