Unique signals - Digital Threat Digest
PGI’s Digital Investigations Team brings you the Digital Threat Digest, SOCMINT and OSINT insights into disinformation, influence operations, and online harms.
PGI’s Digital Investigations Team brings you the Digital Threat Digest, SOCMINT and OSINT insights into disinformation, influence operations, and online harms.
Like the rest of the UK, I spent the bank holiday Monday outside, having a barbecue, stubbornly refusing to put on sunscreen. At one point, the Aperol Spritz-fuelled conversation turned to weird bodily functions, and I told a group of 10 people that I can rumble my ears - it's where you contract a tiny muscle in your ears to make a rumbling, thundery sound. Luckily, one of the barbeque attendees could also do it otherwise I’d have looked insane. But, usually, it’s the sort of thing that people with the capability to do it think is unique to them. I find the idea that we all think we’re unique fascinating; it’s a manifestation of ultimate hubris and egotism.
Social media and the wider digital environment strip away any notion of uniqueness. It normalises the fringe and puts you in contact with others with your ‘unique’ beliefs, interests, or talents. Drawn in by their acceptance, you start to spend more time with the community you identify with and get a sense of belonging from it. In the physical world, we’d probably call it a cult. In the digital world, nine times out of ten, it’s a Discord server or subreddit.
If your thing is building a personality around the US Office, you’ll find your people anywhere and everywhere across social media. But, if it’s ear-rumbling, then r/earrumblersassemble has just 96k subscribers. For context, Reddit has 500mn active monthly users, so 0.02% isn’t bad for perceived uniqueness. Maybe your thing is a metaverse themed around Garfield, in which case there’s a 10-subscriber Discord server for you. You might not think so, but there’s a community for every single thing, and the same thing happens in every one - centralisation and normalisation.
I reckon most threat actors probably think they’re unique in how they put together a campaign, but there are always common traits. Like why do the IRGC keepusingHetzner as their cloud host? Why, come 2023, has Egypt still not learned how to disguise Facebook admin locations while targeting Libya?
And why isn’t there a digital cult around this yet? YARA allows for the open sharing and crowdsourcing of threat intel from a CTI/malware perspective, so where’s the equivalent for other forms of malicious behaviour online? Unfortunately, every effort in this realm remains in-house and largely closed off.
More about Protection Group International's Digital Investigations
Our Digital Investigations Analysts combine modern exploitative technology with deep human analytical expertise that covers the social media platforms themselves and the behaviours and the intents of those who use them. Our experienced analyst team have a deep understanding of how various threat groups use social media and follow a three-pronged approach focused on content, behaviour and infrastructure to assess and substantiate threat landscapes.
Disclaimer: Protection Group International does not endorse any of the linked content.
Working within the Trust and Safety industry, 2024 has been PGI’s busiest year to date, both in our work with clients and our participation in key conversations, particularly around the future of regulation, the human-AI interface, and child safety.
At their core, artificial systems are a series of relationships between intelligence, truth, and decision making.
Feeding the name of a new criminal to the online OSINT community is like waving a red rag to a bull. There’s an immediate scramble to be the first to find every piece of information out there on the target, and present it back in a nice network graph (bonus points if you’re using your own network graph product and the whole thing is a thinly veiled advert for why your Ghunt code wrap with its purple-backlit-round-edged-dynamic-element CSS is better than everyone else’s).