Security experts are warning of a rise in so-called “faketivists” – state sponsored operatives who take on the personas of solitary hacktivists in order to disseminate sensitive hacked material for political ends.
ThreatConnect, one of the cyber intelligence firms which helped uncover Russian involvement in the Democratic National Convention (DNC), claimed the strategy has enabled governments to publicize information gleaned from APT campaigns whilst maintaining plausible deniability.
Russia appears to be a prolific actor in this, with its Fancy Bear group (APT28) linked to the so-called ‘CyberCaliphate’ attacks on French TV network TV5 Monde and the Twitter account of the US Central Command, as well as ‘CyberBerkut’ attacks on the German parliament and others – which began in 2014.
ThreatConnect also accused the Kremlin for the ‘DCLeaks’ attacks which released secret NATO emails, and ‘Anpoland’ – a group purporting to be part of Anonymous, which hacked anti-doping agency WADA.
Most famously, the researchers claimed Fancy Bear and Cozy Bear (APT29) are linked to Guccifer 2.0, the ‘hacktivist’ who leaked hugely damaging Democratic party emails which some said could have cost Hillary Clinton the election.
Those emails were subsequently published by WikiLeaks, giving the Kremlin plausible deniability and a huge audience for its campaign, although undermining the former as a “faketivist facilitator.”
ThreatConnect’s evidence in this case relies partly on infrastructure used by the ‘hacktivists,’ which has a lot in common with that used by APT28 and APT29 – things like IP addresses and servers.
It also points to obvious differences in motivation, purpose – to distract and subvert public opinion on official statements – and behavior, i.e. many of the facketivist profiles appear “out of thin air.”
ThreatConnect concludes that faketivism may well rear its head during important European elections in 2017, with the US “serving as a playbook” for meddling in other countries’ democratic processes.
“Faketivists are a low-cost way to pollute the information environment,” the firm argued. “Faketivist personas don’t have to be perfect, they can just be ‘good enough’.”
The problem the white hats continue to have, as described by think tank the ITIC this week, is attribution.