Pentagon orders review of psyops after takedown of fake social accounts

Welcome to The Cybersecurity 202! There's no need to choose one over the other between “House of the Dragon” and “The Rings of Power,” right? They're not competing for a time slot or anything. (But if you make me pick, I'll go “House of the Dragon.”)

Below: A hacker appeared to leak highly anticipated videos of an upcoming video game, and industry groups oppose legislation to designate the country's most important critical infrastructure. First:

Some of the mystery of banished phony, pro-U.S. social media accounts is getting solved

Remember how, a few weeks back, Facebook and Twitter removed a network of phony accounts pushing a pro-U.S. message, and we said the joint report that outed the false personas “raise[s] fascinating questions?”

Consider at least some of those questions now answered.

My colleague Ellen Nakashima reports this morning: “The Pentagon has ordered a sweeping audit of how it conducts clandestine information warfare, after major social media companies identified and took offline fake accounts suspected of being run by the U.S. military — tactics used by countries such as Russia and Iran in violation of the platforms’ rules.”

Two officials said U.S. Central Command (Centcom) is among those under investigation over tweets that targeted an audience in the Middle East, North Africa and Central Asia. The network analysis firm Graphika and Stanford University had discovered in their joint report that one of the removed accounts had links to a Twitter handle that had previously claimed to operate on behalf of Centcom, and there were many other links to Centcom material besides.

One tweet from March claimed that Afghan refugees had reported bodies returning home from Iran with organs missing, which would “absolutely be a violation of doctrine and training practices” if found to be the work of Centcom, a defense official said.

Fake accounts

U.S. law authorizes the use of fictitious substitute accounts, but Pentagon policy and doctrine discourage spreading false information. Congress in 2019 effectively allowed the military to strike back online when countering foreign disinformation campaigns.

But the White House, State Department and some in the Defense Department have raised concerns about whether existing policies are too broad, and State officials admonished Defense officials over the military’s clandestine activities.

The fear from those officials is that using social media accounts for clandestine information warfare poses risks to the U.S. reputation, even if they promote truthful information.

“Our adversaries are absolutely operating in the information domain,” said a second senior defense official. “There are some who think we shouldn’t do anything clandestine in that space. Ceding an entire domain to an adversary would be unwise. But we need stronger policy guardrails.”

Colin Kohl, the undersecretary of defense for policy, on Tuesday gave a deadline to military commands that conduct psychological operations online to report on their activities next month. He wants them to explain the types of operations, what tools they’re deploying and why they chose their tactics.

The White House declined to comment, and so did Centcom.

As for the Defense Department: Ellen reports, “Air Force Brig. Gen. Patrick Ryder, the Pentagon press secretary, said in a statement that the military’s information operations ‘support … our national security priorities’ and must be conducted in compliance with relevant laws and policies. ‘We are committed to enforcing those safeguards,’ he said.”

Facebook

Facebook in 2020 took down fake personas intended to counter disinformation from other countries, The Post story independently confirmed. Officials at Facebook and Twitter, suspicious that fake accounts they were removing had connections to the military, contacted the Pentagon.

One conversation came between David Agranovich, Facebook’s director for global threat disruption, and Christopher C. Miller, who at the time served as assistant director for special operations and low-intensity conflict under President Donald Trump.

Agranovich’s “point was, ‘Guys, you got caught,’” said one person familiar with the conversation. “That’s a problem.”

Agranovich brought the issue up again last year after Joe Biden became president. He spoke with Anne Neuberger, deputy national security adviser for cyber and emerging technology, carrying a similar message that Facebook easily detected the accounts and that it would enforce its policies against such activity.

Facebook and Twitter declined to comment.

By way of reminder, the accounts didn’t reach a very big audience, according to Graphika and Stanford, which didn’t attribute responsibility for them in their joint report last month.

The keys

New ‘Grand Theft Auto’ videos leaked; poster claims they were behind Uber hack

An apparent hacker posted dozens of leaked videos from “Grand Theft Auto VI” online, with the poster saying they obtained them from Rockstar Games’s internal Slack app, Axios’s Stephen Totilo reports.

