Irresponsible disclosure - Digital Threat Digest
PGI’s Digital Investigations Team brings you the Digital Threat Digest, SOCMINT and OSINT insights into disinformation, influence operations, and online harms.
PGI’s Digital Investigations Team brings you the Digital Threat Digest, SOCMINT and OSINT insights into disinformation, influence operations, and online harms.
Fachwissenfrustheißeluftzorn - a German compound noun for the anger you feel when you see crap hot takes on a slightly niche topic that you know quite a lot about. Sadly, because German compound nouns (and indeed all languages) are made up, fachwissenfrustheißeluftzorn is yet to enter the public zeitgeist. However, it accurately summarises how I’ve felt for the last ten days or so following the UK media cycle in the aftermath of the Southport attack and subsequent riots.
I’m writing this at 1800 hrs on Wednesday 07 August, an hour before the Daily Mail, Gbeebies, LinkedIn influencers, and a series of angry bald dudes in ray-bans on Twitter have assured me that the far-right are about to tear through London and burn the city down.
There are two strands I want to complain about here, and both relate to irresponsible disclosure. Responsible disclosure is yet another relevant term borrowed from cybersecurity and, effectively, constitutes a process that allows hackers to safely report vulnerabilities they have found. Irresponsible disclosure is sort of the opposite of that concept when it comes to information warfare.
One – if you work in the media, or if you have a public platform, you have got to stick to the rules of ethics around sharing controversial material. When it comes to counter-terrorism stuff, these rules are super clear: Don’t become part of the propaganda dissemination mechanism. In the early days of IS, Twitter armchair ‘jihadist experts’ were basically a pipeline from Telegram, forums, and spaces for whatever IS released on a minute-by-minute basis; amplifying their content far beyond the original comms spaces. A decade has gone by, and in the last ten days the exact same thing has happened with UK far-right content. I open LinkedIn, and every third post is an ambulance chasing sales pitch accompanied by content lifted directly from some shitty far-right Telegram channel. Fire up Twitter and it’s the same thing, @everyoneandtheirdog pipelining screenshots of death threats, planned riot locations, and propaganda posters straight to the masses.
Two – fachwissenfrustheißeluftzorn. In the aftermath of the Southport attack, conspiracies immediately circulated, because that’s just what happens in 2024. You can get a bit chicken-or-egg here and ask what came first - the condemnable but organic racist sentiment that a section of society holds, or the foreign seeding and amplification of racist narratives. Merge the razors of both Occam and Hanlon and it seems more likely that there are some racists who live in the UK. And yet, in covering the misidentification of the suspect in the Southport attack, The Times decided that the misidentification was a Russian IO. The entire basis of their argument was that one of the old social media assets which misidentified the suspect (which as per my first point I’m not gonna name and publicise, obviously) had some Russian language car racing videos on it.
Except the videos were from 2013. And the social media presence had clearly been purchased once you looked at its cross-platform presence and history of name changes. And, to be honest, if you were a Russian operator setting up a crack reactive IO targeting the UK, in no world would you use your old car racing YouTube channel to do it. Because that’s as far from good tradecraft and OpSec as you can get.
But that crap investigation—or irresponsible disclosure if you will—was the only nugget the rest of the papers needed, as journalists nationwide began figuring out which timeless experts they could roll out to assess the Russia links. The Telegraph decided to get a former intelligence chief, who said, “Clearly, it’s one of the sources of this activity out of Russia”.
Poor journalism leading to an inaccurate claim of Russian IO – a claim taken as truth and reaching the former head of MI6. Irresponsible disclosure and fachwissenfrustheißeluftzorn.
More about Protection Group International's Digital Investigations
Our Digital Investigations Analysts combine modern exploitative technology with deep human analytical expertise that covers the social media platforms themselves and the behaviours and the intents of those who use them. Our experienced analyst team have a deep understanding of how various threat groups use social media and follow a three-pronged approach focused on content, behaviour and infrastructure to assess and substantiate threat landscapes.
Disclaimer: Protection Group International does not endorse any of the linked content.
Working within the Trust and Safety industry, 2024 has been PGI’s busiest year to date, both in our work with clients and our participation in key conversations, particularly around the future of regulation, the human-AI interface, and child safety.
At their core, artificial systems are a series of relationships between intelligence, truth, and decision making.
Feeding the name of a new criminal to the online OSINT community is like waving a red rag to a bull. There’s an immediate scramble to be the first to find every piece of information out there on the target, and present it back in a nice network graph (bonus points if you’re using your own network graph product and the whole thing is a thinly veiled advert for why your Ghunt code wrap with its purple-backlit-round-edged-dynamic-element CSS is better than everyone else’s).