locsec/AMITT
1
Форкнуть 0
Код Задачи Запросы на слияние Действия Пакеты Проекты Релизы Вики Активность

merged AMITT framework and AMITT countermeasures repos

Просмотр исходного кода
Этот коммит содержится в:
SJ Terp 2020-12-13 13:00:29 +00:00
Коммит 5135bf5a45
268 изменённых файлов: 12022 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

Двоичные данные
.DS_Store поставляемый Обычный файл
Просмотреть файл

Двоичный файл не отображается.

Двоичные данные
AMITT logo v03.png Обычный файл
Просмотреть файл

Двоичный файл не отображается.
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 41 KiB

65
AMITT logo v03.svg Обычный файл
Просмотреть файл

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="100%" height="100%" viewBox="0 0 1280 505" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
<g transform="matrix(0.970138,0,0,0.970138,-1714.59,-1704.76)">
<g transform="matrix(4.96962,0,0,4.96962,-9950.2,-1795.83)">
<g transform="matrix(53.6594,0,0,53.6594,2362.77,819.165)">
<path d="M0.594,-0.388C0.573,-0.388 0.554,-0.382 0.539,-0.37C0.523,-0.358 0.51,-0.345 0.501,-0.332C0.503,-0.32 0.505,-0.307 0.506,-0.294C0.507,-0.28 0.508,-0.266 0.508,-0.253L0.508,0L0.371,0L0.371,-0.254C0.371,-0.299 0.365,-0.333 0.352,-0.355C0.339,-0.377 0.318,-0.388 0.288,-0.388C0.267,-0.388 0.25,-0.383 0.237,-0.374C0.223,-0.365 0.211,-0.354 0.202,-0.341L0.202,0L0.065,0L0.065,-0.487L0.197,-0.487L0.197,-0.421C0.213,-0.447 0.233,-0.466 0.258,-0.479C0.283,-0.491 0.31,-0.497 0.339,-0.497C0.373,-0.497 0.401,-0.489 0.423,-0.474C0.445,-0.459 0.463,-0.438 0.476,-0.413C0.498,-0.444 0.523,-0.465 0.55,-0.478C0.577,-0.491 0.608,-0.497 0.642,-0.497C0.673,-0.497 0.7,-0.491 0.722,-0.479C0.743,-0.466 0.761,-0.449 0.775,-0.427C0.788,-0.405 0.798,-0.379 0.805,-0.35C0.811,-0.32 0.814,-0.288 0.814,-0.253L0.814,0L0.677,0L0.677,-0.254C0.677,-0.299 0.671,-0.333 0.658,-0.355C0.645,-0.377 0.624,-0.388 0.594,-0.388Z" style="fill:rgb(1,98,153);fill-rule:nonzero;"/>
</g>
<g transform="matrix(53.6594,0,0,53.6594,2409.67,819.165)">
<path d="M0.065,0L0.065,-0.487L0.202,-0.487L0.202,0L0.065,0ZM0.054,-0.629C0.054,-0.651 0.061,-0.67 0.076,-0.685C0.091,-0.7 0.11,-0.708 0.133,-0.708C0.156,-0.708 0.175,-0.7 0.191,-0.685C0.206,-0.67 0.213,-0.651 0.213,-0.629C0.213,-0.608 0.206,-0.589 0.191,-0.574C0.175,-0.558 0.156,-0.55 0.133,-0.55C0.11,-0.55 0.091,-0.558 0.076,-0.574C0.061,-0.589 0.054,-0.608 0.054,-0.629Z" style="fill:none;fill-rule:nonzero;"/>
</g>
<g transform="matrix(53.6594,0,0,53.6594,2424,819.165)">
<path d="M0.405,-0.152C0.405,-0.126 0.4,-0.103 0.389,-0.083C0.378,-0.062 0.364,-0.045 0.345,-0.032C0.326,-0.018 0.304,-0.008 0.279,-0.001C0.254,0.007 0.226,0.01 0.196,0.01C0.171,0.01 0.143,0.007 0.114,0.002C0.084,-0.004 0.058,-0.012 0.036,-0.021L0.056,-0.118C0.077,-0.109 0.099,-0.102 0.122,-0.098C0.145,-0.092 0.168,-0.09 0.191,-0.09C0.214,-0.09 0.233,-0.093 0.248,-0.1C0.263,-0.107 0.27,-0.119 0.27,-0.136C0.27,-0.151 0.263,-0.163 0.248,-0.17C0.233,-0.177 0.214,-0.185 0.19,-0.195C0.171,-0.203 0.152,-0.211 0.134,-0.22C0.116,-0.228 0.1,-0.238 0.087,-0.25C0.073,-0.261 0.062,-0.275 0.054,-0.291C0.045,-0.306 0.041,-0.326 0.041,-0.349C0.041,-0.374 0.046,-0.396 0.056,-0.415C0.065,-0.434 0.079,-0.449 0.096,-0.461C0.113,-0.473 0.132,-0.482 0.156,-0.488C0.179,-0.494 0.203,-0.497 0.23,-0.497C0.258,-0.497 0.285,-0.495 0.311,-0.49C0.336,-0.485 0.361,-0.476 0.385,-0.463L0.364,-0.366C0.345,-0.375 0.325,-0.382 0.304,-0.388C0.283,-0.393 0.261,-0.396 0.24,-0.396C0.221,-0.396 0.205,-0.394 0.194,-0.39C0.182,-0.385 0.176,-0.376 0.176,-0.362C0.176,-0.349 0.183,-0.339 0.197,-0.332C0.211,-0.325 0.228,-0.318 0.247,-0.309C0.261,-0.303 0.277,-0.296 0.296,-0.289C0.314,-0.281 0.331,-0.271 0.347,-0.259C0.363,-0.247 0.377,-0.233 0.388,-0.216C0.399,-0.199 0.405,-0.177 0.405,-0.152Z" style="fill:rgb(1,98,153);fill-rule:nonzero;"/>
</g>
<g transform="matrix(53.6594,0,0,53.6594,2447.23,819.165)">
<path d="M0.065,0L0.065,-0.487L0.202,-0.487L0.202,0L0.065,0ZM0.054,-0.629C0.054,-0.651 0.061,-0.67 0.076,-0.685C0.091,-0.7 0.11,-0.708 0.133,-0.708C0.156,-0.708 0.175,-0.7 0.191,-0.685C0.206,-0.67 0.213,-0.651 0.213,-0.629C0.213,-0.608 0.206,-0.589 0.191,-0.574C0.175,-0.558 0.156,-0.55 0.133,-0.55C0.11,-0.55 0.091,-0.558 0.076,-0.574C0.061,-0.589 0.054,-0.608 0.054,-0.629Z" style="fill:none;fill-rule:nonzero;"/>
</g>
<g transform="matrix(53.6594,0,0,53.6594,2461.56,819.165)">
<path d="M0.065,0L0.065,-0.487L0.197,-0.487L0.197,-0.421C0.213,-0.447 0.233,-0.466 0.258,-0.479C0.283,-0.491 0.31,-0.497 0.339,-0.497C0.37,-0.497 0.397,-0.49 0.42,-0.477C0.442,-0.464 0.46,-0.446 0.474,-0.424C0.488,-0.401 0.498,-0.375 0.505,-0.346C0.512,-0.316 0.515,-0.285 0.515,-0.253L0.515,0L0.378,0L0.378,-0.254C0.378,-0.298 0.371,-0.331 0.358,-0.354C0.344,-0.377 0.321,-0.388 0.29,-0.388C0.27,-0.388 0.253,-0.383 0.238,-0.374C0.223,-0.365 0.211,-0.354 0.202,-0.341L0.202,0L0.065,0Z" style="fill:rgb(1,98,153);fill-rule:nonzero;"/>
</g>
<g transform="matrix(53.6594,0,0,53.6594,2492.14,819.165)">
<path d="M0.099,0L0.099,-0.38L0.02,-0.38L0.02,-0.487L0.099,-0.487L0.099,-0.504C0.099,-0.577 0.117,-0.63 0.154,-0.665C0.19,-0.699 0.238,-0.716 0.299,-0.716C0.314,-0.716 0.33,-0.715 0.345,-0.714C0.36,-0.712 0.374,-0.708 0.388,-0.703L0.38,-0.6C0.372,-0.603 0.363,-0.604 0.354,-0.606C0.344,-0.607 0.334,-0.607 0.325,-0.607C0.294,-0.607 0.272,-0.6 0.257,-0.585C0.242,-0.57 0.235,-0.545 0.235,-0.51L0.235,-0.487L0.354,-0.487L0.354,-0.38L0.235,-0.38L0.235,0L0.099,0Z" style="fill:rgb(1,98,153);fill-rule:nonzero;"/>
</g>
<g transform="matrix(53.6594,0,0,53.6594,2511.09,819.165)">
<path d="M0.535,-0.243C0.535,-0.208 0.53,-0.175 0.519,-0.144C0.507,-0.113 0.491,-0.087 0.47,-0.064C0.449,-0.041 0.423,-0.023 0.392,-0.01C0.361,0.004 0.325,0.01 0.284,0.01C0.243,0.01 0.208,0.004 0.177,-0.01C0.146,-0.023 0.119,-0.041 0.098,-0.064C0.077,-0.087 0.061,-0.113 0.05,-0.144C0.039,-0.175 0.033,-0.208 0.033,-0.243C0.033,-0.278 0.039,-0.311 0.05,-0.342C0.061,-0.373 0.077,-0.4 0.098,-0.423C0.119,-0.446 0.146,-0.464 0.177,-0.477C0.208,-0.49 0.243,-0.497 0.284,-0.497C0.325,-0.497 0.361,-0.49 0.392,-0.477C0.423,-0.464 0.449,-0.446 0.47,-0.423C0.491,-0.4 0.507,-0.373 0.519,-0.342C0.53,-0.311 0.535,-0.278 0.535,-0.243ZM0.398,-0.243C0.398,-0.263 0.396,-0.282 0.392,-0.301C0.388,-0.319 0.382,-0.335 0.373,-0.349C0.364,-0.363 0.352,-0.374 0.337,-0.383C0.322,-0.391 0.305,-0.395 0.284,-0.395C0.263,-0.395 0.245,-0.391 0.231,-0.383C0.216,-0.374 0.204,-0.363 0.196,-0.349C0.187,-0.335 0.18,-0.319 0.176,-0.301C0.172,-0.282 0.17,-0.263 0.17,-0.243C0.17,-0.223 0.172,-0.204 0.176,-0.186C0.18,-0.168 0.187,-0.152 0.196,-0.138C0.204,-0.124 0.216,-0.113 0.231,-0.105C0.245,-0.096 0.263,-0.092 0.284,-0.092C0.305,-0.092 0.322,-0.096 0.337,-0.105C0.352,-0.113 0.364,-0.124 0.373,-0.138C0.382,-0.152 0.388,-0.168 0.392,-0.186C0.396,-0.204 0.398,-0.223 0.398,-0.243Z" style="fill:rgb(1,98,153);fill-rule:nonzero;"/>
</g>
<g transform="matrix(53.6594,0,0,53.6594,2541.56,819.165)">
<path d="M0.405,-0.152C0.405,-0.126 0.4,-0.103 0.389,-0.083C0.378,-0.062 0.364,-0.045 0.345,-0.032C0.326,-0.018 0.304,-0.008 0.279,-0.001C0.254,0.007 0.226,0.01 0.196,0.01C0.171,0.01 0.143,0.007 0.114,0.002C0.084,-0.004 0.058,-0.012 0.036,-0.021L0.056,-0.118C0.077,-0.109 0.099,-0.102 0.122,-0.098C0.145,-0.092 0.168,-0.09 0.191,-0.09C0.214,-0.09 0.233,-0.093 0.248,-0.1C0.263,-0.107 0.27,-0.119 0.27,-0.136C0.27,-0.151 0.263,-0.163 0.248,-0.17C0.233,-0.177 0.214,-0.185 0.19,-0.195C0.171,-0.203 0.152,-0.211 0.134,-0.22C0.116,-0.228 0.1,-0.238 0.087,-0.25C0.073,-0.261 0.062,-0.275 0.054,-0.291C0.045,-0.306 0.041,-0.326 0.041,-0.349C0.041,-0.374 0.046,-0.396 0.056,-0.415C0.065,-0.434 0.079,-0.449 0.096,-0.461C0.113,-0.473 0.132,-0.482 0.156,-0.488C0.179,-0.494 0.203,-0.497 0.23,-0.497C0.258,-0.497 0.285,-0.495 0.311,-0.49C0.336,-0.485 0.361,-0.476 0.385,-0.463L0.364,-0.366C0.345,-0.375 0.325,-0.382 0.304,-0.388C0.283,-0.393 0.261,-0.396 0.24,-0.396C0.221,-0.396 0.205,-0.394 0.194,-0.39C0.182,-0.385 0.176,-0.376 0.176,-0.362C0.176,-0.349 0.183,-0.339 0.197,-0.332C0.211,-0.325 0.228,-0.318 0.247,-0.309C0.261,-0.303 0.277,-0.296 0.296,-0.289C0.314,-0.281 0.331,-0.271 0.347,-0.259C0.363,-0.247 0.377,-0.233 0.388,-0.216C0.399,-0.199 0.405,-0.177 0.405,-0.152Z" style="fill:rgb(1,98,153);fill-rule:nonzero;"/>
</g>
<g transform="matrix(53.6594,0,0,53.6594,2564.8,819.165)">
<path d="M0.273,-0.497C0.305,-0.497 0.333,-0.492 0.359,-0.482C0.384,-0.472 0.404,-0.458 0.421,-0.44C0.438,-0.421 0.45,-0.399 0.459,-0.374C0.468,-0.348 0.472,-0.319 0.472,-0.287C0.472,-0.274 0.471,-0.26 0.47,-0.247C0.468,-0.233 0.465,-0.22 0.462,-0.209L0.173,-0.209C0.174,-0.173 0.185,-0.144 0.206,-0.123C0.227,-0.102 0.26,-0.091 0.305,-0.091C0.331,-0.091 0.356,-0.093 0.381,-0.099C0.406,-0.103 0.428,-0.111 0.447,-0.12L0.464,-0.027C0.44,-0.015 0.413,-0.006 0.382,0.001C0.351,0.007 0.32,0.01 0.287,0.01C0.246,0.01 0.21,0.004 0.179,-0.008C0.148,-0.02 0.121,-0.037 0.1,-0.059C0.078,-0.081 0.061,-0.108 0.05,-0.139C0.039,-0.169 0.033,-0.204 0.033,-0.241C0.033,-0.279 0.039,-0.314 0.05,-0.346C0.061,-0.377 0.076,-0.404 0.097,-0.427C0.118,-0.449 0.143,-0.466 0.173,-0.479C0.202,-0.491 0.236,-0.497 0.273,-0.497ZM0.265,-0.405C0.237,-0.405 0.216,-0.395 0.201,-0.376C0.186,-0.356 0.177,-0.331 0.174,-0.301L0.341,-0.301C0.344,-0.332 0.34,-0.358 0.327,-0.377C0.314,-0.396 0.294,-0.405 0.265,-0.405Z" style="fill:rgb(1,98,153);fill-rule:nonzero;"/>
</g>
<g transform="matrix(53.6594,0,0,53.6594,2592,819.165)">
<path d="M0.288,-0.497C0.312,-0.497 0.337,-0.495 0.363,-0.49C0.388,-0.485 0.41,-0.477 0.427,-0.468L0.412,-0.37C0.381,-0.384 0.346,-0.391 0.308,-0.391C0.26,-0.391 0.225,-0.378 0.202,-0.352C0.179,-0.325 0.168,-0.289 0.168,-0.244C0.168,-0.199 0.179,-0.163 0.202,-0.136C0.225,-0.109 0.26,-0.096 0.308,-0.096C0.346,-0.096 0.381,-0.103 0.412,-0.117L0.427,-0.019C0.41,-0.01 0.388,-0.003 0.363,0.003C0.337,0.008 0.312,0.01 0.288,0.01C0.246,0.01 0.209,0.004 0.177,-0.01C0.145,-0.023 0.118,-0.04 0.097,-0.063C0.075,-0.086 0.058,-0.113 0.048,-0.144C0.037,-0.175 0.031,-0.208 0.031,-0.244C0.031,-0.28 0.037,-0.314 0.048,-0.345C0.058,-0.376 0.075,-0.402 0.097,-0.425C0.118,-0.447 0.145,-0.464 0.177,-0.478C0.209,-0.491 0.246,-0.497 0.288,-0.497Z" style="fill:rgb(1,98,153);fill-rule:nonzero;"/>
</g>
</g>
<g transform="matrix(1,0,0,1,2203.46,2227.98)">
<g transform="matrix(266.667,0,0,266.667,0,0)">
<path d="M0.236,-0.03L0.236,0.177L0.092,0.177L0.092,-0.03L0.124,-0.279L0.204,-0.279L0.236,-0.03ZM0.085,-0.417C0.085,-0.438 0.092,-0.457 0.106,-0.473C0.119,-0.489 0.139,-0.497 0.164,-0.497C0.189,-0.497 0.209,-0.489 0.223,-0.473C0.236,-0.457 0.243,-0.438 0.243,-0.417C0.243,-0.396 0.236,-0.377 0.223,-0.362C0.209,-0.346 0.189,-0.338 0.164,-0.338C0.139,-0.338 0.119,-0.346 0.106,-0.362C0.092,-0.377 0.085,-0.396 0.085,-0.417Z" style="fill:rgb(1,98,153);fill-rule:nonzero;"/>
</g>
</g>
<g transform="matrix(1,0,0,1,2016.72,2227.98)">
<g transform="matrix(266.667,0,0,266.667,0,0)">
<path d="M0.236,-0.03L0.236,0.177L0.092,0.177L0.092,-0.03L0.124,-0.279L0.204,-0.279L0.236,-0.03ZM0.085,-0.417C0.085,-0.438 0.092,-0.457 0.106,-0.473C0.119,-0.489 0.139,-0.497 0.164,-0.497C0.189,-0.497 0.209,-0.489 0.223,-0.473C0.236,-0.457 0.243,-0.438 0.243,-0.417C0.243,-0.396 0.236,-0.377 0.223,-0.362C0.209,-0.346 0.189,-0.338 0.164,-0.338C0.139,-0.338 0.119,-0.346 0.106,-0.362C0.092,-0.377 0.085,-0.396 0.085,-0.417Z" style="fill:rgb(1,98,153);fill-rule:nonzero;"/>
</g>
</g>
</g>
<g transform="matrix(4.82121,0,0,4.82121,-11399.7,-3658.62)">
<g transform="matrix(90.5502,0,0,90.5502,2362.77,819.165)">
<path d="M0.677,0L0.532,0L0.485,-0.14L0.211,-0.14L0.164,0L0.019,0L0.272,-0.666L0.424,-0.666L0.677,0ZM0.348,-0.554L0.248,-0.251L0.448,-0.251L0.348,-0.554Z" style="fill:rgb(198,65,40);fill-rule:nonzero;"/>
</g>
<g transform="matrix(90.5502,0,0,90.5502,2425.79,819.165)">
<path d="M0.631,-0.666L0.757,-0.666L0.806,0L0.669,0L0.646,-0.414L0.499,-0.112L0.355,-0.112L0.208,-0.414L0.185,0L0.048,0L0.097,-0.666L0.223,-0.666L0.427,-0.236L0.631,-0.666Z" style="fill:rgb(198,65,40);fill-rule:nonzero;"/>
</g>
<g transform="matrix(90.5502,0,0,90.5502,2503.12,819.165)">
<path d="M0.204,-0.21L0.124,-0.21L0.092,-0.459L0.092,-0.666L0.236,-0.666L0.236,-0.459L0.204,-0.21ZM0.085,-0.072C0.085,-0.093 0.092,-0.112 0.106,-0.128C0.119,-0.143 0.139,-0.151 0.164,-0.151C0.189,-0.151 0.209,-0.143 0.223,-0.128C0.236,-0.112 0.243,-0.093 0.243,-0.072C0.243,-0.051 0.236,-0.032 0.223,-0.016C0.209,0 0.189,0.008 0.164,0.008C0.139,0.008 0.119,0 0.106,-0.016C0.092,-0.032 0.085,-0.051 0.085,-0.072Z" style="fill:rgb(198,65,40);fill-rule:nonzero;"/>
</g>
<g transform="matrix(90.5502,0,0,90.5502,2532.82,819.165)">
<path d="M0.527,-0.666L0.527,-0.554L0.343,-0.554L0.343,0L0.203,0L0.203,-0.554L0.019,-0.554L0.019,-0.666L0.527,-0.666Z" style="fill:rgb(198,65,40);fill-rule:nonzero;"/>
</g>
<g transform="matrix(90.5502,0,0,90.5502,2582.27,819.165)">
<path d="M0.527,-0.666L0.527,-0.554L0.343,-0.554L0.343,0L0.203,0L0.203,-0.554L0.019,-0.554L0.019,-0.666L0.527,-0.666Z" style="fill:rgb(198,65,40);fill-rule:nonzero;"/>
</g>
</g>
</svg>
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 13 KiB

Двоичные данные
AMITT_HISTORY/2019-03-06_misinfosec_sent_for_publication.pdf Обычный файл
Просмотреть файл

Двоичный файл не отображается.

Двоичные данные
AMITT_HISTORY/2019-08-27_MisinfosecWG-2019-1.pdf Обычный файл
Просмотреть файл

Двоичный файл не отображается.

Двоичные данные
AMITT_HISTORY/AMITT_v1.0.png Обычный файл
Просмотреть файл

Двоичный файл не отображается.
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 908 KiB

Двоичные данные
AMITT_HISTORY/AMITT_v2.0draft.xlsx Обычный файл
Просмотреть файл

Двоичный файл не отображается.

Двоичные данные
AMITT_MASTER_DATA/CountersPlaybook_MASTER.xlsx Обычный файл
Просмотреть файл

Двоичный файл не отображается.

