Masspersonal Social Engineering: Manipulative Communication at the Intersections of Cyber and Information Operations

February 2021 No Comments

Speakers: Gehl, R. (Louisiana Tech University); Lawson, S. (University of Utah & Marine Corps University)

Date: 18 February 2021

Speaker Session Summary

SMA hosted a speaker session, presented by Dr. Sean Lawson (University of Utah & Marine Corps University) and Dr. Robert Gehl (Louisiana Tech University), as a part of its SMA IIJO Speaker Series. Dr. Lawson presented their material, and both Dr. Lawson and Dr. Gehl participated in the audience Q&A.

Dr. Lawson began the presentation by listing the three ways that Russia interfered in the 2016 US presidential election: 1) by hacking the Democratic National Convention (DNC); 2) by leaking sensitive emails to news sources and third-party sites, including Wiki Leaks; and 3) by amplifying information to manipulate individual’s thoughts and actions. Dr. Lawson emphasized that even some domestic actors in the US may have used disinformation practices, including Cambridge Analytica, which was accused of releasing information designed to create voter suppression among minority groups.

Dr. Lawson then defined what he believed is be the best term for using information to influence an audience: social engineering. He broadly defined social engineering as getting a group of people to act in a way that it would not normally. He then highlighted three pioneers of social engineering who laid the foundation for present day misinformation campaigns: Ivy Lee, Edward Bernays, and Doris Fleischman. He stated that these early practitioners of social engineering mostly operated through newspapers, radio, and movies. However, social engineering is now a mixture of interpersonal actions and masspersonal social engineering, which relies on the use of social media.

Masspersonal social engineering does have human components, such as hackers, but it also relies heavily on online bots and trolls to spread information. Dr. Lawson stated that as social engineering has evolved along with technological advances, it has continued to use the same basic strategies, which are 1) trashing, 2) pretexting, 3) bullshitting, and 4) penetrating.

Dr. Lawson began discussing these four strategies by explaining trashing, which is the practice of examining an individual’s or company’s old, discarded emails. The Russian hacking organization, Fancy Bear, was trashing when it went through 2016 presidential nominee Hillary Clinton’s old emails. Dr. Lawson then explained pretexting, which is executed in order to make a target act without thinking. Russia has used pretexting on a massive scale since 2016 by putting out content that supports both conservative and progressive world views to generate a reaction from a target audience. Dr. Lawson then discussed what he believed to be the core practice of social engineering— bullshitting—which uses a mixture of deception, accuracy, and friendliness to help create and control an online community. Bots and trolls frequently use a mixture of false and true information to create this community while encouraging emotional reactions. Lastly, he spoke about penetration, which is how many times a piece of propaganda or misinformation is viewed across multiple platforms.

Dr. Lawson finished his presentation by acknowledging that while his presentation focused on Russian interference in the 2016 US election, other nation states, including Iran, and non-state actors have increased their social engineering practices.

Speaker Session Recording

Note: We are aware that many government IT providers have blocked access to YouTube from government machines during the pandemic in response to bandwidth limitations. We recommend viewing the recording on YouTube from a non-government computer or listening to the audio file (below), if you are in this position.

Download Briefing Materials

Comments

Submit A Comment