diff --git a/AMITT_MASTER_DATA/AMITT_TTPs_MASTER.xlsx b/AMITT_MASTER_DATA/AMITT_TTPs_MASTER.xlsx index c79b2f8..207f3ec 100644 Binary files a/AMITT_MASTER_DATA/AMITT_TTPs_MASTER.xlsx and b/AMITT_MASTER_DATA/AMITT_TTPs_MASTER.xlsx differ diff --git a/HTML_GENERATING_CODE/test_new_code.ipynb b/HTML_GENERATING_CODE/test_new_code.ipynb index bab9fb6..e341849 100644 --- a/HTML_GENERATING_CODE/test_new_code.ipynb +++ b/HTML_GENERATING_CODE/test_new_code.ipynb @@ -16,44 +16,53 @@ "updated ../amitt_red_framework_clickable.html\n", "updated ../phases_index.md\n", "updated ../tactics_index.md\n", - "Updating ../tactics/TA02.md\n", "Updating ../tactics/TA03.md\n", "Updating ../tactics/TA04.md\n", - "Updating ../tactics/TA06.md\n", "updated ../techniques_index.md\n", - "Updating ../techniques/T0008.md\n", - "Updating ../techniques/T0014.md\n", - "Updating ../techniques/T0015.md\n", - "Updating ../techniques/T0017.md\n", - "Updating ../techniques/T0046.md\n", - "Updating ../techniques/T0047.md\n", - "Updating ../techniques/T0052.md\n", - "Updating ../techniques/T0055.md\n", + "Updating ../techniques/T0007.md\n", + "Updating ../techniques/T0011.md\n", + "Updating ../techniques/T0012.md\n", + "Updating ../techniques/T0048.md\n", "Updating ../techniques/T0057.md\n", "Updating ../techniques/T0061.md\n", "updated ../tasks_index.md\n", "updated ../incidents_index.md\n", "updated ../counters_index.md\n", - "Updating ../counters/C00028.md\n", - "Updating ../counters/C00032.md\n", - "Updating ../counters/C00060.md\n", - "Updating ../counters/C00070.md\n", - "Updating ../counters/C00164.md\n", - "Updating ../counters/C00207.md\n", - "Updating ../counters/C00222.md\n", + "Updating ../counters/.md\n", + "Updating ../counters/C00046.md\n", + "Updating ../counters/C00047.md\n", + "Updating ../counters/C00048.md\n", + "Updating ../counters/C00051.md\n", + "Updating ../counters/C00058.md\n", + "Updating ../counters/C00189.md\n", + "Updating ../counters/C00197.md\n", "updated ../metatechniques_index.md\n", + "Updating ../metatechniques/M001.md\n", + "Updating ../metatechniques/M003.md\n", + "Updating ../metatechniques/M004.md\n", "Updating ../metatechniques/M005.md\n", - "Updating ../metatechniques/M007.md\n", - "Updating ../metatechniques/M011.md\n", + "Updating ../metatechniques/M012.md\n", "Updating ../metatechniques/M013.md\n", "updated ../actors_index.md\n", - "Updating ../actors/A018.md\n", - "Updating ../actors/A020.md\n", - "Updating ../actors/A033.md\n", + "Updating ../actors/A004.md\n", + "Updating ../actors/A006.md\n", + "Updating ../actors/A031.md\n", "updated ../responsetype_index.md\n", - "updated ../detections_index.md\n", - "updated ../tactics_by_responsetype_table.md\n", - "updated ../metatechniques_by_responsetype_table.md\n" + "updated ../detections_index.md\n" + ] + }, + { + "ename": "KeyError", + "evalue": "''", + "output_type": "error", + "traceback": [ + "\u001b[0;31m---------------------------------------------------------------------------\u001b[0m", + "\u001b[0;31mKeyError\u001b[0m Traceback (most recent call last)", + "\u001b[0;32m\u001b[0m in \u001b[0;36m\u001b[0;34m\u001b[0m\n\u001b[1;32m 2\u001b[0m \u001b[0;32mfrom\u001b[0m \u001b[0mgenerate_amitt_ttps\u001b[0m \u001b[0;32mimport\u001b[0m \u001b[0mAmitt\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 3\u001b[0m \u001b[0mamitt\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0mAmitt\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0;32m----> 4\u001b[0;31m \u001b[0mamitt\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mgenerate_and_write_datafiles\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m", + "\u001b[0;32m~/Dropbox/SJT_Projects_current/CogSecCollab/CODE_AND_DATA/github_cogseccollab_AMITT/HTML_GENERATING_CODE/generate_amitt_ttps.py\u001b[0m in \u001b[0;36mgenerate_and_write_datafiles\u001b[0;34m(self)\u001b[0m\n\u001b[1;32m 778\u001b[0m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mwrite_object_indexes_to_file\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 779\u001b[0m \u001b[0;31m# Cross tables\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0;32m--> 780\u001b[0;31m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mwrite_responsetype_tactics_table_file\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m\u001b[1;32m 781\u001b[0m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mwrite_metatechniques_responsetype_table_file\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 782\u001b[0m \u001b[0;31m# FIXIT - this is just giving trouble today self.write_resources_responsetype_table_file()\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n", + "\u001b[0;32m~/Dropbox/SJT_Projects_current/CogSecCollab/CODE_AND_DATA/github_cogseccollab_AMITT/HTML_GENERATING_CODE/generate_amitt_ttps.py\u001b[0m in \u001b[0;36mwrite_responsetype_tactics_table_file\u001b[0;34m(self, outfile)\u001b[0m\n\u001b[1;32m 739\u001b[0m \u001b[0mcounts_table\u001b[0m\u001b[0;34m[\u001b[0m\u001b[0;34m'TOTALS'\u001b[0m\u001b[0;34m]\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0mcounts_table\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0msum\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0maxis\u001b[0m\u001b[0;34m=\u001b[0m\u001b[0;36m1\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 740\u001b[0m \u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0;32m--> 741\u001b[0;31m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mwrite_counts_table_to_file\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m'tactic'\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mtactics\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mcounts_table\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0moutfile\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m\u001b[1;32m 742\u001b[0m \u001b[0;32mreturn\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 743\u001b[0m \u001b[0;34m\u001b[0m\u001b[0m\n", + "\u001b[0;32m~/Dropbox/SJT_Projects_current/CogSecCollab/CODE_AND_DATA/github_cogseccollab_AMITT/HTML_GENERATING_CODE/generate_amitt_ttps.py\u001b[0m in \u001b[0;36mwrite_counts_table_to_file\u001b[0;34m(self, objectname, objectdict, counts_table, outfile)\u001b[0m\n\u001b[1;32m 712\u001b[0m \u001b[0;32mfor\u001b[0m \u001b[0mindex\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mcounts\u001b[0m \u001b[0;32min\u001b[0m \u001b[0mcounts_table\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0miterrows\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 713\u001b[0m html += '{1} {2}\\n'.format(\n\u001b[0;32m--> 714\u001b[0;31m objectname, index, objectdict[index])\n\u001b[0m\u001b[1;32m 715\u001b[0m \u001b[0;32mfor\u001b[0m \u001b[0mval\u001b[0m \u001b[0;32min\u001b[0m \u001b[0mcounts\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mvalues\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 716\u001b[0m \u001b[0mhtml\u001b[0m \u001b[0;34m+=\u001b[0m \u001b[0;34m'{}\\n'\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mformat\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0mval\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n", + "\u001b[0;31mKeyError\u001b[0m: ''" ] } ], diff --git a/actors/A004.md b/actors/A004.md index 8432534..e320d3c 100644 --- a/actors/A004.md +++ b/actors/A004.md @@ -9,8 +9,8 @@ | Counters | Response types | | -------- | -------------- | -| [C00043 Detect hijacked accounts and reallocate them ](../counters/C00043.md) | D3 Disrupt | | [C00052 Infiltrate platforms](../counters/C00052.md) | D4 Degrade | +| [C00197 remove suspicious accounts](../counters/C00197.md) | D2 Deny | DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW \ No newline at end of file diff --git a/actors/A006.md b/actors/A006.md index 127eeb1..01d178e 100644 --- a/actors/A006.md +++ b/actors/A006.md @@ -11,8 +11,7 @@ | -------- | -------------- | | [C00009 Educate high profile influencers on best practices](../counters/C00009.md) | D2 Deny | | [C00011 Media literacy. Games to identify fake news](../counters/C00011.md) | D2 Deny | -| [C00050 Anti-elicitation training](../counters/C00050.md) | D2 Deny | -| [C00051 Phishing prevention education etc](../counters/C00051.md) | D2 Deny | +| [C00051 Counter social engineering training](../counters/C00051.md) | D2 Deny | | [C00073 Inoculate populations through media literacy training](../counters/C00073.md) | D2 Deny | | [C00158 Use training to build the resilience of at-risk populations.](../counters/C00158.md) | D4 Degrade | | [C00188 Newsroom/Journalist training to counter SEO influence](../counters/C00188.md) | D3 Disrupt | diff --git a/actors/A031.md b/actors/A031.md index f241c61..00f6854 100644 --- a/actors/A031.md +++ b/actors/A031.md @@ -9,7 +9,6 @@ | Counters | Response types | | -------- | -------------- | -| [C00043 Detect hijacked accounts and reallocate them ](../counters/C00043.md) | D3 Disrupt | | [C00044 Keep people from posting to social media immediately](../counters/C00044.md) | D3 Disrupt | | [C00053 Delete old accounts / Remove unused social media accounts](../counters/C00053.md) | D4 Degrade | | [C00074 Identify identical content and mass deplatform](../counters/C00074.md) | D2 Deny | @@ -27,6 +26,7 @@ | [C00148 Add random links to network graphs](../counters/C00148.md) | D4 Degrade | | [C00171 social media content take-downs](../counters/C00171.md) | D2 Deny | | [C00172 social media page removal](../counters/C00172.md) | D2 Deny | +| [C00197 remove suspicious accounts](../counters/C00197.md) | D2 Deny | | [C00218 Censorship](../counters/C00218.md) | D2 Deny | diff --git a/amitt_blue_framework.md b/amitt_blue_framework.md index cf0f7ce..b60a93e 100644 --- a/amitt_blue_framework.md +++ b/amitt_blue_framework.md @@ -20,7 +20,7 @@ C00006 Charge for social media C00009 Educate high profile influencers on best practices C00034 Create more friction at account creation -C00050 Anti-elicitation training +C00047 Coordinated inauthentics C00063 Ban political microtargeting C00014 Real-time updates to fact-checking database C00097 Require use of verified identities to contribute to poll or comment @@ -33,8 +33,8 @@ C00008 Create shared fact-checking database C00011 Media literacy. Games to identify fake news -C00035 Friction -C00051 Phishing prevention education etc +C00036 Infiltrate the in-group to discredit leaders (divide) +C00052 Infiltrate platforms C00065 Ban political ads C00032 Hijack content and link to truth- based info (platform) C00098 Revocation of "verified" @@ -47,8 +47,8 @@ C00010 Enhanced privacy regulation for social media C00028 Make information provenance available -C00036 Infiltrate the in-group to discredit leaders (divide) -C00052 Infiltrate platforms +C00040 third party verification for people +C00053 Delete old accounts / Remove unused social media accounts C00066 Co-opt a hashtag and drown it out (hijack it back) C00071 Block source of pollution C00099 Strengthen verification methods @@ -61,8 +61,8 @@ C00012 Platform regulation C00029 Create fake website to issue counter narrative and counter narrative through physical merchandise -C00039 Standard reporting for false profiles -C00053 Delete old accounts / Remove unused social media accounts +C00042 Address truth contained in narratives +C00056 Get off social media C00067 Denigrate the recipient/ project (of online funding) C00072 Content censorship in non-relevant domains e.g. Pinterest antivax C00100 Hashtag jacking @@ -75,8 +75,8 @@ C00013 Rating framework for news C00030 Develop a compelling counter narrative (truth based) -C00040 third party verification for people -C00056 Get off social media +C00044 Keep people from posting to social media immediately +C00059 Verification of project before posting (counters funding campaigns) C00068 Expose online funding as fake C00074 Identify identical content and mass deplatform C00101 Create participant friction @@ -89,8 +89,8 @@ C00015 Reputation scores for social media users C00031 Dilute the core narrative - create multiple permutations, target / amplify -C00042 Address truth contained in narratives -C00058 Report crowdfunder as violator +C00046 Marginalise and discredit extremist groups +C00062 Free open library sources