Двоичные данные
AMITT_MASTER_DATA/amitt_metadata_v3.xlsx Обычный файл
Просмотреть файл

Двоичный файл не отображается.

Двоичные данные
HTML_GENERATING_CODE/.DS_Store поставляемый Обычный файл
Просмотреть файл

Двоичный файл не отображается.

1860
HTML_GENERATING_CODE/AMITT_create_counters_summaries.ipynb Обычный файл
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

135
HTML_GENERATING_CODE/AMITT_create_incident_visualisations.ipynb Обычный файл
Просмотреть файл

Различия файлов скрыты, потому что одна или несколько строк слишком длинны

383
HTML_GENERATING_CODE/amitt.py Обычный файл
Просмотреть файл

@ -0,0 +1,383 @@
''' Manage AMITT metadata
Create a page for each of the AMITT objects, if it doesn't already exist.
If it does exist, update the metadata on it, and preserve any hand-
created notes below the metadata area in it.
* todo: add all framework comments to the repo issues list
'''
import pandas as pd
import numpy as np
import os
class Amitt:
def __init__(self, infile = 'amitt_metadata_v3.xlsx'):
# Load metadata from file
metadata = {}
xlsx = pd.ExcelFile(infile)
for sheetname in xlsx.sheet_names:
metadata[sheetname] = xlsx.parse(sheetname)
# Create individual tables and dictionaries
self.phases = metadata['phases']
self.techniques = metadata['techniques']
self.tasks = metadata['tasks']
self.incidents = metadata['incidents']
self.it = self.create_incident_technique_crosstable(metadata['incidenttechniques'])
tactechs = self.techniques.groupby('tactic')['id'].apply(list).reset_index().rename({'id':'techniques'}, axis=1)
self.tactics = metadata['tactics'].merge(tactechs, left_on='id', right_on='tactic', how='left').fillna('').drop('tactic', axis=1)
self.phasedict = self.make_object_dict(self.phases)
self.tacdict = self.make_object_dict(self.tactics)
self.techdict = self.make_object_dict(self.techniques)
self.ngridrows = max(tactechs['techniques'].apply(len)) +2
self.ngridcols = len(self.tactics)
self.grid = self.create_display_grid()
def create_incident_technique_crosstable(self, it_metadata):
# Generate full cross-table between incidents and techniques
it = it_metadata
it.index=it['id']
it = it['techniques'].str.split(',').apply(lambda x: pd.Series(x)).stack().reset_index(level=1, drop=True).to_frame('technique').reset_index().merge(it.drop('id', axis=1).reset_index()).drop('techniques', axis=1)
it = it.merge(self.incidents[['id','name']],
left_on='incident', right_on='id',
suffixes=['','_incident']).drop('incident', axis=1)
it = it.merge(self.techniques[['id','name']],
left_on='technique', right_on='id',
suffixes=['','_technique']).drop('technique', axis=1)
return(it)
def make_object_dict(self, df):
return(pd.Series(df.name.values,index=df.id).to_dict())
def create_display_grid(self, tofile=True):
# Create the master grid that we make all the framework visuals from
# cols = number of tactics
# rows = max number of techniques per tactic + 2
arr = [['' for i in range(self.ngridcols)] for j in range(self.ngridrows)]
for index, tactic in self.tactics.iterrows():
arr[0][index] = tactic['phase']
arr[1][index] = tactic['id']
if tactic['techniques'] == '':
continue
for index2, technique in enumerate(tactic['techniques']):
arr[index2+2][index] = technique
#Save grid to file
if tofile:
matrixdir = '../matrices'
if not os.path.exists(matrixdir):
os.makedirs(matrixdir)
pd.DataFrame(arr).to_csv(matrixdir + '/matrix_arr.csv', index=False, header=False)
return(arr)
def create_incidentstring(self, techniqueid):
incidentstr = '''
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
'''
incirow = '| [{0} {1}](../incidents/{0}.md) | {2} |\n'
its = self.it[self.it['id_technique']==techniqueid]
for index, row in its[['id_incident', 'name_incident']].drop_duplicates().sort_values('id_incident').iterrows():
techstring = ', '.join(its[its['id_incident']==row['id_incident']]['name'].to_list())
incidentstr += incirow.format(row['id_incident'], row['name_incident'], techstring)
return incidentstr
def create_techstring(self, incidentid):
techstr = '''
| Technique | Description given for this incident |
| --------- | ------------------------- |
'''
techrow = '| [{0} {1}](../techniques/{0}.md) | {2} {3} |\n'
techlist = self.it[self.it['id_incident'] == incidentid]
for index, row in techlist.sort_values('id_technique').iterrows():
techstr += techrow.format(row['id_technique'], row['name_technique'],
row['id'], row['name'])
return techstr
def create_taskstring(self, tacticid):
taskstr = '''
| Task |
| ---- |
'''
tasklist = self.tasks[self.tasks['tactic']==tacticid]
taskrow = '| [{0} {1}](../tasks/{0}.md) |\n'
for index, row in tasklist.sort_values('id').iterrows():
taskstr += taskrow.format(row['id'], row['name'])
return taskstr
def create_techtacstring(self, tacticid):
techstr = '''
| Technique |
| --------- |
'''
techlist = self.techniques[self.techniques['tactic']==tacticid]
techrow = '| [{0} {1}](../techniques/{0}.md) |\n'
for index, row in techlist.sort_values('id').iterrows():
techstr += techrow.format(row['id'], row['name'])
return techstr
def generate_datasheets(self):
# Generate datafiles
warntext = 'DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW'
warnlen = len(warntext)
metadata = {
'phase': self.phases,
'tactic': self.tactics,
'technique': self.techniques,
'task': self.tasks,
'incident': self.incidents
}
for entity, df in metadata.items():
entities = entity + 's'
entitydir = '../{}'.format(entities)
if not os.path.exists(entitydir):
os.makedirs(entitydir)
template = open('template_{}.md'.format(entity)).read()
for index, row in df[df['name'].notnull()].iterrows():
# First read in the file - if it exists - and grab everything
# below the "do not write about this line". Will write this
# out below new metadata.
datafile = '../{}/{}.md'.format(entities, row['id'])
oldmetatext = ''
if os.path.exists(datafile):
with open(datafile) as f:
filetext = f.read()
warnpos = filetext.find(warntext)
if warnpos == -1:
print('no warning text found in {}: adding to file'.format(datafile))
usertext = filetext
else:
oldmetatext = filetext[:warnpos+warnlen]
usertext = filetext[warnpos+warnlen:]
else:
usertext = ''
# Now populate datafiles with new metadata plus old userdata
if entity == 'phase':
metatext = template.format(id=row['id'], name=row['name'], summary=row['summary'])
if entity == 'tactic':
metatext = template.format(id=row['id'], name=row['name'],
phase=row['phase'], summary=row['summary'],
tasks=self.create_taskstring(row['id']),
techniques=self.create_techtacstring(row['id']))
if entity == 'task':
metatext = template.format(id=row['id'], name=row['name'],
tactic=row['tactic'], summary=row['summary'])
if entity == 'technique':
metatext = template.format(id=row['id'], name=row['name'],
tactic=row['tactic'], summary=row['summary'],
incidents=self.create_incidentstring(row['id']))
if entity == 'incident':
metatext = template.format(id=row['id'], name=row['name'],
type=row['type'], summary=row['summary'],
yearstarted=row['Year Started'],
fromcountry=row['From country'],
tocountry=row['To country'],
foundvia=row['Found via'],
dateadded=row['When added'],
techniques=self.create_techstring(row['id']))
# Make sure the user data goes in
if (metatext + warntext) != oldmetatext:
print('Updating {}'.format(datafile))
with open(datafile, 'w') as f:
f.write(metatext)
f.write(warntext)
f.write(usertext)
f.close()
return
def write_grid_markdown(self, outfile = '../matrix.md'):
# Write HTML version of framework diagram to markdown file
# Needs phasedict, tacdict, techdict, grid
html = '''# AMITT Latest Framework:
<table border="1">
<tr>
'''
for col in range(self.ngridcols):
html += '<td><a href="phases/{0}.md">{0} {1}</a></td>\n'.format(
self.grid[0][col], self.phasedict[self.grid[0][col]])
html += '</tr>\n'
html += '<tr style="background-color:blue;color:white;">\n'
for col in range(self.ngridcols):
html += '<td><a href="tactics/{0}.md">{0} {1}</a></td>\n'.format(
self.grid[1][col], self.tacdict[self.grid[1][col]])
html += '</tr>\n<tr>\n'
for row in range(2,self.ngridrows):
for col in range(self.ngridcols):
if self.grid[row][col] == '':
html += '<td> </td>\n'
else:
html += '<td><a href="techniques/{0}.md">{0} {1}</a></td>\n'.format(
self.grid[row][col], self.techdict[self.grid[row][col]])
html += '</tr>\n<tr>\n'
html += '</tr>\n</table>\n'
with open(outfile, 'w') as f:
f.write(html)
print('updated {}'.format(outfile))
return
def write_incidentlist_markdown(self, outfile='../incidents.md'):
# Write HTML version of incident list to markdown file
html = '''# AMITT Incidents:
<table border="1">
<tr>
'''
cols = ['name', 'type', 'Year Started', 'From country', 'To country',
'Found via']
html += '<th>{}</th>\n'.format('id')
for col in cols:
html += '<th>{}</th>\n'.format(col)
html += '</tr>\n'
for index, row in self.incidents[self.incidents['name'].notnull()].iterrows():
html += '<tr>\n'
html += '<td><a href="incidents/{0}.md">{0}</a></td>\n'.format(row['id'])
for col in cols:
html += '<td>{}</td>\n'.format(row[col])
html += '</tr>\n'
html += '</table>\n'
with open(outfile, 'w') as f:
f.write(html)
print('updated {}'.format(outfile))
return
def write_grid_message_generator(self, outfile='../matrix_to_message.html'):
# Write clickable html version of the matrix grid to html file
html = '''<!DOCTYPE html>
<html>
<head>
<title>AMITT</title>
</head>
<body>
<script>
function handleTechniqueClick(box) {
var technique = document.getElementById(box);
var checkBox = document.getElementById(box+"check");
var text = document.getElementById(box+"text");
if (checkBox.checked == true){
text.style.display = "block";
technique.bgColor = "Lime"
} else {
text.style.display = "none";
technique.bgColor = "Silver"
}
}
</script>
<h1>AMITT</h1>
<table border=1 bgcolor=silver>
'''
html += '<tr bgcolor=fuchsia>\n'
for col in range(self.ngridcols):
html += '<td>{0} {1}</td>\n'.format(self.grid[0][col], self.phasedict[self.grid[0][col]])
html += '</tr>\n'
html += '<tr bgcolor=aqua>\n'
for col in range(self.ngridcols):
html += '<td>{0} {1}</td>\n'.format(self.grid[1][col], self.tacdict[self.grid[1][col]])
html += '</tr>\n'
liststr = ''
html += '<tr>\n'
for row in range(2,self.ngridrows):
for col in range(self.ngridcols):
techid = self.grid[row][col]
if techid == '':
html += '<td bgcolor=white> </td>\n'
else:
html += '<td id="{0}">{0} {1}<input type="checkbox" id="{0}check" onclick="handleTechniqueClick(\'{0}\')"></td>\n'.format(
techid, self.techdict[techid])
liststr += '<li id="{0}text" style="display:none">{0}: {1}</li>\n'.format(
techid, self.techdict[techid])
html += '</tr>\n<tr>\n'
html += '</tr>\n</table>\n<hr>\n'
html += '<ul>\n{}</ul>\n'.format(liststr)
html += '''
</body>
</html>
'''
with open(outfile, 'w') as f:
f.write(html)
print('updated {}'.format(outfile))
return
def print_technique_incidents(self):
for id_technique in self.techniques['id'].to_list():
print('{}\n{}'.format(id_technique,
self.create_incidentstring(id_technique)))
return
def print_incident_techniques(self):
for id_incident in self.incidents['id'].to_list():
print('{}\n{}'.format(id_incident,
self.create_techstring(id_incident)))
return
def generate_datafiles(self):
self.generate_datasheets()
self.write_grid_markdown()
self.write_incidentlist_markdown()
self.write_grid_message_generator()
return
def main():
amitt = Amitt()
amitt.generate_datafiles()
if __name__ == "__main__":
main()

214
HTML_GENERATING_CODE/counter.py Обычный файл
Просмотреть файл

@ -0,0 +1,214 @@
''' Manage AMITT counters
Create a page for each of the AMITT counter objects.
Don't worry about creating notes etc for these - they'll be in the generating spreadsheet
'''
import pandas as pd
import numpy as np
import os
from sklearn.feature_extraction.text import CountVectorizer
class Counter:
def __init__(self, infile = 'CountersPlaybook_MASTER.xlsx'):
# Load metadata from counters excelfile
# FIXIT: Ungodly hack = please fix
xlsx = pd.ExcelFile(infile)
allamitts = xlsx.parse(['AMITT_objects'])
dfa = allamitts['AMITT_objects']
self.dftactics = dfa[3:15].copy()
self.dfresponses = dfa[18:25].copy()
self.dfactors = dfa[28:36].copy()
self.dftechniques = dfa[39:100].copy()
# Get counters data
self.dfcounters = pd.read_excel(infile, sheet_name='Countermeasures')
# Create cross-tables
crossidtechs = self.splitcol(self.dfcounters[['ID', 'Techniques']],
'Techniques', 'Techs', '\n')
crossidtechs = crossidtechs[crossidtechs['Techs'].notnull()]
crossidtechs['TID'] = crossidtechs['Techs'].str.split(' ').str[0]
crossidtechs.drop('Techs', axis=1, inplace=True)
self.idtechnique = crossidtechs
crossidres = self.splitcol(self.dfcounters[['ID', 'Resources needed']],
'Resources needed', 'Res', ',')
crossidres = crossidres[crossidres['Res'].notnull()]
self.idresource = crossidres
def analyse_counter_text(self, col='Title'):
# Analyse text in counter descriptions
alltext = (' ').join(self.dfcounters[col].to_list()).lower()
count_vect = CountVectorizer(stop_words='english')
word_counts = count_vect.fit_transform([alltext])
dfw = pd.DataFrame(word_counts.A, columns=count_vect.get_feature_names()).transpose()
dfw.columns = ['count']
dfw = dfw.sort_values(by='count', ascending=False)
return(dfw)
def splitcol(self, df, col, newcol, divider=','):
# Thanks https://stackoverflow.com/questions/17116814/pandas-how-do-i-split-text-in-a-column-into-multiple-rows?noredirect=1
return (df.join(df[col]
.str.split(divider, expand=True).stack()
.reset_index(drop=True,level=1)
.rename(newcol)).drop(col, axis=1))
# Print list of counters for each square of the COA matrix
# Write HTML version of framework diagram to markdown file
def write_tactics_markdown(self, outfile = '../tactic_counts.md'):
coacounts = pd.pivot_table(self.dfcounters[['Tactic', 'Response',
'ID']], index='Response', columns='Tactic', aggfunc=len, fill_value=0)
html = '''# AMITT Courses of Action matrix:
<table border="1">
<tr>
<td> </td>
'''
#Table heading = Tactic names
for col in coacounts.columns.get_level_values(1):
tid = self.create_tactic_file(col)
html += '<td><a href="tactics/{0}counters.md">{1}</a></td>\n'.format(
tid, col)
html += '</tr><tr>\n'
# number of counters per response type
for response, counts in coacounts.iterrows():
html += '<td>{}</td>\n'.format(response)
for val in counts.values:
html += '<td>{}</td>\n'.format(val)
html += '</tr>\n<tr>\n'
# Total per tactic
html += '<td>TOTALS</td>\n'
for val in coacounts.sum().values:
html += '<td>{}</td>\n'.format(val)
html += '</tr>\n</table>\n'
with open(outfile, 'w') as f:
f.write(html)
print('updated {}'.format(outfile))
return
def create_tactic_file(self, tname):
if not os.path.exists('../tactics'):
os.makedirs('../tactics')
tid = tname[:tname.find(' ')]
html = '''# Tactic {} counters\n\n'''.format(tname)
html += '## by action\n\n'
for resp, counters in self.dfcounters[self.dfcounters['Tactic'] == tname].groupby('Response'):
html += '\n### {}\n'.format(resp)
for c in counters.iterrows():
html += '* {}: {} (needs {})\n'.format(c[1]['ID'], c[1]['Title'],
c[1]['Resources needed'])
html += '\n## by technique\n\n'
tactecs = self.dftechniques[self.dftechniques['super'] == tid]['Id'].to_list()
for tech in [tid] + tactecs:
if tech == tid:
html += '\n### {}\n'.format(tech)
else:
techname = self.dftechniques[self.dftechniques['Id']==tech]['key']
html += '\n### {}\n'.format(techname)
taccounts = self.idtechnique[self.idtechnique['TID'] == tech]
# html += '\n{}\n'.format(taccounts)
for c in self.dfcounters[self.dfcounters['ID'].isin(taccounts['ID'])].iterrows():
html += '* {}: {} (needs {})\n'.format(c[1]['ID'], c[1]['Title'],
c[1]['Resources needed'])
datafile = '../tactics/{}counters.md'.format(tid)
print('Writing {}'.format(datafile))
with open(datafile, 'w') as f:
f.write(html)
f.close()
return(tid)
def create_object_file(self, index, rowtype, datadir):
oid = index
html = '''# {} counters: {}\n\n'''.format(rowtype, index)
html += '## by action\n\n'
for resp, clist in self.dfcounters[self.dfcounters[rowtype] == index].groupby('Response'):
html += '\n### {}\n'.format(resp)
for c in clist.iterrows():
html += '* {}: {} (needs {})\n'.format(c[1]['ID'], c[1]['Title'],
c[1]['Resources needed'])
datafile = '{}/{}counters.md'.format(datadir, oid)
print('Writing {}'.format(datafile))
with open(datafile, 'w') as f:
f.write(html)
f.close()
return(oid)
def write_metacounts_markdown(self, outfile = '../metatag_counts.md'):
coltype = 'Response'
rowtype = 'metatechnique'
rowname = 'metatag'
mtcounts = pd.pivot_table(self.dfcounters[[coltype, rowtype,'ID']],
index=rowtype, columns=coltype, aggfunc=len,
fill_value=0)
mtcounts['TOTALS'] = mtcounts.sum(axis=1)
html = '''# AMITT {} courses of action
<table border="1">
<tr>
<td> </td>
'''.format(rowtype)
# Table heading row
for col in mtcounts.columns.get_level_values(1)[:-1]:
html += '<td>{}</td>\n'.format(col)
html += '<td>TOTALS</td></tr><tr>\n'
# Data rows
datadir = '../{}'.format(rowname)
if not os.path.exists(datadir):
os.makedirs(datadir)
for index, counts in mtcounts.iterrows():
tid = self.create_object_file(index, rowtype, datadir)
html += '<td><a href="{0}/{1}counters.md">{2}</a></td>\n'.format(
rowname, tid, index)
for val in counts.values:
html += '<td>{}</td>\n'.format(val)
html += '</tr>\n<tr>\n'
# Column sums
html += '<td>TOTALS</td>\n'
for val in mtcounts.sum().values:
html += '<td>{}</td>\n'.format(val)
html += '</tr>\n</table>\n'
with open(outfile, 'w') as f:
f.write(html)
print('updated {}'.format(outfile))
return
def main():
counter = Counter()
counter.write_tactics_markdown()
counter.write_metacounts_markdown()
if __name__ == "__main__":
main()

20
HTML_GENERATING_CODE/template_incident.md Обычный файл
Просмотреть файл

@ -0,0 +1,20 @@
# {name}
* Type: {type}
* Name: {name}
* Id: {id}
* Summary: {summary}
* Year started: {yearstarted}
* From country / To country: {fromcountry} / {tocountry}
* Found via: {foundvia}
* Date added: {dateadded}
* Techniques used:
{techniques}

10
HTML_GENERATING_CODE/template_phase.md Обычный файл
Просмотреть файл

@ -0,0 +1,10 @@
# {name}
* Type: Phase
* Name: {name}
* Id: {id}
* Summary: {summary}

17
HTML_GENERATING_CODE/template_tactic.md Обычный файл
Просмотреть файл

@ -0,0 +1,17 @@
# {name}
* Type: Tactic
* Name: {name}
* Id: {id}
* Summary: {summary}
* Phase: {phase}
* Tasks:
{tasks}
* Techniques:
{techniques}

11
HTML_GENERATING_CODE/template_task.md Обычный файл
Просмотреть файл

@ -0,0 +1,11 @@
# {name}
* Type: Task
* Name: {name}
* Id: {id}
* Summary: {summary}
* Tactic: {tactic}

14
HTML_GENERATING_CODE/template_technique.md Обычный файл
Просмотреть файл

@ -0,0 +1,14 @@
# {name}
* Type: Technique
* Name: {name}
* Id: {id}
* Summary: {summary}
* Tactic: {tactic}
* Incidents:
{incidents}

