Over the past several weeks, American news has been flooded with the revelation of a sophisticated disinformation campaign conducted by the Internet Research Agency, a company directed by a close ally of the Russian government. Of interest for fraud investigators is the use of social media to create social movements as a form of information warfare. Of particular note is the use of event pages. Investigators discovered the IRA used Facebook’s event creation and coordination capability to organize rallies for and against Donald Trump after his inauguration. The purpose of this was geopolitical in nature, but the technique could soon be seen amongst corporations, state governments and criminal organizations.
Consider a hacker group wishing to steal from Verizon. Causing physical disruption in the form of anti-telecom protests might be an effective way to disorient the management at a given location. This provides a potential avenue into theft of information or even physical assets. Perhaps in another example, a corporation is interested in starting operations in a given locality. By organizing anti-tax protests, they might gain leverage in negotiations. These possibilities show that using the power of groups – a time-honored political tool – can also be used for financial gain or simple disruption.
Security and fraud analysts should assess such risks when conducting an environmental assessment. Though this may seem less integral to the firm and thus less important, I would argue that the correct approach is one of vigilance, as the technique has been seen, and it has succeeded. Where the IRA perhaps started, many other governments and corporations will follow.