Less scams as Meta maps way to ‘kill’ online deception campaigns

Less online scams as Meta's Ben Nimmo and Eric Hutchins detail how to create a “kill chain” for targeting key links in deception operations. FILE PHOTO: Dado Ruvic/Reuters

Less online scams as Meta's Ben Nimmo and Eric Hutchins detail how to create a “kill chain” for targeting key links in deception operations. FILE PHOTO: Dado Ruvic/Reuters

Published Mar 19, 2023

Share

A paper authored by Meta's Ben Nimmo and Eric Hutchins details how to create a “kill chain” for targeting key links in deception operations aimed at duping people online.

“Human stupidity is one of the great powers in the universe, but this kill chain is trying to identify all the different kinds of operations that can try to target human weakness,” Nimmo told AFP.

“The goal is to stop the attackers before ever reaching the target.”

The hacker community has long joked that there is no patch for human gullibility, such as computer users being duped into clicking on booby-trapped links or sharing login credentials at bogus websites.

Advances in generative artificial intelligence that can crank out convincing but fake profile photos, voices and written replies give hackers, criminals and con artists more ways to deceive people online.

But there are ways to see through such trickery and cyber-defenCe teams can be taught what to look for and where, Nimmo said.

"Yes, the threat actors have learned a new trick, but so have the defenders," Nimmo said.

The Online Operations Kill Chain framework made public on Thursday proposes a more unified approach to analyse the gamut of nefarious campaigns including espionage, human trafficking, fraud, and election interference.

“Despite their many differences, online operations still have meaningful commonalities,” Nimmo said.

Online deception campaigns routinely span platforms - from Facebook and Instagram to TikTok, Twitter and even LinkedIn - but reveal features, such as profile images or web addresses, that can be identified, according to the report.

“If we can map the steps online operations go through, then we can understand how we can trip them up,” Nimmo said.

The framework comes with a common vernacular, so disparate cyber defenders can share and collaborate to kill malicious campaigns.

“The framework itself is not a magic bullet,” Hutchins said.

“It’s the collaboration, the action and the mindset that we use that is going to ultimately make this successful.”

Meta remains under pressure to do more to combat misinformation, particularly campaigns aimed at swaying election outcomes.

The tech titan has invested heavily in content moderation teams and technology, routinely derailing covert influence operations around the world.

AFP