427
LICENSE.md Обычный файл
Просмотреть файл

@ -0,0 +1,427 @@
Attribution-ShareAlike 4.0 International
=======================================================================
Creative Commons Corporation ("Creative Commons") is not a law firm and
does not provide legal services or legal advice. Distribution of
Creative Commons public licenses does not create a lawyer-client or
other relationship. Creative Commons makes its licenses and related
information available on an "as-is" basis. Creative Commons gives no
warranties regarding its licenses, any material licensed under their
terms and conditions, or any related information. Creative Commons
disclaims all liability for damages resulting from their use to the
fullest extent possible.
Using Creative Commons Public Licenses
Creative Commons public licenses provide a standard set of terms and
conditions that creators and other rights holders may use to share
original works of authorship and other material subject to copyright
and certain other rights specified in the public license below. The
following considerations are for informational purposes only, are not
exhaustive, and do not form part of our licenses.
Considerations for licensors: Our public licenses are
intended for use by those authorized to give the public
permission to use material in ways otherwise restricted by
copyright and certain other rights. Our licenses are
irrevocable. Licensors should read and understand the terms
and conditions of the license they choose before applying it.
Licensors should also secure all rights necessary before
applying our licenses so that the public can reuse the
material as expected. Licensors should clearly mark any
material not subject to the license. This includes other CC-
licensed material, or material used under an exception or
limitation to copyright. More considerations for licensors:
wiki.creativecommons.org/Considerations_for_licensors
Considerations for the public: By using one of our public
licenses, a licensor grants the public permission to use the
licensed material under specified terms and conditions. If
the licensor's permission is not necessary for any reason--for
example, because of any applicable exception or limitation to
copyright--then that use is not regulated by the license. Our
licenses grant only permissions under copyright and certain
other rights that a licensor has authority to grant. Use of
the licensed material may still be restricted for other
reasons, including because others have copyright or other
rights in the material. A licensor may make special requests,
such as asking that all changes be marked or described.
Although not required by our licenses, you are encouraged to
respect those requests where reasonable. More_considerations
for the public:
wiki.creativecommons.org/Considerations_for_licensees
=======================================================================
Creative Commons Attribution-ShareAlike 4.0 International Public
License
By exercising the Licensed Rights (defined below), You accept and agree
to be bound by the terms and conditions of this Creative Commons
Attribution-ShareAlike 4.0 International Public License ("Public
License"). To the extent this Public License may be interpreted as a
contract, You are granted the Licensed Rights in consideration of Your
acceptance of these terms and conditions, and the Licensor grants You
such rights in consideration of benefits the Licensor receives from
making the Licensed Material available under these terms and
conditions.
Section 1 -- Definitions.
a. Adapted Material means material subject to Copyright and Similar
Rights that is derived from or based upon the Licensed Material
and in which the Licensed Material is translated, altered,
arranged, transformed, or otherwise modified in a manner requiring
permission under the Copyright and Similar Rights held by the
Licensor. For purposes of this Public License, where the Licensed
Material is a musical work, performance, or sound recording,
Adapted Material is always produced where the Licensed Material is
synched in timed relation with a moving image.
b. Adapter's License means the license You apply to Your Copyright
and Similar Rights in Your contributions to Adapted Material in
accordance with the terms and conditions of this Public License.
c. BY-SA Compatible License means a license listed at
creativecommons.org/compatiblelicenses, approved by Creative
Commons as essentially the equivalent of this Public License.
d. Copyright and Similar Rights means copyright and/or similar rights
closely related to copyright including, without limitation,
performance, broadcast, sound recording, and Sui Generis Database
Rights, without regard to how the rights are labeled or
categorized. For purposes of this Public License, the rights
specified in Section 2(b)(1)-(2) are not Copyright and Similar
Rights.
e. Effective Technological Measures means those measures that, in the
absence of proper authority, may not be circumvented under laws
fulfilling obligations under Article 11 of the WIPO Copyright
Treaty adopted on December 20, 1996, and/or similar international
agreements.
f. Exceptions and Limitations means fair use, fair dealing, and/or
any other exception or limitation to Copyright and Similar Rights
that applies to Your use of the Licensed Material.
g. License Elements means the license attributes listed in the name
of a Creative Commons Public License. The License Elements of this
Public License are Attribution and ShareAlike.
h. Licensed Material means the artistic or literary work, database,
or other material to which the Licensor applied this Public
License.
i. Licensed Rights means the rights granted to You subject to the
terms and conditions of this Public License, which are limited to
all Copyright and Similar Rights that apply to Your use of the
Licensed Material and that the Licensor has authority to license.
j. Licensor means the individual(s) or entity(ies) granting rights
under this Public License.
k. Share means to provide material to the public by any means or
process that requires permission under the Licensed Rights, such
as reproduction, public display, public performance, distribution,
dissemination, communication, or importation, and to make material
available to the public including in ways that members of the
public may access the material from a place and at a time
individually chosen by them.
l. Sui Generis Database Rights means rights other than copyright
resulting from Directive 96/9/EC of the European Parliament and of
the Council of 11 March 1996 on the legal protection of databases,
as amended and/or succeeded, as well as other essentially
equivalent rights anywhere in the world.
m. You means the individual or entity exercising the Licensed Rights
under this Public License. Your has a corresponding meaning.
Section 2 -- Scope.
a. License grant.
1. Subject to the terms and conditions of this Public License,
the Licensor hereby grants You a worldwide, royalty-free,
non-sublicensable, non-exclusive, irrevocable license to
exercise the Licensed Rights in the Licensed Material to:
a. reproduce and Share the Licensed Material, in whole or
in part; and
b. produce, reproduce, and Share Adapted Material.
2. Exceptions and Limitations. For the avoidance of doubt, where
Exceptions and Limitations apply to Your use, this Public
License does not apply, and You do not need to comply with
its terms and conditions.
3. Term. The term of this Public License is specified in Section
6(a).
4. Media and formats; technical modifications allowed. The
Licensor authorizes You to exercise the Licensed Rights in
all media and formats whether now known or hereafter created,
and to make technical modifications necessary to do so. The
Licensor waives and/or agrees not to assert any right or
authority to forbid You from making technical modifications
necessary to exercise the Licensed Rights, including
technical modifications necessary to circumvent Effective
Technological Measures. For purposes of this Public License,
simply making modifications authorized by this Section 2(a)
(4) never produces Adapted Material.
5. Downstream recipients.
a. Offer from the Licensor -- Licensed Material. Every
recipient of the Licensed Material automatically
receives an offer from the Licensor to exercise the
Licensed Rights under the terms and conditions of this
Public License.
b. Additional offer from the Licensor -- Adapted Material.
Every recipient of Adapted Material from You
automatically receives an offer from the Licensor to
exercise the Licensed Rights in the Adapted Material
under the conditions of the Adapter's License You apply.
c. No downstream restrictions. You may not offer or impose
any additional or different terms or conditions on, or
apply any Effective Technological Measures to, the
Licensed Material if doing so restricts exercise of the
Licensed Rights by any recipient of the Licensed
Material.
6. No endorsement. Nothing in this Public License constitutes or
may be construed as permission to assert or imply that You
are, or that Your use of the Licensed Material is, connected
with, or sponsored, endorsed, or granted official status by,
the Licensor or others designated to receive attribution as
provided in Section 3(a)(1)(A)(i).
b. Other rights.
1. Moral rights, such as the right of integrity, are not
licensed under this Public License, nor are publicity,
privacy, and/or other similar personality rights; however, to
the extent possible, the Licensor waives and/or agrees not to
assert any such rights held by the Licensor to the limited
extent necessary to allow You to exercise the Licensed
Rights, but not otherwise.
2. Patent and trademark rights are not licensed under this
Public License.
3. To the extent possible, the Licensor waives any right to
collect royalties from You for the exercise of the Licensed
Rights, whether directly or through a collecting society
under any voluntary or waivable statutory or compulsory
licensing scheme. In all other cases the Licensor expressly
reserves any right to collect such royalties.
Section 3 -- License Conditions.
Your exercise of the Licensed Rights is expressly made subject to the
following conditions.
a. Attribution.
1. If You Share the Licensed Material (including in modified
form), You must:
a. retain the following if it is supplied by the Licensor
with the Licensed Material:
i. identification of the creator(s) of the Licensed
Material and any others designated to receive
attribution, in any reasonable manner requested by
the Licensor (including by pseudonym if
designated);
ii. a copyright notice;
iii. a notice that refers to this Public License;
iv. a notice that refers to the disclaimer of
warranties;
v. a URI or hyperlink to the Licensed Material to the
extent reasonably practicable;
b. indicate if You modified the Licensed Material and
retain an indication of any previous modifications; and
c. indicate the Licensed Material is licensed under this
Public License, and include the text of, or the URI or
hyperlink to, this Public License.
2. You may satisfy the conditions in Section 3(a)(1) in any
reasonable manner based on the medium, means, and context in
which You Share the Licensed Material. For example, it may be
reasonable to satisfy the conditions by providing a URI or
hyperlink to a resource that includes the required
information.
3. If requested by the Licensor, You must remove any of the
information required by Section 3(a)(1)(A) to the extent
reasonably practicable.
b. ShareAlike.
In addition to the conditions in Section 3(a), if You Share
Adapted Material You produce, the following conditions also apply.
1. The Adapter's License You apply must be a Creative Commons
license with the same License Elements, this version or
later, or a BY-SA Compatible License.
2. You must include the text of, or the URI or hyperlink to, the
Adapter's License You apply. You may satisfy this condition
in any reasonable manner based on the medium, means, and
context in which You Share Adapted Material.
3. You may not offer or impose any additional or different terms
or conditions on, or apply any Effective Technological
Measures to, Adapted Material that restrict exercise of the
rights granted under the Adapter's License You apply.
Section 4 -- Sui Generis Database Rights.
Where the Licensed Rights include Sui Generis Database Rights that
apply to Your use of the Licensed Material:
a. for the avoidance of doubt, Section 2(a)(1) grants You the right
to extract, reuse, reproduce, and Share all or a substantial
portion of the contents of the database;
b. if You include all or a substantial portion of the database
contents in a database in which You have Sui Generis Database
Rights, then the database in which You have Sui Generis Database
Rights (but not its individual contents) is Adapted Material,
including for purposes of Section 3(b); and
c. You must comply with the conditions in Section 3(a) if You Share
all or a substantial portion of the contents of the database.
For the avoidance of doubt, this Section 4 supplements and does not
replace Your obligations under this Public License where the Licensed
Rights include other Copyright and Similar Rights.
Section 5 -- Disclaimer of Warranties and Limitation of Liability.
a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
c. The disclaimer of warranties and limitation of liability provided
above shall be interpreted in a manner that, to the extent
possible, most closely approximates an absolute disclaimer and
waiver of all liability.
Section 6 -- Term and Termination.
a. This Public License applies for the term of the Copyright and
Similar Rights licensed here. However, if You fail to comply with
this Public License, then Your rights under this Public License
terminate automatically.
b. Where Your right to use the Licensed Material has terminated under
Section 6(a), it reinstates:
1. automatically as of the date the violation is cured, provided
it is cured within 30 days of Your discovery of the
violation; or
2. upon express reinstatement by the Licensor.
For the avoidance of doubt, this Section 6(b) does not affect any
right the Licensor may have to seek remedies for Your violations
of this Public License.
c. For the avoidance of doubt, the Licensor may also offer the
Licensed Material under separate terms or conditions or stop
distributing the Licensed Material at any time; however, doing so
will not terminate this Public License.
d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
License.
Section 7 -- Other Terms and Conditions.
a. The Licensor shall not be bound by any additional or different
terms or conditions communicated by You unless expressly agreed.
b. Any arrangements, understandings, or agreements regarding the
Licensed Material not stated herein are separate from and
independent of the terms and conditions of this Public License.
Section 8 -- Interpretation.
a. For the avoidance of doubt, this Public License does not, and
shall not be interpreted to, reduce, limit, restrict, or impose
conditions on any use of the Licensed Material that could lawfully
be made without permission under this Public License.
b. To the extent possible, if any provision of this Public License is
deemed unenforceable, it shall be automatically reformed to the
minimum extent necessary to make it enforceable. If the provision
cannot be reformed, it shall be severed from this Public License
without affecting the enforceability of the remaining terms and
conditions.
c. No term or condition of this Public License will be waived and no
failure to comply consented to unless expressly agreed to by the
Licensor.
d. Nothing in this Public License constitutes or may be interpreted
as a limitation upon, or waiver of, any privileges and immunities
that apply to the Licensor or You, including from the legal
processes of any jurisdiction or authority.
=======================================================================
Creative Commons is not a party to its public
licenses. Notwithstanding, Creative Commons may elect to apply one of
its public licenses to material it publishes and in those instances
will be considered the “Licensor.” The text of the Creative Commons
public licenses is dedicated to the public domain under the CC0 Public
Domain Dedication. Except for the limited purpose of indicating that
material is shared under a Creative Commons public license or as
otherwise permitted by the Creative Commons policies published at
creativecommons.org/policies, Creative Commons does not authorize the
use of the trademark "Creative Commons" or any other trademark or logo
of Creative Commons without its prior written consent including,
without limitation, in connection with any unauthorized modifications
to any of its public licenses or any other arrangements,
understandings, or agreements concerning use of licensed material. For
the avoidance of doubt, this paragraph does not form part of the
public licenses.
Creative Commons may be contacted at creativecommons.org.

53
README.md Обычный файл
Просмотреть файл

@ -0,0 +1,53 @@
# AMITT Disinformation Tactics, Techniques and Processes (TTP) Framework
* [Framework diagram](matrix.md)
* [List of incidents](incidents.md)
* [Counters matrix](counter_tactic_counts.md)
AMITT (Adversarial Misinformation and Influence Tactics and Techniques) is a framework designed for describing and understanding disinformation incidents. AMITT is part of work on adapting information security (infosec) practices to help track and counter misinformation, and is designed to fit existing infosec practices and tools.
AMITT's style is based on the [MITRE ATT&amp;CK framework](https://github.com/mitre-attack/attack-website/); STIX templates for AMITT objects are available in the [AMITT_CTI repo](https://github.com/cogsec-collaborative/amitt_cti] - these make it easy for AMITT data to be passed between ISAOs and similar bodies using standards like TAXI.
AMITT design documents are available in the AMITT_HISTORY folder, and in [The AMITT Design Guide](https://docs.google.com/document/d/1D1VM5l496pUjN8B5Pq6fAh9mgeeEaYTKHdAG5BEXBiA/edit#).
## RAW DATA
If you want to do your own thing with AMITT data, all the master data for it is in directory [AMITT_MASTER_DATA}(AMITT_MASTER_DATA). Look for [the TTP framework](AMITT_MASTER_DATA/amitt_metadata_v3.xlsx) and [countermeasures](AMITT_MASTER_DATA/CountersPlaybook_MASTER.xlsx) spreadsheets.
## Red Team Tactics (TTP Framework) HTML pages
The disinformation creating framework is shown in [Framework diagram](matrix.md). Its entities are:
* Tactics: stages that someone running a misinformation incident is likely to use
* Techniques: activities that might be seen at each stage
* Tasks: things that need to be done at each stage. In Pablospeak, tasks are things you do, techniques are how you do them.
* Phases: higher-level groupings of tactics, created so we could check we didn't miss anything
There's a directory for each of these entities, containing a datasheet for each individual entity (e.g. [technique T0046 Search Engine Optimization](techniques/T0046.md)). The details above "DO NOT EDIT ABOVE THIS LINE" are generated from the code and spreadsheet in folder generating_code, which you can use to update framework metadata; you can add notes below "DO NOT EDIT ABOVE THIS LINE" and they won't be removed when you do metadata updates. (Yes, this is an unholy hack, but it's one that lets us generate all the messages we need, and keep notes in the same place.)
The framework was created by finding and analysing a set of existing misinformation [incidents](incidents.md), which also have room for more notes.
## Blue Team Tactics (Countermeasures) HTML pages
What you'll see in here is a [spreadsheet](GENERATING_CODE/CountersPlaybook_MASTER.xlsx). In there are defences and mitigations for disinformation, categorised by disinformation technique, the resources needed for it etc. There's also . So far, we have:
* lists by tactic stage and technique (see https://github.com/misinfosecproject/amitt_framework for descriptions of these) in directory [tactics](tactics), with a clickable grid for this in [counter_tactic_counts.md](counter_tactic_counts.md)
* lists by a higher-level label, "metatechnique",in directory [counter_metatag](counter_metatag), with a clickable grid for this in [counter_metatag_counts.md](counter_metatag_counts.md) (To be fair this is mostly so we can group and make sure we're getting the cleaning right.)
* - lists of what each type of person can do in [counter_resource_counts.md](counter_resource_counts.md).
## Updating the HTML pages
The code to create all the HTML datasheets is in directory [HTML_GENERATING_CODE](HTML_GENERATING_CODE)
* If you change something in the metadata file, go into generating_code, and type "python amitt.py" - this will update the metadata in all the datasheets, and create a datasheet each for any new objects you've added to the spreadsheet.
* If you change anything in the countermeasures spreadsheet, typing "python counter.py" creates all html pages for countermeasures.
## Provenance
The AMITT Framework and Countermeasures were created by the Credibility Coalition's [Misinfosec working group](https://github.com/credcoalition/community-site/wiki/Working-Groups). The Framework was started in December 2018 and refined in a Credibility Coalition Misinfosec seminar; the collection of potential disinformation countermeasures was started at a Credibility Coalition Misinfosec seminar in November 2019.
AMITT is currently maintained by the [CogSecCollab](http://cogsec-collab.org/), who've used it in the CTI League's Covid19 responses, and tested it in trials with NATO, the EU, and several other countries' disinformation units.
We would like to thank everyone who's contributed to, and continues to contribute to AMITT over the years. We'd also love any and all suggestions for improvements, comments and offers of help - either reach out to us, or add to this repo's issues list.
AMITT is licensed under [CC-BY-4.0](LICENSE.md)

14
counter_metatag/cleaningcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,14 @@
# metatechnique counters: cleaning
## by action
### D2 Deny
* C00074: Identify identical content and mass deplatform (needs platform_admin,platform_admin:socialmedia)
* C00016: Social media as a privilege not right (needs nan)
### D3 Disrupt
* C00043: Detect hijacked accounts and reallocate them (needs platform_admin,activists,civil_society,money)
### D4 Degrade
* C00053: Delete old accounts / Remove unused social media accounts (needs platform_admin,platform_admin:socialmedia,public:account_owners)

31
counter_metatag/countermessagingcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,31 @@
# metatechnique counters: countermessaging
## by action
### D2 Deny
* C00075: normalise language (needs nan)
* C00157: Build alternative news sources (needs nan)
* C00167: Deploy Information and Narrative-Building in Service of Statecraft (needs nan)
### D3 Disrupt
* C00082: Ground truthing as automated response to pollution (needs nan)
* C00136: Microtarget most likely targets then send them countermessages (needs nan)
* C00169: develop a creative content hub (needs nan)
* C00211: Use humorous counter-narratives (needs nan)
* C00017: Media campaign promoting in-group to out-group in person communication / activities (needs media)
* C00042: Address truth contained in narratives (needs nan)
* C00156: Better tell the U.S., NATO, and EU story. (needs government,military)
* C00200: Respected figure (influencer) disavows misinfo (needs influencers)
### D4 Degrade
* C00026: Shore up democracy based messages (peace, freedom) - make it sexy (needs nan)
* C00025: Promote identity neutral narratives (needs nan)
* C00117: Downgrade de-amplify label promote counter to disinformation (needs nan)
* C00118: Repurpose images with new text (needs nan)
### D6 Destroy
* C00062: Free open library sources worldwide (needs nan)
### D7 Deter
* C00119: Engage payload and debunk. Provide link to facts. (needs nan)

16
counter_metatag/data pollutioncounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,16 @@
# metatechnique counters: data pollution
## by action
### D3 Disrupt
* C00137: Pollute the AB-testing data feeds (needs nan)
### D4 Degrade
* C00140: "Bomb" link shorteners with lots of calls (needs nan)
* C00145: Pollute the data voids with wholesome content (Kittens! Babyshark!) (needs nan)
* C00148: Add random links to network graphs (needs platform_algorithms)
* C00149: Poison the monitoring & evaluation data (needs nan)
### D5 Deceive
* C00047: Coordinated inauthentics (needs nan)

33
counter_metatag/daylightcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,33 @@
# metatechnique counters: daylight
## by action
### D2 Deny
* C00113: Debunk and defuse a fake expert / credentials. Attack audience quality of fake expert (needs nan)
* C00115: Expose actor and intentions (needs nan)
* C00116: Provide proof of involvement (needs nan)
* C00150: “calling them out” (needs nan)
* C00152: “name and shame” (needs nan)
* C00217: Registries alert when large batches of newsy URLs get registered together (needs platform_admin)
### D3 Disrupt
* C00018: Promote constructive communication by shaming division-enablers (needs nan)
* C00019: Promote playbooks to call out division-enablers (needs nan)
* C00068: Expose online funding as fake (needs nan)
* C00069: Mark clickbait visually (needs nan)
* C00081: Discredit by pointing out the "noise" and informing public that "flooding" is a technique of disinformation campaigns; point out intended objective of "noise" (needs nan)
* C00126: Social media amber alert (needs nan)
* C00151: “fight in the light” (needs nan)
* C00219: Add metadata to content - out of the control of the adversary (needs nan)
### D4 Degrade
* C00184: Media exposure (needs nan)
* C00085: Demuting content (needs nan)
### D6 Destroy
* C00189: Ongoing analysis/monitoring of "flagged" profiles (needs nan)
### D7 Deter
* C00048: Name and Shame (needs nan)
* C00094: Force full disclosure on corporate sponsor of research (needs nan)

14
counter_metatag/dilutioncounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,14 @@
# metatechnique counters: dilution
## by action
### D3 Disrupt
* C00031: Dilute the core narrative - create multiple permutations, target / amplify (needs nan)
* C00066: Co-opt a hashtag and drown it out (hijack it back) (needs nan)
* C00105: Buy more advertising than the adversary to shift influence and algorithms (needs money,adtech)
* C00128: Create friction by marking content with ridicule or other "decelerants" (needs influencers:trusted_authority)
* C00178: Fill information voids with non-disinformation content (needs nan)
### D4 Degrade
* C00087: Make more noise (needs nan)

