PGI’s Digital Investigations Team brings you the Digital Threat Digest, SOCMINT and OSINT insights into disinformation, influence operations, and online harms.
Fachwissenfrustheißeluftzorn - a German compound noun for the anger you feel when you see crap hot takes on a slightly niche topic that you know quite a lot about. Sadly, because German compound nouns (and indeed all languages) are made up, fachwissenfrustheißeluftzorn is yet to enter the public zeitgeist. However, it accurately summarises how I’ve felt for the last ten days or so following the UK media cycle in the aftermath of the Southport attack and subsequent riots.
I’m writing this at 1800 hrs on Wednesday 07 August, an hour before the Daily Mail, Gbeebies, LinkedIn influencers, and a series of angry bald dudes in ray-bans on Twitter have assured me that the far-right are about to tear through London and burn the city down.
There are two strands I want to complain about here, and both relate to irresponsible disclosure. Responsible disclosure is yet another relevant term borrowed from cybersecurity and, effectively, constitutes a process that allows hackers to safely report vulnerabilities they have found. Irresponsible disclosure is sort of the opposite of that concept when it comes to information warfare.
One – if you work in the media, or if you have a public platform, you have got to stick to the rules of ethics around sharing controversial material. When it comes to counter-terrorism stuff, these rules are super clear: Don’t become part of the propaganda dissemination mechanism. In the early days of IS, Twitter armchair ‘jihadist experts’ were basically a pipeline from Telegram, forums, and spaces for whatever IS released on a minute-by-minute basis; amplifying their content far beyond the original comms spaces. A decade has gone by, and in the last ten days the exact same thing has happened with UK far-right content. I open LinkedIn, and every third post is an ambulance chasing sales pitch accompanied by content lifted directly from some shitty far-right Telegram channel. Fire up Twitter and it’s the same thing, @everyoneandtheirdog pipelining screenshots of death threats, planned riot locations, and propaganda posters straight to the masses.
Two – fachwissenfrustheißeluftzorn. In the aftermath of the Southport attack, conspiracies immediately circulated, because that’s just what happens in 2024. You can get a bit chicken-or-egg here and ask what came first - the condemnable but organic racist sentiment that a section of society holds, or the foreign seeding and amplification of racist narratives. Merge the razors of both Occam and Hanlon and it seems more likely that there are some racists who live in the UK. And yet, in covering the misidentification of the suspect in the Southport attack, The Times decided that the misidentification was a Russian IO. The entire basis of their argument was that one of the old social media assets which misidentified the suspect (which as per my first point I’m not gonna name and publicise, obviously) had some Russian language car racing videos on it.
Except the videos were from 2013. And the social media presence had clearly been purchased once you looked at its cross-platform presence and history of name changes. And, to be honest, if you were a Russian operator setting up a crack reactive IO targeting the UK, in no world would you use your old car racing YouTube channel to do it. Because that’s as far from good tradecraft and OpSec as you can get.
But that crap investigation—or irresponsible disclosure if you will—was the only nugget the rest of the papers needed, as journalists nationwide began figuring out which timeless experts they could roll out to assess the Russia links. The Telegraph decided to get a former intelligence chief, who said, “Clearly, it’s one of the sources of this activity out of Russia”.
Poor journalism leading to an inaccurate claim of Russian IO – a claim taken as truth and reaching the former head of MI6. Irresponsible disclosure and fachwissenfrustheißeluftzorn.
More about Protection Group International's Digital Investigations
Our Digital Investigations Analysts combine modern exploitative technology with deep human analytical expertise that covers the social media platforms themselves and the behaviours and the intents of those who use them. Our experienced analyst team have a deep understanding of how various threat groups use social media and follow a three-pronged approach focused on content, behaviour and infrastructure to assess and substantiate threat landscapes.
Disclaimer: Protection Group International does not endorse any of the linked content.
Tuesday night saw the celebration of a major political event, a commemoration of political stability and continuity: Guy Fawkes Night.
What is a data breach? A data breach occurs when sensitive, protected, or confidential information is accessed, shared, or stolen by an unauthorised person.
In the mid-20th century, Gilbert Ryle threw sand in the eye of Cartesian dualism, calling the idea of a separate mind a 'category mistake' and dubbing it the 'ghost in the machine'—essentially suggesting that Descartes had outed himself as harbouring an imaginary friend.