Cameron H. Malin

Cyber Jihad and Deception

This chapter describes how jihadi movements utilize the Internet to shape the history and objectives of their movements, communicate ideological information to adherents as well as potential recruits, and provide a platform for fundraising as well. In addition, the chapter discusses how these movements have utilized the Internet to disseminate information on methods and techniques that can be utilized by jihadi followers to conduct cyber attacks against the movement’s enemies. Later in the chapter the discussion turns to the use of online deception by jihadi actors to communicate threats of mass destruction to communicate fear throughout their opponent’s populations as well as feints in terms of attacks to keep opposing security services guessing. The final section provides a brief look at how deceptive techniques such as steganography are utilized to keep critical communications from being intercepted by their opponents.

Social Dynamics of Deception

Chapter Four delves deeply into human actors involved in underground cyber markets in order to better understand how they function and what social dynamics shape the behavior of users. In particular, this chapter focuses on markets where individuals sell cybercrime as a service, including malware, hacking services, Distributed Denial of Service (DDoS) attacks, and personal data. Through describing the structure and social ecosystem, the chapter provides insight into how actors deceive one another in order to gain competitive or economic advantage. Later, the chapter discusses trust dynamics and subcultural norms within underground cybercrime markets, particularly within the context of transactions. The chapter concludes by examining salient intercultural deception techniques among underground market interactants, such as virtual false flags, sock puppets, persuasive technology, and impersonation.

Sweet Deception: Honeypots

This chapter provides the reader with a description of a set of technologies collectively known as “honey” technologies. The beginning discussion provides the reader with a brief history of early and often unintended honey technology experiences from the likes of Cliff Stoll, Bill Cheswick, and Fred Cohen. The next section focuses on the idea of honeypots and honeynets featuring the work of Lance Spitzner and the Honeynet Project and adds additional relevant theoretical concepts such game theory and practical commentary relevant to these particular forms of deception by information security professionals. The final section of the chapter is a discussion of honeytokens: informational objects of value that are used to entice malicious online actors to compromise digital devices that are either honeytokens in and of themselves or contain honeytokens that are susceptible to being stolen.

Looking Forward: Deception in the Future

This chapter looks to the future to discuss how the advancements of technology and cyber communications will impact deceptive techniques. While the future will no doubt bring about new and creative methods of deception, there several interesting topics that are already in development including nanotechnology, quantum stealth, and advanced drones. The impact of these new technologies, as well as several others, will have a direct impact the field of psychology, as definitions of what is real and what are hallucinations may be challenged. This chapter concludes with the impact on society, indicating that technologists and scientists must ardently keep in mind the social scientific and human consequences of their newly created magic.

Seeing is Not Believing: Deceptive Internet Video Communications

This chapter focuses on deceptive techniques used in video, specifically applied to Internet video communications. A discussion of deception used in still photography and in film ground the concepts in history with contemporary examples highlighting its role. Some of the historical techniques used to fake photography and create special effects for motion pictures are included as they relate directly to how video can be faked today. A special look at some of the best deception techniques used by the US Army during World War II are also included. The chapter concludes with a discussion of the potential ways that deceptive imaging may be identified through the use of physics.

Virtual Myths: Internet Urban Legend, Chain Letters, and Warnings

This chapter explores how story narrative can captivate, compel, and deceive the receiving audience. The history and elements of urban legends, hoaxes, and chain communications are examined as underpinnings of deception strategies. The chapter then examines the evolution of these types of communications and how traditional urban myths and hoax communications, whether verbal or written, have gradually and effectively shifted to the online world. In the final section, the chapter discusses how attackers use these compelling story styles in computer-mediated communications to weaponize cyber attacks and scam, or otherwise deceive and exploit, human targets.

Asymmetric Warfare and Psyops: Nation State-Sponsored Cyber Attacks

This chapter describes the nature of asymmetric warfare on the Internet and how online deception plays a key role in psychological operations by both nation states and non-nation state actors. The role that the cyber domain plays in nationalism and nation state espionage is discussed and in particular China is held up as an example of how these concepts have evolved with the widespread use of the Internet. The role that the Internet plays in cover and concealment for non-nation state actors and their associated malicious online acts is also covered. Cyberwar at the nation state level is examined, and some of the unique characteristics of the concept of cyberwar are detailed. The chapter concludes with a look into the future of cyberwar and how relationships between non-nation state actors and nation states may change the face of hybrid conflict.

The Psychology of Deception

The basis of deception is misdirection —shaping the perceptions and beliefs of the target audience. This chapter begins by exploring some of the traditional deception methods used by magicians and how these techniques can be similarly leveraged by cyber threat actors to circumvent human defenses. In particular, the first section of the chapter provides a rich discussion about passive and active misdirection principles used in conjuring to effectively disguise, distract, and control attention. The chapter then transitions toward other weapons of deception used by magicians to deceive spectators, such as forcing (choice manipulation); suggestion and implication; false objectives; disarming presentation; and Gestalt principles, among others. The final section in the chapter turns to other cognitive and neuropsychological principles and strategies that are used to deceive and exploit psychological vulnerabilities.

Viral Influence: Deceptive Computing Attacks Through Persuasion

For over half a century researchers have scientifically studied persuasion and influence. The corpus of this research resulted in established theories and practices that are effectively used in a myriad of contexts where human relationships and factors are paramount. This chapter first explores traditional psychological influence concepts and techniques that are implemented across a broad spectrum of contexts, such as business, advertising, and political and military campaigns. The chapter then examines these principles through the lens of cyber attacks,where these precepts can be maliciously leveraged by cyber attackers to manipulate victims through elaborate deception narratives based upon exploiting heuristic cues to persuade and gain compliance. Finally the chapter looks at hoax viruses, scareware, “tech support scams,” and ransomware campaigns and the manner in which psychological influence strategies are weaponized in these attacks.

Phishing, Watering Holes, and Scareware

As victim organizations and users have become more cautious and aware of certain cyber attacks, cyber threat actors have developed new, creative methods to circumvent technical countermeasures and user vigilance. This chapter explores how attackers use deception strategies and techniques to skillfully circumvent human defenses. The chapter first looks at spear phishing, particularly through the lens of conjuring methods of misdirection and attention control. Later in the chapter the discussion turns to a burgeoning attack method— watering hole attacks , or strategic web compromises —which shifts the attack vector away from targeting victim communication platforms, particularly email, to compromising web servers. This section introduces the watering hole attack deception chain and examines attackers’ implementation of passive misdirection techniques and persuasive technology principles to deceive victims. The final section revisits and summarizes how certain deception techniques are used to initiate and perpetuate psychologically vectored cyber attacks.