29
counter_metatag/diversioncounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,29 @@
# metatechnique counters: diversion
## by action
### D2 Deny
* C00195: Redirect Method (needs nan)
* C00202: Set data 'honeytraps' (needs nan)
### D3 Disrupt
* C00029: Create fake website to issue counter narrative and counter narrative through physical merchandise (needs nan)
* C00030: Develop a compelling counter narrative (truth based) (needs nan)
* C00032: Hijack content and link to truth- based info (platform) (needs nan)
* C00078: Change Search Algorithms for Disinformation Content. More specifically, change image search algorithms for hate groups and extremists (needs nan)
* C00079: Change search algorithms for hate and extremist queries to show content sympathetic to opposite side (needs nan)
* C00080: Create competing narrative (needs nan)
* C00084: Steal their truths (needs nan)
* C00100: Hashtag jacking (needs nan)
* C00106: Click-bait centrist content (needs nan)
* C00194: Provide an alternative to Russian information by expanding and improving local content. (needs nan)
### D4 Degrade
* C00088: Poison pill recasting of message (needs nan)
* C00086: Distract from noise with addictive content (needs nan)
### D5 Deceive
* C00090: Fake engagement system (needs nan)
* C00091: Honeypot social community (needs nan)
* C00103: Create a bot that engages / distract trolls (needs developers)

36
counter_metatag/frictioncounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,36 @@
# metatechnique counters: friction
## by action
### D2 Deny
* C00006: Charge for social media (needs platform_admin:socialmedia)
* C00034: Create more friction at account creation (needs nan)
* C00035: Friction (needs nan)
* C00056: Get off social media (needs nan)
* C00097: Require use of verified identities to contribute to poll or comment (needs platform_algorithms)
* C00098: Revocation of "verified" (needs platform_admin)
* C00099: Strengthen verification methods (needs platform_algorithms)
* C00010: Enhanced privacy regulation for social media (needs government:policymakers)
* C00110: Monetize centrist SEO by subsidizing the difference in greater clicks towards extremist content (needs funding)
* C00112: "Prove they are not an op!" (needs nan)
* C00114: Don't engage with payloads (needs public)
* C00122: Content moderation. Censorship? (needs platform_admin)
* C00165: Limit access to alterable documents (needs nan)
### D3 Disrupt
* C00044: Keep people from posting to social media immediately (needs platform_algorithms)
* C00147: Make amplification of social media ports expire (e.g. can't like/ retweet after n days) (needs platform_algorithms)
* C00045: S4d detection and re-allocation approaches (needs nan)
* C00123: Bot control (needs nan)
* C00124: Don't feed the trolls (needs public,media)
* C00139: Weaponise youtube content matrices (needs nan)
* C00203: Stop offering press credentials to propaganda outlets (needs government)
### D4 Degrade
* C00089: Throttle number of forwards (needs nan)
* C00101: Create participant friction (needs platform_algorithms)
* C00102: Make repeat voting harder (needs platform_admin)
* C00141: "Hey this story is old" popup when messaging with old URL (needs platform_algorithms)
* C00142: "This has been disproved - do you want to forward it" (needs platform_algorithms)
* C00020: Deligitimise the 24 hour news cycle (needs media)

28
counter_metatag/metatechniquecounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,28 @@
# metatechnique counters: metatechnique
## by action
### ALL
* C00001: Better models of info spread up the layers (needs nan)
* C00003: How can we safeguard against extremists using the tools that we will produce? (needs nan)
* C00004: Managing like a chronic disease (needs nan)
* C00005: Policy: makers, terminology, elements: a) broad, b) specific (needs nan)
### D2 Deny
* C00012: Platform regulation (needs government:policymakers)
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
* C00174: Free and Fair Press (needs nan)
### D3 Disrupt
* C00170: elevate information as a critical domain of statecraft (needs nan)
* C00159: Campaign mindset and associated toolbox (needs nan)
* C00196: Include the role of social media in the regulatory framework for media (needs government)
* C00205: strong dialogue between the federal government and private sector to encourage better reporting (needs companies,government)
* C00214: Create policy that makes social media police disinformation (needs government:policymakers)
* C00215: Use fraud legislation to clean up social media (needs government:policymakers)
### D7 Deter
* C00120: Open dialogue about design of platforms to produce different outcomes (needs nan)
* C00161: Coalition Building and Third-Party Inducements: (needs nan)
* C00176: Improve Coordination with and feedback from the U.S. private sector (needs nan)

14
counter_metatag/reduce resourcescounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,14 @@
# metatechnique counters: reduce resources
## by action
### D2 Deny
* C00129: Use banking to cut off access (needs nan)
* C00216: Use advertiser controls to stem flow of funds to bad actors (needs platform_admin:adtech)
### D3 Disrupt
* C00138: Spam domestic actors with lawsuits (needs nan)
### D4 Degrade
* C00144: Buy out troll farm employees / offer them jobs (needs nan)

27
counter_metatag/removalcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,27 @@
# metatechnique counters: removal
## by action
### D2 Deny
* C00039: Standard reporting for false profiles (needs nan)
* C00070: Block access to platform. DDOS an attacker. (needs nan)
* C00071: Block source of pollution (needs nan)
* C00072: Content censorship in non-relevant domains e.g. Pinterest antivax (needs nan)
* C00131: Seize and analyse botnet servers (needs server_admin)
* C00154: Ask media not to report false information (needs media)
* C00155: Ban incident actors from funding sites (needs platform_admin:fundingsites)
* C00171: social media content take-downs (needs platform_admin:socialmedia)
* C00172: social media page removal (needs platform_admin:socialmedia)
* C00197: remove suspicious facebook accounts (needs nan)
* C00058: Report crowdfunder as violator (needs nan)
* C00063: Ban political microtargeting (needs government:policymakers)
* C00076: Prohibit images in political discourse channels (needs nan)
* C00182: malware detection/quarantine/deletion (needs infosec)
* C00218: Censorship (needs platform_admin)
### D3 Disrupt
* C00133: Deplatform Account* (needs platform_admin)
* C00135: Deplatform message groups and/or message boards (needs platform_admin)
* C00065: Ban political ads (needs government:policymakers)
* C00179: Identify, monitor, and, if necessary, target Russia-based nonattributed social media accounts (needs nan)

40
counter_metatag/resiliencecounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,40 @@
# metatechnique counters: resilience
## by action
### D2 Deny
* C00009: Educate high profile influencers on best practices (needs influencers,educators)
* C00011: Media literacy. Games to identify fake news (needs educators,gamesdesigners,developers)
* C00033: Build cultural resistance to false content (needs nan)
* C00049: Influence literacy training (needs educators)
* C00050: Anti-elicitation training (needs educators)
* C00051: Phishing prevention education etc (needs educators)
* C00073: Educate on how to handle info pollution. Push out targeted education on why it's pollution (needs educators)
* C00204: Strengthen local media (needs media)
* C00160: find and train influencers (needs data_scientist,influencers)
* C00210: Use encrypted apps for confidential communication (needs nan)
### D3 Disrupt
* C00061: Innoculating at language (needs nan)
* C00125: Prepare the population with pre-announcements (needs nan)
* C00188: Newsroom/Journalist training to counter SEO influence (needs media,educators)
* C00190: open engagement with civil society (needs public)
* C00193: promotion of a “higher standard of journalism” (needs media,educators)
* C00212: build public resilence by making civil society more vibrant (needs educators,government)
* C00109: De-escalation (needs nan)
### D4 Degrade
* C00022: Innoculate. Positive campaign to promote feeling of safety - to counter ability and fear based attacks (needs nan)
* C00023: Promote civility as an identity that people will defend (needs nan)
* C00024: Promote constructive narratives i.e. not polarising. Pro-life, pro-choice, or pro-USA? (needs nan)
* C00054: Media literacy training. (needs educators,libraries,schools,DHS,NGO,platform_outreach,media,community_groups,religious_organisations)
* C00158: Use training to build the resilience of at-risk populations. (needs educators,media)
* C00021: Encourage in-person communication (needs nan)
* C00111: Present sympathetic views of opposite side (needs media,content_creators)
### D7 Deter
* C00130: Mentorship: elders, youth, credit. Learn vicariously. (needs nan)
* C00027: Create culture of civility (needs nan)
* C00093: Establish tailored code of conduct for individuals with many followers (needs nan)
* C00121: Tool transparency and literacy for channels people follow. (needs nan)

18
counter_metatag/scoringcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,18 @@
# metatechnique counters: scoring
## by action
### D2 Deny
* C00007: Create framework for BetterBusinessBureau (BBB) for news media (needs nan)
* C00008: Create shared fact-checking database (needs factcheckers)
* C00013: Rating framework for news - full transcripts, link source, add items, BBB for news (needs nan)
* C00014: Real-time updates to fact-checking database (needs factcheckers)
* C00015: Reputation scores for social media users (needs data_scientist,datastreams)
* C00057: Privacy standards (needs nan)
* C00107: Content moderation (needs nan)
### D7 Deter
* C00092: Establish a truth teller reputation score for individuals with many followers (needs nan)
* C00095: Keep score (needs nan)
* C00096: Strengthen institutions that are always truth tellers (needs nan)

23
counter_metatag/targetingcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,23 @@
# metatechnique counters: targeting
## by action
### D2 Deny
* C00036: Infiltrate the in-group to discredit leaders (divide) (needs nan)
### D3 Disrupt
* C00060: Enhanced legal enforcement against for-profit follower/engagement factories (needs government:policymakers)
* C00067: Denigrate the recipient/ project (of online funding) (needs nan)
* C00077: Active defence: replay "develop people" (needs nan)
* C00153: Use offensive cyber action (needs infosec)
* C00162: collect data/map constellations of Russian“civil society”. Unravel/target the Potemkin villages (needs nan)
* C00164: compatriot policy (needs nan)
### D4 Degrade
* C00046: Marginalise and discredit extremist (needs nan)
* C00052: Infiltrate platforms (needs activists)
* C00143: (botnet) DMCA takedown requests to waste group time (needs public,elves)
### D7 Deter
* C00207: tit-for-tat campaign (needs government,platforms)

11
counter_metatag/verificationcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,11 @@
# metatechnique counters: verification
## by action
### D2 Deny
* C00040: third party verification for people (needs nan)
* C00059: Verification of project before posting (counters funding campaigns) (needs nan)
### D3 Disrupt
* C00028: Blockchain audit log and validation with collaborative decryption to post comments (needs nan)

178
counter_metatag_counts.md Обычный файл
Просмотреть файл

@ -0,0 +1,178 @@
# AMITT metatechnique courses of action
<table border="1">
<tr>
<td> </td>
<td>ALL</td>
<td>D2 Deny</td>
<td>D3 Disrupt</td>
<td>D4 Degrade</td>
<td>D5 Deceive</td>
<td>D6 Destroy</td>
<td>D7 Deter</td>
<td>TOTALS</td></tr><tr>
<td><a href="metatag/cleaningcounters.md">cleaning</a></td>
<td>0</td>
<td>2</td>
<td>1</td>
<td>1</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>4</td>
</tr>
<tr>
<td><a href="metatag/countermessagingcounters.md">countermessaging</a></td>
<td>0</td>
<td>3</td>
<td>8</td>
<td>4</td>
<td>0</td>
<td>1</td>
<td>1</td>
<td>17</td>
</tr>
<tr>
<td><a href="metatag/data pollutioncounters.md">data pollution</a></td>
<td>0</td>
<td>0</td>
<td>1</td>
<td>4</td>
<td>1</td>
<td>0</td>
<td>0</td>
<td>6</td>
</tr>
<tr>
<td><a href="metatag/daylightcounters.md">daylight</a></td>
<td>0</td>
<td>6</td>
<td>8</td>
<td>2</td>
<td>0</td>
<td>1</td>
<td>2</td>
<td>19</td>
</tr>
<tr>
<td><a href="metatag/dilutioncounters.md">dilution</a></td>
<td>0</td>
<td>0</td>
<td>5</td>
<td>1</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>6</td>
</tr>
<tr>
<td><a href="metatag/diversioncounters.md">diversion</a></td>
<td>0</td>
<td>2</td>
<td>10</td>
<td>2</td>
<td>3</td>
<td>0</td>
<td>0</td>
<td>17</td>
</tr>
<tr>
<td><a href="metatag/frictioncounters.md">friction</a></td>
<td>0</td>
<td>13</td>
<td>7</td>
<td>6</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>26</td>
</tr>
<tr>
<td><a href="metatag/metatechniquecounters.md">metatechnique</a></td>
<td>4</td>
<td>3</td>
<td>6</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>3</td>
<td>16</td>
</tr>
<tr>
<td><a href="metatag/reduce resourcescounters.md">reduce resources</a></td>
<td>0</td>
<td>2</td>
<td>1</td>
<td>1</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>4</td>
</tr>
<tr>
<td><a href="metatag/removalcounters.md">removal</a></td>
<td>0</td>
<td>15</td>
<td>4</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>19</td>
</tr>
<tr>
<td><a href="metatag/resiliencecounters.md">resilience</a></td>
<td>0</td>
<td>10</td>
<td>7</td>
<td>7</td>
<td>0</td>
<td>0</td>
<td>4</td>
<td>28</td>
</tr>
<tr>
<td><a href="metatag/scoringcounters.md">scoring</a></td>
<td>0</td>
<td>7</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>3</td>
<td>10</td>
</tr>
<tr>
<td><a href="metatag/targetingcounters.md">targeting</a></td>
<td>0</td>
<td>1</td>
<td>6</td>
<td>3</td>
<td>0</td>
<td>0</td>
<td>1</td>
<td>11</td>
</tr>
<tr>
<td><a href="metatag/verificationcounters.md">verification</a></td>
<td>0</td>
<td>2</td>
<td>1</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>3</td>
</tr>
<tr>
<td>TOTALS</td>
<td>4</td>
<td>66</td>
<td>65</td>
<td>31</td>
<td>4</td>
<td>2</td>
<td>14</td>
<td>186</td>
</tr>
</table>

7
counter_resource/DHScounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: DHS
## by action
### D4 Degrade
* C00054: Media literacy training. (needs educators,libraries,schools,DHS,NGO,platform_outreach,media,community_groups,religious_organisations)

7
counter_resource/NGOcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: NGO
## by action
### D4 Degrade
* C00054: Media literacy training. (needs educators,libraries,schools,DHS,NGO,platform_outreach,media,community_groups,religious_organisations)

10
counter_resource/activistscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,10 @@
# resource counters: activists
## by action
### D3 Disrupt
* C00043: Detect hijacked accounts and reallocate them (needs platform_admin,activists,civil_society,money)
### D4 Degrade
* C00052: Infiltrate platforms (needs activists)

7
counter_resource/adtechcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: adtech
## by action
### D3 Disrupt
* C00105: Buy more advertising than the adversary to shift influence and algorithms (needs money,adtech)

7
counter_resource/civil_societycounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: civil_society
## by action
### D3 Disrupt
* C00043: Detect hijacked accounts and reallocate them (needs platform_admin,activists,civil_society,money)

7
counter_resource/community_groupscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: community_groups
## by action
### D4 Degrade
* C00054: Media literacy training. (needs educators,libraries,schools,DHS,NGO,platform_outreach,media,community_groups,religious_organisations)

7
counter_resource/companiescounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: companies
## by action
### D3 Disrupt
* C00205: strong dialogue between the federal government and private sector to encourage better reporting (needs companies,government)

7
counter_resource/content_creatorscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: content_creators
## by action
### D4 Degrade
* C00111: Present sympathetic views of opposite side (needs media,content_creators)

7
counter_resource/data scientistcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: data scientist
## by action
### D2 Deny
* C00160: find and train influencers (needs data scientist,influencers)

8
counter_resource/data_scientistcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,8 @@
# resource counters: data_scientist
## by action
### D2 Deny
* C00015: Reputation scores for social media users (needs data_scientist,datastreams)
* C00160: find and train influencers (needs data_scientist,influencers)

7
counter_resource/datastreamscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: datastreams
## by action
### D2 Deny
* C00015: Reputation scores for social media users (needs data_scientist,datastreams)

10
counter_resource/developerscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,10 @@
# resource counters: developers
## by action
### D2 Deny
* C00011: Media literacy. Games to identify fake news (needs educators,gamesdesigners,developers)
### D5 Deceive
* C00103: Create a bot that engages / distract trolls (needs developers)

21
counter_resource/educatorscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,21 @@
# resource counters: educators
## by action
### D2 Deny
* C00009: Educate high profile influencers on best practices (needs influencers,educators)
* C00011: Media literacy. Games to identify fake news (needs educators,gamesdesigners,developers)
* C00049: Influence literacy training (needs educators)
* C00050: Anti-elicitation training (needs educators)
* C00051: Phishing prevention education etc (needs educators)
* C00073: Educate on how to handle info pollution. Push out targeted education on why it's pollution (needs educators)
### D3 Disrupt
* C00188: Newsroom/Journalist training to counter SEO influence (needs media,educators)
* C00193: promotion of a “higher standard of journalism” (needs media,educators)
* C00212: build public resilence by making civil society more vibrant (needs educators,government)
### D4 Degrade
* C00054: Media literacy training. (needs educators,libraries,schools,DHS,NGO,platform_outreach,media,community_groups,religious_organisations)
* C00158: Use training to build the resilience of at-risk populations. (needs educators,media)

7
counter_resource/elvescounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: elves
## by action
### D4 Degrade
* C00143: (botnet) DMCA takedown requests to waste group time (needs public,elves)

8
counter_resource/factcheckerscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,8 @@
# resource counters: factcheckers
## by action
### D2 Deny
* C00008: Create shared fact-checking database (needs factcheckers)
* C00014: Real-time updates to fact-checking database (needs factcheckers)

7
counter_resource/fundingcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: funding
## by action
### D2 Deny
* C00110: Monetize centrist SEO by subsidizing the difference in greater clicks towards extremist content (needs funding)

7
counter_resource/gamesdesignerscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: gamesdesigners
## by action
### D2 Deny
* C00011: Media literacy. Games to identify fake news (needs educators,gamesdesigners,developers)

16
counter_resource/government:policymakerscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,16 @@
# resource counters: government:policymakers
## by action
### D2 Deny
* C00012: Platform regulation (needs government:policymakers)
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
* C00010: Enhanced privacy regulation for social media (needs government:policymakers)
* C00063: Ban political microtargeting (needs government:policymakers)
### D3 Disrupt
* C00060: Enhanced legal enforcement against for-profit follower/engagement factories (needs government:policymakers)
* C00065: Ban political ads (needs government:policymakers)
* C00214: Create policy that makes social media police disinformation (needs government:policymakers)
* C00215: Use fraud legislation to clean up social media (needs government:policymakers)

17
counter_resource/governmentcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,17 @@
# resource counters: government
## by action
### D2 Deny
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
### D3 Disrupt
* C00212: build public resilence by making civil society more vibrant (needs educators,government)
* C00156: Better tell the U.S., NATO, and EU story. (needs government,military)
* C00196: Include the role of social media in the regulatory framework for media (needs government)
* C00203: Stop offering press credentials to propaganda outlets (needs government)
* C00205: strong dialogue between the federal government and private sector to encourage better reporting (needs companies,government)
### D7 Deter
* C00207: tit-for-tat campaign (needs government,platforms)

7
counter_resource/influencers:trusted_authoritycounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: influencers:trusted_authority
## by action
### D3 Disrupt
* C00128: Create friction by marking content with ridicule or other "decelerants" (needs influencers:trusted_authority)

11
counter_resource/influencerscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,11 @@
# resource counters: influencers
## by action
### D2 Deny
* C00009: Educate high profile influencers on best practices (needs influencers,educators)
* C00160: find and train influencers (needs data_scientist,influencers)
### D3 Disrupt
* C00200: Respected figure (influencer) disavows misinfo (needs influencers)

10
counter_resource/infoseccounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,10 @@
# resource counters: infosec
## by action
### D2 Deny
* C00182: malware detection/quarantine/deletion (needs infosec)
### D3 Disrupt
* C00153: Use offensive cyber action (needs infosec)

7
counter_resource/librariescounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: libraries
## by action
### D4 Degrade
* C00054: Media literacy training. (needs educators,libraries,schools,DHS,NGO,platform_outreach,media,community_groups,religious_organisations)

20
counter_resource/mediacounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,20 @@
# resource counters: media
## by action
### D2 Deny
* C00154: Ask media not to report false information (needs media)
* C00204: Strengthen local media (needs media)
### D3 Disrupt
* C00188: Newsroom/Journalist training to counter SEO influence (needs media,educators)
* C00193: promotion of a “higher standard of journalism” (needs media,educators)
* C00017: Media campaign promoting in-group to out-group in person communication / activities (needs media)
* C00124: Don't feed the trolls (needs public,media)
### D4 Degrade
* C00054: Media literacy training. (needs educators,libraries,schools,DHS,NGO,platform_outreach,media,community_groups,religious_organisations)
* C00158: Use training to build the resilience of at-risk populations. (needs educators,media)
* C00020: Deligitimise the 24 hour news cycle (needs media)
* C00111: Present sympathetic views of opposite side (needs media,content_creators)

7
counter_resource/militarycounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: military
## by action
### D3 Disrupt
* C00156: Better tell the U.S., NATO, and EU story. (needs government,military)

8
counter_resource/moneycounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,8 @@
# resource counters: money
## by action
### D3 Disrupt
* C00043: Detect hijacked accounts and reallocate them (needs platform_admin,activists,civil_society,money)
* C00105: Buy more advertising than the adversary to shift influence and algorithms (needs money,adtech)

7
counter_resource/platform_admin:adtechcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: platform_admin:adtech
## by action
### D2 Deny
* C00216: Use advertiser controls to stem flow of funds to bad actors (needs platform_admin:adtech)

7
counter_resource/platform_admin:fundingsitescounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: platform_admin:fundingsites
## by action
### D2 Deny
* C00155: Ban incident actors from funding sites (needs platform_admin:fundingsites)

