With social distancing and remote working, malicious cyber actors are using this new environment to take advantage of the angst felt by organizations and individuals to spread misinformation and exploit the situation. However, this can be successfully combatted through a collective response that includes performing due diligence before any information is consumed or shared.
During a crisis, the public needs to be aware of malicious actors attempting to conduct misinformation, disinformation, or the prevention of information. This is especially true during the novel coronavirus (COVID-19) pandemic, as regular and accurate information helps dictate decisions of our leaders and keeps the public properly informed and safe.
Whether cyber actors launch these campaigns to further their own cause, create panic and distrust, or simply to block information from being distributed, the public should be aware and take appropriate measures to prevent the consumption of false reporting and mitigate the corresponding risks.
Misinformation, disinformation and no information campaigns
The main difference between misinformation and disinformation is that the latter is incorrect information purposely intended to deceive unknown consumers of that information. Misinformation is also inaccurate, but it’s typically shared by unwitting parties with the belief that it is in fact correct.
The European External Action Service, the EU’s joint diplomatic and defense arm, published a report last month saying “a significant disinformation campaign by Russian state media and pro-Kremlin outlets regarding COVID-19 is ongoing.” The service asserts that Russia’s intent is to create confusion and “aggravate the public health crisis in Western countries,” effectively muddling the European Union’s communication efforts in tackling the COVID-19 outbreak.
Russia is not alone in their efforts to distribute false information around COVID-19. Secretary of State Mike Pompeo also accused China and Iran of utilizing disinformation campaigns to spread fear and confusion saying, “there are coordinated efforts to disparage what America is doing.” In addition to trying to interfere with a nation’s COVID-19 response, propaganda regarding the origin of the virus is being distributed to place blame elsewhere and cause the public to question leadership.
While misinformation and disinformation campaigns attempt to create confusion, the goal of a no information campaign is to prevent any information from being released. Such was the case with the cyberattack on the United States Department of Health and Human Services (HHS) last month.
Although a weak attempt, cyber actors overloaded the agency’s public facing website with a significant increase in traffic, effectively slowing down HHS’ systems and preventing their messaging and services from being available. While HHS was well prepared for the attack, as their systems remained online, the threat of preventing legitimate information from being distributed to the public remains.
U.S. officials alleged that a foreign entity was responsible for the HSS cyberattack, but stopped short of naming the country. Attribution is difficult to prove, but a few peripheral signs point to China. Officials from the Trump administration earlier accused China of spreading misinformation about the U.S. and the origin of COVID-19, so this could be retaliation. Further, the timing of the attack, Sunday night on the east coast in America, was Monday morning in Beijing.
Just as with disinformation campaigns, restricting the public’s access to important updates can have the same result — added confusion and doubt and an increase in uneasiness and stress. Nation-states like China are operating ongoing endeavors against the U.S., aimed at influencing policies and their voters, and can use the COVID-19 pandemic to further their agenda.
How misinformation spreads
Disinformation campaigns are often launched through any number of targeted online mediums we all enjoy every day. The articles you read, links you click, and what you send electronically and through social media can all be collected and analyzed for targeting purposes. Algorithms are created based on these behavior profiles, so individuals should be cognizant of what they consume online. For example, an individual who reads an article that is created to spread false reporting could receive links to other stories containing misinformation.
Further, humans who are targeted with misinformation often inadvertently facilitate the dissemination of fake news. Reports of a nationwide quarantine quickly spread via text message to the point that the White House National Security Council posted on Twitter that these rumors were fake.
What we can do combat these threats
In times of crisis, malicious actors running false information campaigns count on individuals reacting first and thinking second.
Combatting this requires users to consider where the information came from before choosing to share it, otherwise they are using you to perpetuate the problem.
We should always consider the source when reading information online. If the outlet is not credible, the information should not be taken at its word and considered before sharing. Even when the source is a legitimate one, ensure that what’s being said is validated by other credible sources. Was it sent unsolicited in an email or text message, did it appear in an advertisement, or was the information shared via social media from someone in your network, someone not in your network?
This tweet from the Pope at the beginning of the month touches on an important point. The significance of the media getting accurate information to the uninformed, while also helping build a sense of community and belonging to those who are secluded in times of crisis, cannot be understated. Disinformation, misinformation, and information prevention denies the public access to accurate data and keeps them in the dark, which we need to come together to prevent.
Anthony J. Ferrante is the Global Head of Cybersecurity at FTI Consulting, and previously served as Director for Cyber Incident Response at the U.S. National Security Council at the White House.