Book Review: Active Measures

Image: Photo by Camille Orgel on Unsplash

Thomas Rid has delivered with Active Measures, it’s clear, surprisingly entertaining, and extremely well sourced. This is a must-read if you want to understand how disinformation operations work, and more importantly, how we managed to find ourselves in a world where it’s hard to trust anything.

The book starts with the birth of modern disinformation in the 1920s, following the advances, successes and failures, though to the fiasco that was the 2016 elections. From the successes of the 1950s and 1960s, it’s clear that the stage is set for the activities of the 2010s – the methods work, the impact is real (if hard to quantify), and the techniques well understood and easy to scale.

Much ink has been spilled on the topic of the 2016 election, and the manipulation of public opinion that was being performed so aggressively – what few have captured so clearly, is the backstory that led to it. It is this backstory that is so critical to understand, to put these actions in context.

“For the man on the street it is getting harder to assess and to judge the written word. He is ever more helpless in the face of the monsters that are opinion factories. This is where we come in as an intelligence agency.” – Rolf Wagenbreth, East German Stasi. 1986

From the Beginning #

To understand the disinformation campaigns that are in play today (and in recent history), it’s important to look at how the art of disinformation evolved. By looking at the early efforts to release forged and altered information in the pre-WW II era, you get an insight into the goals and motivations – how propagandists leveraged the public’s inclination to believe the worst in people to influence both the public and decision makers.

As we move to the early 1950s, the methods become better – rooting lies in truth to make the lies more believable, leveraging the common reading materials of the day to sow dissent and discord. But it is in the 1960s that the modern model really comes into its own: leveraging mostly or even entirely true information to create controversy, which will either play out to its own destructive ends, or be built on with further and more destructive actions. By the end of the 1960s, pretty much all of the major American newspapers has been a victim of a disinformation campaign.

Propagating the truth of America’s racist past, stolen military documents being fed to journalists, taking advantage of real events, such as the suicide of a high-ranking military official to change the narrative of events. These all served to harm the interests of the United States, and all with minimal risk to those behind the actions.

It is these successes, these lessons that were learned early in the evolution in disinformation that provided the blueprint for modern campaigns.

Overall #

This is a solid book, with extensive documented sourcing, and provides an excellent insight into where we are today – and how we found ourselves in this position.

Adam Caudill

Dezinformatsiya

I recently wrote a review on Active Measures by Thomas Rid – which helped me to solidify my thoughts on social media, and the impact it has on society. While Active Measures is focused on disinformation campaigns, it also speaks to the vulnerabilities in humans that allow these campaigns to work. Disinformation is a substantial issue today, and not just in terms of election interference, public health, or international relations – but also in much smaller scale unorganized efforts to alter perception.

Utilitarian Nightmare: Offensive Security Tools

Or: Ethical Decision Making for Security Researchers. There has been much discussion recently on the appropriateness of releasing offensive security tools to the world – while this storm has largely come and gone on Twitter, it’s something I still find myself thinking about. It boils down to a simple question, is it ethical to release tools that make it easy for attackers to leverage vulnerabilities that they wouldn’t otherwise be able to?

On Apple, Privacy, and Device Control

If you’ve bothered to look at Twitter or any technology news source, you’ve seen that Apple made a major announcement: Expanded Protections for Children. This has been written about by countless outlets, so I’ll assume you’re familiar with the basics. The announcement covered a few new features being added to the next version of Apple’s operating systems, namely: Scanning of inbound and outbound messages for sexually explicit images. Scanning images being uploaded to iCloud for CSAM.

Best Practices vs Inane Practices

A Full Vindication of the Measures of Security Practitioners, from the Calumnies of their Enemies; In Answer to A Letter, Under the Signature of A. Gwinn. Whereby His Sophistry is exposed, his Cavils confuted, his Artifices detected, and his Wit ridiculed; in a General Address To the public, And A Particular Address To the dedicated members of the security community. Veritas magna est & prœvalebit. Friends and Colleagues, It was hardly to be expected that any man could be so presumptuous as to openly controvert the equity, wisdom, and authority of the measures, adopted by the practitioners of information security: a group truly dedicated to the protection of business and individuals around the world!

Looking for value in EV Certificates

When you are looking for TLS (SSL) certificates, there are three different types available, and vary widely by price and level of effort required to acquire them. Which one you choose impacts how your certificate is treated by browsers; the question for today is, are EV certificates worth the money? To answer this, we need to understand what the differences are just what you are getting for your money. The Three Options For many, the choice of certificate type has more to do with price than type – and for that matter, not that many people even understand that there are real differences in the types of certificates that a certificate authority (CA) can issue.