worldwide C00069 Mark clickbait visually C00075 normalise language C00102 Make repeat voting harder @@ -103,8 +103,8 @@ C00016 Censorship - not recommended C00060 Legal action against for-profit engagement factories -C00043 Detect hijacked accounts and reallocate them -C00059 Verification of project before posting (counters funding campaigns) +C00048 Name and Shame Influencers +C00162 collect data/map constellations of Russian“civil society”. Unravel/target the Potemkin villages C00216 Use advertiser controls to stem flow of funds to bad actors C00076 Prohibit images in political discourse channels C00103 Create a bot that engages / distract trolls @@ -117,8 +117,8 @@ C00017 Repair broken social connections C00070 Block access to disinformation resources -C00044 Keep people from posting to social media immediately -C00062 Free open library sources worldwide +C00051 Counter social engineering training + C00077 Active defence: replay "develop people" C00105 Buy more advertising than the adversary to shift influence and algorithms @@ -131,8 +131,8 @@ C00019 Reduce effect of division-enablers C00164 compatriot policy -C00045 S4d detection and re-allocation approaches -C00152 “name and shame” +C00058 Report crowdfunder as violator + C00078 Change Search Algorithms for Disinformation Content. More specifically, change image search algorithms for hate groups and extremists C00106 Click-bait centrist content @@ -145,8 +145,8 @@ C00021 Encourage in-person communication C00207 Run a competing disinformation campaign - not recommended -C00046 Marginalise and discredit extremist -C00162 collect data/map constellations of Russian“civil society”. Unravel/target the Potemkin villages +C00155 Ban incident actors from funding sites + C00079 Change search algorithms for hate and extremist queries to show content sympathetic to opposite side C00107 Content moderation @@ -159,7 +159,7 @@ C00022 Innoculate. Positive campaign to promote feeling of safety C00222 Tabletop simulations -C00047 Coordinated inauthentics +C00160 find and train influencers C00080 Create competing narrative @@ -173,7 +173,7 @@ C00024 Promote healthy narratives -C00048 Name and Shame +C00189 Ensure that platforms are taking down flagged accounts C00081 Discredit by pointing out the "noise" and informing public that "flooding" is a technique of disinformation campaigns; point out intended objective of "noise" @@ -187,7 +187,7 @@ C00026 Shore up democracy based messages -C00150 “calling them out” +C00197 remove suspicious accounts C00082 Ground truthing as automated response to pollution @@ -201,7 +201,7 @@ C00027 Create culture of civility -C00155 Ban incident actors from funding sites + C00084 Steal their truths @@ -215,7 +215,7 @@ C00073 Inoculate populations through media literacy training -C00160 find and train influencers + C00085 Demuting content @@ -229,7 +229,7 @@ C00153 Take pre-emptive action against actors' infrastructure -C00179 Identify, monitor, and, if necessary, target Russia-based nonattributed social media accounts + C00086 Distract from noise with addictive content @@ -243,7 +243,7 @@ C00159 Have a disinformation response plan -C00189 Ongoing analysis/monitoring of "flagged" profiles + C00087 Make more noise @@ -257,7 +257,7 @@ C00161 Coalition Building and Third-Party Inducements: -C00197 remove suspicious facebook accounts + C00088 Poison pill recasting of message diff --git a/counters/.md b/counters/.md new file mode 100644 index 0000000..be74856 --- /dev/null +++ b/counters/.md @@ -0,0 +1,28 @@ +# Counter : + +* **Summary**: + +* **Playbooks**: + +* **Metatechnique**: + +* **Resources needed:** + +* **Belongs to tactic stage**: + + +| Counters these Tactics | +| ---------------------- | + + + +| Counters these Techniques | +| ------------------------- | + + + +| Seen in incidents | +| ----------------- | + + +DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW \ No newline at end of file diff --git a/counters/C00046.md b/counters/C00046.md index a3f307f..87afc6d 100644 --- a/counters/C00046.md +++ b/counters/C00046.md @@ -1,6 +1,6 @@ -# Counter C00046: Marginalise and discredit extremist +# Counter C00046: Marginalise and discredit extremist groups -* **Summary**: Duplicate of "Name and Shame" - recommend removal. No, not quite. +* **Summary**: * **Playbooks**: diff --git a/counters/C00047.md b/counters/C00047.md index f4e600c..1d73f3f 100644 --- a/counters/C00047.md +++ b/counters/C00047.md @@ -8,7 +8,7 @@ * **Resources needed:** -* **Belongs to tactic stage**: TA03 +* **Belongs to tactic stage**: TA04 | Counters these Tactics | diff --git a/counters/C00048.md b/counters/C00048.md index 83d2a18..a510b9a 100644 --- a/counters/C00048.md +++ b/counters/C00048.md @@ -1,6 +1,6 @@ -# Counter C00048: Name and Shame +# Counter C00048: Name and Shame Influencers -* **Summary**: +* **Summary**: Think about the different levels: individual vs state-sponsored account. Includes “call them out” and “name and shame”. Note that USAID operations were at a different level. Identify social media accounts as sources of propaganda—“calling them out”— might be helpful to prevent the spread of their message to audiences that otherwise would consider them factual. USAID has been restructuring its programs to address predatory Chinese development projects and the information operations that support them. USAID’s new strategy has tailored programs to counter Chinese educational exchange programs and to support free and fair elections, youth empowerment, democratic governance, and free press. USAID’s Russia regional teams have also been compiling a strategy for Russia’s information operations. One strong point of USAID’s programming is a system of indicators and measurements for a country’s vulnerability to foreign influence and information operations. Identify, monitor, and, if necessary, target externally-based nonattributed social media accounts. Impact of and Dealing with Trolls - "Chatham House has observed that trolls also sometimes function as decoys, as a way of “keeping the infantry busy” that “aims