13
counter_resource/platform_admin:socialmediacounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,13 @@
# resource counters: platform_admin:socialmedia
## by action
### D2 Deny
* C00074: Identify identical content and mass deplatform (needs platform_admin,platform_admin:socialmedia)
* C00006: Charge for social media (needs platform_admin:socialmedia)
* C00171: social media content take-downs (needs platform_admin:socialmedia)
* C00172: social media page removal (needs platform_admin:socialmedia)
### D4 Degrade
* C00053: Delete old accounts / Remove unused social media accounts (needs platform_admin,platform_admin:socialmedia,public:account_owners)

21
counter_resource/platform_admincounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,21 @@
# resource counters: platform_admin
## by action
### D2 Deny
* C00074: Identify identical content and mass deplatform (needs platform_admin,platform_admin:socialmedia)
* C00098: Revocation of "verified" (needs platform_admin)
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
* C00122: Content moderation. Censorship? (needs platform_admin)
* C00217: Registries alert when large batches of newsy URLs get registered together (needs platform_admin)
* C00218: Censorship (needs platform_admin)
### D3 Disrupt
* C00043: Detect hijacked accounts and reallocate them (needs platform_admin,activists,civil_society,money)
* C00133: Deplatform Account* (needs platform_admin)
* C00135: Deplatform message groups and/or message boards (needs platform_admin)
### D4 Degrade
* C00053: Delete old accounts / Remove unused social media accounts (needs platform_admin,platform_admin:socialmedia,public:account_owners)
* C00102: Make repeat voting harder (needs platform_admin)

18
counter_resource/platform_algorithmscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,18 @@
# resource counters: platform_algorithms
## by action
### D2 Deny
* C00097: Require use of verified identities to contribute to poll or comment (needs platform_algorithms)
* C00099: Strengthen verification methods (needs platform_algorithms)
### D3 Disrupt
* C00044: Keep people from posting to social media immediately (needs platform_algorithms)
* C00147: Make amplification of social media ports expire (e.g. can't like/ retweet after n days) (needs platform_algorithms)
### D4 Degrade
* C00148: Add random links to network graphs (needs platform_algorithms)
* C00101: Create participant friction (needs platform_algorithms)
* C00141: "Hey this story is old" popup when messaging with old URL (needs platform_algorithms)
* C00142: "This has been disproved - do you want to forward it" (needs platform_algorithms)

7
counter_resource/platform_outreachcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: platform_outreach
## by action
### D4 Degrade
* C00054: Media literacy training. (needs educators,libraries,schools,DHS,NGO,platform_outreach,media,community_groups,religious_organisations)

7
counter_resource/platformscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: platforms
## by action
### D7 Deter
* C00207: tit-for-tat campaign (needs government,platforms)

7
counter_resource/public:account_ownerscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: public:account_owners
## by action
### D4 Degrade
* C00053: Delete old accounts / Remove unused social media accounts (needs platform_admin,platform_admin:socialmedia,public:account_owners)

7
counter_resource/public:anyone with datasets or data summariescounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: public:anyone with datasets or data summaries
## by action
### D1 detect
* C00213: Warn social media companies about an ongoing campaign (e.g. antivax sites). (needs public:anyone with datasets or data summaries)

14
counter_resource/publiccounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,14 @@
# resource counters: public
## by action
### D2 Deny
* C00114: Don't engage with payloads (needs public)
### D3 Disrupt
* C00190: open engagement with civil society (needs public)
* C00124: Don't feed the trolls (needs public,media)
### D4 Degrade
* C00143: (botnet) DMCA takedown requests to waste group time (needs public,elves)

7
counter_resource/religious_organisationscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: religious_organisations
## by action
### D4 Degrade
* C00054: Media literacy training. (needs educators,libraries,schools,DHS,NGO,platform_outreach,media,community_groups,religious_organisations)

7
counter_resource/schoolscounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: schools
## by action
### D4 Degrade
* C00054: Media literacy training. (needs educators,libraries,schools,DHS,NGO,platform_outreach,media,community_groups,religious_organisations)

7
counter_resource/server_admincounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,7 @@
# resource counters: server_admin
## by action
### D2 Deny
* C00131: Seize and analyse botnet servers (needs server_admin)

385
counter_resource_counts.md Обычный файл
Просмотреть файл

@ -0,0 +1,385 @@
# AMITT resource courses of action
<table border="1">
<tr>
<td> </td>
<td>ALL</td>
<td>D2 Deny</td>
<td>D3 Disrupt</td>
<td>D4 Degrade</td>
<td>D5 Deceive</td>
<td>D6 Destroy</td>
<td>D7 Deter</td>
<td>TOTALS</td></tr><tr>
<td><a href="resource/DHScounters.md">DHS</a></td>
<td> </td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/NGOcounters.md">NGO</a></td>
<td> </td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/activistscounters.md">activists</a></td>
<td> </td>
<td> </td>
<td>1.0</td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/adtechcounters.md">adtech</a></td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/civil_societycounters.md">civil_society</a></td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/community_groupscounters.md">community_groups</a></td>
<td> </td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/companiescounters.md">companies</a></td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/content_creatorscounters.md">content_creators</a></td>
<td> </td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/data_scientistcounters.md">data_scientist</a></td>
<td> </td>
<td>2.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/datastreamscounters.md">datastreams</a></td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/developerscounters.md">developers</a></td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/educatorscounters.md">educators</a></td>
<td> </td>
<td>6.0</td>
<td>3.0</td>
<td>2.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/elvescounters.md">elves</a></td>
<td> </td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/factcheckerscounters.md">factcheckers</a></td>
<td> </td>
<td>2.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/fundingcounters.md">funding</a></td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/gamesdesignerscounters.md">gamesdesigners</a></td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/governmentcounters.md">government</a></td>
<td> </td>
<td>1.0</td>
<td>5.0</td>
<td> </td>
<td> </td>
<td> </td>
<td>1.0</td>
<td></td></tr>
<tr>
<td><a href="resource/government:policymakerscounters.md">government:policymakers</a></td>
<td> </td>
<td>4.0</td>
<td>4.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/influencerscounters.md">influencers</a></td>
<td> </td>
<td>2.0</td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/influencers:trusted_authoritycounters.md">influencers:trusted_authority</a></td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/infoseccounters.md">infosec</a></td>
<td> </td>
<td>1.0</td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/librariescounters.md">libraries</a></td>
<td> </td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/mediacounters.md">media</a></td>
<td> </td>
<td>2.0</td>
<td>4.0</td>
<td>4.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/militarycounters.md">military</a></td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/moneycounters.md">money</a></td>
<td> </td>
<td> </td>
<td>2.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/platform_admincounters.md">platform_admin</a></td>
<td> </td>
<td>6.0</td>
<td>3.0</td>
<td>2.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/platform_admin:adtechcounters.md">platform_admin:adtech</a></td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/platform_admin:fundingsitescounters.md">platform_admin:fundingsites</a></td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/platform_admin:socialmediacounters.md">platform_admin:socialmedia</a></td>
<td> </td>
<td>4.0</td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/platform_algorithmscounters.md">platform_algorithms</a></td>
<td> </td>
<td>2.0</td>
<td>2.0</td>
<td>4.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/platform_outreachcounters.md">platform_outreach</a></td>
<td> </td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/platformscounters.md">platforms</a></td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td>1.0</td>
<td></td></tr>
<tr>
<td><a href="resource/publiccounters.md">public</a></td>
<td> </td>
<td>1.0</td>
<td>2.0</td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/public:account_ownerscounters.md">public:account_owners</a></td>
<td> </td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/religious_organisationscounters.md">religious_organisations</a></td>
<td> </td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/schoolscounters.md">schools</a></td>
<td> </td>
<td> </td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
<td><a href="resource/server_admincounters.md">server_admin</a></td>
<td> </td>
<td>1.0</td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td></td></tr>
<tr>
</tr>
</table>

147
counter_tactic_counts.md Обычный файл
Просмотреть файл

@ -0,0 +1,147 @@
# AMITT Courses of Action matrix:
<table border="1">
<tr>
<td> </td>
<td><a href="tactics/ALcounters.md">ALL</a></td>
<td><a href="tactics/TA01counters.md">TA01 Strategic Planning</a></td>
<td><a href="tactics/TA02counters.md">TA02 Objective Planning</a></td>
<td><a href="tactics/TA03counters.md">TA03 Develop People</a></td>
<td><a href="tactics/TA04counters.md">TA04 Develop Networks</a></td>
<td><a href="tactics/TA05counters.md">TA05 Microtargeting</a></td>
<td><a href="tactics/TA06counters.md">TA06 Develop Content</a></td>
<td><a href="tactics/TA07counters.md">TA07 Channel Selection</a></td>
<td><a href="tactics/TA08counters.md">TA08 Pump Priming</a></td>
<td><a href="tactics/TA09counters.md">TA09 Exposure</a></td>
<td><a href="tactics/TA10counters.md">TA10 Go Physical</a></td>
<td><a href="tactics/TA11counters.md">TA11 Persistence</a></td>
<td><a href="tactics/TA12counters.md">TA12 Measure Effectiveness</a></td>
</tr><tr>
<td>ALL</td>
<td>4</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
</tr>
<tr>
<td>D2 Deny</td>
<td>0</td>
<td>11</td>
<td>0</td>
<td>10</td>
<td>11</td>
<td>2</td>
<td>13</td>
<td>7</td>
<td>7</td>
<td>3</td>
<td>1</td>
<td>1</td>
<td>0</td>
</tr>
<tr>
<td>D3 Disrupt</td>
<td>0</td>
<td>6</td>
<td>5</td>
<td>7</td>
<td>3</td>
<td>5</td>
<td>8</td>
<td>7</td>
<td>3</td>
<td>14</td>
<td>0</td>
<td>6</td>
<td>1</td>
</tr>
<tr>
<td>D4 Degrade</td>
<td>0</td>
<td>7</td>
<td>0</td>
<td>1</td>
<td>3</td>
<td>0</td>
<td>5</td>
<td>3</td>
<td>2</td>
<td>2</td>
<td>0</td>
<td>6</td>
<td>2</td>
</tr>
<tr>
<td>D5 Deceive</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>1</td>
<td>0</td>
<td>0</td>
<td>2</td>
<td>1</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
</tr>
<tr>
<td>D6 Destroy</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>1</td>
<td>1</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
<td>0</td>
</tr>
<tr>
<td>D7 Deter</td>
<td>0</td>
<td>4</td>
<td>0</td>
<td>1</td>
<td>0</td>
<td>0</td>
<td>5</td>
<td>0</td>
<td>3</td>
<td>0</td>
<td>1</td>
<td>0</td>
<td>0</td>
</tr>
<tr>
<td>TOTALS</td>
<td>4</td>
<td>28</td>
<td>5</td>
<td>21</td>
<td>18</td>
<td>7</td>
<td>33</td>
<td>18</td>
<td>15</td>
<td>19</td>
<td>2</td>
<td>13</td>
<td>3</td>
</tr>
</table>

15
counter_tactics/ALcounters.md Обычный файл
Просмотреть файл

@ -0,0 +1,15 @@
# Tactic ALL counters
## by action
### ALL
* C00001: Better models of info spread up the layers (needs nan)
* C00003: How can we safeguard against extremists using the tools that we will produce? (needs nan)
* C00004: Managing like a chronic disease (needs nan)
* C00005: Policy: makers, terminology, elements: a) broad, b) specific (needs nan)
## by technique
### AL

72
counter_tactics/TA01counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,72 @@
# Tactic TA01 Strategic Planning counters
## by action
### D2 Deny
* C00006: Charge for social media (needs platform_admin:socialmedia)
* C00012: Platform regulation (needs government:policymakers)
* C00009: Educate high profile influencers on best practices (needs influencers,educators)
* C00011: Media literacy. Games to identify fake news (needs educators,gamesdesigners,developers)
* C00007: Create framework for BetterBusinessBureau (BBB) for news media (needs nan)
* C00008: Create shared fact-checking database (needs factcheckers)
* C00013: Rating framework for news - full transcripts, link source, add items, BBB for news (needs nan)
* C00014: Real-time updates to fact-checking database (needs factcheckers)
* C00015: Reputation scores for social media users (needs data_scientist,datastreams)
* C00010: Enhanced privacy regulation for social media (needs government:policymakers)
* C00016: Social media as a privilege not right (needs nan)
### D3 Disrupt
* C00018: Promote constructive communication by shaming division-enablers (needs nan)
* C00019: Promote playbooks to call out division-enablers (needs nan)
* C00017: Media campaign promoting in-group to out-group in person communication / activities (needs media)
* C00153: Use offensive cyber action (needs infosec)
* C00159: Campaign mindset and associated toolbox (needs nan)
* C00205: strong dialogue between the federal government and private sector to encourage better reporting (needs companies,government)
### D4 Degrade
* C00026: Shore up democracy based messages (peace, freedom) - make it sexy (needs nan)
* C00022: Innoculate. Positive campaign to promote feeling of safety - to counter ability and fear based attacks (needs nan)
* C00023: Promote civility as an identity that people will defend (needs nan)
* C00024: Promote constructive narratives i.e. not polarising. Pro-life, pro-choice, or pro-USA? (needs nan)
* C00020: Deligitimise the 24 hour news cycle (needs media)
* C00021: Encourage in-person communication (needs nan)
* C00025: Promote identity neutral narratives (needs nan)
### D7 Deter
* C00027: Create culture of civility (needs nan)
* C00161: Coalition Building and Third-Party Inducements: (needs nan)
* C00176: Improve Coordination with and feedback from the U.S. private sector (needs nan)
* C00207: tit-for-tat campaign (needs government,platforms)
## by technique
### TA01
* C00023: Promote civility as an identity that people will defend (needs nan)
* C00024: Promote constructive narratives i.e. not polarising. Pro-life, pro-choice, or pro-USA? (needs nan)
* C00073: Educate on how to handle info pollution. Push out targeted education on why it's pollution (needs educators)
* C00008: Create shared fact-checking database (needs factcheckers)
* C00014: Real-time updates to fact-checking database (needs factcheckers)
* C00015: Reputation scores for social media users (needs data_scientist,datastreams)
* C00025: Promote identity neutral narratives (needs nan)
### 39 T0001 - 5Ds (dismiss, distort, distract, disma...
Name: key, dtype: object
* C00020: Deligitimise the 24 hour news cycle (needs media)
### 40 T0002 - Facilitate State Propaganda
Name: key, dtype: object
* C00026: Shore up democracy based messages (peace, freedom) - make it sexy (needs nan)
* C00031: Dilute the core narrative - create multiple permutations, target / amplify (needs nan)
* C00088: Poison pill recasting of message (needs nan)
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
* C00022: Innoculate. Positive campaign to promote feeling of safety - to counter ability and fear based attacks (needs nan)
### 41 T0003 - Leverage Existing Narratives
Name: key, dtype: object
* C00031: Dilute the core narrative - create multiple permutations, target / amplify (needs nan)
### 42 T0004 - Competing Narratives
Name: key, dtype: object
* C00042: Address truth contained in narratives (needs nan)

32
counter_tactics/TA02counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,32 @@
# Tactic TA02 Objective Planning counters
## by action
### D3 Disrupt
* C00031: Dilute the core narrative - create multiple permutations, target / amplify (needs nan)
* C00029: Create fake website to issue counter narrative and counter narrative through physical merchandise (needs nan)
* C00030: Develop a compelling counter narrative (truth based) (needs nan)
* C00032: Hijack content and link to truth- based info (platform) (needs nan)
* C00028: Blockchain audit log and validation with collaborative decryption to post comments (needs nan)
## by technique
### TA02
* C00070: Block access to platform. DDOS an attacker. (needs nan)
### 43 T0005 - Center of Gravity Analysis
Name: key, dtype: object
* C00136: Microtarget most likely targets then send them countermessages (needs nan)
* C00036: Infiltrate the in-group to discredit leaders (divide) (needs nan)
### 44 T0006 - Create Master Narratives
Name: key, dtype: object
* C00031: Dilute the core narrative - create multiple permutations, target / amplify (needs nan)
* C00088: Poison pill recasting of message (needs nan)
* C00023: Promote civility as an identity that people will defend (needs nan)
* C00024: Promote constructive narratives i.e. not polarising. Pro-life, pro-choice, or pro-USA? (needs nan)
* C00008: Create shared fact-checking database (needs factcheckers)
* C00014: Real-time updates to fact-checking database (needs factcheckers)
* C00025: Promote identity neutral narratives (needs nan)

67
counter_tactics/TA03counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,67 @@
# Tactic TA03 Develop People counters
## by action
### D2 Deny
* C00150: “calling them out” (needs nan)
* C00034: Create more friction at account creation (needs nan)
* C00035: Friction (needs nan)
* C00039: Standard reporting for false profiles (needs nan)
* C00155: Ban incident actors from funding sites (needs platform_admin:fundingsites)
* C00197: remove suspicious facebook accounts (needs nan)
* C00033: Build cultural resistance to false content (needs nan)
* C00040: third party verification for people (needs nan)
* C00036: Infiltrate the in-group to discredit leaders (divide) (needs nan)
* C00160: find and train influencers (needs data_scientist,influencers)
### D3 Disrupt
* C00043: Detect hijacked accounts and reallocate them (needs platform_admin,activists,civil_society,money)
* C00044: Keep people from posting to social media immediately (needs platform_algorithms)
* C00170: elevate information as a critical domain of statecraft (needs nan)
* C00042: Address truth contained in narratives (needs nan)
* C00045: S4d detection and re-allocation approaches (needs nan)
* C00164: compatriot policy (needs nan)
* C00179: Identify, monitor, and, if necessary, target Russia-based nonattributed social media accounts (needs nan)
### D4 Degrade
* C00046: Marginalise and discredit extremist (needs nan)
### D5 Deceive
* C00047: Coordinated inauthentics (needs nan)
### D6 Destroy
* C00189: Ongoing analysis/monitoring of "flagged" profiles (needs nan)
### D7 Deter
* C00048: Name and Shame (needs nan)
## by technique
### TA03
* C00011: Media literacy. Games to identify fake news (needs educators,gamesdesigners,developers)
* C00085: Demuting content (needs nan)
### 45 T0007 - Create fake Social Media Profiles / Pa...
Name: key, dtype: object
* C00012: Platform regulation (needs government:policymakers)
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
* C00039: Standard reporting for false profiles (needs nan)
* C00133: Deplatform Account* (needs platform_admin)
* C00135: Deplatform message groups and/or message boards (needs platform_admin)
* C00036: Infiltrate the in-group to discredit leaders (divide) (needs nan)
### 46 T0008 - Create fake or imposter news sites
Name: key, dtype: object
* C00053: Delete old accounts / Remove unused social media accounts (needs platform_admin,platform_admin:socialmedia,public:account_owners)
* C00070: Block access to platform. DDOS an attacker. (needs nan)
* C00008: Create shared fact-checking database (needs factcheckers)
* C00014: Real-time updates to fact-checking database (needs factcheckers)
### 47 T0009 - Create fake experts
Name: key, dtype: object
* C00133: Deplatform Account* (needs platform_admin)
* C00008: Create shared fact-checking database (needs factcheckers)
* C00014: Real-time updates to fact-checking database (needs factcheckers)
* C00040: third party verification for people (needs nan)

79
counter_tactics/TA04counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,79 @@
# Tactic TA04 Develop Networks counters
## by action
### D2 Deny
* C00152: “name and shame” (needs nan)
* C00056: Get off social media (needs nan)
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
* C00174: Free and Fair Press (needs nan)
* C00049: Influence literacy training (needs educators)
* C00050: Anti-elicitation training (needs educators)
* C00051: Phishing prevention education etc (needs educators)
* C00057: Privacy standards (needs nan)
* C00059: Verification of project before posting (counters funding campaigns) (needs nan)
* C00058: Report crowdfunder as violator (needs nan)
* C00157: Build alternative news sources (needs nan)
### D3 Disrupt
* C00061: Innoculating at language (needs nan)
* C00060: Enhanced legal enforcement against for-profit follower/engagement factories (needs government:policymakers)
* C00162: collect data/map constellations of Russian“civil society”. Unravel/target the Potemkin villages (needs nan)
### D4 Degrade
* C00053: Delete old accounts / Remove unused social media accounts (needs platform_admin,platform_admin:socialmedia,public:account_owners)
* C00054: Media literacy training. (needs educators,libraries,schools,DHS,NGO,platform_outreach,media,community_groups,religious_organisations)
* C00052: Infiltrate platforms (needs activists)
### D6 Destroy
* C00062: Free open library sources worldwide (needs nan)
## by technique
### TA04
* C00011: Media literacy. Games to identify fake news (needs educators,gamesdesigners,developers)
* C00085: Demuting content (needs nan)
### 48 T0010 - Cultivate ignorant agents
Name: key, dtype: object
* C00136: Microtarget most likely targets then send them countermessages (needs nan)
* C00009: Educate high profile influencers on best practices (needs influencers,educators)
* C00093: Establish tailored code of conduct for individuals with many followers (needs nan)
### 49 T0011 - Hijack legitimate account
Name: key, dtype: object
* C00043: Detect hijacked accounts and reallocate them (needs platform_admin,activists,civil_society,money)
* C00053: Delete old accounts / Remove unused social media accounts (needs platform_admin,platform_admin:socialmedia,public:account_owners)
* C00133: Deplatform Account* (needs platform_admin)
* C00135: Deplatform message groups and/or message boards (needs platform_admin)
* C00045: S4d detection and re-allocation approaches (needs nan)
### 50 T0012 - Use concealment
Name: key, dtype: object
* C00049: Influence literacy training (needs educators)
* C00050: Anti-elicitation training (needs educators)
* C00051: Phishing prevention education etc (needs educators)
* C00052: Infiltrate platforms (needs activists)
### 51 T0013 - Create fake websites
Name: key, dtype: object
* C00008: Create shared fact-checking database (needs factcheckers)
* C00014: Real-time updates to fact-checking database (needs factcheckers)
### 52 T0014 - Create funding campaigns
Name: key, dtype: object
* C00012: Platform regulation (needs government:policymakers)
* C00070: Block access to platform. DDOS an attacker. (needs nan)
* C00133: Deplatform Account* (needs platform_admin)
* C00008: Create shared fact-checking database (needs factcheckers)
* C00014: Real-time updates to fact-checking database (needs factcheckers)
### 53 T0015 - Create hashtag
Name: key, dtype: object
* C00145: Pollute the data voids with wholesome content (Kittens! Babyshark!) (needs nan)
* C00066: Co-opt a hashtag and drown it out (hijack it back) (needs nan)
* C00088: Poison pill recasting of message (needs nan)
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
* C00070: Block access to platform. DDOS an attacker. (needs nan)

