False flag: social engineering the social network of IO professionals

Some colleagues are reporting a phishing expedition to identify and engage Information Operations experts on LinkedIn. They’ve reported invitations from “George W.” who purports to be “Colonel Williams”, an “IO professional” in the DC area.

Invitations, with a number of wording variations, has been received by a number of active duty IO personnel recently.  Investigation by several others has shown that the profile is for a nonexistent person.

In short, be careful who you let into your social network. While you may not be passing along explicit data, bringing an unknown into your network allows the phisher – who may be a hacker, a curious teenager, looking for the next Wikileaks source or a foreign government – to explore and learn from your network. By bringing the person in, you impart a degree of trust the phisher will certainly leverage to gain additional access.

Continue reading “False flag: social engineering the social network of IO professionals

Communication, Communications, and the “cyber arms” debate

By Cliff W. Gilmore

In Tom Gjelten’s September 23 NPR story titled “Seeing The Internet As An ‘Information Weapon’” Gjelten asks, “…why is there no arms control measure that would apply to the use of cyber weapons?” One obvious answer is that geography-based legal frameworks are ill-adapted to deal with a domain that is unconstrained by geography and subject to numerous competing interests. The situation is complicated further by an environment that changes at the speed of Moore’s Law.

Perhaps the most significant challenge however may be the information-centric mindset highlighted by Gjelten and prevalent among leaders, planners and communication practitioners alike. Part of the reason we have yet to develop applicable arms control measures for cyber weapons is a continued treatment of communications and communication (sans "s") as a singular activity rather than as two distinct fields of practice, the former grounded in technical science and the latter in social science.

Continue reading “Communication, Communications, and the “cyber arms” debate

Attack or Defend? Leveraging Information and Balancing Risk in Cyberspace

In his article, “Attack or Defend? Leveraging Information and Balancing Risk in Cyberspace,” Dennis Murphy discusses the Department of Defense’s policy toward the Internet, which enables opportunities to counter misinformation online and tell the story of the U.S. military. He questions, however, if organizational culture will embrace this approach.Murphy, a professor of Information Operations and Information in Warfare at the U.S. Army War College and retired U.S. Army colonel, notes the government must consider the use of the Internet by a potential adversary in future warfighting challenges. Although military leaders openly regard the importance of using new media and Internet tools, recent Defense Department policy directs commanders to continue to carefully monitor online behaviors.
Murphy recommends that leaders manage risk online while exploiting emerging cyber capabilities. Specifically, managing risk while providing the opportunity to engage effectively and exploit online opportunities requires a rebalancing of command philosophy, Murphy says. This can happen when commanders become more open to opportunities as they remain aware of threats – and let leaders at all levels do their job.
Click here to read the full article.