to wear down the other side” (Lough et al., 2014). Another type of troll involves “false accounts posing as authoritative information sources on social media”. * **Playbooks**: Identify the accounts, the real person's name and shame them on social media. diff --git a/counters/C00051.md b/counters/C00051.md index 06a92bf..a9fad29 100644 --- a/counters/C00051.md +++ b/counters/C00051.md @@ -1,6 +1,6 @@ -# Counter C00051: Phishing prevention education etc +# Counter C00051: Counter social engineering training -* **Summary**: +* **Summary**: Includes anti-elicitation training, phishing prevention education. * **Playbooks**: @@ -8,7 +8,7 @@ * **Resources needed:** -* **Belongs to tactic stage**: TA04 +* **Belongs to tactic stage**: TA03 | Counters these Tactics | diff --git a/counters/C00058.md b/counters/C00058.md index 4991056..cd7b6ed 100644 --- a/counters/C00058.md +++ b/counters/C00058.md @@ -8,7 +8,7 @@ * **Resources needed:** -* **Belongs to tactic stage**: TA04 +* **Belongs to tactic stage**: TA03 | Counters these Tactics | diff --git a/counters/C00189.md b/counters/C00189.md index 58026cb..5a90bed 100644 --- a/counters/C00189.md +++ b/counters/C00189.md @@ -1,6 +1,6 @@ -# Counter C00189: Ongoing analysis/monitoring of "flagged" profiles +# Counter C00189: Ensure that platforms are taking down flagged accounts -* **Summary**: Confirm whether platforms are actively removing flagged accounts, and raise pressure via e.g. government organizations to encourage removal +* **Summary**: Use ongoing analysis/monitoring of "flagged" profiles. Confirm whether platforms are actively removing flagged accounts, and raise pressure via e.g. government organizations to encourage removal * **Playbooks**: diff --git a/counters/C00197.md b/counters/C00197.md index f9fb3bf..886a13e 100644 --- a/counters/C00197.md +++ b/counters/C00197.md @@ -1,12 +1,30 @@ -# Counter C00197: remove suspicious facebook accounts +# Counter C00197: remove suspicious accounts -* **Summary**: +* **Summary**: Standard reporting for false profiles (identity issues). Includes detecting hijacked accounts and reallocating them - if possible, back to original owners. -* **Playbooks**: +* **Playbooks**: Playbook 1: Create a standard reporting format and method for social platforms for reporting false accounts. +Playbook 2: +- Is the account compromised? +- Is it known to be associated with threat actors +- common/random name +- Names violate terms of service +- Dormant account +- Change of country IP +- Social network growth patterns (number of friends etc) +- Evidence of linguistic artifacts (multiple fingerprints, terms/idiosyncrasies ) +- Community vs. narrative vs. individuals +Playbook 3: Report suspected bots. +- Report ToS violations. +- In all playbooks the platform must force user verification, credential reset and enable MFA. Suspend the account if it cannot be verified. +Playbook 1: Use sites like https://haveibeenpwned.com to detect compromised and at risk user accounts. +Playbook 2: Monitor for unusual account usage (use of VPN, new geographic location, unusual usage hours, etc). +Playbook 3: Detect sudden deviation in user sentiment such as suddenly dropping hashtags linked to extremist content. +Playbook 4: Purchase "likes", "retweets" and other vehicles which identify a bot and/or hijacked account. Ban the account. +Playbook 5: Detect hijacked account and spam their posts. "OP is a known disinformation bot. http://link.to.proof[.]com" * **Metatechnique**: M005 - removal -* **Resources needed:** +* **Resources needed:** R003 - money * **Belongs to tactic stage**: TA03 @@ -18,6 +36,8 @@ | Counters these Techniques | | ------------------------- | +| [T0007 Create fake Social Media Profiles / Pages / Groups](../techniques/T0007.md) | +| [T0011 Hijack legitimate account](../techniques/T0011.md) | diff --git a/counters_index.md b/counters_index.md index 845cc11..3140dce 100644 --- a/counters_index.md +++ b/counters_index.md @@ -196,14 +196,6 @@ This could be used to adjust upvote weight via a trust factor of people and orga D2 Deny -C00035 -Friction - -M004 - friction -TA03 Develop People -D2 Deny - - C00036 Infiltrate the in-group to discredit leaders (divide) All of these would be highly affected by infiltration or false-claims of infiltration. @@ -212,14 +204,6 @@ This could be used to adjust upvote weight via a trust factor of people and orga D2 Deny -C00039 -Standard reporting for false profiles -Deplatform. Reporting fake profiles is the only solution (identity issues). Only resolution -M005 - removal -TA03 Develop People -D2 Deny - - C00040 third party verification for people counters fake experts @@ -236,14 +220,6 @@ This could be used to adjust upvote weight via a trust factor of people and orga D3 Disrupt -C00043 -Detect hijacked accounts and reallocate them - -M012 - cleaning -TA03 Develop People -D3 Disrupt - - C00044 Keep people from posting to social media immediately My interpretation is that this is method would be used to slow down activities or force a small delay between posts or replies to new posts. @@ -252,17 +228,9 @@ This could be used to adjust upvote weight via a trust factor of people and orga D3 Disrupt -C00045 -S4d detection and re-allocation approaches -What's S4D? -M004 - friction -TA03 Develop People -D3 Disrupt - - C00046 -Marginalise and discredit extremist -Duplicate of "Name and Shame" - recommend removal. No, not quite. +Marginalise and discredit extremist groups + M013 - targeting TA03 Develop People D4 Degrade @@ -272,31 +240,23 @@ This could be used to adjust upvote weight via a trust factor of people and orga Coordinated inauthentics M008 - data pollution -TA03 Develop People +TA04 Develop Networks D5 Deceive C00048 -Name and Shame - +Name and Shame Influencers +Think about the different levels: individual vs state-sponsored account. Includes “call them out” and “name and shame”. Note that USAID operations were at a different level. Identify social media accounts as sources of propaganda—“calling them out”— might be helpful to prevent the spread of their