“Rockstar Games has not confirmed the leak, but YouTube has removed some clips, citing copyright claims by GTA publisher Take-Two Interactive,” Totilo writes. Bloomberg News and Axios also confirmed that the leak is real

Bloomberg News’s Jason Schreier:

To those who asked: There are several reasons this is a nightmare for Rockstar. One is that it'll disrupt work for a while. Another is that it may lead management to limit work-from-home flexibility. The repercussions of this leak might not be clear for quite a while
— Jason Schreier (@jasonschreier) September 18, 2022

The hacker is “looking to negotiate a deal,” they wrote on a forum dedicated to the Grand Theft Auto video game franchise. They also teased the potential leak of valuable source code of “Grand Theft Auto V,” which was released in 2013, and “Grand Theft Auto VI.” And they also said they were behind last week’s hack of Uber, though their responsibility for that breach hasn’t been confirmed.

Industry groups oppose legislation to designate ‘systemically important entities’

A provision in the annual defense authorization bill to label the most important hacking targets is “not fixable as crafted and should be rejected,” more than a dozen industry groups wrote to top senators. The legislation would “create unnecessary programmatic redundancies and put aggregated industry cyber reports at an elevated risk of exploitation by America’s foreign adversaries,” wrote the groups, which represent members of the insurance, energy, technology and other sectors. The proposal was previously criticized by the banking sector.

Proponents of the idea to designate especially critical organizations say that it can be hard to take a risk-based approach to cyberattacks because so many organizations are part of America's 16 “critical infrastructure” sectors.
“If everything’s a priority, nothing’s a priority,” CISA Director Jen Easterly has said.

The battle over the idea of putting more strict cybersecurity requirements on the country’s most important organizations has been raging for more than a year. In the wake of 2021 hacks of Colonial Pipeline and other major firms, pressure increased for the country’s most important sectors to have increased cybersecurity requirements.

In 2020, the bipartisan Cyberspace Solarium Commission proposed that the government create a list of “systemically important critical infrastructure” and institute “benefits and burdens” to get infrastructure owners to boost their cyberdefenses.
The Cybersecurity and Infrastructure Security Agency is plowing ahead with its own list of such infrastructure, which it calls “primary systemically important entities”

The Justice Department creates network of 150 prosecutors focused on cryptocurrency crimes

Members of the Justice Department’s Digital Asset Coordinator Network will be their offices’ subject matter experts on cryptocurrency as investigators look into crimes involving cryptocurrencies, the Justice Department said. It comes after a string of hacks on cryptocurrency sites and tools, some of which are believed to have been committed by North Korean hackers.

In the network, “prosecutors will learn about the application of existing authorities and laws to digital assets and best practices for investigating digital assets-related crimes, including for drafting search and seizure warrants, restraining orders, criminal and civil forfeiture actions, indictments, and other pleadings,” the Justice Department said. It’ll also be a source for information on emerging issues in the digital asset space, and will raise awareness of the “unique international considerations of the crypto ecosystem,” according to the Justice Department.

Daybook

Rep. Michael R. Turner (Ohio), the top Republican on the House Intelligence Committee, speaks at a Heritage Foundation event on countering foreign misinformation and disinformation while protecting civil liberties today at 1 p.m.
Juliane Gallina, the associate deputy director of the CIA’s digital innovation directorate, speaks at an INSA event on Tuesday at 9 a.m.
The RH-ISAC hosts its cyber intelligence summit Tuesday and Wednesday in Plano, Tex.
Your newsletter host moderates a discussion with Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.), the co-chairs of Cyberspace Solarium Commission 2.0, at a Foundation for Defense of Democracies event Wednesday at 8:30 a.m.
Emily Goldman, the director of the U.S. Cyber Command/National Security Agency Combined Action Group, speaks at a Carnegie Endowment event on Wednesday at 10 a.m.

Secure log off

I have rewatched this late night clip a billion times pic.twitter.com/457iQ7CISj
— Solomon Georgio (@solomongeorgio) September 17, 2022

Thanks for reading. See you tomorrow.