Adam Caudill

Security Leader, Researcher, Developer, Writer, & Photographer

Book Review: Active Measures

Thomas Rid has delivered with Active Measures, it’s clear, surprisingly entertaining, and extremely well sourced. This is a must-read if you want to understand how disinformation operations work, and more importantly, how we managed to find ourselves in a world where it’s hard to trust anything.

The book starts with the birth of modern disinformation in the 1920s, following the advances, successes and failures, though to the fiasco that was the 2016 elections. From the successes of the 1950s and 1960s, it’s clear that the stage is set for the activities of the 2010s – the methods work, the impact is real (if hard to quantify), and the techniques well understood and easy to scale.

Much ink has been spilled on the topic of the 2016 election, and the manipulation of public opinion that was being performed so aggressively – what few have captured so clearly, is the backstory that led to it. It is this backstory that is so critical to understand, to put these actions in context.

“For the man on the street it is getting harder to assess and to judge the written word. He is ever more helpless in the face of the monsters that are opinion factories. This is where we come in as an intelligence agency.” – Rolf Wagenbreth, East German Stasi. 1986

From the Beginning #

To understand the disinformation campaigns that are in play today (and in recent history), it’s important to look at how the art of disinformation evolved. By looking at the early efforts to release forged and altered information in the pre-WW II era, you get an insight into the goals and motivations – how propagandists leveraged the public’s inclination to believe the worst in people to influence both the public and decision makers.

As we move to the early 1950s, the methods become better – rooting lies in truth to make the lies more believable, leveraging the common reading materials of the day to sow dissent and discord. But it is in the 1960s that the modern model really comes into its own: leveraging mostly or even entirely true information to create controversy, which will either play out to its own destructive ends, or be built on with further and more destructive actions. By the end of the 1960s, pretty much all of the major American newspapers has been a victim of a disinformation campaign.

Propagating the truth of America’s racist past, stolen military documents being fed to journalists, taking advantage of real events, such as the suicide of a high-ranking military official to change the narrative of events. These all served to harm the interests of the United States, and all with minimal risk to those behind the actions.

It is these successes, these lessons that were learned early in the evolution in disinformation that provided the blueprint for modern campaigns.

Overall #

This is a solid book, with extensive documented sourcing, and provides an excellent insight into where we are today – and how we found ourselves in this position.

Adam Caudill

Related Posts

  • Dezinformatsiya

    I recently wrote a review on Active Measures by Thomas Rid – which helped me to solidify my thoughts on social media, and the impact it has on society. While Active Measures is focused on disinformation campaigns, it also speaks to the vulnerabilities in humans that allow these campaigns to work. Disinformation is a substantial issue today, and not just in terms of election interference, public health, or international relations – but also in much smaller scale unorganized efforts to alter perception.

  • Shadow Brokers, Equation Group, Oh My…

    Yet again, a group known as The Shadow Brokers is in the news, with yet another leak from what is widely accepted as the NSA (Equation Group1 in APT terms). This release is, to many, the most important release of this leaked stolen material from the most elite and secretive hacking operation in the world. This is a collection of a few notes on this highly unusual operation. If you haven’t read this excellent overview of the most recent release by Dan Goodin, you should do that now.

  • Proposal: Association of Security Researchers

    Security researchers play an important role in the industry, though one that doesn’t always receive the support needed. In this post, I am proposing the creation of a new non-profit entity, the International Association of Information Security Research Professionals (IAISRP), as a supporting group to push research forward, and provide the tools and resources to improve the quality of work, and the quality of life for those involved in this vital work.

  • The (Questionable) Future of YAWAST

    The last release of YAWAST was on January 1, 2020; while the release history was sometimes unpredictable, the goal was a new release each month with new features and bug fixes. I intentionally took January off from the project. In February, I left the company I was at; the team of penetration testers there had helped to inspire new features while looking for ways to make them more productive. But something else happened in February, an issue was opened – something that appeared to be simple, but in fact, made me realize that the entire project was in doubt.

  • Developers, Developers, Developers

    Note: This was written in 2012, but not published at the time. The point is still valid, perhaps moreso than ever and deserves to be made publicly. The content has been updated as appropriate, though the core of this article remains intact from the 2012 draft. I would like to note that this doesn’t apply to every environment, there are some where developers are very knowledgeable about security, and write code with minimal issues – my current employer happens to be one of those rare & exciting places.