46
counter_tactics/TA05counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,46 @@
# Tactic TA05 Microtargeting counters
## by action
### D2 Deny
* C00216: Use advertiser controls to stem flow of funds to bad actors (needs platform_admin:adtech)
* C00063: Ban political microtargeting (needs government:policymakers)
### D3 Disrupt
* C00068: Expose online funding as fake (needs nan)
* C00069: Mark clickbait visually (needs nan)
* C00066: Co-opt a hashtag and drown it out (hijack it back) (needs nan)
* C00065: Ban political ads (needs government:policymakers)
* C00067: Denigrate the recipient/ project (of online funding) (needs nan)
## by technique
### TA05
* C00140: "Bomb" link shorteners with lots of calls (needs nan)
* C00141: "Hey this story is old" popup when messaging with old URL (needs platform_algorithms)
* C00142: "This has been disproved - do you want to forward it" (needs platform_algorithms)
* C00011: Media literacy. Games to identify fake news (needs educators,gamesdesigners,developers)
* C00085: Demuting content (needs nan)
### 54 T0016 - Clickbait
Name: key, dtype: object
* C00069: Mark clickbait visually (needs nan)
### 55 T0017 - Promote online funding
Name: key, dtype: object
* C00068: Expose online funding as fake (needs nan)
* C00088: Poison pill recasting of message (needs nan)
* C00070: Block access to platform. DDOS an attacker. (needs nan)
* C00133: Deplatform Account* (needs platform_admin)
* C00135: Deplatform message groups and/or message boards (needs platform_admin)
* C00036: Infiltrate the in-group to discredit leaders (divide) (needs nan)
* C00067: Denigrate the recipient/ project (of online funding) (needs nan)
* C00093: Establish tailored code of conduct for individuals with many followers (needs nan)
### 56 T0018 - Paid targeted ads
Name: key, dtype: object
* C00133: Deplatform Account* (needs platform_admin)
* C00063: Ban political microtargeting (needs government:policymakers)
* C00065: Ban political ads (needs government:policymakers)

124
counter_tactics/TA06counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,124 @@
# Tactic TA06 Develop Content counters
## by action
### D2 Deny
* C00074: Identify identical content and mass deplatform (needs platform_admin,platform_admin:socialmedia)
* C00070: Block access to platform. DDOS an attacker. (needs nan)
* C00071: Block source of pollution (needs nan)
* C00072: Content censorship in non-relevant domains e.g. Pinterest antivax (needs nan)
* C00171: social media content take-downs (needs platform_admin:socialmedia)
* C00172: social media page removal (needs platform_admin:socialmedia)
* C00073: Educate on how to handle info pollution. Push out targeted education on why it's pollution (needs educators)
* C00075: normalise language (needs nan)
* C00076: Prohibit images in political discourse channels (needs nan)
* C00165: Limit access to alterable documents (needs nan)
* C00167: Deploy Information and Narrative-Building in Service of Statecraft (needs nan)
* C00202: Set data 'honeytraps' (needs nan)
* C00210: Use encrypted apps for confidential communication (needs nan)
### D3 Disrupt
* C00082: Ground truthing as automated response to pollution (needs nan)
* C00081: Discredit by pointing out the "noise" and informing public that "flooding" is a technique of disinformation campaigns; point out intended objective of "noise" (needs nan)
* C00078: Change Search Algorithms for Disinformation Content. More specifically, change image search algorithms for hate groups and extremists (needs nan)
* C00079: Change search algorithms for hate and extremist queries to show content sympathetic to opposite side (needs nan)
* C00080: Create competing narrative (needs nan)
* C00084: Steal their truths (needs nan)
* C00077: Active defence: replay "develop people" (needs nan)
* C00219: Add metadata to content - out of the control of the adversary (needs nan)
### D4 Degrade
* C00087: Make more noise (needs nan)
* C00088: Poison pill recasting of message (needs nan)
* C00089: Throttle number of forwards (needs nan)
* C00085: Demuting content (needs nan)
* C00086: Distract from noise with addictive content (needs nan)
### D5 Deceive
* C00090: Fake engagement system (needs nan)
* C00091: Honeypot social community (needs nan)
### D7 Deter
* C00094: Force full disclosure on corporate sponsor of research (needs nan)
* C00092: Establish a truth teller reputation score for individuals with many followers (needs nan)
* C00095: Keep score (needs nan)
* C00096: Strengthen institutions that are always truth tellers (needs nan)
* C00093: Establish tailored code of conduct for individuals with many followers (needs nan)
## by technique
### TA06
* C00053: Delete old accounts / Remove unused social media accounts (needs platform_admin,platform_admin:socialmedia,public:account_owners)
* C00008: Create shared fact-checking database (needs factcheckers)
* C00014: Real-time updates to fact-checking database (needs factcheckers)
* C00085: Demuting content (needs nan)
### 57 T0019 - Generate information pollution
Name: key, dtype: object
* C00091: Honeypot social community (needs nan)
* C00071: Block source of pollution (needs nan)
* C00073: Educate on how to handle info pollution. Push out targeted education on why it's pollution (needs educators)
* C00042: Address truth contained in narratives (needs nan)
### 58 T0020 - Trial content
Name: key, dtype: object
* C00137: Pollute the AB-testing data feeds (needs nan)
* C00149: Poison the monitoring & evaluation data (needs nan)
* C00090: Fake engagement system (needs nan)
### 59 T0021 - Memes
Name: key, dtype: object
* C00079: Change search algorithms for hate and extremist queries to show content sympathetic to opposite side (needs nan)
* C00089: Throttle number of forwards (needs nan)
* C00076: Prohibit images in political discourse channels (needs nan)
### 60 T0022 - Conspiracy narratives
Name: key, dtype: object
* C00074: Identify identical content and mass deplatform (needs platform_admin,platform_admin:socialmedia)
* C00072: Content censorship in non-relevant domains e.g. Pinterest antivax (needs nan)
* C00023: Promote civility as an identity that people will defend (needs nan)
* C00024: Promote constructive narratives i.e. not polarising. Pro-life, pro-choice, or pro-USA? (needs nan)
* C00096: Strengthen institutions that are always truth tellers (needs nan)
* C00025: Promote identity neutral narratives (needs nan)
* C00042: Address truth contained in narratives (needs nan)
### 61 T0023 - Distort facts
Name: key, dtype: object
* C00023: Promote civility as an identity that people will defend (needs nan)
* C00024: Promote constructive narratives i.e. not polarising. Pro-life, pro-choice, or pro-USA? (needs nan)
* C00092: Establish a truth teller reputation score for individuals with many followers (needs nan)
* C00095: Keep score (needs nan)
* C00025: Promote identity neutral narratives (needs nan)
### 62 T0024 - Create fake videos and images
Name: key, dtype: object
* C00092: Establish a truth teller reputation score for individuals with many followers (needs nan)
* C00076: Prohibit images in political discourse channels (needs nan)
### 63 T0025 - Leak altered documents
Name: key, dtype: object
* C00074: Identify identical content and mass deplatform (needs platform_admin,platform_admin:socialmedia)
* C00012: Platform regulation (needs government:policymakers)
* C00092: Establish a truth teller reputation score for individuals with many followers (needs nan)
* C00036: Infiltrate the in-group to discredit leaders (divide) (needs nan)
* C00202: Set data 'honeytraps' (needs nan)
* C00210: Use encrypted apps for confidential communication (needs nan)
### 64 T0026 - Create fake research
Name: key, dtype: object
* C00074: Identify identical content and mass deplatform (needs platform_admin,platform_admin:socialmedia)
* C00094: Force full disclosure on corporate sponsor of research (needs nan)
* C00092: Establish a truth teller reputation score for individuals with many followers (needs nan)
### 65 T0027 - Adapt existing narratives
Name: key, dtype: object
* C00023: Promote civility as an identity that people will defend (needs nan)
* C00024: Promote constructive narratives i.e. not polarising. Pro-life, pro-choice, or pro-USA? (needs nan)
* C00025: Promote identity neutral narratives (needs nan)
* C00042: Address truth contained in narratives (needs nan)
### 66 T0028 - Create competing narratives
Name: key, dtype: object
* C00042: Address truth contained in narratives (needs nan)

87
counter_tactics/TA07counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,87 @@
# Tactic TA07 Channel Selection counters
## by action
### D2 Deny
* C00195: Redirect Method (needs nan)
* C00097: Require use of verified identities to contribute to poll or comment (needs platform_algorithms)
* C00098: Revocation of "verified" (needs platform_admin)
* C00099: Strengthen verification methods (needs platform_algorithms)
* C00107: Content moderation (needs nan)
* C00110: Monetize centrist SEO by subsidizing the difference in greater clicks towards extremist content (needs funding)
* C00217: Registries alert when large batches of newsy URLs get registered together (needs platform_admin)
### D3 Disrupt
* C00105: Buy more advertising than the adversary to shift influence and algorithms (needs money,adtech)
* C00100: Hashtag jacking (needs nan)
* C00106: Click-bait centrist content (needs nan)
* C00109: De-escalation (needs nan)
* C00196: Include the role of social media in the regulatory framework for media (needs government)
* C00214: Create policy that makes social media police disinformation (needs government:policymakers)
* C00215: Use fraud legislation to clean up social media (needs government:policymakers)
### D4 Degrade
* C00101: Create participant friction (needs platform_algorithms)
* C00102: Make repeat voting harder (needs platform_admin)
* C00111: Present sympathetic views of opposite side (needs media,content_creators)
### D5 Deceive
* C00103: Create a bot that engages / distract trolls (needs developers)
## by technique
### TA07
* C00078: Change Search Algorithms for Disinformation Content. More specifically, change image search algorithms for hate groups and extremists (needs nan)
* C00044: Keep people from posting to social media immediately (needs platform_algorithms)
* C00012: Platform regulation (needs government:policymakers)
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
* C00133: Deplatform Account* (needs platform_admin)
* C00135: Deplatform message groups and/or message boards (needs platform_admin)
* C00092: Establish a truth teller reputation score for individuals with many followers (needs nan)
* C00028: Blockchain audit log and validation with collaborative decryption to post comments (needs nan)
* C00016: Social media as a privilege not right (needs nan)
* C00060: Enhanced legal enforcement against for-profit follower/engagement factories (needs government:policymakers)
* C00085: Demuting content (needs nan)
* C00093: Establish tailored code of conduct for individuals with many followers (needs nan)
### 67 T0029 - Manipulate online polls
Name: key, dtype: object
* C00136: Microtarget most likely targets then send them countermessages (needs nan)
* C00103: Create a bot that engages / distract trolls (needs developers)
* C00097: Require use of verified identities to contribute to poll or comment (needs platform_algorithms)
* C00101: Create participant friction (needs platform_algorithms)
* C00102: Make repeat voting harder (needs platform_admin)
* C00009: Educate high profile influencers on best practices (needs influencers,educators)
### 68 T0030 - Backstop personas
Name: key, dtype: object
* C00099: Strengthen verification methods (needs platform_algorithms)
### 69 T0031 - YouTube
Name: key, dtype: object
### 70 T0032 - Reddit
Name: key, dtype: object
* C00107: Content moderation (needs nan)
### 71 T0033 - Instagram
Name: key, dtype: object
### 72 T0034 - LinkedIn
Name: key, dtype: object
### 73 T0035 - Pinterest
Name: key, dtype: object
* C00107: Content moderation (needs nan)
### 74 T0036 - WhatsApp
Name: key, dtype: object
### 75 T0037 - Facebook
Name: key, dtype: object
### 76 T0038 - Twitter
Name: key, dtype: object
* C00098: Revocation of "verified" (needs platform_admin)

91
counter_tactics/TA08counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,91 @@
# Tactic TA08 Pump Priming counters
## by action
### D2 Deny
* C00113: Debunk and defuse a fake expert / credentials. Attack audience quality of fake expert (needs nan)
* C00115: Expose actor and intentions (needs nan)
* C00116: Provide proof of involvement (needs nan)
* C00154: Ask media not to report false information (needs media)
* C00204: Strengthen local media (needs media)
* C00112: "Prove they are not an op!" (needs nan)
* C00114: Don't engage with payloads (needs public)
### D3 Disrupt
* C00188: Newsroom/Journalist training to counter SEO influence (needs media,educators)
* C00193: promotion of a “higher standard of journalism” (needs media,educators)
* C00203: Stop offering press credentials to propaganda outlets (needs government)
### D4 Degrade
* C00117: Downgrade de-amplify label promote counter to disinformation (needs nan)
* C00118: Repurpose images with new text (needs nan)
### D7 Deter
* C00120: Open dialogue about design of platforms to produce different outcomes (needs nan)
* C00119: Engage payload and debunk. Provide link to facts. (needs nan)
* C00121: Tool transparency and literacy for channels people follow. (needs nan)
## by technique
### TA08
* C00136: Microtarget most likely targets then send them countermessages (needs nan)
* C00018: Promote constructive communication by shaming division-enablers (needs nan)
* C00019: Promote playbooks to call out division-enablers (needs nan)
* C00048: Name and Shame (needs nan)
* C00009: Educate high profile influencers on best practices (needs influencers,educators)
* C00011: Media literacy. Games to identify fake news (needs educators,gamesdesigners,developers)
* C00008: Create shared fact-checking database (needs factcheckers)
* C00014: Real-time updates to fact-checking database (needs factcheckers)
* C00092: Establish a truth teller reputation score for individuals with many followers (needs nan)
* C00028: Blockchain audit log and validation with collaborative decryption to post comments (needs nan)
* C00027: Create culture of civility (needs nan)
* C00085: Demuting content (needs nan)
* C00124: Don't feed the trolls (needs public,media)
### 77 T0039 - Bait legitimate influencers
Name: key, dtype: object
* C00093: Establish tailored code of conduct for individuals with many followers (needs nan)
* C00114: Don't engage with payloads (needs public)
### 78 T0040 - Demand unsurmountable proof
Name: key, dtype: object
* C00112: "Prove they are not an op!" (needs nan)
### 79 T0041 - Deny involvement
Name: key, dtype: object
* C00116: Provide proof of involvement (needs nan)
### 80 T0042 - Kernel of Truth
Name: key, dtype: object
* C00042: Address truth contained in narratives (needs nan)
* C00112: "Prove they are not an op!" (needs nan)
### 81 T0043 - Use SMS/ WhatsApp/ Chat apps
Name: key, dtype: object
* C00012: Platform regulation (needs government:policymakers)
* C00016: Social media as a privilege not right (needs nan)
* C00121: Tool transparency and literacy for channels people follow. (needs nan)
### 82 T0044 - Seed distortions
Name: key, dtype: object
* C00042: Address truth contained in narratives (needs nan)
* C00118: Repurpose images with new text (needs nan)
* C00119: Engage payload and debunk. Provide link to facts. (needs nan)
### 83 T0045 - Use fake experts
Name: key, dtype: object
* C00113: Debunk and defuse a fake expert / credentials. Attack audience quality of fake expert (needs nan)
* C00133: Deplatform Account* (needs platform_admin)
* C00135: Deplatform message groups and/or message boards (needs platform_admin)
* C00092: Establish a truth teller reputation score for individuals with many followers (needs nan)
### 84 T0046 - Search Engine Optimization
Name: key, dtype: object
* C00145: Pollute the data voids with wholesome content (Kittens! Babyshark!) (needs nan)
* C00115: Expose actor and intentions (needs nan)
* C00078: Change Search Algorithms for Disinformation Content. More specifically, change image search algorithms for hate groups and extremists (needs nan)
* C00012: Platform regulation (needs government:policymakers)
* C00070: Block access to platform. DDOS an attacker. (needs nan)
* C00117: Downgrade de-amplify label promote counter to disinformation (needs nan)

128
counter_tactics/TA09counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,128 @@
# Tactic TA09 Exposure counters
## by action
### D2 Deny
* C00122: Content moderation. Censorship? (needs platform_admin)
* C00182: malware detection/quarantine/deletion (needs infosec)
* C00218: Censorship (needs platform_admin)
### D3 Disrupt
* C00169: develop a creative content hub (needs nan)
* C00211: Use humorous counter-narratives (needs nan)
* C00126: Social media amber alert (needs nan)
* C00151: “fight in the light” (needs nan)
* C00128: Create friction by marking content with ridicule or other "decelerants" (needs influencers:trusted_authority)
* C00178: Fill information voids with non-disinformation content (needs nan)
* C00194: Provide an alternative to Russian information by expanding and improving local content. (needs nan)
* C00125: Prepare the population with pre-announcements (needs nan)
* C00190: open engagement with civil society (needs public)
* C00212: build public resilence by making civil society more vibrant (needs educators,government)
* C00123: Bot control (needs nan)
* C00124: Don't feed the trolls (needs public,media)
* C00156: Better tell the U.S., NATO, and EU story. (needs government,military)
* C00200: Respected figure (influencer) disavows misinfo (needs influencers)
### D4 Degrade
* C00184: Media exposure (needs nan)
* C00158: Use training to build the resilience of at-risk populations. (needs educators,media)
## by technique
### TA09
* C00136: Microtarget most likely targets then send them countermessages (needs nan)
* C00140: "Bomb" link shorteners with lots of calls (needs nan)
* C00018: Promote constructive communication by shaming division-enablers (needs nan)
* C00019: Promote playbooks to call out division-enablers (needs nan)
* C00141: "Hey this story is old" popup when messaging with old URL (needs platform_algorithms)
* C00142: "This has been disproved - do you want to forward it" (needs platform_algorithms)
* C00012: Platform regulation (needs government:policymakers)
* C00133: Deplatform Account* (needs platform_admin)
* C00135: Deplatform message groups and/or message boards (needs platform_admin)
* C00011: Media literacy. Games to identify fake news (needs educators,gamesdesigners,developers)
* C00028: Blockchain audit log and validation with collaborative decryption to post comments (needs nan)
* C00085: Demuting content (needs nan)
* C00086: Distract from noise with addictive content (needs nan)
* C00124: Don't feed the trolls (needs public,media)
### 85 T0047 - Muzzle social media as a political force
Name: key, dtype: object
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
* C00120: Open dialogue about design of platforms to produce different outcomes (needs nan)
* C00092: Establish a truth teller reputation score for individuals with many followers (needs nan)
* C00027: Create culture of civility (needs nan)
* C00060: Enhanced legal enforcement against for-profit follower/engagement factories (needs government:policymakers)
* C00093: Establish tailored code of conduct for individuals with many followers (needs nan)
### 86 T0048 - Cow online opinion leaders
Name: key, dtype: object
* C00048: Name and Shame (needs nan)
* C00115: Expose actor and intentions (needs nan)
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
* C00027: Create culture of civility (needs nan)
* C00093: Establish tailored code of conduct for individuals with many followers (needs nan)
### 87 T0049 - Flooding
Name: key, dtype: object
* C00044: Keep people from posting to social media immediately (needs platform_algorithms)
* C00131: Seize and analyse botnet servers (needs server_admin)
* C00123: Bot control (needs nan)
### 88 T0050 - Cheerleading domestic social media ops
Name: key, dtype: object
### 89 T0051 - Fabricate social media comment
Name: key, dtype: object
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
* C00123: Bot control (needs nan)
### 90 T0052 - Tertiary sites amplify news
Name: key, dtype: object
* C00115: Expose actor and intentions (needs nan)
* C00126: Social media amber alert (needs nan)
* C00120: Open dialogue about design of platforms to produce different outcomes (needs nan)
* C00070: Block access to platform. DDOS an attacker. (needs nan)
* C00123: Bot control (needs nan)
### 91 T0053 - Twitter trolls amplify and manipulate
Name: key, dtype: object
* C00115: Expose actor and intentions (needs nan)
* C00126: Social media amber alert (needs nan)
* C00120: Open dialogue about design of platforms to produce different outcomes (needs nan)
* C00144: Buy out troll farm employees / offer them jobs (needs nan)
* C00092: Establish a truth teller reputation score for individuals with many followers (needs nan)
* C00027: Create culture of civility (needs nan)
* C00093: Establish tailored code of conduct for individuals with many followers (needs nan)
* C00123: Bot control (needs nan)
### 92 T0054 - Twitter bots amplify
Name: key, dtype: object
* C00115: Expose actor and intentions (needs nan)
* C00126: Social media amber alert (needs nan)
* C00044: Keep people from posting to social media immediately (needs platform_algorithms)
* C00120: Open dialogue about design of platforms to produce different outcomes (needs nan)
* C00131: Seize and analyse botnet servers (needs server_admin)
* C00123: Bot control (needs nan)
### 93 T0055 - Use hashtag
Name: key, dtype: object
* C00115: Expose actor and intentions (needs nan)
* C00126: Social media amber alert (needs nan)
* C00066: Co-opt a hashtag and drown it out (hijack it back) (needs nan)
* C00055: Empower existing regulators to govern social media (needs government:policymakers,government,platform_admin)
* C00120: Open dialogue about design of platforms to produce different outcomes (needs nan)
* C00070: Block access to platform. DDOS an attacker. (needs nan)
* C00123: Bot control (needs nan)
### 94 T0056 - Dedicated channels disseminate informa...
Name: key, dtype: object
* C00115: Expose actor and intentions (needs nan)
* C00126: Social media amber alert (needs nan)
* C00120: Open dialogue about design of platforms to produce different outcomes (needs nan)
* C00071: Block source of pollution (needs nan)
* C00073: Educate on how to handle info pollution. Push out targeted education on why it's pollution (needs educators)
* C00036: Infiltrate the in-group to discredit leaders (divide) (needs nan)
* C00042: Address truth contained in narratives (needs nan)
* C00123: Bot control (needs nan)