message to audiences that otherwise would consider them factual. USAID has been restructuring its programs to address predatory Chinese development projects and the information operations that support them. USAID’s new strategy has tailored programs to counter Chinese educational exchange programs and to support free and fair elections, youth empowerment, democratic governance, and free press. USAID’s Russia regional teams have also been compiling a strategy for Russia’s information operations. One strong point of USAID’s programming is a system of indicators and measurements for a country’s vulnerability to foreign influence and information operations. Identify, monitor, and, if necessary, target externally-based nonattributed social media accounts. Impact of and Dealing with Trolls - "Chatham House has observed that trolls also sometimes function as decoys, as a way of “keeping the infantry busy” that “aims to wear down the other side” (Lough et al., 2014). Another type of troll involves “false accounts posing as authoritative information sources on social media”. M003 - daylight TA03 Develop People D7 Deter -C00050 -Anti-elicitation training - -M001 - resilience -TA04 Develop Networks -D2 Deny - - C00051 -Phishing prevention education etc - +Counter social engineering training +Includes anti-elicitation training, phishing prevention education. M001 - resilience -TA04 Develop Networks +TA03 Develop People D2 Deny @@ -328,7 +288,7 @@ This could be used to adjust upvote weight via a trust factor of people and orga Report crowdfunder as violator counters crowdfunding M005 - removal -TA04 Develop Networks +TA03 Develop People D2 Deny @@ -1005,14 +965,6 @@ Note: This sounds eerlily like many Reddit communities where the most upvoted co D4 Degrade -C00150 -“calling them out” -Identify social media accounts as sources of propaganda—“calling them out”— might be helpful to prevent the spread of their message to audiences that otherwise would consider them factual -M003 - daylight -TA03 Develop People -D2 Deny - - C00151 “fight in the light” Use leadership in the arts, entertainment, and media to highlight and build on fundamental tenets of democracy. @@ -1021,14 +973,6 @@ Note: This sounds eerlily like many Reddit communities where the most upvoted co D3 Disrupt -C00152 -“name and shame” -USAID has been restructuring its programs to address predatory Chinese development projects and the information operations that support them. USAID’s new strategy has tailored programs to counter Chinese educational exchange programs and to support free and fair elections, youth empowerment, democratic governance, and free press. USAID’s Russia regional teams have also been compiling a strategy for Russia’s information operations. One strong point of USAID’s programming is a system of indicators and measurements for a country’s vulnerability to foreign influence and information operations -M003 - daylight -TA04 Develop Networks -D2 Deny - - C00153 Take pre-emptive action against actors' infrastructure Align offensive cyber action with information operations and counter disinformation approaches, where appropriate. @@ -1181,14 +1125,6 @@ Note: This sounds eerlily like many Reddit communities where the most upvoted co D3 Disrupt -C00179 -Identify, monitor, and, if necessary, target Russia-based nonattributed social media accounts -Impact of and Dealing with Trolls - "Chatham House has observed that trolls also sometimes function as decoys, as a way of “keeping the infantry busy” that “aims to wear down the other side” (Lough et al., 2014). Another type of troll involves “false accounts posing as authoritative information sources on social media," -M005 - removal -TA03 Develop People -D3 Disrupt - - C00182 malware detection/quarantine/deletion (2015) Trustwave reported that a Bedep Trojan malware kit had begun infecting machines and forcing them to browse certain sites, artificially inflating traffic to a set of pro-Russia @@ -1214,8 +1150,8 @@ Note: This sounds eerlily like many Reddit communities where the most upvoted co C00189 -Ongoing analysis/monitoring of "flagged" profiles -Confirm whether platforms are actively removing flagged accounts, and raise pressure via e.g. government organizations to encourage removal +Ensure that platforms are taking down flagged accounts +Use ongoing analysis/monitoring of "flagged" profiles. Confirm whether platforms are actively removing flagged accounts, and raise pressure via e.g. government organizations to encourage removal M003 - daylight TA03 Develop People D6 Destroy @@ -1262,8 +1198,8 @@ Note: This sounds eerlily like many Reddit communities where the most upvoted co C00197 -remove suspicious facebook accounts - +remove suspicious accounts +Standard reporting for false profiles (identity issues). Includes detecting hijacked accounts and reallocating them - if possible, back to original owners. M005 - removal TA03 Develop People D2 Deny diff --git a/detections_index.md b/detections_index.md index 0618556..4a06603 100644 --- a/detections_index.md +++ b/detections_index.md @@ -744,7 +744,7 @@ Intent: judgement of adversarial intent to conduct gray zone activity. Indeed, t Partner to develop analytic methods & tools This might include working with relevant technology firms to ensure that contracted analytic support is available. Contracted support is reportedly valuable because technology to monitor social media data is continually evolving, and such firms can provide the expertise to help identify and analyze trends, and they can more effectively stay abreast of the changing systems and develop new models as they are required - +TA01 Strategic Planning D1 Detect @@ -752,7 +752,15 @@ Intent: judgement of adversarial intent to conduct gray zone activity. Indeed, t daylight Warn social media companies about an ongoing campaign (e.g. antivax sites). Anyone with datasets or data summaries can help with this -TA09 +TA09 Exposure D1 Detect + +F00093 +S4d detection and re-allocation approaches +S4D is a way to separate out different speakers in