12
counter_tactics/TA0counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,12 @@
# Tactic TA07 counters
## by action
### D2 deny
* C00217: Registries alert when large batches of newsy URLs get registered together (needs platform_admin)
## by technique
### TA0

42
counter_tactics/TA10counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,42 @@
# Tactic TA10 Go Physical counters
## by action
### D2 Deny
* C00129: Use banking to cut off access (needs nan)
### D7 Deter
* C00130: Mentorship: elders, youth, credit. Learn vicariously. (needs nan)
## by technique
### TA10
* C00136: Microtarget most likely targets then send them countermessages (needs nan)
* C00140: "Bomb" link shorteners with lots of calls (needs nan)
* C00018: Promote constructive communication by shaming division-enablers (needs nan)
* C00019: Promote playbooks to call out division-enablers (needs nan)
* C00141: "Hey this story is old" popup when messaging with old URL (needs platform_algorithms)
* C00142: "This has been disproved - do you want to forward it" (needs platform_algorithms)
* C00012: Platform regulation (needs government:policymakers)
* C00133: Deplatform Account* (needs platform_admin)
* C00135: Deplatform message groups and/or message boards (needs platform_admin)
* C00028: Blockchain audit log and validation with collaborative decryption to post comments (needs nan)
* C00085: Demuting content (needs nan)
### 95 T0057 - Organise remote rallies and events
Name: key, dtype: object
* C00048: Name and Shame (needs nan)
* C00088: Poison pill recasting of message (needs nan)
* C00129: Use banking to cut off access (needs nan)
* C00070: Block access to platform. DDOS an attacker. (needs nan)
* C00036: Infiltrate the in-group to discredit leaders (divide) (needs nan)
### 99 T0061 - Sell merchandising
Name: key, dtype: object
* C00048: Name and Shame (needs nan)
* C00068: Expose online funding as fake (needs nan)
* C00129: Use banking to cut off access (needs nan)
* C00070: Block access to platform. DDOS an attacker. (needs nan)
* C00067: Denigrate the recipient/ project (of online funding) (needs nan)

42
counter_tactics/TA11counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,42 @@
# Tactic TA11 Persistence counters
## by action
### D2 Deny
* C00131: Seize and analyse botnet servers (needs server_admin)
### D3 Disrupt
* C00136: Microtarget most likely targets then send them countermessages (needs nan)
* C00137: Pollute the AB-testing data feeds (needs nan)
* C00138: Spam domestic actors with lawsuits (needs nan)
* C00133: Deplatform Account* (needs platform_admin)
* C00135: Deplatform message groups and/or message boards (needs platform_admin)
* C00139: Weaponise youtube content matrices (needs nan)
### D4 Degrade
* C00140: "Bomb" link shorteners with lots of calls (needs nan)
* C00145: Pollute the data voids with wholesome content (Kittens! Babyshark!) (needs nan)
* C00141: "Hey this story is old" popup when messaging with old URL (needs platform_algorithms)
* C00142: "This has been disproved - do you want to forward it" (needs platform_algorithms)
* C00144: Buy out troll farm employees / offer them jobs (needs nan)
* C00143: (botnet) DMCA takedown requests to waste group time (needs public,elves)
## by technique
### TA11
* C00085: Demuting content (needs nan)
### 96 T0058 - Legacy web content
Name: key, dtype: object
### 97 T0059 - Play the long game
Name: key, dtype: object
* C00088: Poison pill recasting of message (needs nan)
* C00011: Media literacy. Games to identify fake news (needs educators,gamesdesigners,developers)
* C00042: Address truth contained in narratives (needs nan)
### 98 T0060 - Continue to amplify
Name: key, dtype: object
* C00147: Make amplification of social media ports expire (e.g. can't like/ retweet after n days) (needs platform_algorithms)

17
counter_tactics/TA12counters.md Обычный файл
Просмотреть файл

@ -0,0 +1,17 @@
# Tactic TA12 Measure Effectiveness counters
## by action
### D3 Disrupt
* C00147: Make amplification of social media ports expire (e.g. can't like/ retweet after n days) (needs platform_algorithms)
### D4 Degrade
* C00148: Add random links to network graphs (needs platform_algorithms)
* C00149: Poison the monitoring & evaluation data (needs nan)
## by technique
### TA12
* C00149: Poison the monitoring & evaluation data (needs nan)

580
incidents.md Обычный файл
Просмотреть файл

@ -0,0 +1,580 @@
# AMITT Incidents:
<table border="1">
<tr>
<th>id</th>
<th>name</th>
<th>type</th>
<th>Year Started</th>
<th>From country</th>
<th>To country</th>
<th>Found via</th>
</tr>
<tr>
<td><a href="incidents/I00001.md">I00001</a></td>
<td>Blacktivists facebook group</td>
<td>incident</td>
<td>2016.0</td>
<td>Russia</td>
<td>USA</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00002.md">I00002</a></td>
<td>#VaccinateUS</td>
<td>campaign</td>
<td>2014.0</td>
<td>Russia</td>
<td>World</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00003.md">I00003</a></td>
<td>Beyonce protest rallies</td>
<td>incident</td>
<td>2016.0</td>
<td>Russia</td>
<td>USA</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00004.md">I00004</a></td>
<td>#Macrongate</td>
<td>incident</td>
<td>2017.0</td>
<td>Russia</td>
<td>France</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00005.md">I00005</a></td>
<td>Brexit vote</td>
<td>campaign</td>
<td>2016.0</td>
<td>Russia</td>
<td>UK</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00006.md">I00006</a></td>
<td>Columbian Chemicals</td>
<td>incident</td>
<td>2014.0</td>
<td>Russia</td>
<td>USA</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00007.md">I00007</a></td>
<td>Incirlik terrorists</td>
<td>incident</td>
<td>2016.0</td>
<td>Russia</td>
<td>USA</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00008.md">I00008</a></td>
<td>Bujic</td>
<td>incident</td>
<td>2017.0</td>
<td>Russia</td>
<td>Serbia</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00009.md">I00009</a></td>
<td>PhilippinesExpert</td>
<td>incident</td>
<td>2017.0</td>
<td>Russia</td>
<td>Philippines</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00010.md">I00010</a></td>
<td>ParklandTeens</td>
<td>incident</td>
<td>2018.0</td>
<td>??</td>
<td>USA</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00011.md">I00011</a></td>
<td>CovingtonTeen</td>
<td>incident</td>
<td>2019.0</td>
<td>??</td>
<td>USA</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00012.md">I00012</a></td>
<td>ChinaSmog</td>
<td>incident</td>
<td>2011.0</td>
<td>China</td>
<td>China</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00013.md">I00013</a></td>
<td>FranceBlacktivists</td>
<td>incident</td>
<td>2014.0</td>
<td>Russia</td>
<td>France</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00014.md">I00014</a></td>
<td>GiletsJaunePileon</td>
<td>incident</td>
<td>2018.0</td>
<td>Russia</td>
<td>France</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00015.md">I00015</a></td>
<td>ConcordDiscovery</td>
<td>incident</td>
<td>2019.0</td>
<td>Russia</td>
<td>USA</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00016.md">I00016</a></td>
<td>LithuanianElves</td>
<td>campaign</td>
<td>2014.0</td>
<td>Russia</td>
<td>Lithuania</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00017.md">I00017</a></td>
<td>US presidential elections</td>
<td>campaign</td>
<td>2016.0</td>
<td>Russia</td>
<td>USA</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00018.md">I00018</a></td>
<td>DNC email leak incident</td>
<td>tactic</td>
<td>2016.0</td>
<td>Russia</td>
<td>USA</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00019.md">I00019</a></td>
<td>MacronTiphaine</td>
<td>incident</td>
<td>2017.0</td>
<td>unknown</td>
<td>France</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00020.md">I00020</a></td>
<td>3000 tanks</td>
<td>incident</td>
<td>2017.0</td>
<td>Russia</td>
<td>World</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00021.md">I00021</a></td>
<td>Armenia elections</td>
<td>campaign</td>
<td>2017.0</td>
<td>Russia</td>
<td>Armenia</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00022.md">I00022</a></td>
<td>#Macronleaks</td>
<td>incident</td>
<td>2017.0</td>
<td>Russia</td>
<td>France</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00023.md">I00023</a></td>
<td>#dislikemacron</td>
<td>incident</td>
<td>2017.0</td>
<td>Russia</td>
<td>France</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00024.md">I00024</a></td>
<td>#syriahoax</td>
<td>incident</td>
<td>2017.0</td>
<td>Syria</td>
<td>USA</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00025.md">I00025</a></td>
<td>EU Army</td>
<td>incident</td>
<td>2018.0</td>
<td>Russia</td>
<td>EU</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00026.md">I00026</a></td>
<td>Netherlands referendum on Ukraine</td>
<td>incident</td>
<td>2016.0</td>
<td>Russia</td>
<td>Netherlands</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00027.md">I00027</a></td>
<td>crucifiedboy</td>
<td>incident</td>
<td>2014.0</td>
<td>Russia</td>
<td>Ukraine</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00028.md">I00028</a></td>
<td>mh17 downed</td>
<td>incident</td>
<td>2014.0</td>
<td>Russia</td>
<td>Ukraine</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00029.md">I00029</a></td>
<td>MH17 investigation</td>
<td>campaign</td>
<td>2016.0</td>
<td>Russia</td>
<td>Ukraine</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00030.md">I00030</a></td>
<td>LastJedi</td>
<td>incident</td>
<td>2018.0</td>
<td>Russia</td>
<td>World</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00031.md">I00031</a></td>
<td>antivax</td>
<td>apt</td>
<td>2018.0</td>
<td>Russia</td>
<td>World</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00032.md">I00032</a></td>
<td>Kavanaugh</td>
<td>incident</td>
<td>2018.0</td>
<td>Russia</td>
<td>USA</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00033.md">I00033</a></td>
<td>China 50cent Army</td>
<td>apt</td>
<td>2014.0</td>
<td>China</td>
<td>China</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00034.md">I00034</a></td>
<td>DibaFacebookExpedition</td>
<td>incident</td>
<td>2016.0</td>
<td>China</td>
<td>Taiwan</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00035.md">I00035</a></td>
<td>Brazilelections</td>
<td>campaign</td>
<td>2014.0</td>
<td>Brazil</td>
<td>Brazil</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00036.md">I00036</a></td>
<td>BrazilPresDebate</td>
<td>incident</td>
<td>2014.0</td>
<td>Brazil</td>
<td>Brazil</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00037.md">I00037</a></td>
<td>Rioelections</td>
<td>incident</td>
<td>2016.0</td>
<td>Brazil</td>
<td>Brazil</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00038.md">I00038</a></td>
<td>Brazilimpeachment</td>
<td>incident</td>
<td>2016.0</td>
<td>Brazil</td>
<td>Brazil</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00039.md">I00039</a></td>
<td>MerkelFacebook</td>
<td>incident</td>
<td>2017.0</td>
<td>unknown</td>
<td>Germany</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00040.md">I00040</a></td>
<td>modamaniSelfie</td>
<td>incident</td>
<td>2015.0</td>
<td>unknown</td>
<td>Germany</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00041.md">I00041</a></td>
<td>Refugee crime map</td>
<td>incident</td>
<td>2017.0</td>
<td>unknown</td>
<td>Germany</td>
<td>OII</td>
</tr>
<tr>
<td><a href="incidents/I00042.md">I00042</a></td>
<td>Saudi/Qatar bot dispute</td>
<td>incident</td>
<td>2017.0</td>
<td>SaudiArabia</td>
<td>Qatar</td>
<td>MIS</td>
</tr>
<tr>
<td><a href="incidents/I00043.md">I00043</a></td>
<td>FCC comments</td>
<td>incident</td>
<td>2017.0</td>
<td>unknown</td>
<td>USA</td>
<td>MIS</td>
</tr>
<tr>
<td><a href="incidents/I00044.md">I00044</a></td>
<td>JadeHelm exercise</td>
<td>incident</td>
<td>2015.0</td>
<td>nan</td>
<td>USA</td>
<td>MIS</td>
</tr>
<tr>
<td><a href="incidents/I00045.md">I00045</a></td>
<td>Skripal</td>
<td>incident</td>
<td>2018.0</td>
<td>Russia</td>
<td>UK</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00046.md">I00046</a></td>
<td>North Macedonia</td>
<td>incident</td>
<td>2018.0</td>
<td>Russia</td>
<td>Macedonia</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00047.md">I00047</a></td>
<td>Sea of Azov</td>
<td>incident</td>
<td>2018.0</td>
<td>Russia</td>
<td>World</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00048.md">I00048</a></td>
<td>White Helmets</td>
<td>campaign</td>
<td>2015.0</td>
<td>Russia</td>
<td>World</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00049.md">I00049</a></td>
<td>White Helmets: Chemical Weapons</td>
<td>incident</td>
<td>2017.0</td>
<td>Russia</td>
<td>World</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00050.md">I00050</a></td>
<td>#HandsOffVenezuela</td>
<td>incident</td>
<td>2019.0</td>
<td>Russia</td>
<td>World</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00051.md">I00051</a></td>
<td>Integrity Initiative</td>
<td>incident</td>
<td>2018.0</td>
<td>Russia</td>
<td>World</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00052.md">I00052</a></td>
<td>China overiew</td>
<td>campaign</td>
<td>2015.0</td>
<td>China</td>
<td>World</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00053.md">I00053</a></td>
<td>China Huawei CFO Arrest</td>
<td>incident</td>
<td>2018.0</td>
<td>China</td>
<td>World</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00054.md">I00054</a></td>
<td>China Muslims</td>
<td>incident</td>
<td>2018.0</td>
<td>China</td>
<td>World</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00055.md">I00055</a></td>
<td>50 Cent Army</td>
<td>campaign</td>
<td>2008.0</td>
<td>China</td>
<td>World</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00056.md">I00056</a></td>
<td>Iran Influence Operations</td>
<td>campaign</td>
<td>2012.0</td>
<td>Iran</td>
<td>World</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00057.md">I00057</a></td>
<td>Mexico Election</td>
<td>incident</td>
<td>2018.0</td>
<td>Russia/domestic</td>
<td>Mexico</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00058.md">I00058</a></td>
<td>Chemnitz</td>
<td>incident</td>
<td>2018.0</td>
<td>Russia</td>
<td>Germany</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00059.md">I00059</a></td>
<td>Myanmar - Rohingya </td>
<td>campaign</td>
<td>2014.0</td>
<td>Myanmar</td>
<td>Myanmar</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00060.md">I00060</a></td>
<td>White Genocide</td>
<td>campaign</td>
<td>2018.0</td>
<td>Russia</td>
<td>World</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00061.md">I00061</a></td>
<td>Military veterans Targetting</td>
<td>campaign</td>
<td>2017.0</td>
<td>Russia</td>
<td>US</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00062.md">I00062</a></td>
<td>Brexit/UK ongoing</td>
<td>campaign</td>
<td>2015.0</td>
<td>Russia/domestic</td>
<td>UK</td>
<td>nan</td>
</tr>
<tr>
<td><a href="incidents/I00063.md">I00063</a></td>
<td>Olympic Doping Scandal</td>
<td>campaign</td>
<td>2016.0</td>
<td>Russia</td>
<td>World</td>
<td>nan</td>
</tr>
</table>

67
incidents/I00001.md Обычный файл
Просмотреть файл

@ -0,0 +1,67 @@
# Blacktivists facebook group
* Type: incident
* Name: Blacktivists facebook group
* Id: I00001
* Summary: IRA created fake @blacktivists facebook group and twitter account.
* Year started: 2016.0
* From country / To country: Russia / USA
* Found via: nan
* Date added: 2019-02-24
* Techniques used:
| Technique | Description given for this incident |
| --------- | ------------------------- |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
Actor:
Timeframe:
Date:
Presumed goals: “Russian-linked social media accounts saw racial tensions as something to be exploited in order to achieve the broader Russian goal of dividing Americans and creating chaos in U.S. politics during a campaign in which race repeatedly became an issue.”
Method:
Possibly linked: black lives matter facebook ads, targetted at Baltimore, Ferguson, Missouri https://money.cnn.com/2017/09/27/media/facebook-black-lives-matter-targeting/index.html?iid=EL
Counters:
Related incidents:
* Txrebels facebook group
* MuslimAmerica facebook group
* Patriotus facebook group
* SecuredBorders facebook group
* Lgbtun facebook group
* Black Matters facebook group
References:
* https://money.cnn.com/2017/09/28/media/blacktivist-russia-facebook-twitter/index.html
* https://news.docnow.io/blacktivists-in-the-archive-71c807aa247e
* https://www.thedailybeast.com/exclusive-secret-documents-from-russias-election-trolls-leak
Datasets
* https://docs.google.com/spreadsheets/d/1OZcRCZuz83bMpxVjpUYEALiS4OtKU-pTVtTveG_Ljs0/edit#gid=0 - from https://news.docnow.io/blacktivists-in-the-archive-71c807aa247e are the @blacktivists tweets that used the #blacklivesmatter hashtag
* Jonathan Albright got the facebook text: https://data.world/d1gi/missing-fb-posts-w-share-stats/workspace/file?filename=Blacktivist+Facebook+Page+%28Text%29.pdf https://data.world/d1gi/missing-fb-posts-w-share-stats/workspace/file?filename=Blacktivist+Facebook+Page+%28Text%29-2.docx
Notes
First i read the cnn article, then did a twitter search to see if there are traces of the accounts left online. Only discussion about the IRA operation seem to be on Twitter. Also searched twitter for some of the text found later (in datasets) - nothing matches.
Reading the docnow.io post showed some interesting behavours. Also that there was no central data repo for the blacktivists posts. Classic was the tweets being sent only in 8am-6pm Moscow time. Also interesting: the followers grew over time, but they grew and dropped friends (people they followed) in batches periodically - was this to avoid hitting limits?
Reading the dailybeast.com article (on an IRA leak), it seems specific individuals were targetted. Thinking about the places we need to search: if its Russia, seems like we need to check twitter, facebook, youtube, reddit, tumblr, instagram, 9gag.
Names some of the people contacted, e.g. Craig Carson, a Rochester, New York, attorney and civil rights activist; maybe Shanall LaRay Logan—who lives in Sacramento, California;

83
incidents/I00002.md Обычный файл
Просмотреть файл

@ -0,0 +1,83 @@
# #VaccinateUS
* Type: campaign
* Name: #VaccinateUS
* Id: I00002
* Summary: use both pro- and anti- topic messaging to create an artificial argument online.
* Year started: 2014.0
* From country / To country: Russia / World
* Found via: nan
* Date added: 2019-02-24
* Techniques used:
| Technique | Description given for this incident |
| --------- | ------------------------- |
| [T0017 Promote online funding](../techniques/T0017.md) | I00002T002 Promote "funding" campaign |
| [T0018 Paid targeted ads](../techniques/T0018.md) | I00002T001 buy FB targeted ads |
| [T0019 Generate information pollution](../techniques/T0019.md) | I00002T003 create web-site - information pollution |
| [T0046 Search Engine Optimization](../techniques/T0046.md) | I00002T004 SEO optimisation/manipulation ("key words") |
| [T0056 Dedicated channels disseminate information pollution](../techniques/T0056.md) | I00002T003 create web-site - information pollution |
| [T0058 Legacy web content](../techniques/T0058.md) | I00002T005 legacy web content |
| [T0058 Legacy web content](../techniques/T0058.md) | I00002T006 hard to remove content and/or campaign/exploit TOS |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
Actor: IRA, individuals (e.g. Larry Cook).
Timeframe:
Date:
Presumed goals:
Physical damage to country?
Method:
* Targetted facebook ads (Larry Cook, targetting Washington State mothers, $1,776 to boost posts over 9 months).
* Gofundme campaigns to pay for ads (Larry Cook)
Effects:
* “The U.S. anti-vax movement has been blamed for two outbreaks of measles that have infected some 300 people—mostly children—in New York and the Pacific Northwest.”
Counters:
* American Medical Association “warned social-media giants, including Amazon, Facebook, Google, Pinterest, Twitter, and YouTube, that they were helping to amplify the propaganda and confuse parents.”
* Gofundme banned antivaxxers: “Campaigns raising money to promote misinformation about vaccines violate GoFundMes terms of service and will be removed from the platform”. Less than 10 campaigns reported as removed.
Related incidents:
Artefacts:
Search terms vaccination, anti-vaccination, “vaccine choice”.
Notes:
Started by looking for vaccine-related content in my misinformation datasets
Then did google search for “antivax misinformation” to get references etc.
Larry Cook runs “Stop Mandatory Vaccination”: “donations go “directly” to his bank account and funds “may be used to pay [his] personal bills.”
References;
* https://www.thedailybeast.com/brooklyn-hasidic-community-is-in-the-midst-of-a-dire-measles-outbreak
* https://www.thedailybeast.com/amazon-wont-take-a-stand-in-war-over-forrest-maready-book-the-autism-vaccine
* https://www.bmj.com/content/362/bmj.k3739
* https://hub.jhu.edu/2018/08/24/russian-trolls-bots-spread-vaccine-misinformation/
* https://ajph.aphapublications.org/doi/full/10.2105/AJPH.2018.304567
* Arciga, [GoFundMe Bans Anti-Vaxxers Who Raise Money to Spread Misinformation](https://www.thedailybeast.com/gofundme-bans-anti-vaxxers-who-raise-money-to-spread-misinformation), Daily Beast 2019-03-22
* Arciga, [Anti-Vaxxer Larry Cook Has Weaponized Facebook Ads in War Against Science](https://www.thedailybeast.com/anti-vaxxer-larry-cook-has-weaponized-facebook-ads-in-war-against-science), Daily Beast 2019-02-15
* Gofundmes (removed, but check archives) https://www.gofundme.com/help-save-vaccine-exemptions-in-washington-state https://www.gofundme.com/parents-wake-up-vaccines-kill
* Markay, [Anti-Vaccine Facebook Ads Target Women in Measles-Stricken States](https://www.thedailybeast.com/anti-vaccine-facebook-ads-target-women-in-measles-stricken-states/), Daily Beast 2019-02-14
Data