text, audio. +M004 - friction +TA03 Develop People +D3 Disrupt + diff --git a/generated_csvs/counters_tactics_table.csv b/generated_csvs/counters_tactics_table.csv index feb1863..f49e1df 100644 --- a/generated_csvs/counters_tactics_table.csv +++ b/generated_csvs/counters_tactics_table.csv @@ -1,23 +1,23 @@ P01,P01,P02,P02,P02,P02,P02,P03,P03,P03,P03,P04 TA01,TA02,TA03,TA04,TA05,TA06,TA07,TA08,TA09,TA10,TA11,TA12 -C00006,C00009,C00034,C00050,C00063,C00014,C00097,C00112,C00122,C00129,C00131,C00147 -C00008,C00011,C00035,C00051,C00065,C00032,C00098,C00113,C00123,C00130,C00133,C00148 -C00010,C00028,C00036,C00052,C00066,C00071,C00099,C00114,C00124,,C00135,C00149 -C00012,C00029,C00039,C00053,C00067,C00072,C00100,C00115,C00125,,C00136, -C00013,C00030,C00040,C00056,C00068,C00074,C00101,C00116,C00126,,C00137, -C00015,C00031,C00042,C00058,C00069,C00075,C00102,C00117,C00128,,C00138, -C00016,C00060,C00043,C00059,C00216,C00076,C00103,C00118,C00151,,C00139, -C00017,C00070,C00044,C00062,,C00077,C00105,C00119,C00156,,C00140, -C00019,C00164,C00045,C00152,,C00078,C00106,C00120,C00158,,C00141, -C00021,C00207,C00046,C00162,,C00079,C00107,C00121,C00169,,C00142, -C00022,C00222,C00047,,,C00080,C00109,C00154,C00178,,C00143, -C00024,,C00048,,,C00081,C00110,C00188,C00182,,C00144, -C00026,,C00150,,,C00082,C00111,C00193,C00184,,C00145, -C00027,,C00155,,,C00084,C00195,C00203,C00190,,, -C00073,,C00160,,,C00085,C00196,C00204,C00194,,, -C00153,,C00179,,,C00086,C00214,,C00200,,, -C00159,,C00189,,,C00087,C00215,,C00211,,, -C00161,,C00197,,,C00088,C00217,,C00212,,, +C00006,C00009,C00034,C00047,C00063,C00014,C00097,C00112,C00122,C00129,C00131,C00147 +C00008,C00011,C00036,C00052,C00065,C00032,C00098,C00113,C00123,C00130,C00133,C00148 +C00010,C00028,C00040,C00053,C00066,C00071,C00099,C00114,C00124,,C00135,C00149 +C00012,C00029,C00042,C00056,C00067,C00072,C00100,C00115,C00125,,C00136, +C00013,C00030,C00044,C00059,C00068,C00074,C00101,C00116,C00126,,C00137, +C00015,C00031,C00046,C00062,C00069,C00075,C00102,C00117,C00128,,C00138, +C00016,C00060,C00048,C00162,C00216,C00076,C00103,C00118,C00151,,C00139, +C00017,C00070,C00051,,,C00077,C00105,C00119,C00156,,C00140, +C00019,C00164,C00058,,,C00078,C00106,C00120,C00158,,C00141, +C00021,C00207,C00155,,,C00079,C00107,C00121,C00169,,C00142, +C00022,C00222,C00160,,,C00080,C00109,C00154,C00178,,C00143, +C00024,,C00189,,,C00081,C00110,C00188,C00182,,C00144, +C00026,,C00197,,,C00082,C00111,C00193,C00184,,C00145, +C00027,,,,,C00084,C00195,C00203,C00190,,, +C00073,,,,,C00085,C00196,C00204,C00194,,, +C00153,,,,,C00086,C00214,,C00200,,, +C00159,,,,,C00087,C00215,,C00211,,, +C00161,,,,,C00088,C00217,,C00212,,, C00170,,,,,C00089,,,C00218,,, C00174,,,,,C00090,,,,,, C00176,,,,,C00091,,,,,, diff --git a/metatechniques/M001.md b/metatechniques/M001.md index 1beb1d5..86e4b32 100644 --- a/metatechniques/M001.md +++ b/metatechniques/M001.md @@ -7,8 +7,7 @@ | -------- | -------------- | | [C00009 Educate high profile influencers on best practices](../counters/C00009.md) | D2 Deny | | [C00011 Media literacy. Games to identify fake news](../counters/C00011.md) | D2 Deny | -| [C00050 Anti-elicitation training](../counters/C00050.md) | D2 Deny | -| [C00051 Phishing prevention education etc](../counters/C00051.md) | D2 Deny | +| [C00051 Counter social engineering training](../counters/C00051.md) | D2 Deny | | [C00073 Inoculate populations through media literacy training](../counters/C00073.md) | D2 Deny | | [C00160 find and train influencers](../counters/C00160.md) | D2 Deny | | [C00204 Strengthen local media](../counters/C00204.md) | D2 Deny | diff --git a/metatechniques/M003.md b/metatechniques/M003.md index eeb8a3f..3d75d66 100644 --- a/metatechniques/M003.md +++ b/metatechniques/M003.md @@ -8,8 +8,6 @@ | [C00113 Debunk and defuse a fake expert / credentials. Attack audience quality of fake expert](../counters/C00113.md) | D2 Deny | | [C00115 Expose actor and intentions](../counters/C00115.md) | D2 Deny | | [C00116 Provide proof of involvement](../counters/C00116.md) | D2 Deny | -| [C00150 “calling them out”](../counters/C00150.md) | D2 Deny | -| [C00152 “name and shame”](../counters/C00152.md) | D2 Deny | | [C00217 Registries alert when large batches of newsy URLs get registered together](../counters/C00217.md) | D2 Deny | | [C00019 Reduce effect of division-enablers](../counters/C00019.md) | D3 Disrupt | | [C00068 Expose online funding as fake](../counters/C00068.md) | D3 Disrupt | @@ -20,8 +18,8 @@ | [C00219 Add metadata to content - out of the control of the adversary](../counters/C00219.md) | D3 Disrupt | | [C00085 Demuting content](../counters/C00085.md) | D4 Degrade | | [C00184 Media exposure](../counters/C00184.md) | D4 Degrade | -| [C00189 Ongoing analysis/monitoring of "flagged" profiles](../counters/C00189.md) | D6 Destroy | -| [C00048 Name and Shame](../counters/C00048.md) | D7 Deter | +| [C00189 Ensure that platforms are taking down flagged accounts](../counters/C00189.md) | D6 Destroy | +| [C00048 Name and Shame Influencers](../counters/C00048.md) | D7 Deter | | [C00094 Force full disclosure on corporate sponsor of research](../counters/C00094.md) | D7 Deter | diff --git a/metatechniques/M004.md b/metatechniques/M004.md index 6674581..c741cf7 100644 --- a/metatechniques/M004.md +++ b/metatechniques/M004.md @@ -8,7 +8,6 @@ | [C00006 Charge for social media](../counters/C00006.md) | D2 Deny | | [C00010 Enhanced privacy regulation for social media](../counters/C00010.md) | D2 Deny | | [C00034 Create more friction at account creation](../counters/C00034.md) | D2 Deny | -| [C00035 Friction](../counters/C00035.md) | D2 Deny | | [C00056 Get off social media](../counters/C00056.md) | D2 Deny | | [C00097 Require use of verified identities to contribute to poll or comment](../counters/C00097.md) | D2 Deny | | [C00098 Revocation of "verified"](../counters/C00098.md) | D2 Deny | @@ -19,7 +18,6 @@ | [C00122 Content moderation. Censorship?](../counters/C00122.md) | D2 Deny | | [C00165 Limit access to alterable documents](../counters/C00165.md) | D2 Deny | | [C00044 Keep people from posting to social media immediately](../counters/C00044.md) | D3 Disrupt | -| [C00045 S4d detection and re-allocation approaches](../counters/C00045.md) | D3 Disrupt | | [C00123 Bot control](../counters/C00123.md) | D3 Disrupt | | [C00124 Don't feed the trolls](../counters/C00124.md) | D3 Disrupt | | [C00139 Weaponise youtube content matrices](../counters/C00139.md) | D3 Disrupt | diff --git a/metatechniques/M005.md b/metatechniques/M005.md index b749bad..09ed622 100644 --- a/metatechniques/M005.md +++ b/metatechniques/M005.md @@ -5,7 +5,6 @@ | Counters | Response types | | -------- | -------------- | -| [C00039 Standard reporting for false profiles](../counters/C00039.md) | D2 Deny | | [C00058 Report crowdfunder as violator](../counters/C00058.md) | D2 Deny | | [C00063 Ban political microtargeting](../counters/C00063.md) | D2 Deny | | [C00070 Block access to disinformation resources](../counters/C00070.md) | D2 Deny | @@ -18,12 +17,11 @@ | [C00171 social media content take-downs](../counters/C00171.md) | D2 Deny | | [C00172 social media page removal](../counters/C00172.md) | D2 Deny | | [C00182 malware detection/quarantine/deletion](../counters/C00182.md) | D2 Deny | -| [C00197 remove suspicious facebook accounts](../counters/C00197.md) | D2 Deny | +| [C00197 remove suspicious accounts](../counters/C00197.md) | D2 Deny | | [C00218 Censorship](../counters/C00218.md) | D2 Deny | | [C00065 Ban political ads](../counters/C00065.md) | D3 Disrupt | | [C00133 Deplatform Account*](../counters/C00133.md) | D3 Disrupt | | [C00135 Deplatform message groups and/or message boards](../counters/C00135.md) | D3 Disrupt | -| [C00179 Identify, monitor, and, if necessary, target Russia-based nonattributed social media accounts ](../counters/C00179.md) | D3 Disrupt | diff --git a/metatechniques/M012.md b/metatechniques/M012.md index 97f0740..739a721 100644 --- a/metatechniques/M012.md +++ b/metatechniques/M012.md @@ -7,7 +7,6 @@ | -------- | -------------- | | [C00016 Censorship - not recommended](../counters/C00016.md) | D2 Deny | | [C00074 Identify identical content and mass deplatform](../counters/C00074.md) | D2 Deny | -| [C00043 Detect hijacked accounts and reallocate them ](../counters/C00043.md) | D3 Disrupt | | [C00053 Delete old accounts / Remove unused social media accounts](../counters/C00053.md) | D4 Degrade | diff --git a/metatechniques/M013.md b/metatechniques/M013.md index d8ad9eb..56a502b 100644 --- a/metatechniques/M013.md +++ b/metatechniques/M013.md @@ -12,7 +12,7 @@ | [C00153 Take pre-emptive action against actors' infrastructure](../counters/C00153.md) | D3 Disrupt | | [C00162 collect data/map constellations of Russian“civil society”. Unravel/target the Potemkin villages](../counters/C00162.md) | D3 Disrupt | | [C00164 compatriot policy](../counters/C00164.md) | D3 Disrupt | -| [C00046 Marginalise and discredit extremist](../counters/C00046.md) | D4 Degrade | +| [C00046 Marginalise and discredit extremist groups](../counters/C00046.md) | D4 Degrade | | [C00052 Infiltrate platforms](../counters/C00052.md) | D4 Degrade | | [C00143 (botnet) DMCA takedown requests to waste group time](../counters/C00143.md) | D4 Degrade | | [C00207 Run a competing disinformation campaign - not recommended](../counters/C00207.md) | D7 Deter | diff --git a/metatechniques_by_responsetype_table.md b/metatechniques_by_responsetype_table.md index 9a55277..b02e78f 100644 --- a/metatechniques_by_responsetype_table.md +++ b/metatechniques_by_responsetype_table.md @@ -11,13 +11,13 @@ D7 Deter TOTALS M001 resilience -8 +7 6 5 0 0 4 -23 +22 M002 diversion @@ -31,33 +31,33 @@ M003 daylight -6 +4 7 2 0 1 2 -18 +16 M004 friction -13 -7 +12 +6 5 0 0 0 -25 +23 M005 removal -15 -4 +14 +3 0 0 0 0 -19 +17 M006 scoring @@ -122,12 +122,12 @@ M012 cleaning 2 -1 +0 1 0 0 0 -4 +3 M013 targeting @@ -151,12 +151,12 @@ TOTALS -59 -66 +54 +63 28 4 2 14 -173 +165 diff --git a/tactics/TA03.md b/tactics/TA03.md index 1443ae5..c5a25a4 100644 --- a/tactics/TA03.md +++ b/tactics/TA03.md @@ -26,23 +26,18 @@ | Counters | Response types | | -------- | -------------- | | [C00034 Create more friction at account creation](../counters/C00034.md) | D2 Deny | -| [C00035 Friction](../counters/C00035.md) | D2 Deny | | [C00036 Infiltrate the in-group to discredit leaders (divide)](../counters/C00036.md) | D2 Deny | -| [C00039 Standard reporting for false profiles](../counters/C00039.md) | D2 Deny | | [C00040 third party verification for people](../counters/C00040.md) | D2 Deny | -| [C00150 “calling them out”](../counters/C00150.md) | D2 Deny | +| [C00051 Counter social engineering training](../counters/C00051.md) | D2 Deny | +| [C00058 Report crowdfunder as violator](../counters/C00058.md) | D2 Deny | | [C00155 Ban incident actors from funding sites](../counters/C00155.md) | D2 Deny | | [C00160 find and train influencers](../counters/C00160.md) | D2 Deny | -| [C00197 remove suspicious facebook accounts](../counters/C00197.md) | D2 Deny | +| [C00197 remove suspicious accounts](../counters/C00197.md) | D2 Deny | | [C00042 Address truth contained in narratives](../counters/C00042.md) | D3 Disrupt | -| [C00043 Detect hijacked accounts and reallocate them ](../counters/C00043.md) | D3 Disrupt | | [C00044 Keep people from posting to social media immediately](../counters/C00044.md) | D3 Disrupt | -| [C00045 S4d detection and re-allocation approaches](../counters/C00045.md) | D3 Disrupt | -| [C00179 Identify, monitor, and, if necessary, target Russia-based nonattributed social media accounts ](../counters/C00179.md) | D3 Disrupt | -| [C00046 Marginalise and discredit extremist](../counters/C00046.md) | D4 Degrade | -| [C00047 Coordinated inauthentics](../counters/C00047.md) | D5 Deceive | -| [C00189 Ongoing analysis/monitoring of "flagged" profiles](../counters/C00189.md) | D6 Destroy | -| [C00048 Name and Shame](../counters/C00048.md) | D7 Deter | +| [C00046 Marginalise and discredit extremist groups](../counters/C00046.md) | D4 Degrade | +| [C00189 Ensure that platforms are taking down flagged accounts](../counters/C00189.md) | D6 Destroy | +| [C00048 Name and Shame Influencers](../counters/C00048.md) | D7 Deter | DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW \ No newline at end of file diff --git a/tactics/TA04.md b/tactics/TA04.md index ba12e89..e33691f 100644 --- a/tactics/TA04.md +++ b/tactics/TA04.md @@ -27,15 +27,12 @@ | Counters | Response types | | -------- | -------------- | -| [C00050 Anti-elicitation training](../counters/C00050.md) | D2 Deny | -| [C00051 Phishing prevention education etc](../counters/C00051.md) | D2 Deny | | [C00056 Get off social media](../counters/C00056.md) | D2 Deny | -| [C00058 Report crowdfunder as violator](../counters/C00058.md) | D2 Deny | | [C00059 Verification of project before posting (counters funding campaigns)](../counters/C00059.md) | D2 Deny | -| [C00152 “name and shame”](../counters/C00152.md) | D2 Deny | | [C00162 collect data/map constellations of Russian“civil society”. Unravel/target the Potemkin villages](../counters/C00162.md) | D3 Disrupt | | [C00052 Infiltrate platforms](../counters/C00052.md) | D4 Degrade | | [C00053 Delete old accounts / Remove unused social media accounts](../counters/C00053.md) | D4 Degrade | +| [C00047 Coordinated inauthentics](../counters/C00047.md) | D5 Deceive | | [C00062 Free open library sources worldwide](../counters/C00062.md) | D6 Destroy | diff --git a/tactics_by_responsetype_table.md b/tactics_by_responsetype_table.md index 2a82d0b..a8eab3c 100644 --- a/tactics_by_responsetype_table.md +++ b/tactics_by_responsetype_table.md @@ -31,23 +31,23 @@ TA03 Develop People -9 -5 +8 +2 +1 +0 1 1 -1 -1 -18 +13 TA04 Develop Networks -6 +2 1 2 -0 +1 1 0 -10 +7 TA05 Microtargeting @@ -131,12 +131,12 @@ TOTALS -59 -66 +54 +63 28 4 2 14 -173 +165 diff --git a/techniques/T0007.md b/techniques/T0007.md index fe3079c..6964f76 100644 --- a/techniques/T0007.md +++ b/techniques/T0007.md @@ -26,9 +26,9 @@ Examples: Ukraine elections (2019) circumvent Facebook’s new safeguards by pay | -------- | -------------- | | [C00012 Platform regulation](../counters/C00012.md) | D2 Deny | | [C00036 Infiltrate the in-group to discredit leaders (divide)](../counters/C00036.md) | D2 Deny | -| [C00039 Standard reporting for false profiles](../counters/C00039.md) | D2 Deny | | [C00133 Deplatform Account*](../counters/C00133.md) | D3 Disrupt | | [C00135 Deplatform message groups and/or message boards](../counters/C00135.md) | D3 Disrupt | +| [C00197 remove suspicious accounts](../counters/C00197.md) | D2 Deny | DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW \ No newline at end of file diff --git a/techniques/T0011.md b/techniques/T0011.md index cec066d..6e23003 100644 --- a/techniques/T0011.md +++ b/techniques/T0011.md @@ -13,11 +13,10 @@ | Counters | Response types | | -------- | -------------- | -| [C00043 Detect hijacked accounts and reallocate them ](../counters/C00043.md) | D3 Disrupt | -| [C00045 S4d detection and re-allocation approaches](../counters/C00045.md) | D3 Disrupt | | [C00053 Delete old accounts / Remove unused social media accounts](../counters/C00053.md) | D4 Degrade | | [C00133 Deplatform Account*](../counters/C00133.md) | D3 Disrupt | | [C00135 Deplatform message groups and/or message boards](../counters/C00135.md) | D3 Disrupt | +| [C00197 remove suspicious accounts](../counters/C00197.md) | D2 Deny | DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW \ No newline at end of file diff --git a/techniques/T0012.md b/techniques/T0012.md index 743ab33..79332c9 100644 --- a/techniques/T0012.md +++ b/techniques/T0012.md @@ -14,8 +14,7 @@ Example is 2016 @TEN_GOP profile where the actual Tennessee Republican Party tri | Counters | Response types | | -------- | -------------- | -| [C00050 Anti-elicitation training](../counters/C00050.md) | D2 Deny | -| [C00051 Phishing prevention education etc](../counters/C00051.md) | D2 Deny | +| [C00051 Counter social engineering training](../counters/C00051.md) | D2 Deny | | [C00052 Infiltrate platforms](../counters/C00052.md) | D4 Degrade | | [C00073 Inoculate populations through media literacy training](../counters/C00073.md) | D2 Deny | diff --git a/techniques/T0048.md b/techniques/T0048.md index 260860a..3f85b5e 100644 --- a/techniques/T0048.md +++ b/techniques/T0048.md @@ -15,7 +15,7 @@ | -------- | -------------- | | [C00012 Platform regulation](../counters/C00012.md) | D2 Deny | | [C00027 Create culture of civility](../counters/C00027.md) | D7 Deter | -| [C00048 Name and Shame](../counters/C00048.md) | D7 Deter | +| [C00048 Name and Shame Influencers](../counters/C00048.md) | D7 Deter | | [C00093 Establish tailored code of conduct for individuals with many followers](../counters/C00093.md) | D7 Deter | | [C00115 Expose actor and intentions](../counters/C00115.md) | D2 Deny | diff --git a/techniques/T0057.md b/techniques/T0057.md index 9af4111..38f5b32 100644 --- a/techniques/T0057.md +++ b/techniques/T0057.md @@ -17,7 +17,7 @@ | Counters | Response types | | -------- | -------------- | | [C00036 Infiltrate the in-group to discredit leaders (divide)](../counters/C00036.md) | D2 Deny | -| [C00048 Name and Shame](../counters/C00048.md) | D7 Deter | +| [C00048 Name and Shame Influencers](../counters/C00048.md) | D7 Deter | | [C00070 Block access to disinformation resources](../counters/C00070.md) | D2 Deny | | [C00088 Poison pill recasting of message](../counters/C00088.md) | D4 Degrade | | [C00129 Use banking to cut off access ](../counters/C00129.md) | D2 Deny | diff --git a/techniques/T0061.md b/techniques/T0061.md index cfb967a..ecb758f 100644 --- a/techniques/T0061.md +++ b/techniques/T0061.md @@ -12,7 +12,7 @@ | Counters | Response types | | -------- | -------------- | -| [C00048 Name and Shame](../counters/C00048.md) | D7 Deter | +| [C00048 Name and Shame Influencers](../counters/C00048.md) | D7 Deter | | [C00067 Denigrate the recipient/ project (of online funding)](../counters/C00067.md) | D3 Disrupt | | [C00068 Expose online funding as fake](../counters/C00068.md) | D3 Disrupt | | [C00070 Block access to disinformation resources](../counters/C00070.md) | D2 Deny |