45
incidents/I00003.md Обычный файл
Просмотреть файл

@ -0,0 +1,45 @@
# Beyonce protest rallies
* Type: incident
* Name: Beyonce protest rallies
* Id: I00003
* Summary: use both pro- and anti- topic messaging to create an artificial argument in real life.
* Year started: 2016.0
* From country / To country: Russia / USA
* Found via: nan
* Date added: 2019-02-24
* Techniques used:
| Technique | Description given for this incident |
| --------- | ------------------------- |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
Actor: IRA
Timeframe:
Date:
Presumed goals:
Method:
Counters:
Related incidents:
References:
* https://twitter.com/JuliaDavisNews/status/994704834577215495
* https://twitter.com/donie/status/957246815056908288
* https://www.theguardian.com/us-news/2018/may/10/russia-facebook-ads-us-elections-congress

54
incidents/I00004.md Обычный файл
Просмотреть файл

@ -0,0 +1,54 @@
# #Macrongate
* Type: incident
* Name: #Macrongate
* Id: I00004
* Summary: amplified document dump failed because France was prepared for it.
* Year started: 2017.0
* From country / To country: Russia / France
* Found via: nan
* Date added: 2019-02-24
* Techniques used:
| Technique | Description given for this incident |
| --------- | ------------------------- |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
Actor: IRA
Timeframe: 1 day (plus preparation)
Date: May 2017
Presumed goals: reduce Emmanuel Macrons chance of winning French presidential election
Method:
* fake documents posted on 4chan about Macrons alleged offshore account,
* amplified by pro-Trump Twitter accounts using #MacronGate and #MacronCacheCash
Counters:
* preparation (resilience, account removals),
* honeytraps,
* counter-response with humour.
Related incidents:
* DNC document release, US presidential elections, 2016
References:
* Source: https://www.patreon.com/posts/macrongate-tied-11940855
* http://www.niemanlab.org/2018/09/how-france-beat-back-information-manipulation-and-how-other-democracies-might-do-the-same/
* https://www.theguardian.com/world/2017/may/08/macron-hackers-linked-to-russian-affiliated-group-behind-us-attack

112
incidents/I00005.md Обычный файл
Просмотреть файл

@ -0,0 +1,112 @@
# Brexit vote
* Type: campaign
* Name: Brexit vote
* Id: I00005
* Summary: In early 2014, then UK PM David Cameron outlined the changes he aimed to bring about in the EU and in the UK's relationship with it. These were: additional immigration controls, especially for citizens of new EU member states; tougher immigration rules for present EU citizens; new powers for national parliaments collectively to veto proposed EU laws; new free-trade agreements and a reduction in bureaucracy for businesses; a lessening of the influence of the European Court of Human Rights on British police and courts; more power for individual member states, and less for the central EU; and abandonment of the EU notion of "ever closer union".He intended to bring these about during a series of negotiations with other EU leaders and then, if re-elected, to announce a referendum.
European Union Referendum Act was passed by the Parliament of the United Kingdom. It extended to include and take legislative effect in Gibraltar,and received royal assent on 17 December 2015.
Conservative-led Department for Culture, Media and Sport select committee concluded (2018) Russia engaged in unconventional warfare during the Brexit campaign. This included 156,252 Russian accounts tweeting about #Brexit and posting over 45,000 Brexit messages in the last 48 hours of the campaign. As it said, Kremlin-controlled media, RT and Sputnik had more reach on Twitter for anti-EU content than either Vote Leave or Leave.EU, during the referendum campaign.
The report by Democrats on the Senate foreign relations committee, titled Putins asymmetric assault on democracy in Russia and Europe: implications for US national security, pinpoints the way in which UK campaign finance laws do not require disclosure of political donations if they are from “the beneficial owners of non-British companies that are incorporated in the EU and carry out business in the UK”.
The senators point out that Ukip and its then-leader, Nigel Farage, did not just fan anti-EU sentiment but also “criticised European sanctions on Russia, and provided flattering assessments of Russian President Putin”.
The report adds that although officially the Russian government asserted its neutrality on Brexit, its English-language media outlets RT and Sputnik covered the referendum campaign extensively and offered systematically one-sided coverage.
* Year started: 2016.0
* From country / To country: Russia / UK
* Found via: nan
* Date added: 2019-02-24
* Techniques used:
| Technique | Description given for this incident |
| --------- | ------------------------- |
| [T0007 Create fake Social Media Profiles / Pages / Groups](../techniques/T0007.md) | I00005T004 Fake FB groups + dark content |
| [T0010 Cultivate ignorant agents](../techniques/T0010.md) | I00005T008 cultivate, manipulate, exploit useful idiots |
| [T0018 Paid targeted ads](../techniques/T0018.md) | I00005T003 Targeted FB paid ads |
| [T0019 Generate information pollution](../techniques/T0019.md) | I00005T007 RT & Sputnik generate information pollution |
| [T0021 Memes](../techniques/T0021.md) | I00005T011 Memes... anti-immigration; euroskepticism; fear, outrage, conspiracy narratives |
| [T0029 Manipulate online polls](../techniques/T0029.md) | I00005T006 manipulate social media "online polls"? |
| [T0030 Backstop personas](../techniques/T0030.md) | I00005T012 Backstop personas |
| [T0031 YouTube](../techniques/T0031.md) | I00005T009 YouTube; Reddit; LinkedIn; Pinterest; WhatsApp? |
| [T0032 Reddit](../techniques/T0032.md) | I00005T009 YouTube; Reddit; LinkedIn; Pinterest; WhatsApp? |
| [T0034 LinkedIn](../techniques/T0034.md) | I00005T009 YouTube; Reddit; LinkedIn; Pinterest; WhatsApp? |
| [T0035 Pinterest](../techniques/T0035.md) | I00005T009 YouTube; Reddit; LinkedIn; Pinterest; WhatsApp? |
| [T0036 WhatsApp](../techniques/T0036.md) | I00005T009 YouTube; Reddit; LinkedIn; Pinterest; WhatsApp? |
| [T0046 Search Engine Optimization](../techniques/T0046.md) | I00005T010 SEO optimisation/manipulation ("key words") |
| [T0053 Twitter trolls amplify and manipulate](../techniques/T0053.md) | I00005T002 Twitter trolls amplify & manipulate |
| [T0054 Twitter bots amplify](../techniques/T0054.md) | I00005T001 Twitter bots amplify & manipulate |
| [T0056 Dedicated channels disseminate information pollution](../techniques/T0056.md) | I00005T007 RT & Sputnik generate information pollution |
| [T0057 Organise remote rallies and events](../techniques/T0057.md) | I00005T005 Digital to physical "organize+promote" rallies & events? |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
Actor: Russia/ Internet Research Agency (IRA)
Timeframe: December 2015 - ongoing
Date: June 23, 2016
Presumed goals: Change Brexit vote to leave; continue to divide/undermine EU; drive Eurosceptic narrative/agenda
Method:
* (From The European Values Think-Tank)
* Before Brexit, Russia Today and Sputnik released more anti-EU articles than the official Vote Leave website and Leave.EU website. The British version of Sputnik has an annual budget of £ 1.8 million from the Russian government. Kremlin-owned channels potentially influenced 134 million impressions during the Brexit campaign
* Method: The data that was used by 89up was derived from the Twitter Search API, Buzzsumo, the Facebook API and other scraping methods. In the timeframe from January 2016 to the day of the British referendum, analysts identified and analysed 261 of the most shared and popular articles that were clearly anti-European. The two main media outlets were RT and Sputnik. Costs: The total value of Kremlin media for the Leave campaign in the six months before the EU referendum was £1,353,000. The PR value for the Leave campaign, based on the 261 heavily pro-Leave articles published by RT and Sputnik, is estimated at nearly £1,500,000based on figures from a leading media monitoring tool. This excludes the significant social media value of these news articles. Estimated value of Russian media Facebook impressions is around $102,000 and the estimated value of Russian medias potential impressions on Twitter is between $47,000 - $100,000.
* Content: The analysis also shows that the overwhelming majority of articles published by RT and Sputnik (131 of the 200 most shared) were clearly for Leave; 59 articles were Neutral and only 10 were set to Remain. When the neutral articles are filtered out, numbers show that the negative articles of RT/Sputnik, together, elicited nearly the same number of engagements as the official Vote Leave website.
* Social reach: The report shows the social reach of these anti-EU articles published by the Kremlin-owned channels was 134 million potential impressions, in comparison with a total social reach of just 33 million and 11 million potential impressions for all content shared from the Vote Leave website and Leave.EU website respectively.
* (Jane Mayer, staff writer at The New Yorker, via NPR) Role of - Cambridge Analytica, which is a big data company that worked for the Trump campaign in the end - and it was owned principally by one of Trump's largest backers, Robert Mercer - was also involved in helping the early stages of the Brexit campaign in England.
And the man who spanned both countries and pushed for both, really, was Steve Bannon, it seems there was actually a lot of Russian money offered to Arron Banks, who was one of the major political figures leading the Brexit campaign. The Russian money was offered to him in the form of business opportunities and gold mines and diamond mines by the Russian ambassador to England. So there seems to be financial incentives that were dangled.
* There are bots and trolls and posts that are coming from the same Russian Internet agency in St. Petersburg. So in both countries, we see pushing Brexit and pushing Trump at the same time by the same trolls and bots. research conducted by a joint team of experts from the University of California at Berkeley and Swansea University reportedly identified 150,000 Twitter accounts with various Russian ties that disseminated messages about Brexit.
* A cache of posts from 2016, seen by WIRED, shows how a coordinated network of Russian-based Twitter accounts spread racial hatred in an attempt to disrupt politics in the UK and Europe.
A network of accounts posted pro and anti-Brexit, anti-immigration and racist tweets around the EU referendum vote while also targeting posts in response to terrorist attacks across the continent.
* More broadly, a Russian espionage operation funneling money into a political campaign aimed at unwinding European integration would be entirely consistent with the Kremlins perceived political interests and tactics of hybrid warfare. Covert financial infiltration is part of a toolkit Moscow uses to interfere in European and American politics. Another tool deployed ahead of the 2016 referendum was pro-Brexit messaging pumped out by RT, Sputnik, and the Internet Research Agency.
* From 1 to 8 February 2016, Sputnik ran 14 stories on the “Brexit” issue. Eight of them had negative headlines, either featuring criticism of the deal or focusing on the difficulties Cameron faces; five headlines were broadly factual; one reported a positive comment that the Bank of England had “not yet seen” an impact on investor sentiment, but gave it a negative slant by headlining, “Bank of England on Brexit: No need to panic, yet.” (The word “panic” did not appear in the story.) Not one headline reported reactions supporting the deal. Both Sputnik and RT quoted a disproportionate number of reactions from “Out” campaigners. RT, for example, quoted five “Out” partisans: MP Liam Fox; the founder of Leave.EU; London Mayor Boris Johnson; MEP Nigel Farage, the leader of the UK Independence Party; and UKIP member Paul Nuttall.
* anti-immigrant adverts were targeted at Facebook users in the UK and the US. One – headlined “Youre not the only one to despise immigration”, which cost 4,884 roubles (£58) and received 4,055 views – was placed in January 2016. Another, which accused immigrants of stealing jobs, cost 5,514 roubles and received 14,396 impressions
* A study of social media during the Brexit campaign by 89Up, a consultancy, found that Russian bots delivered 10m potential Twitter impressions—about a third of the number generated by the Vote Leave campaigns Twitter account. Such echoing amplifies the effect of RT and Sputnik stories, which are in general not much watched.
Counters: FB & Twitter content take-downs
Related incidents:
* 2016 US Election… pick em
References:
* https://publications.parliament.uk/pa/cm201719/cmselect/cmcumeds/363/36308.htm#_idTextAnchor033
* https://www.foreign.senate.gov/imo/media/doc/FinalRR.pdf
* https://www.theguardian.com/world/2017/nov/15/russian-troll-factories-researchers-damn-twitters-refusal-to-share-data
* https://www.atlanticcouncil.org/blogs/new-atlanticist/congress-should-explain-how-dark-russian-money-infiltrates-western-democracies
* http://sputniknews.com/search/?query=Brexit
* http://sputniknews.com/europe/20160202/1034093305/cameron-tusk-brexit-deal.html
* http://sputniknews.com/europe/20160203/1034124763/tusk-eu-reform.html
* http://sputniknews.com/europe/20160204/1034209396/cameron-eu-brexit-talks.html
* http://sputniknews.com/europe/20160205/1034290031/business-investments-brexit-europe.html
* https://www.rt.com/uk/331734-cameron-calais-jungle-brexit/
* https://www.rt.com/uk/331161-eu-referendum-date-brexit/
* https://www.rt.com/uk/330977-tusk-eu-deal-brexit/
* https://twitter.com/brexit_sham/status/994982969705189377
* https://www.nytimes.com/2017/11/15/world/europe/russia-brexit-twitter-facebook.html
* https://www.forbes.com/sites/emmawoollacott/2018/11/01/russian-trolls-used-islamophobia-to-whip-up-support-for-brexit/#11ee8dd465f2
* https://www.theguardian.com/world/2018/jan/10/russian-influence-brexit-vote-detailed-us-senate-report
* https://www.npr.org/2019/01/19/686830510/senate-finds-russian-bots-bucks-helped-push-brexit-vote-through
* https://www.europeanvalues.net/wp-content/uploads/2019/02/Influence-of-Russian-Disinformation-Operations-Specific-examples-in-data-and-numbers.pdf
* https://blogs.lse.ac.uk/brexit/2018/11/14/the-extent-of-russian-backed-fraud-means-the-referendum-is-invalid/
* https://www.wired.co.uk/article/brexit-russia-influence-twitter-bots-internet-research-agency
* https://www.buzzfeed.com/jamesball/a-suspected-network-of-13000-twitter-bots-pumped-out-pro?utm_term=.ipWGa5zK#.oeeKD58v
* https://www.atlanticcouncil.org/blogs/new-atlanticist/use-brexit-delay-to-investigate-russian-money
* http://www.interpretermag.com/putins-media-are-pushing-britain-for-the-brexit/
* https://www.theguardian.com/technology/2018/may/12/facebook-brexit-russia-unresolved-40-questions
* https://www.economist.com/briefing/2018/02/22/russian-disinformation-distorts-american-and-european-democracy

70
incidents/I00006.md Обычный файл
Просмотреть файл

@ -0,0 +1,70 @@
# Columbian Chemicals
* Type: incident
* Name: Columbian Chemicals
* Id: I00006
* Summary: Early Russian (IRA) “fake news” stories. Completely fabricated; very short lifespan.
* Year started: 2014.0
* From country / To country: Russia / USA
* Found via: nan
* Date added: 2019-02-24
* Techniques used:
| Technique | Description given for this incident |
| --------- | ------------------------- |
| [T0007 Create fake Social Media Profiles / Pages / Groups](../techniques/T0007.md) | I00006T004 Fake twitter profiles to amplify |
| [T0015 Create hashtag](../techniques/T0015.md) | I00006T003 Create and use hashtag |
| [T0024 Create fake videos and images](../techniques/T0024.md) | I00006T002 Fake video/images |
| [T0039 Bait legitimate influencers](../techniques/T0039.md) | I00006T005 bait journalists/media/politicians |
| [T0043 Use SMS/ WhatsApp/ Chat apps](../techniques/T0043.md) | I00006T001 Use SMS/text messages |
| [T0055 Use hashtag](../techniques/T0055.md) | I00006T003 Create and use hashtag |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
Actor: probably IRA (source: recordedfuture)
Timeframe: 1 day
Date: Sept 11 2014
Presumed goals: test deployment
Method:
* Artefacts: text messages, images, video
* Create messages. e.g. “A powerful explosion heard from miles away happened at a chemical plant in Centerville, Louisiana #ColumbianChemicals
* Post messages from fake twitter accounts; include handles of local and global influencers (journalists, media, politicians, e.g. @senjeffmerkley)
* Amplify, by repeating messages on twitter via fake twitter accounts
* Not seen: interaction, refutation etc.
* TL;DR: early attempts to create fake incidents had limited traction.
Counters:
* None seen. Fake stories were debunked very quickly.
Related incidents:
* BP oil spill tsunami
* #PhosphorusDisaster - fake story about water contamination scare
* #EbolaInAtlanta - fake story about Ebola outbreak in Atlanta
* #shockingmurderinatlanta - fake story about unarmed black woman killed by police in Atlanta
These were all well-produced fake news stories, promoted on Twitter to influencers through a single dominant hashtag (the single hashtag might have been something learned from crisismapping practice of forcing a single hashtag for each disaster because it was easier to track)
References:
* [RecordedFuture trace of attack]()
* https://en.wikipedia.org/wiki/Columbian_Chemicals_Plant_explosion_hoax
* https://www.recordedfuture.com/columbianchemicals-hoax-analysis/
* https://www.nytimes.com/2015/06/07/magazine/the-agency.html?_r=0
* https://twitter.com/hashtag/PhosphorusDisaster?src=hash

66
incidents/I00007.md Обычный файл
Просмотреть файл

@ -0,0 +1,66 @@
# Incirlik terrorists
* Type: incident
* Name: Incirlik terrorists
* Id: I00007
* Summary: Fake story transmitted from Russian media to Trump campaign
* Year started: 2016.0
* From country / To country: Russia / USA
* Found via: nan
* Date added: 2019-02-24
* Techniques used:
| Technique | Description given for this incident |
| --------- | ------------------------- |
| [T0010 Cultivate ignorant agents](../techniques/T0010.md) | I00007T002 cultivate, manipulate, exploit useful idiots (in the case Paul Manafort) |
| [T0019 Generate information pollution](../techniques/T0019.md) | I00007T001 RT & Sputnik generate information pollution (report an unreported false story/event) |
| [T0053 Twitter trolls amplify and manipulate](../techniques/T0053.md) | I00007T004 Twitter trolls amplify & manipulate |
| [T0054 Twitter bots amplify](../techniques/T0054.md) | I00007T003 Twitter bots amplify & manipulate |
| [T0056 Dedicated channels disseminate information pollution](../techniques/T0056.md) | I00007T001 RT & Sputnik generate information pollution (report an unreported false story/event) |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
Actor: RT/Sputnik
Timeframe: 2 weeks
Date: July-August 2016
Presumed goals:
Method:
Counters:
Related incidents:
* Jade Helm exercise
* Black Lives Matter protests
* Bundy Ranch standoff
Notes:
Story was that the Incirlik NATO base in Turkey was under attack by terrorists.
2016-08-14 Paul Manafort cited that the Incirlik NATO base in Turkey was under attack by terrorists, as an example of an unreported true story.
“The weekend of July 30, RT.com and Sputnik reported 7,000 armed police with heavy vehicles had surrounded Incirlik air base in Adana, Turkey, where 2,500 U.S. troops are stationed and some 50 U.S. nuclear weapons are stored. The two Kremlin-funded outlets suggested that the lockdown was in response to another coup attempt after a faction of the Turkish military failed to overthrow Turkish President Recep Tayyip Erdoğan.”
“On the evening of 30 July 2016, my colleagues and I watched as RT and Sputnik news simultaneously launched false stories about the U.S. air base in Incirlik, Turkey being overrun by terrorists,” he told the committee. Within minutes pro-Russian social media aggregators and automated bots amplified this false news story,” Watts said. “There were more than 4,000 tweets in the first 75 to 78 minutes after launching this false story. Perhaps the most stunning development for Watt and his companions was that the rapid proliferation of that story was linked back to the active measures accounts (Russian bots) they had tracked for the preceding two years. These previously identified accounts almost simultaneously appearing from different geographic locations and communities amplified the big news story in unison,” Watts said. The hashtags promoted by the bots, according to Watts, were “nuclear, media, Trump and Benghazi. The most common words, he said found in English speaking Twitter user profiles were “God, military Trump, family, country, conservative, Christian, America and constitution. The objective of the messages, Watts said, “clearly sought to convince Americans that U.S. military bases being overrun in a terrorist attack.”
Data
* Looked at Twitter for these dates: https://twitter.com/search?l=&q=incirlik%20until%3A2014-08-14&src=typd
https://twitter.com/ElectionLawCtr/status/492850603039522816
References:
* https://www.rt.com/news/354042-turkish-police-incirlik-nato-coup/
* https://sputniknews.com/middleeast/20160731/1043797161/incirlik-turkey-erdogan-nato-nukes.html
* https://www.politifact.com/truth-o-meter/statements/2016/aug/16/paul-manafort/trump-campaign-chair-misquotes-russian-media-makes/
* https://wtop.com/j-j-green-national/2017/09/anatomy-russian-attack-first-signs/slide/1/

45
incidents/I00008.md Обычный файл
Просмотреть файл

@ -0,0 +1,45 @@
# Bujic
* Type: incident
* Name: Bujic
* Id: I00008
* Summary: nan
* Year started: 2017.0
* From country / To country: Russia / Serbia
* Found via: nan
* Date added: 2019-02-24
* Techniques used:
| Technique | Description given for this incident |
| --------- | ------------------------- |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
Actor:
Timeframe:
Date:
Presumed goals:
Method:
Counters:
Related incidents:
References:
* https://www.ceas-serbia.org/images/2018/201803_CEAS_Report.pdf
* https://www.stopfake.org/en/vencislav-the-virgin-hostile-operation-by-vencislav-bujic-seas-foundation-and-its-network-of-collaborators/
* https://seas.foundation/en/2018/03/15/155

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше